Commit Graph

86010 Commits

Author SHA1 Message Date
m1093782566
cdaeabfb46 Add API for feature gate ServiceTopology 2019-11-15 13:36:43 +08:00
Tim Allclair (St. Clair)
581d3e26c9 Restrict mirror pod owner references (#84657)
* Restrict mirror pod owners.

See http://git.k8s.io/enhancements/keps/sig-auth/20190916-noderestriction-pods.md

* Address feedback, refactor test

* Verify node owner UID
2019-11-14 20:52:16 -08:00
Kubernetes Prow Robot
3202bc1044
Merge pull request #83896 from mars1024/modify/cni_log
modify error output in cniNetworkPlugin
2019-11-14 20:52:02 -08:00
Kubernetes Prow Robot
b0c26e5a5a
Merge pull request #83576 from andrewsykim/udpate-netlink
update github.com/vishvananda/netlink to v1.0.0
2019-11-14 20:51:49 -08:00
Kubernetes Prow Robot
372ebd24f5
Merge pull request #83098 from ddebroy/disable-intree
CSI Migration phase 2: disable probing of in-tree plugins
2019-11-14 20:51:42 -08:00
Anish Ramasekar
796faba4ac
Allow multiple node cidr masks in cm
update tests

add comment

amend var name

update comment

add check for empty slice

fix tests

fix mask size in test

review feedback

add ipv4 and ipv6 flag for mask sizes

add to violation exception list

remove import alias

run update-openapi-spec

review feedback

run update-bazel

review feedback

review feedback
2019-11-14 20:04:31 -08:00
chao zheng
259cc951ff add ut for scheduler framework 2019-11-14 19:39:21 -08:00
Kubernetes Prow Robot
cb2684c416
Merge pull request #74026 from mkimuram/issue/73773
Separate staging/publish and unstaging/unpublish logics for block
2019-11-14 19:37:41 -08:00
David Zhu
1f2588496d
Revert "Enable snapshot e2e test for csi pd driver" 2019-11-14 19:29:20 -08:00
SataQiu
50bc528a7e e2e: move LogFailedContainers out of e2e test framework util.go 2019-11-15 10:21:26 +08:00
David Zhu
df7a3f976a Update inline volume translated PV Name to be unique per disk so that staging paths are unique 2019-11-14 17:57:54 -08:00
Masaki Kimura
4578c6c8ce Separate staging/publish and unstaging/unpublish logics for block 2019-11-15 01:55:20 +00:00
Masaki Kimura
7caf731773 Change publish path for CSI block volume per pod
This change is to allow CSI driver to publish the same volume for multipe pods on the same node.
2019-11-15 01:55:15 +00:00
Kubernetes Prow Robot
97d45fe3c8
Merge pull request #85309 from liggitt/cs-table-handler
Avoid constructing table printer on every componentstatus request
2019-11-14 17:51:31 -08:00
Kubernetes Prow Robot
ff0a1d86d5
Merge pull request #85298 from liggitt/scheduler-csi-v1
Use CSINodes v1 API in scheduler
2019-11-14 17:51:20 -08:00
Kubernetes Prow Robot
9d0a32caf8
Merge pull request #85260 from MikeSpreitzer/reqmgmt-rename
Renamed FeatureGate RequestManagement to APIPriorityAndFairness
2019-11-14 17:51:10 -08:00
Kubernetes Prow Robot
d15f2dc83a
Merge pull request #85249 from immutableT/testdata-for-encryption-config
Move test inputs for EncryptionConfiguration tests into testdata.
2019-11-14 17:50:54 -08:00
Kubernetes Prow Robot
693db6e347
Merge pull request #85169 from boylee1111/enable_snapshot_e2e_test_for_pd
Enable snapshot e2e test for csi pd driver
2019-11-14 17:50:42 -08:00
Kubernetes Prow Robot
c213196f0a
Merge pull request #85014 from dekkagaijin/master
let standalone npd use kubelet credentials
2019-11-14 17:50:30 -08:00
Kubernetes Prow Robot
e24f5ab4e4
Merge pull request #84747 from mkimuram/refactor-mapper
Refactor mapper/unmapper of block volume
2019-11-14 17:50:15 -08:00
Kubernetes Prow Robot
19b4017b5d
Merge pull request #84424 from mikedanese/expcache
Add an expiring cache for the caching token authenticator
2019-11-14 17:50:06 -08:00
Kubernetes Prow Robot
e434d2dbab
Merge pull request #84295 from aojea/iptableslogs
Improve iptables logging
2019-11-14 17:49:51 -08:00
Kubernetes Prow Robot
31200d08d6
Merge pull request #83505 from misterikkit/govmomi-dep
Update dependency vmware/govmomi to v0.20.3
2019-11-14 17:49:37 -08:00
tanjunchen
7420faab43 fix-staticcheck in /test/e2e/windows 2019-11-15 09:45:43 +08:00
Deep Debroy
129f15328b Disable in-tree plugins migrated to CSI
Signed-off-by: Deep Debroy <ddebroy@docker.com>
2019-11-14 17:28:21 -08:00
Mike Spreitzer
b123a43e71 Brushed up fairqueuing package
This commit responds to the comments on PR #85192 that were not yet
addressed at the time it merged, apart from the one fixed in PR

