Commit Graph

103734 Commits

Author SHA1 Message Date
Claudiu Belu
c4fc9bba6c Adds Windows support for etcd image
We can use docker buildx in order to build and push Windows images from the same Linux node,
as long as the Dockerfile does not have any RUN commands in the Windows step.

We also need to create a non-default builder instance in order to be able to build and
push Windows images.

The Windows images have to be built and pushed directly to the registry.

For Windows containers without Hyper-V isolation, the host OS Version and the
Container OS Version need to match, which is why we added multiple Windows OS Versions
to the building process.

For the manifest list, we need to also annotate the Windows OS Version, so the Windows nodes
will be able to pull the proper image from the manifest list.

Adds support for Windows OS Versions: 1809, 2004, 20H2, ltsc2022.

Bumped etcd image revision.
2021-09-24 18:28:00 +00:00
Kubernetes Prow Robot
86d23cf441
Merge pull request #105206 from pohly/test-integration-help
test/integration: skip etcd startup for -help flag
2021-09-24 10:29:23 -07:00
Kubernetes Prow Robot
a6f9b2b2cb
Merge pull request #105235 from spiffxp/use-k8s-infra-gcb-docker-gcloud
use k8s-staging-test-infra/gcb-docker-gcloud
2021-09-24 08:03:23 -07:00
Aaron Crickenberger
42a955b3ae use k8s-staging-test-infra/gcb-docker-gcloud 2021-09-24 06:54:40 -07:00
Patrick Ohly
81b4a695b3 test/integration: skip etcd startup for -help flag
By parsing flags in the test's main function before starting etcd we bail out
early without ever starting etcd when the test was invoked with -help.

Otherwise etcd must be available, gets started and then hangs because
flag.Parse itself exits when called by testing.go. This bypasses the code in
EtcdMain which normally stops etcd.
2021-09-24 11:51:58 +02:00
Kubernetes Prow Robot
7bff8adaf6
Merge pull request #92853 from cosmo0920/add-sniffer-class-loading-feature-on-es-image
[fluentd/elasticsearch] Add mechanism to load simple sniffer class
2021-09-23 23:07:24 -07:00
Kubernetes Prow Robot
005dfcd09e
Merge pull request #105218 from khenidak/fix-sig-net-105182
mute unnecessary logs when failing to parse IPs
2021-09-23 17:27:23 -07:00
Kubernetes Prow Robot
b6924839ca
Merge pull request #101987 from sky-philipalmeida/patch-1
Log if PV is still in use trying to delete it
2021-09-23 14:30:54 -07:00
Khaled (Kal) Henidak
59dd238fd4 mute unnecessary logs 2021-09-23 20:52:18 +00:00
Kubernetes Prow Robot
24408ef7f5
Merge pull request #104892 from zzchun/fix-typo-in-node_affinity_test
fix typo in node_affinity_test
2021-09-23 13:22:55 -07:00
Kubernetes Prow Robot
ab4d8bd1e5
Merge pull request #105159 from jyz0309/fix-klog-error
Fix klog error in `pkg/proxy`
2021-09-23 11:17:38 -07:00
Kubernetes Prow Robot
e5c4defa8e
Merge pull request #103370 from verb/1.22-cleanup-shareprocesses-e2e
Remove ShareProcessNamespace tags from e2e_node tests
2021-09-23 10:11:14 -07:00
Kubernetes Prow Robot
6c2f644482
Merge pull request #105205 from ingvagabund/do-not-reference-control-variable-in-for
e2e scheduling priorities: do not reference control loop variable
2021-09-23 08:37:22 -07:00
Kubernetes Prow Robot
2541fcf256
Merge pull request #104123 from fromanirh/podresources-not-report-unhealthy-devices
devicemanager: skip unhealthy devices in GetAllocatable
2021-09-23 05:39:21 -07:00
Jan Chaloupka
b3249a1b39 e2e scheduling priorities: do not reference control loop variable
Otherwise, nodeNameToPodList[nodeName] list will have all its references
identical (corresponding to the control variable reference).
Thus, making all the pods in the list identical.
2021-09-23 13:08:03 +02:00
jyz0309
e9abf3dfc6 remove spew
Signed-off-by: jyz0309 <45495947@qq.com>

