github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 12:15:52 +00:00
Code Issues Projects Releases Wiki Activity
124,347 Commits 42 Branches 7,905 Tags 1.3 GiB
f173f0c58c
Commit Graph

124347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kubernetes Prow Robot
77c3859aee
Merge pull request #126270 from stlaz/aggroapi-refactor 
integration tests: split Wardle aggregation test API server running
 2024-07-23 09:21:37 -07:00
Kubernetes Prow Robot
fe24ebfe33
Merge pull request #126205 from kwilczynski/feature/promote-4191-to-beta 
KEP-4191: Split Image Filesystem promotion to Beta
 2024-07-23 09:21:28 -07:00
Kubernetes Prow Robot
8e175c688e
Merge pull request #126165 from haircommander/selinux-engine_t 
PSA: allow container_engine_t selinux type
 2024-07-23 09:21:20 -07:00
Kubernetes Prow Robot
fbdfb9d8d9
Merge pull request #126031 from harche/kubelet_cgroupv1_arg 
KEP-4569: Kubelet option to disable cgroup v1 support
 2024-07-23 09:21:11 -07:00
Kubernetes Prow Robot
a4f9910c51
Merge pull request #126014 from PannagaRao/kep-ephemeral-storage-quota 
pkg/volume/*: Enable quotas in user namespace
 2024-07-23 09:21:02 -07:00
Kubernetes Prow Robot
7590cb7adf
Merge pull request #125257 from vinayakankugoyal/armor 
KEP-24: Update AppArmor feature gates to GA stage.
 2024-07-23 09:20:52 -07:00
Kubernetes Prow Robot
d7194eb370
Merge pull request #124884 from carlory/report-event-when-kubelet-attach-failed 
report an event to pod if kubelet does attach operation failed
 2024-07-23 09:20:43 -07:00
Peter Hunt
7e750a62a1 PSA: small cleanups for tests that use RelaxPolicyForUserNamespacePods 
make sure to cleanup after setting RelaxPolicyForUserNamespacePods
setup test variables to be a little more terse and similar between tests
cleanup Allowed checking

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-07-23 12:01:06 -04:00
Peter Hunt
17521f04a4 PSA: allow procMount type Unmasked in baseline 
a masked proc mount has traditionally been used to prevent untrusted containers from accessing leaky kernel APIs.
However, within a user namespace, typical ID checks protect better than masked proc. Further, allowing unmasked proc
with a user namespace gives access to a container mounting sub procs, which opens avenues for container-in-container use cases.

Update PSS for baseline to allow a container to access an unmasked /proc, if it's in a user namespace and if the UserNamespacesPodSecurityStandards feature is enabled.

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-07-23 12:01:06 -04:00
Nadia Pinaeva
2ec3929134 [kube-proxy:nftables] Add partial sync unit test. 
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
 2024-07-23 17:32:30 +02:00
Nadia Pinaeva
3ccf5b8a55 [kube-proxy:nftables] Add partialSync mode to only transact changed 
objects.
Change the order of operations to stop current iteration if no changes
to the service chains are needed.
Bump syncProxy frequency to 1 hour.
In a test kind cluster creation of 10K services, 2 endpoints each,
takes ~25m before the fix and ~9min after. Maximum memory usage
during creation is ~650MiB and 260MiB respectively.
Another important metric is the time it takes to create 1 new service
when 10K svc already exist. It used to take ~8m before the fix,
with partialSync it takes ~141ms.

Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
 2024-07-23 17:32:30 +02:00
Nadia Pinaeva
dc13e42f56 [kube-proxy:nftables] cleanup: remove unused parameter and fix typo. 
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
 2024-07-23 17:32:29 +02:00
Kubernetes Prow Robot
fc03f3e74c
Merge pull request #126125 from mprahl/stop-idempotent 
Allow calling Stop multiple times on RetryWatcher
 2024-07-23 08:16:24 -07:00
Connor Catlett
796ae44c08
Return new PVC in WaitForVolumeModification to prevent stale comparison 
Signed-off-by: Connor Catlett <conncatl@amazon.com>
 2024-07-23 14:34:34 +00:00
Daman Arora
3d589bd18a kube-proxy: internal config: remove PortRange 
Remove PortRange for internal configuration of kube-proxy
adhering to the v1alpha2 version specifications as detailed in
https://kep.k8s.io/784.

Signed-off-by: Daman Arora <aroradaman@gmail.com>
 2024-07-23 19:56:23 +05:30
Peter Hunt
ce13ce5f76 disable ProcMountType by default 
to follow suite of UserNamespacesSupport, which it relies on

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-07-23 10:25:11 -04:00
Daman Arora
c57e1156f5 kube-proxy: internal config: refactor ClusterCIDR 
Refactor ClusterCIDR for internal configuration of kube-proxy
adhering to the v1alpha2 version specifications as detailed in
https://kep.k8s.io/784.

Signed-off-by: Daman Arora <aroradaman@gmail.com>
 2024-07-23 19:45:29 +05:30
Daman Arora
380adb93cc kube-proxy: internal config: consolidate SyncPeriod and MinSyncPeriod 
Consolidate SyncPeriod and MinSyncPeriod for internal configuration
of kube-proxy adhering to the v1alpha2 version specifications as
detailed in https://kep.k8s.io/784.