Generalized fairqueuing to allow for zero queues, to support a
priority level that limits concurrency but does no queuing.
2019-11-14 20:25:31 -05:00
Kubernetes Prow Robot
12b18f200a
Merge pull request #85301 from robscott/endpointslice-beta-fix
Ensuring EndpointSlice controller does not start when feature gate or API are disabled
2019-11-14 16:39:17 -08:00
Kubernetes Prow Robot
141329fd21
Merge pull request #85285 from liggitt/kubectl-resource-version
Fix --resource-version handling in kubectl
2019-11-14 16:39:03 -08:00
Kubernetes Prow Robot
8dffc8db4f
Merge pull request #85257 from yutedz/queueset-robin-idx
Correct the checking of robinIndex
2019-11-14 16:38:50 -08:00
Kubernetes Prow Robot
9edcaf7c4d
Merge pull request #85252 from prameshj/fwrules-port
Specify a port range to ILB firewall rule create.
2019-11-14 16:38:37 -08:00
Kubernetes Prow Robot
30e6238795
Merge pull request #85147 from yutedz/devmgr-rm-contents
Continue removing file in ManagerImpl#removeContents
2019-11-14 16:38:28 -08:00
Kubernetes Prow Robot
99e18f5ae9
Merge pull request #84900 from MikeSpreitzer/add-namespace-to-rule
Enable Priority and Fairness to discriminate on target namespace
2019-11-14 16:38:18 -08:00
Kubernetes Prow Robot
f1e912c38a
Merge pull request #84304 from liggitt/all-beta
Add support for --runtime-config=api/beta=false, --feature-gates=AllBeta=false
2019-11-14 16:38:01 -08:00
Kubernetes Prow Robot
b9fa6e01b9
Merge pull request #83680 from bclau/tests/network-large-requests
tests: Adds large requests tests
2019-11-14 16:37:43 -08:00
Kubernetes Prow Robot
6c5fb3ee60
Merge pull request #83491 from dcbw/winship-iptables-owner
pkg/util/iptables: add Dan Winship to approvers
2019-11-14 16:37:26 -08:00
Kubernetes Prow Robot
0386d769cc
Merge pull request #83058 from bclau/tests/windows-tests-support
tests: Fixes tests for Windows (containerd, RunAsUserName)
2019-11-14 16:37:13 -08:00
Kenichi Omichi
34b05d36aa Move suites.go to e2e package
suites.go is used from e2e.go only and suites.go has invalid dependency
to subpackage of e2e framework as e2e core framework.
So this moves suites.go from e2e core framework.
2019-11-14 23:50:48 +00:00
Kenichi Omichi
e27188d70b Remove e2e/framework/profile_gatherer.go
Since 59533f0cd1 which removes the
deprecated scalability tests, functions in profile_gatherer.go have
not been used at all.
So this removes e2e/framework/profile_gatherer.go
2019-11-14 23:41:38 +00:00
Masaki Kimura
a275026ad4 Split CustomBlockVolumeMapper and CustomBlockVolumeUnmapper
- Move SetUpDevice to BlockVolumeStager
  - Move MapPodDevice to BlockVolumePublisher
  - Move TearDownDevice to BlockVolumeUnstager
  - Move UnmapPodDevice to BlockVolumeUnpublisher
  - Implement BlockVolumePublisher only in local and csi plugin
  - Implement BlockVolumeUnstager only in fc, iscsi, rbd, and csi plugin
  - Implement BlockVolumeStager and BlockVolumeUnpublisher only in csi plugin
2019-11-14 22:01:19 +00:00
Masaki Kimura
f363a03f0b Refactor BlockVolumeMapper and BlockVolumeUnmapper interface
- Rename MapDevice to MapPodDevice in BlockVolumeMapper
- Add UnmapPodDevice in BlockVolumeUnmapper (This will be used by csi driver later)
- Add CustomBlockVolumeMapper and CustomBlockVolumeUnmapper interface
- Move SetUpDevice and MapPodDevice to CustomBlockVolumeMapper
- Move TearDownDevice and UnmapPodDevice to CustomBlockVolumeUnmapper
- Implement CustomBlockVolumeMapper only in local and csi plugin
- Implement CustomBlockVolumeUnmapper only in fc, iscsi, rbd, and csi plugin
- Change MapPodDevice to return path and SetUpDevice not to return path
2019-11-14 22:01:11 +00:00
immutablet
883e9a0b50 Move test inputs for EncryptionConfiguration tests into testdata. 2019-11-14 13:59:25 -08:00
Mike Danese
3f194d5b41 migrate token cache to cache.Expiring 2019-11-14 13:50:15 -08:00
Mike Danese
9167711fd1 Add an expiring cache for the caching token authenticator
And maybe the webhook authorizer cache.

