github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 19:31:44 +00:00
Code Issues Projects Releases Wiki Activity
104,571 Commits 42 Branches 7,905 Tags 1.3 GiB
f5dd4d237f
Commit Graph

104571 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jordan Liggitt
c65a0793cd
[PodSecurity] Aggregate identical warnings for multiple pods in a namespace (#105889) 
* [PodSecurity] Aggregate identical warnings for multiple pods in a namespace

* Make warning order deterministic, limit accumulated pod name data

Co-authored-by: njuptlzf <li.zhifeng@zte.com.cn>
 2021-10-26 11:43:09 -07:00
Kubernetes Prow Robot
0fec47582c
Merge pull request #105911 from pohly/generic-ephemeral-volume-test 
volume e2e: block volume metrics fix, II
 2021-10-26 10:39:30 -07:00
Patrick Ohly
194b31019d volume e2e: block volume metrics fix, II 
Copying from pvcBlock swapped name and namespace (breaking the PVC test case)
and some references to the pvcBlock variable were left unchanged (incorrect
annotations for test failures).
 2021-10-26 17:36:02 +02:00
David Eads
c8f87a6a24 retry PV create in e2e-test on API quota failure 2021-10-26 09:47:16 -04:00
Kubernetes Prow Robot
20ff5381ce
Merge pull request #105507 from claudiubelu/tests/refactor-daemonset 
tests: Refactors daemonset utils into framework
 2021-10-26 05:01:30 -07:00
Francesco Romani
b382b6cd0a node: e2e: add test for the checkpoint recovery 
Add a e2e test to exercise the checkpoint recovery flow.
This means we need to actually create a old (V1, pre-1.20) checkpoint,
but if we do it only in the e2e test, it's still fine.

Signed-off-by: Francesco Romani <fromani@redhat.com>
 2021-10-26 09:55:11 +02:00
Francesco Romani
2f426fdba6 devicemanager: checkpoint: support pre-1.20 data 
The commit a8b8995ef2
changed the content of the data kubelet writes in the checkpoint.
Unfortunately, the checkpoint restore code was not updated,
so if we upgrade kubelet from pre-1.20 to 1.20+, the
device manager cannot anymore restore its state correctly.

The only trace of this misbehaviour is this line in the
kubelet logs:
```
W0615 07:31:49.744770    4852 manager.go:244] Continue after failing to read checkpoint file. Device allocation info may NOT be up-to-date. Err: json: cannot unmarshal array into Go struct field PodDevicesEntry.Data.PodDeviceEntries.DeviceIDs of type checkpoint.DevicesPerNUMA
```

If we hit this bug, the device allocation info is
indeed NOT up-to-date up until the device plugins register
themselves again. This can take up to few minutes, depending
on the specific device plugin.

While the device manager state is inconsistent:
1. the kubelet will NOT update the device availability to zero, so
   the scheduler will send pods towards the inconsistent kubelet.
2. at pod admission time, the device manager allocation will not
   trigger, so pods will be admitted without devices actually
   being allocated to them.

To fix these issues, we add support to the device manager to
read pre-1.20 checkpoint data. We retroactively call this
format "v1".

