Ensure that all label selectors are treated as atomic values,
to exclude situations when selectors are being corrupted by
different actors attempting to apply their overlapping definition
for this field with server-side-apply.
the tests with pods using hostNetwork need to bind pods for the
test. Since they use hostNetwork the ports are limited, hence, if
more than one run in parallel, one is going to fail because will not
be able to get the port.
kube-proxy expose the metric network_programming_duration_seconds,
that is defined as the time it takes to program the network since
a a service or pod has changed. It uses an annotation on the endpoints
/endpointslices to calculate when the endpoint was created, however,
on restarts, kube-proxy process all the endpoints again, no matter
when those were generated, polluting the metrics.
To be safe, kube-proxy will estimate the latency only for those
endpoints that were generated after it started.
This change updates the oidc authenticator to allow specifying an
oidc.KeySet as an input option. This makes it possible to
synchronously initialize the KeySet instead of relying on the
asynchronous initialization that is normally done to support
self-hosted providers. This makes it easier to use this code as a
library.
Signed-off-by: Monis Khan <mok@vmware.com>
This change updates the OIDC authenticator code to use a subset of
the dynamiccertificates.CAContentProvider interface to provide the
root CA bytes. This removes the hard dependency on a file based CA
and makes it easier to use this code as a library.
Signed-off-by: Monis Khan <mok@vmware.com>
Fix inode usage calculation to use filepath.Walk instead of executing an
external find. Also calculate the disk usage while at it so we also get
rid of the external dependency of `nice` and `du`. (#95172)
This is similar to what cadvisor does since commit
046818d64c
This solves three problems:
- Counts number of inodes correct when there are hardlinks (#96114)
- Makes kubelet work without GNU findutils (#95186)
- Makes kubelet work without GNU coreutils (#95172)