This cache has two primary advantages over the LRU cache used currently:

- Cache hits don't acquire an exclusive lock.
- More importantly, performance doesn't fallover when the access pattern
  scans a key space larger than an arbitrary size (e.g. the LRU
  capacity).

The downside of using an expiring cache here is that it doesn't have a
maximum size so it's suspectible to DoS when the input is user
controlled. This is not the case for successful authentications, and
successful authentications have a natural expiry so it might be a good
fit here.

It has some a few differences compared to:

3d7318f29d/staging/src/k8s.io/client-go/tools/cache/expiration_cache.go

- Expiration is not entirely lazy so keys that are never accessed again
  are still released from the cache.
- It does not acquire an exclusive lock on cache hits.
- It supports per entry ttls specified on Set.

The expiring cache (without striping) does somewhere in between the
simple cache and striped cache in the very contrived contention test
where every iteration acquires a write lock:

```
$ benchstat simple.log expiring.log
name      old time/op    new time/op    delta
Cache-12    2.74µs ± 2%    2.02µs ± 3%  -26.37%  (p=0.000 n=9+9)
name      old alloc/op   new alloc/op   delta
Cache-12      182B ± 0%      107B ± 4%  -41.21%  (p=0.000 n=8+9)
name      old allocs/op  new allocs/op  delta
Cache-12      5.00 ± 0%      2.00 ± 0%  -60.00%  (p=0.000 n=10+10)

$ benchstat striped.log expiring.log
name      old time/op    new time/op    delta
Cache-12    1.58µs ± 5%    2.02µs ± 3%  +27.34%  (p=0.000 n=10+9)
name      old alloc/op   new alloc/op   delta
Cache-12      288B ± 0%      107B ± 4%  -62.85%  (p=0.000 n=10+9)
name      old allocs/op  new allocs/op  delta
Cache-12      9.00 ± 0%      2.00 ± 0%  -77.78%  (p=0.000 n=10+10)

$ benchstat simple.log striped.log expiring.log
name \ time/op    simple.log   striped.log  expiring.log
Cache-12          2.74µs ± 2%  1.58µs ± 5%   2.02µs ± 3%
name \ alloc/op   simple.log   striped.log  expiring.log
Cache-12            182B ± 0%    288B ± 0%     107B ± 4%
name \ allocs/op  simple.log   striped.log  expiring.log
Cache-12            5.00 ± 0%    9.00 ± 0%     2.00 ± 0%
```

I also naively replacemed the LRU cache with the expiring cache in the
more realisitc CachedTokenAuthenticator benchmarks:

https://gist.github.com/mikedanese/41192b6eb62106c0758a4f4885bdad53

For token counts that fit in the LRU, expiring cache does better because
it does not require acquiring an exclusive lock for cache hits.

