Claudiu Belu
c4fc9bba6c
Adds Windows support for etcd image
...
We can use docker buildx in order to build and push Windows images from the same Linux node,
as long as the Dockerfile does not have any RUN commands in the Windows step.
We also need to create a non-default builder instance in order to be able to build and
push Windows images.
The Windows images have to be built and pushed directly to the registry.
For Windows containers without Hyper-V isolation, the host OS Version and the
Container OS Version need to match, which is why we added multiple Windows OS Versions
to the building process.
For the manifest list, we need to also annotate the Windows OS Version, so the Windows nodes
will be able to pull the proper image from the manifest list.
Adds support for Windows OS Versions: 1809, 2004, 20H2, ltsc2022.
Bumped etcd image revision.
2021-09-24 18:28:00 +00:00
Kubernetes Prow Robot
86d23cf441
Merge pull request #105206 from pohly/test-integration-help
...
test/integration: skip etcd startup for -help flag
2021-09-24 10:29:23 -07:00
Kubernetes Prow Robot
a6f9b2b2cb
Merge pull request #105235 from spiffxp/use-k8s-infra-gcb-docker-gcloud
...
use k8s-staging-test-infra/gcb-docker-gcloud
2021-09-24 08:03:23 -07:00
Aaron Crickenberger
42a955b3ae
use k8s-staging-test-infra/gcb-docker-gcloud
2021-09-24 06:54:40 -07:00
Patrick Ohly
81b4a695b3
test/integration: skip etcd startup for -help flag
...
By parsing flags in the test's main function before starting etcd we bail out
early without ever starting etcd when the test was invoked with -help.
Otherwise etcd must be available, gets started and then hangs because
flag.Parse itself exits when called by testing.go. This bypasses the code in
EtcdMain which normally stops etcd.
2021-09-24 11:51:58 +02:00
Kubernetes Prow Robot
7bff8adaf6
Merge pull request #92853 from cosmo0920/add-sniffer-class-loading-feature-on-es-image
...
[fluentd/elasticsearch] Add mechanism to load simple sniffer class
2021-09-23 23:07:24 -07:00
Kubernetes Prow Robot
005dfcd09e
Merge pull request #105218 from khenidak/fix-sig-net-105182
...
mute unnecessary logs when failing to parse IPs
2021-09-23 17:27:23 -07:00
Kubernetes Prow Robot
b6924839ca
Merge pull request #101987 from sky-philipalmeida/patch-1
...
Log if PV is still in use trying to delete it
2021-09-23 14:30:54 -07:00
Khaled (Kal) Henidak
59dd238fd4
mute unnecessary logs
2021-09-23 20:52:18 +00:00
Kubernetes Prow Robot
24408ef7f5
Merge pull request #104892 from zzchun/fix-typo-in-node_affinity_test
...
fix typo in node_affinity_test
2021-09-23 13:22:55 -07:00
Kubernetes Prow Robot
ab4d8bd1e5
Merge pull request #105159 from jyz0309/fix-klog-error
...
Fix klog error in `pkg/proxy`
2021-09-23 11:17:38 -07:00
Kubernetes Prow Robot
e5c4defa8e
Merge pull request #103370 from verb/1.22-cleanup-shareprocesses-e2e
...
Remove ShareProcessNamespace tags from e2e_node tests
2021-09-23 10:11:14 -07:00
Kubernetes Prow Robot
6c2f644482
Merge pull request #105205 from ingvagabund/do-not-reference-control-variable-in-for
...
e2e scheduling priorities: do not reference control loop variable
2021-09-23 08:37:22 -07:00
Kubernetes Prow Robot
2541fcf256
Merge pull request #104123 from fromanirh/podresources-not-report-unhealthy-devices
...
devicemanager: skip unhealthy devices in GetAllocatable
2021-09-23 05:39:21 -07:00
Jan Chaloupka
b3249a1b39
e2e scheduling priorities: do not reference control loop variable
...
Otherwise, nodeNameToPodList[nodeName] list will have all its references
identical (corresponding to the control variable reference).
Thus, making all the pods in the list identical.
2021-09-23 13:08:03 +02:00
jyz0309
e9abf3dfc6
remove spew
...