Signed-off-by: Daman Arora <aroradaman@gmail.com>
 2024-07-23 19:34:40 +05:30
Kubernetes Prow Robot
1854839ff0
Merge pull request #126067 from tenzen-y/implement-job-success-policy-e2e 
Graduate the JobSuccessPolicy to Beta
 2024-07-23 06:14:23 -07:00
Yuki Iwai
0d4f18bd5b Job: Implement E2E tests for the JobSuccessPolicy 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-07-23 21:05:50 +09:00
Stanislav Láznička
18f4fa0f1a cosmetic - test/integration/examples/apiserver_test.go - put test functions first 
The file is too big, test functions should be put first for clarity.
 2024-07-23 13:01:32 +02:00
Stanislav Láznička
5a15ae03f2 test:integration: split Wardle test server run 
Split running the Wardle aggregated API into preparation and
running phase. This allows reusing the prepared options and
makes it possible for us to introduce additional hooks into
the server authorization flow.
 2024-07-23 13:00:53 +02:00
Kubernetes Prow Robot
2171bcb789
Merge pull request #124815 from carlory/remove-some-InTreePluginXXXUnregister 
remove some InTreePluginXXXUnregister
 2024-07-23 03:16:23 -07:00
Kubernetes Prow Robot
43691598da
Merge pull request #126227 from sanposhiho/queueing_hint_execution_duration_seconds 
feature: support queueing_hint_execution_duration_seconds metric
 2024-07-23 02:12:29 -07:00
Kubernetes Prow Robot
bb350f7111
Merge pull request #125661 from mjudeikis/mjudeikis/poststarthookctx.stopch.cleanup 
Clean deprecated context.StopCh
 2024-07-23 02:12:22 -07:00
Maciej Skoczeń
c15cdf7431 Init etcd and apiserver per test case in scheduler_perf integration tests 2024-07-23 09:10:01 +00:00
Kensei Nakada
3f59d9fc4c fix typo 2024-07-23 17:43:21 +09:00
Sascha Grunert
479a7c34fe
ImageVolumeSource: mention that fsGroupChangePolicy has no effect 
A small documentation follow-up based on the review:
https://github.com/kubernetes/kubernetes/pull/125660#discussion_r1686859866

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-23 10:15:18 +02:00
carlory
3a6a4830df pvc bind pv with vac 2024-07-23 15:04:11 +08:00
Dr. Stefan Schimanski
17970b291a
generic-controlplane: add generic-controlplane apiserver sample 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>

generic

Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-23 08:38:33 +02:00
carlory
0260c7d023 Promote VolumeAttributesClass to beta 2024-07-23 13:58:14 +08:00
Krzysztof Wilczyński
030f28e125
KEP-4191: Split Image Filesystem promotion to Beta 
Signed-off-by: Krzysztof Wilczyński <kwilczynski@redhat.com>
 2024-07-23 13:43:18 +09:00
Kubernetes Prow Robot
1bb62cd275
Merge pull request #126277 from danwinship/knftables-v0.0.17 
bump knftables to v0.0.17
 2024-07-22 20:50:27 -07:00
Kubernetes Prow Robot
0344f29e83
Merge pull request #125778 from haitch/haitao/controllermgr-emulatever 
add emulated-version flag to kube-controller-manager to control the feature gate.
 2024-07-22 20:50:21 -07:00
Cici Huang
5420b2fe9a
Hot fix for panic on schema conversion. (#126167) 2024-07-22 19:43:45 -07:00
carlory
21a3226925 remove some InTreePluginXXXUnregister 2024-07-23 09:25:15 +08:00
Yuki Iwai
551931c6a8 Graduate the JobSuccessPolicy to beta 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-07-23 09:29:06 +09:00
Yuki Iwai
6e8dc2c250 Job: Extend the jobs_finished_total metric reason label with SuccessPolicy and CompletionsReached 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-07-23 09:29:02 +09:00
Kubernetes Prow Robot
04cc0a1034
Merge pull request #126187 from seans3/portforward-websockets-metrics 
Adds metrics to PortForward Websockets
 2024-07-22 16:53:25 -07:00
Kubernetes Prow Robot
f753a444a5
Merge pull request #126091 from seans3/ws-err-extra-info 
Adds extra error information from response to bad handshake error when possible
 2024-07-22 16:53:16 -07:00
Kubernetes Prow Robot
3d78fe25a7
Merge pull request #121849 from carlory/add-e2e-vac 
vac add e2e test
 2024-07-22 16:53:03 -07:00
Haitao Chen
1d92758ef0 implement emulated-version for kube-controller-manager 2024-07-22 16:07:18 -07:00
Kubernetes Prow Robot
3e9a73d558
Merge pull request #126058 from AnishShah/patch-2 
Deflake kubernetes-node-swap-fedora-serial jobs
 2024-07-22 15:48:42 -07:00
Kubernetes Prow Robot
581a073dc4
Merge pull request #125663 from saschagrunert/oci-volumesource-kubelet 
[KEP-4639] Add `ImageVolumeSource` implementation
 2024-07-22 15:48:33 -07:00
Dan Winship
4effb05741 bump knftables to v0.0.17 2024-07-22 17:30:32 -04:00
Kubernetes Prow Robot
233bc735b5
Merge pull request #126056 from googs1025/refactor_namespace 
use ktesting.NewTestContext(t) ctx instead of context.TODO() for namespace integration
 2024-07-22 14:25:56 -07:00
Kubernetes Prow Robot
6e52e705d0
Merge pull request #125374 from pwschuurman/kep-3335-stable 
Promote StatefulSetStartOrdinal to stable in 1.31
 2024-07-22 14:25:49 -07:00
Sean Sullivan
f387f0b69a Adds extra error information from response to bad handshake error when possible 2024-07-22 14:12:01 -07:00
Sean Sullivan
90d70ed73d Adds metrics to PortForward Websockets 2024-07-22 14:08:42 -07:00
Patrick Ohly
eaa1cad7fa resource quota: clone PVC quota evaluator for DRA 2024-07-22 21:20:08 +02:00