For token counts that exceed the size of the LRU, the LRU has a massive
performance drop off. The LRU cache is around 5x slower (with lookups
taking 1 milisecond and throttled to max 40 lookups in flight).

```
$ benchstat before.log after.log
name                                                  old time/op    new time/op    delta
CachedTokenAuthenticator/tokens=100_threads=256-12      3.60µs ±22%    1.08µs ± 4%  -69.91%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=500_threads=256-12      3.94µs ±19%    1.20µs ± 3%  -69.57%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=2500_threads=256-12     3.07µs ± 6%    1.17µs ± 1%  -61.87%  (p=0.000 n=9+10)
CachedTokenAuthenticator/tokens=12500_threads=256-12    3.16µs ±17%    1.38µs ± 1%  -56.23%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=62500_threads=256-12    15.0µs ± 1%     2.9µs ± 3%  -80.71%  (p=0.000 n=10+10)

name                                                  old alloc/op   new alloc/op   delta
CachedTokenAuthenticator/tokens=100_threads=256-12        337B ± 1%      300B ± 0%  -11.06%  (p=0.000 n=10+8)
CachedTokenAuthenticator/tokens=500_threads=256-12        307B ± 1%      304B ± 0%   -0.96%  (p=0.000 n=9+10)
CachedTokenAuthenticator/tokens=2500_threads=256-12       337B ± 1%      304B ± 0%   -9.79%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=12500_threads=256-12      343B ± 1%      276B ± 0%  -19.58%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=62500_threads=256-12      493B ± 0%      334B ± 0%  -32.12%  (p=0.000 n=10+10)

name                                                  old allocs/op  new allocs/op  delta
CachedTokenAuthenticator/tokens=100_threads=256-12        13.0 ± 0%      11.0 ± 0%  -15.38%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=500_threads=256-12        12.0 ± 0%      11.0 ± 0%   -8.33%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=2500_threads=256-12       13.0 ± 0%      11.0 ± 0%  -15.38%  (p=0.000 n=10+10)
CachedTokenAuthenticator/tokens=12500_threads=256-12      13.0 ± 0%      10.0 ± 0%  -23.08%  (p=0.000 n=9+10)
CachedTokenAuthenticator/tokens=62500_threads=256-12      17.0 ± 0%      12.0 ± 0%  -29.41%  (p=0.000 n=10+10)
```

Benchmarked with changes in #84423

Bugs: #83259 #83375
2019-11-14 13:50:15 -08:00
Kubernetes Prow Robot
27067540ff
Merge pull request #85246 from robscott/endpointslice-dualstack-proxy
Updating kube-proxy to support new EndpointSlice address types
2019-11-14 13:31:58 -08:00
Kubernetes Prow Robot
97225e2742
Merge pull request #85230 from oomichi/add-todo-issue81245
Add TODOs for removing invalid e2e dependencies
2019-11-14 13:31:41 -08:00
Kubernetes Prow Robot
24334444b4
Merge pull request #85175 from liggitt/golang-org-comments
Add comments to explain golang.org replace directives
2019-11-14 13:31:27 -08:00
Kubernetes Prow Robot
bfb99d809a
Merge pull request #85117 from hwdef/fix-staticcheck10
pkg/kubeapiserver: fix staticcheck warning
2019-11-14 13:31:15 -08:00
Kubernetes Prow Robot
acfc88d66e
Merge pull request #84752 from seans3/json_yaml_printers
Move json,yaml,jsonpath printers to correct locations
2019-11-14 13:31:04 -08:00
Kubernetes Prow Robot
5c772f5933
Merge pull request #84674 from hwdef/fix-staticcheck4
pkg/client: fix staticcheck warning
2019-11-14 13:30:45 -08:00
Kubernetes Prow Robot
e03d6e2311
Merge pull request #84660 from mkimuram/refactor-block-lock
Refactor block volume's descriptor lock logic
2019-11-14 13:30:30 -08:00