Signed-off-by: jyz0309 <45495947@qq.com>
remove spew
Signed-off-by: jyz0309 <45495947@qq.com>
remove LogJson
Signed-off-by: jyz0309 <45495947@qq.com>
change name
Signed-off-by: jyz0309 <45495947@qq.com>
remove spew
Signed-off-by: jyz0309 <45495947@qq.com>
2021-09-23 17:20:34 +08:00
jyz0309
c0e0fae775
fix error
...
Signed-off-by: jyz0309 <45495947@qq.com>
use InfoS handle json
Signed-off-by: jyz0309 <45495947@qq.com>
remove import
Signed-off-by: jyz0309 <45495947@qq.com>
fix comment
Signed-off-by: jyz0309 <45495947@qq.com>
2021-09-23 17:15:18 +08:00
jyz0309
a0fd52b6e1
fix log error
...
Signed-off-by: jyz0309 <45495947@qq.com>
fix conflict
Signed-off-by: jyz0309 <45495947@qq.com>
format code
Signed-off-by: jyz0309 <45495947@qq.com>
2021-09-23 17:15:18 +08:00
Kubernetes Prow Robot
9462ca2312
Merge pull request #105086 from ialidzhikov/nit/improve-formatting
...
Improve formatting in CHANGELOGs
2021-09-23 01:29:11 -07:00
Kubernetes Prow Robot
372103f4b8
Merge pull request #100672 from wangyx1992/structured-log
...
Structured Logging migration: modify logs of controller-manager
2021-09-22 20:27:10 -07:00
Kubernetes Prow Robot
86003a2a76
Merge pull request #104952 from dcantah/cleanup-hcn
...
Replace custom dualstack support logic in Windows Kube-proxy
2021-09-22 18:59:10 -07:00
Kubernetes Prow Robot
dce069ce22
Merge pull request #104588 from liggitt/podsecurity-benchmark
...
PodSecurity: benchmark and optimize privileged namespace evaluations
2021-09-22 16:17:10 -07:00
Daniel Canter
ce52f70c66
Replace custom dualstack support logic in Windows Kube-proxy
...
Due to an incorrect version range definition in hcsshim for dualstack
support, the Windows kubeproxy had to define it's own version range logic
to check if dualstack was supported on the host. This was remedied in hcsshim
(https://github.com/microsoft/hcsshim/pull/1003 ) and this work has been vendored into
K8s as well (https://github.com/kubernetes/kubernetes/pull/104880 ). This
change simply makes use of the now correct version range to check if dualstack
is supported, and gets rid of the old custom logic.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
2021-09-22 13:07:38 -07:00
Kubernetes Prow Robot
752c4b7f0b
Merge pull request #105160 from MikeSpreitzer/improve-sharding-and-dispatch
...
Improve sharding and dispatch
2021-09-22 12:58:32 -07:00
Francesco Romani
1b6efa5e21
devicemanager: skip unhealthy devs in GetAllocatable
...
The GetAllocatableDevices, needed to support the podresources
API, doesn't take into account the device health when computing
its output.
In this PR we address this gap and add unit tests along the way
to prevent regressions. This gives us a good initial coverage,
E2E tests to cover this case are much harder to write, because
we would need to inject faults to trigger the unhealthy status.
We will evaluate if adding these tests into later PRs.
Signed-off-by: Francesco Romani <fromani@redhat.com>
2021-09-22 19:20:04 +02:00
Jordan Liggitt
32a5f41ec4
PodSecurity: avoid double parsing policy from namespace labels
...