remove spew

Signed-off-by: jyz0309 <45495947@qq.com>

remove LogJson

Signed-off-by: jyz0309 <45495947@qq.com>

change name

Signed-off-by: jyz0309 <45495947@qq.com>

remove spew

Signed-off-by: jyz0309 <45495947@qq.com>
2021-09-23 17:20:34 +08:00
jyz0309
c0e0fae775 fix error
Signed-off-by: jyz0309 <45495947@qq.com>

use InfoS handle json

Signed-off-by: jyz0309 <45495947@qq.com>

remove import

Signed-off-by: jyz0309 <45495947@qq.com>

fix comment

Signed-off-by: jyz0309 <45495947@qq.com>
2021-09-23 17:15:18 +08:00
jyz0309
a0fd52b6e1 fix log error
Signed-off-by: jyz0309 <45495947@qq.com>

fix conflict

Signed-off-by: jyz0309 <45495947@qq.com>

format code

Signed-off-by: jyz0309 <45495947@qq.com>
2021-09-23 17:15:18 +08:00
Kubernetes Prow Robot
9462ca2312
Merge pull request #105086 from ialidzhikov/nit/improve-formatting
Improve formatting in CHANGELOGs
2021-09-23 01:29:11 -07:00
Kubernetes Prow Robot
372103f4b8
Merge pull request #100672 from wangyx1992/structured-log
Structured Logging migration: modify logs of controller-manager
2021-09-22 20:27:10 -07:00
Kubernetes Prow Robot
86003a2a76
Merge pull request #104952 from dcantah/cleanup-hcn
Replace custom dualstack support logic in Windows Kube-proxy
2021-09-22 18:59:10 -07:00
Kubernetes Prow Robot
dce069ce22
Merge pull request #104588 from liggitt/podsecurity-benchmark
PodSecurity: benchmark and optimize privileged namespace evaluations
2021-09-22 16:17:10 -07:00
Daniel Canter
ce52f70c66 Replace custom dualstack support logic in Windows Kube-proxy
Due to an incorrect version range definition in hcsshim for dualstack
support, the Windows kubeproxy had to define it's own version range logic
to check if dualstack was supported on the host. This was remedied in hcsshim
(https://github.com/microsoft/hcsshim/pull/1003) and this work has been vendored into
K8s as well (https://github.com/kubernetes/kubernetes/pull/104880). This
change simply makes use of the now correct version range to check if dualstack
is supported, and gets rid of the old custom logic.

Signed-off-by: Daniel Canter <dcanter@microsoft.com>
2021-09-22 13:07:38 -07:00
Kubernetes Prow Robot
752c4b7f0b
Merge pull request #105160 from MikeSpreitzer/improve-sharding-and-dispatch
Improve sharding and dispatch
2021-09-22 12:58:32 -07:00
Francesco Romani
1b6efa5e21 devicemanager: skip unhealthy devs in GetAllocatable
The GetAllocatableDevices, needed to support the podresources
API, doesn't take into account the device health when computing
its output.

In this PR we address this gap and add unit tests along the way
to prevent regressions. This gives us a good initial coverage,
E2E tests to cover this case are much harder to write, because
we would need to inject faults to trigger the unhealthy status.
We will evaluate if adding these tests into later PRs.

