**Problem:** When a Pod fails to run due to kubelet-side admission checks, the
v1.Event objects emitted looks like these:
Reason="NodeAffinity" Message="Predicate NodeAffinity failed"
Reason="NodeName" Message="Predicate NodeName failed"
Reason="NodePorts" Message="Predicate NodePorts failed"
**Solution:** Expose human-readable predicate description in the failure
so that kubelet submits an Event with this description, such as:
Reason="NodeAffinity" Message="Predicate NodeAffinity failed: node(s) didn't match Pod's node affinity/selector"
Reason="NodeName" Message="Predicate NodeName failed: node(s) didn't match the requested node name"
Reason="NodePorts" Message="Predicate NodePorts failed: node(s) didn't have free ports for the requested pod ports"
The claim parameter key didn't include the namespace of the claim. In the case
where two namespaces used the exact same parameter reference, the "too many
generated parameters" case got triggered incorrectly and lookup could have
returned an object from the wrong namespace.
Found while running the E2E tests in parallel:
message: 'running PreFilter plugin "DynamicResources": multiple generated claim
parameters for ConfigMap. dra-8794/parameters-3 found: [dra-4729/parameters-4
dra-7328/parameters-4 dra-8794/parameters-4 dra-3402/parameters-4 dra-6156/parameters-4
dra-1839/parameters-4 dra-7434/parameters-4 dra-6504/parameters-4]'
After the introduction of v1beta4 if the user inputs the old
v1beta3 discovery timeout the value is ignored. Fix that
by introducing a conversion to v1beta4.
Co-authored-by: penghez (GitHub handle)
- Remove unused fallback to TLS serving key as service account verifying key
- Separate ServiceAccountTokenMaxExpiration setup from signer setup
- Separate the check for a signing method (private key) from the existence of issuers
- Extract watchWithResync to simplify ListAndWatch
- Wrap watchHandler with two variants, one for WatchList and one for
just Watch.
- Replace a bool pointer arg with a bool arg and bool return, to
improve readability.
- Use errors.Is to satisfy the linter
- Use %w to wrap the store.Replace error, to allow unwrapping.
The watch.Interface design is hard to change, because it would break
most client-go users that perform watches. So instead of changing the
interface to be more user friendly, this change updates the method
comments to explain the different responsibilities of the consumer
(client user) and the producer (interface implementer).