benchmark old ns/op new ns/op delta
BenchmarkVerifyPod/enforce-implicit_pod-12 224 225 +0.40%
BenchmarkVerifyPod/enforce-implicit_deployment-12 237 234 -1.31%
BenchmarkVerifyPod/enforce-privileged_pod-12 259 245 -5.26%
BenchmarkVerifyPod/enforce-privileged_deployment-12 261 254 -2.72%
BenchmarkVerifyPod/enforce-baseline_pod-12 2967 2850 -3.94%
BenchmarkVerifyPod/enforce-baseline_deployment-12 252 255 +0.87%
BenchmarkVerifyPod/enforce-restricted_pod-12 3244 3125 -3.67%
BenchmarkVerifyPod/enforce-restricted_deployment-12 258 261 +0.97%
BenchmarkVerifyPod/warn-baseline_pod-12 2956 2841 -3.89%
BenchmarkVerifyPod/warn-baseline_deployment-12 3034 2913 -3.99%
BenchmarkVerifyPod/warn-restricted_pod-12 3276 3176 -3.05%
BenchmarkVerifyPod/warn-restricted_deployment-12 3302 3157 -4.39%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 5159 5132 -0.52%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12 4208 4069 -3.30%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 4336 4252 -1.94%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12 4436 4316 -2.71%
2021-09-22 10:26:34 -04:00
Kubernetes Prow Robot
5b489e2846
Merge pull request #104983 from MikeSpreitzer/list-metrics-take3
...
Try yet again to add metrics about LIST handling
2021-09-22 07:16:02 -07:00
Kubernetes Prow Robot
686379281d
Merge pull request #97665 from heqg/unused-function-NewSingleContentTypeSerializer
...
remove unused function of NewSingleContentTypeSerializer
2021-09-21 22:16:00 -07:00
Kubernetes Prow Robot
950e978ff1
Merge pull request #105180 from tallclair/forbidden
...
Fix PodSecurity forbidden response reason
2021-09-21 21:08:00 -07:00
Kubernetes Prow Robot
857d4c107c
Merge pull request #104808 from chendave/indent
...
Format json file with proper indentation
2021-09-21 19:14:00 -07:00
Kubernetes Prow Robot
76c0573ff4
Merge pull request #105181 from alculquicondor/revert
...
Revert #104739
2021-09-21 16:54:00 -07:00
Kubernetes Prow Robot
92ddd4dcd6
Merge pull request #103906 from pacoxu/unsafe-e2e-test
...
sysctl-test: use status reason check instead of events check
2021-09-21 15:20:18 -07:00
Kubernetes Prow Robot
2bfb2eba80
Merge pull request #105170 from liggitt/gomodule-importverifier
...
Make importverifier package-compatible
2021-09-21 14:08:49 -07:00
Kubernetes Prow Robot
7432904c53
Merge pull request #105169 from liggitt/gomodule-codegenerator
...
Smoke test code-generator using full packages
2021-09-21 14:08:41 -07:00
Kubernetes Prow Robot
bc94b5e248
Merge pull request #105151 from Huang-Wei/104998-followup
...
sched: de-duplicate plugin registration logic by using FactoryAdapter
2021-09-21 14:08:30 -07:00
Kubernetes Prow Robot
fed612c9f8
Merge pull request #103172 from niulechuan/cleanup/deprecated_flag
...
Remove deprecated flag --experimental-bootstrap-kubeconfig
2021-09-21 14:08:18 -07:00
Jordan Liggitt
636c769fb8
PodSecurity: preconstruct reused values
...
benchmark old ns/op new ns/op delta
BenchmarkVerifyPod/enforce-implicit_pod-12 370 228 -38.49%
BenchmarkVerifyPod/enforce-implicit_deployment-12 408 241 -40.86%
BenchmarkVerifyPod/enforce-privileged_pod-12 420 242 -42.27%
BenchmarkVerifyPod/enforce-privileged_deployment-12 426 256 -39.84%
BenchmarkVerifyPod/enforce-baseline_pod-12 4259 3006 -29.42%
BenchmarkVerifyPod/enforce-baseline_deployment-12 341 266 -22.12%
BenchmarkVerifyPod/enforce-restricted_pod-12 3322 3282 -1.20%
BenchmarkVerifyPod/enforce-restricted_deployment-12 327 260 -20.59%
BenchmarkVerifyPod/warn-baseline_pod-12 2964 3020 +1.89%
BenchmarkVerifyPod/warn-baseline_deployment-12 3069 3127 +1.89%
BenchmarkVerifyPod/warn-restricted_pod-12 3223 3330 +3.32%
BenchmarkVerifyPod/warn-restricted_deployment-12 3443 3533 +2.61%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 5193 5405 +4.08%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12 4295 4358 +1.47%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 4363 4513 +3.44%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12 4482 4588 +2.37%
benchmark old allocs new allocs delta
BenchmarkVerifyPod/enforce-implicit_pod-12 2 1 -50.00%
BenchmarkVerifyPod/enforce-implicit_deployment-12 2 1 -50.00%
BenchmarkVerifyPod/enforce-privileged_pod-12 2 1 -50.00%
BenchmarkVerifyPod/enforce-privileged_deployment-12 2 1 -50.00%
BenchmarkVerifyPod/enforce-baseline_pod-12 17 17 +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12 2 1 -50.00%
BenchmarkVerifyPod/enforce-restricted_pod-12 17 17 +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12 2 1 -50.00%