Signed-off-by: Francesco Romani <fromani@redhat.com>
2021-09-22 19:20:04 +02:00
Jordan Liggitt
32a5f41ec4 PodSecurity: avoid double parsing policy from namespace labels
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          224           225           +0.40%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   237           234           -1.31%
BenchmarkVerifyPod/enforce-privileged_pod-12                        259           245           -5.26%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 261           254           -2.72%
BenchmarkVerifyPod/enforce-baseline_pod-12                          2967          2850          -3.94%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   252           255           +0.87%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3244          3125          -3.67%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 258           261           +0.97%
BenchmarkVerifyPod/warn-baseline_pod-12                             2956          2841          -3.89%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3034          2913          -3.99%
BenchmarkVerifyPod/warn-restricted_pod-12                           3276          3176          -3.05%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3302          3157          -4.39%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5159          5132          -0.52%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4208          4069          -3.30%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4336          4252          -1.94%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4436          4316          -2.71%
2021-09-22 10:26:34 -04:00
Kubernetes Prow Robot
5b489e2846
Merge pull request #104983 from MikeSpreitzer/list-metrics-take3
Try yet again to add metrics about LIST handling
2021-09-22 07:16:02 -07:00
Kubernetes Prow Robot
686379281d
Merge pull request #97665 from heqg/unused-function-NewSingleContentTypeSerializer
remove unused function of NewSingleContentTypeSerializer
2021-09-21 22:16:00 -07:00
Kubernetes Prow Robot
950e978ff1
Merge pull request #105180 from tallclair/forbidden
Fix PodSecurity forbidden response reason
2021-09-21 21:08:00 -07:00
Kubernetes Prow Robot
857d4c107c
Merge pull request #104808 from chendave/indent
Format json file with proper indentation
2021-09-21 19:14:00 -07:00
Kubernetes Prow Robot
76c0573ff4
Merge pull request #105181 from alculquicondor/revert
Revert #104739
2021-09-21 16:54:00 -07:00
Kubernetes Prow Robot
92ddd4dcd6
Merge pull request #103906 from pacoxu/unsafe-e2e-test
sysctl-test: use status reason check instead of events check
2021-09-21 15:20:18 -07:00
Kubernetes Prow Robot
2bfb2eba80
Merge pull request #105170 from liggitt/gomodule-importverifier
Make importverifier package-compatible
2021-09-21 14:08:49 -07:00
Kubernetes Prow Robot
7432904c53
Merge pull request #105169 from liggitt/gomodule-codegenerator
Smoke test code-generator using full packages
2021-09-21 14:08:41 -07:00
Kubernetes Prow Robot
bc94b5e248
Merge pull request #105151 from Huang-Wei/104998-followup
sched: de-duplicate plugin registration logic by using FactoryAdapter
2021-09-21 14:08:30 -07:00
Kubernetes Prow Robot
fed612c9f8
Merge pull request #103172 from niulechuan/cleanup/deprecated_flag
Remove deprecated flag --experimental-bootstrap-kubeconfig
2021-09-21 14:08:18 -07:00
Jordan Liggitt
636c769fb8 PodSecurity: preconstruct reused values
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          370           228           -38.49%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   408           241           -40.86%
BenchmarkVerifyPod/enforce-privileged_pod-12                        420           242           -42.27%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 426           256           -39.84%
BenchmarkVerifyPod/enforce-baseline_pod-12                          4259          3006          -29.42%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   341           266           -22.12%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3322          3282          -1.20%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 327           260           -20.59%
BenchmarkVerifyPod/warn-baseline_pod-12                             2964          3020          +1.89%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3069          3127          +1.89%
BenchmarkVerifyPod/warn-restricted_pod-12                           3223          3330          +3.32%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3443          3533          +2.61%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5193          5405          +4.08%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4295          4358          +1.47%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4363          4513          +3.44%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4482          4588          +2.37%

benchmark                                                           old allocs     new allocs     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2              1              -50.00%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2              1              -50.00%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2              1              -50.00%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2              1              -50.00%
BenchmarkVerifyPod/enforce-baseline_pod-12                          17             17             +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2              1              -50.00%
BenchmarkVerifyPod/enforce-restricted_pod-12                        17             17             +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 2              1              -50.00%
BenchmarkVerifyPod/warn-baseline_pod-12                             17             17             +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      19             19             +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           17             17             +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    19             19             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               27             27             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        24             24             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            22             22             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     24             24             +0.00%

benchmark                                                           old bytes     new bytes     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          208           112           -46.15%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   208           112           -46.15%
BenchmarkVerifyPod/enforce-privileged_pod-12                        208           112           -46.15%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 208           112           -46.15%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3368          3368          +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   208           112           -46.15%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3368          3368          +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 208           112           -46.15%
BenchmarkVerifyPod/warn-baseline_pod-12                             3368          3368          +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3552          3552          +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           3368          3368          +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3552          3552          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5864          5864          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4800          4800          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4616          4616          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4800          4800          +0.00%
2021-09-21 16:20:11 -04:00
Jordan Liggitt
d5589ba65f PodSecurity: optimize evaluation of fully-privileged namespaces
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2658          370           -86.07%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2462          408           -83.42%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2346          420           -82.11%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2318          426           -81.64%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3606          4259          +18.11%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2032          341           -83.22%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3522          3322          -5.68%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 1893          327           -82.70%
BenchmarkVerifyPod/warn-baseline_pod-12                             3076          2964          -3.64%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3111          3069          -1.35%
BenchmarkVerifyPod/warn-restricted_pod-12                           3155          3223          +2.16%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3235          3443          +6.43%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5148          5193          +0.87%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4147          4295          +3.57%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4286          4363          +1.80%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4447          4482          +0.79%

