* Change uses of whitelist to allowlist in kubelet sysctl
* Rename whitelist files to allowlist in Kubelet sysctl
* Further renames of whitelist to allowlist in Kubelet
* Rename podsecuritypolicy uses of whitelist to allowlist
* Update pkg/kubelet/kubelet.go
Co-authored-by: Danielle <dani@builds.terrible.systems>
Co-authored-by: Danielle <dani@builds.terrible.systems>
If no propagation policy has been set, the pods associated
with the jobs are going to linger because of OrphanDependents
policy set currently. This patch ensures that a warning
will be thrown when the user explicitly doesn't set deletionPolicy.
More context: https://github.com/kubernetes/kubernetes/pull/103449#discussion_r675820335
Check the Code in the Is family of functions where it makes sense. This
was already done in a couple of functions, but there were many others
where checking the code makes sense.
Consider known reasons in the Is* family of functions for checking
errors based on StatusReason and code.
Maintain backward compatibility by not checkng APIStatus for an unknown
reason in either IsTooManyRequests or IsRequestEntityToLargeError
Add tests for error types by code
Add tests to exercise error checks using both reasons and codes.
This allows to choose the correct architecture in the image manifest,
which defaulted to the host system before applying this patch.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Add 4 new metrics to the ClusterIP allocators:
- current number of available IPs per Service CIDR
- current number of used IPs per Service CIDR
- total number of allocation per Service CIDR
- total number of allocation errors per ServiceCIDR
Tests "Multi-AZ Cluster Volumes" should consider only nodes that are
schedulable and *untainted* when computing AZ where to run the tests.
GetReadySchedulableNodes() already filters schedulable + untainted nodes,
no need to do it again in GetSchedulableClusterZones().
1. string is formatted as unsafe json. Since this is created on the fly;
TaintKey and Effect are formatted as a 'key=effect' instead of '{key=effect}'
eliminating unsafe json representation.
2. Adds a fail test case for the case where a taint with same key and effect is added
and removed together.
Manual Testing
```
▶ ./_output/bin/kubectl taint nodes kind-control-plane key1=:NoSchedule key1=:NoSchedule-
error: can not both modify and remove the following taint(s) in the same command: key1=NoSchedule
```
For some reason when we send them to journald, many log lines are
consistently dropped as soon as the PLEG is started.
If we log directly to file, we don't have this problem. As a bonus, if
the tests crash, the kubelet logs will always be available since they
were already written; otherwise we normally wait until the end of the
test run to collect them from journald, meaning that we often end up
with empty logs.