BenchmarkVerifyPod/warn-baseline_pod-12 17 17 +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12 19 19 +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12 17 17 +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12 19 19 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 27 27 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12 24 24 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 22 22 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12 24 24 +0.00%
benchmark old bytes new bytes delta
BenchmarkVerifyPod/enforce-implicit_pod-12 208 112 -46.15%
BenchmarkVerifyPod/enforce-implicit_deployment-12 208 112 -46.15%
BenchmarkVerifyPod/enforce-privileged_pod-12 208 112 -46.15%
BenchmarkVerifyPod/enforce-privileged_deployment-12 208 112 -46.15%
BenchmarkVerifyPod/enforce-baseline_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12 208 112 -46.15%
BenchmarkVerifyPod/enforce-restricted_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12 208 112 -46.15%
BenchmarkVerifyPod/warn-baseline_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12 3552 3552 +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12 3552 3552 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 5864 5864 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12 4800 4800 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 4616 4616 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12 4800 4800 +0.00%
2021-09-21 16:20:11 -04:00
Jordan Liggitt
d5589ba65f
PodSecurity: optimize evaluation of fully-privileged namespaces
...
benchmark old ns/op new ns/op delta
BenchmarkVerifyPod/enforce-implicit_pod-12 2658 370 -86.07%
BenchmarkVerifyPod/enforce-implicit_deployment-12 2462 408 -83.42%
BenchmarkVerifyPod/enforce-privileged_pod-12 2346 420 -82.11%
BenchmarkVerifyPod/enforce-privileged_deployment-12 2318 426 -81.64%
BenchmarkVerifyPod/enforce-baseline_pod-12 3606 4259 +18.11%
BenchmarkVerifyPod/enforce-baseline_deployment-12 2032 341 -83.22%
BenchmarkVerifyPod/enforce-restricted_pod-12 3522 3322 -5.68%
BenchmarkVerifyPod/enforce-restricted_deployment-12 1893 327 -82.70%
BenchmarkVerifyPod/warn-baseline_pod-12 3076 2964 -3.64%
BenchmarkVerifyPod/warn-baseline_deployment-12 3111 3069 -1.35%
BenchmarkVerifyPod/warn-restricted_pod-12 3155 3223 +2.16%
BenchmarkVerifyPod/warn-restricted_deployment-12 3235 3443 +6.43%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 5148 5193 +0.87%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12 4147 4295 +3.57%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 4286 4363 +1.80%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12 4447 4482 +0.79%
benchmark old allocs new allocs delta
BenchmarkVerifyPod/enforce-implicit_pod-12 12 2 -83.33%
BenchmarkVerifyPod/enforce-implicit_deployment-12 14 2 -85.71%
BenchmarkVerifyPod/enforce-privileged_pod-12 12 2 -83.33%
BenchmarkVerifyPod/enforce-privileged_deployment-12 14 2 -85.71%
BenchmarkVerifyPod/enforce-baseline_pod-12 17 17 +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12 14 2 -85.71%
BenchmarkVerifyPod/enforce-restricted_pod-12 17 17 +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12 14 2 -85.71%
BenchmarkVerifyPod/warn-baseline_pod-12 17 17 +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12 19 19 +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12 17 17 +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12 19 19 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 27 27 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12 24 24 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 22 22 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12 24 24 +0.00%
benchmark old bytes new bytes delta
BenchmarkVerifyPod/enforce-implicit_pod-12 2120 208 -90.19%
BenchmarkVerifyPod/enforce-implicit_deployment-12 2304 208 -90.97%
BenchmarkVerifyPod/enforce-privileged_pod-12 2120 208 -90.19%
BenchmarkVerifyPod/enforce-privileged_deployment-12 2304 208 -90.97%
BenchmarkVerifyPod/enforce-baseline_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12 2304 208 -90.97%
BenchmarkVerifyPod/enforce-restricted_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12 2304 208 -90.97%
BenchmarkVerifyPod/warn-baseline_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12 3552 3552 +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12 3368 3368 +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12 3552 3552 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 5864 5864 +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12 4800 4800 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 4616 4616 +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12 4800 4800 +0.00%
2021-09-21 16:20:11 -04:00
Jordan Liggitt
13e0887c4c
PodSecurity: add admission benchmark
...