benchmark                                                           old allocs     new allocs     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          12             2              -83.33%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   14             2              -85.71%
BenchmarkVerifyPod/enforce-privileged_pod-12                        12             2              -83.33%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 14             2              -85.71%
BenchmarkVerifyPod/enforce-baseline_pod-12                          17             17             +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   14             2              -85.71%
BenchmarkVerifyPod/enforce-restricted_pod-12                        17             17             +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 14             2              -85.71%
BenchmarkVerifyPod/warn-baseline_pod-12                             17             17             +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      19             19             +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           17             17             +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    19             19             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               27             27             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        24             24             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            22             22             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     24             24             +0.00%

benchmark                                                           old bytes     new bytes     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2120          208           -90.19%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2304          208           -90.97%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2120          208           -90.19%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2304          208           -90.97%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3368          3368          +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2304          208           -90.97%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3368          3368          +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 2304          208           -90.97%
BenchmarkVerifyPod/warn-baseline_pod-12                             3368          3368          +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3552          3552          +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           3368          3368          +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3552          3552          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5864          5864          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4800          4800          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4616          4616          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4800          4800          +0.00%
2021-09-21 16:20:11 -04:00
Jordan Liggitt
13e0887c4c PodSecurity: add admission benchmark
go test ./plugin/pkg/admission/security/podsecurity -bench /pod -benchmem
goos: darwin
goarch: amd64
pkg: k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity
cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
BenchmarkVerifyPod/enforce-implicit_pod-12         	  702789	      1585 ns/op	    2120 B/op	      12 allocs/op
BenchmarkVerifyPod/enforce-privileged_pod-12       	  737588	      1607 ns/op	    2120 B/op	      12 allocs/op
BenchmarkVerifyPod/enforce-baseline_pod-12         	  409818	      2974 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/enforce-restricted_pod-12       	  370262	      3385 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/warn-baseline_pod-12            	  391808	      3101 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/warn-restricted_pod-12          	  349411	      3452 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12         	  208221	      5735 ns/op	    5864 B/op	      27 allocs/op
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12      	  249662	      4849 ns/op	    4616 B/op	      22 allocs/op
PASS
ok  	k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity	10.707s
2021-09-21 16:20:11 -04:00
Aldo Culquicondor
7868fbbe64 Revert "Add metric job_pod_finished"
This reverts commit a0e7a567c5.
2021-09-21 15:16:54 -04:00
Aldo Culquicondor
8bcb780808 Revert "Limit number of Pods counted in a single Job sync"
This reverts commit 7d9cb88fed.
2021-09-21 15:16:50 -04:00
Kubernetes Prow Robot
d5f39ebe4d
Merge pull request #105064 from knight42/refactor-switch-to-stdlib-cipher
refactor: switch to tls cipher suite in stdlib
2021-09-21 11:56:42 -07:00
Kubernetes Prow Robot
7c71e06cd1
Merge pull request #104959 from calvin0327/issue-test-dataRace
fix the test issue of node shutdown manager
2021-09-21 11:56:30 -07:00
Kubernetes Prow Robot
44d4d007bf
Merge pull request #103424 from 249043822/br-cadvisor-perf
Optimize kubelet stats provider for perfomace bottleneck
2021-09-21 11:56:18 -07:00
Tim Allclair
4633670153 Fix PodSecurity forbidden response reason 2021-09-21 11:34:13 -07:00
Kubernetes Prow Robot
40c9203472
Merge pull request #105171 from liggitt/gomodule-staticcheck
Make staticcheck package-compatible
2021-09-21 10:34:23 -07:00
Phil
f1a9402082 Log if PV is still in use trying to delete it
Similar to what we have in:
https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/volume/pvcprotection/pvc_protection_controller.go#L181
The objective is to have a easy way to monitor if a PV will enter in Terminating state due to a failed removal when still in use.
This way we can capture the PV log and alert according.
The code is not tested.

Update pv_protection_controller.go

Change call to Infof
2021-09-21 18:05:16 +01:00
Jordan Liggitt
fc0f6ab127 Make importverifier package-compatible 2021-09-21 12:46:29 -04:00
Jordan Liggitt
00622da45e Make staticcheck package-compatible 2021-09-21 12:19:57 -04:00
Kubernetes Prow Robot
bf77f8ff43
Merge pull request #105162 from MadhavJivrajani/migrate-clock-pkg
migrate k8s.io/apimachinery/util/clock -> k8s.io/utils/clock
2021-09-21 08:44:24 -07:00