go test ./plugin/pkg/admission/security/podsecurity -bench /pod -benchmem
goos: darwin
goarch: amd64
pkg: k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity
cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
BenchmarkVerifyPod/enforce-implicit_pod-12 702789 1585 ns/op 2120 B/op 12 allocs/op
BenchmarkVerifyPod/enforce-privileged_pod-12 737588 1607 ns/op 2120 B/op 12 allocs/op
BenchmarkVerifyPod/enforce-baseline_pod-12 409818 2974 ns/op 3368 B/op 17 allocs/op
BenchmarkVerifyPod/enforce-restricted_pod-12 370262 3385 ns/op 3368 B/op 17 allocs/op
BenchmarkVerifyPod/warn-baseline_pod-12 391808 3101 ns/op 3368 B/op 17 allocs/op
BenchmarkVerifyPod/warn-restricted_pod-12 349411 3452 ns/op 3368 B/op 17 allocs/op
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12 208221 5735 ns/op 5864 B/op 27 allocs/op
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12 249662 4849 ns/op 4616 B/op 22 allocs/op
PASS
ok k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity 10.707s
2021-09-21 16:20:11 -04:00
Aldo Culquicondor
7868fbbe64
Revert "Add metric job_pod_finished"
...
This reverts commit a0e7a567c5
.
2021-09-21 15:16:54 -04:00
Aldo Culquicondor
8bcb780808
Revert "Limit number of Pods counted in a single Job sync"
...
This reverts commit 7d9cb88fed
.
2021-09-21 15:16:50 -04:00
Kubernetes Prow Robot
d5f39ebe4d
Merge pull request #105064 from knight42/refactor-switch-to-stdlib-cipher
...
refactor: switch to tls cipher suite in stdlib
2021-09-21 11:56:42 -07:00
Kubernetes Prow Robot
7c71e06cd1
Merge pull request #104959 from calvin0327/issue-test-dataRace
...
fix the test issue of node shutdown manager
2021-09-21 11:56:30 -07:00
Kubernetes Prow Robot
44d4d007bf
Merge pull request #103424 from 249043822/br-cadvisor-perf
...
Optimize kubelet stats provider for perfomace bottleneck
2021-09-21 11:56:18 -07:00
Tim Allclair
4633670153
Fix PodSecurity forbidden response reason
2021-09-21 11:34:13 -07:00
Kubernetes Prow Robot
40c9203472
Merge pull request #105171 from liggitt/gomodule-staticcheck
...
Make staticcheck package-compatible
2021-09-21 10:34:23 -07:00
Phil
f1a9402082
Log if PV is still in use trying to delete it
...
Similar to what we have in:
https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/volume/pvcprotection/pvc_protection_controller.go#L181
The objective is to have a easy way to monitor if a PV will enter in Terminating state due to a failed removal when still in use.
This way we can capture the PV log and alert according.
The code is not tested.
Update pv_protection_controller.go
Change call to Infof
2021-09-21 18:05:16 +01:00
Jordan Liggitt
fc0f6ab127
Make importverifier package-compatible
2021-09-21 12:46:29 -04:00
Jordan Liggitt
00622da45e
Make staticcheck package-compatible
2021-09-21 12:19:57 -04:00
Kubernetes Prow Robot
bf77f8ff43
Merge pull request #105162 from MadhavJivrajani/migrate-clock-pkg
...
migrate k8s.io/apimachinery/util/clock -> k8s.io/utils/clock
2021-09-21 08:44:24 -07:00