Signed-off-by: Francesco Romani <fromani@redhat.com>
 2021-10-26 09:54:11 +02:00
Kubernetes Prow Robot
dba9975e3e
Merge pull request #105857 from liggitt/runAsNonRoot-runAsUser 
PodSecurity: Add runAsUser check to restricted policy
 2021-10-26 00:15:30 -07:00
Zach Zhu
20cc72344e upgrade github.com/evanphx/json-patch to v4.12.0 
Fix partial negative indice support in json patch
 2021-10-26 11:20:45 +08:00
Kubernetes Prow Robot
e1f62e406d
Merge pull request #105719 from yuanhh/master 
sample-controller/docs: Use italics font on package name
 2021-10-25 20:03:29 -07:00
Kubernetes Prow Robot
e8fcd0de98
Merge pull request #105755 from bobbypage/npd-test-cg2 
Support cgroupv2 in node problem detector test
 2021-10-25 17:59:29 -07:00
Sergey Kanzhelev
cf0a387774 setHostnameAsFQDN is a GA feature that does not depend on environment 2021-10-26 00:24:12 +00:00
Sergey Kanzhelev
c703725592 return value is taken from if statement instead of the function call 2021-10-26 00:11:55 +00:00
Kubernetes Prow Robot
17da6a2345
Merge pull request #105699 from yuzhiquan/remove-format-pods 
Remove format.pods func, instead with klog.Kobjs
 2021-10-25 15:53:30 -07:00
Kubernetes Prow Robot
fec7005de5
Merge pull request #105805 from stevekuznetsov/skuznets/fix-watch-e2e 
e2e: conformance: correctly produce MODIFIED events
 2021-10-25 14:38:27 -07:00
Kubernetes Prow Robot
87d8a75b0e
Merge pull request #105749 from tallclair/pod-security-cli 
Add --version flag to podsecurity-webhook command
 2021-10-25 13:34:25 -07:00
Jordan Liggitt
40635ca59e PodSecurity: runAsUser: generated fixtures 2021-10-25 16:17:10 -04:00
Jordan Liggitt
a476a5e00e PodSecurity: runAsUser 2021-10-25 16:17:10 -04:00
Jordan Liggitt
9b930e3728 PodSecurity: test: generate 1.23 fixtures 2021-10-25 16:17:10 -04:00
Jordan Liggitt
ef3bf86f5b PodSecurity: test: ensure fixtures are exercised for all relevant policy versions 2021-10-25 16:16:31 -04:00
Lubomir I. Ivanov
b9171aee20 kubeadm: remove the reset/update-cluster-status phase 
The phase has been deprecated and a NO-OP since 1.22.
Remove the phase related code.
 2021-10-25 22:47:15 +03:00
Kubernetes Prow Robot
770bc04740
Merge pull request #105878 from pohly/generic-ephemeral-volume-test 
volume e2e: block volume metrics fix
 2021-10-25 11:25:14 -07:00
Kubernetes Prow Robot
a6ffd29e5f
Merge pull request #105314 from calvin0327/issue-podsecurity-errormessage 
[PodSecurity]Add context to failure message
 2021-10-25 11:25:02 -07:00
Tim Allclair
c7cdf19cbe Add --version flag to podsecurity-webhook command 2021-10-25 10:26:05 -07:00
Kubernetes Prow Robot
29552618e3
Merge pull request #105869 from ahg-g/ahg-jobtestfix 
Fixes TestNodeSelectorUpdate flaky test
 2021-10-25 09:38:34 -07:00
Kubernetes Prow Robot
6166203f45
Merge pull request #105828 from ahg-g/ahg-legacy 
Remove scheduler's legacy policy config
 2021-10-25 09:38:23 -07:00
Kubernetes Prow Robot
f08ad3e0ed
Merge pull request #105273 from claudiubelu/tests/fixes-pod-collection-flake 
tests: Wait for pod collection to enter a Running state
 2021-10-25 07:34:23 -07:00
Abdullah Gharaibeh
74e1b07a5e Fixes TestNodeSelectorUpdate flaky test 2021-10-25 10:33:50 -04:00
Marcel Zięba
269431c9c8 Fix race condition in logging when request times out 2021-10-25 14:26:11 +00:00
Kubernetes Prow Robot
9248f27e23
Merge pull request #105879 from mborsz/patch-16 
Also log err in *deferredResponseWriter.Write
 2021-10-25 05:36:23 -07:00
Maciej Borsz
f0c7c9abc9
Update writers.go 2021-10-25 13:35:43 +02:00
Patrick Ohly
4c7a8c494e volume e2e: block volume metrics fix 
The same PVC name handling as for non-block volumes is also needed for block
volumes.
 2021-10-25 12:44:58 +02:00
Kubernetes Prow Robot
f3551dd942
Merge pull request #105866 from MikeSpreitzer/clarify-phase 
Clarify metrics help wrt APF execution phases
 2021-10-25 02:42:23 -07:00
Kubernetes Prow Robot
05a18a34b7
Merge pull request #105872 from wojtek-t/fix_delete_collection 
Fix delete collection error channel size
 2021-10-25 01:16:23 -07:00
Wojciech Tyczyński
f609a8e0b5 Fix delete collection error channel size 2021-10-25 08:07:21 +02:00
Mike Spreitzer
d7a3bf0d26 Clarify metrics help wrt APF execution phases 2021-10-24 22:32:13 -04:00
Abdullah Gharaibeh
faf0ce68a0 Remove scheduler's legacy policy config 2021-10-24 21:58:12 -04:00
DiptoChakrabarty
1e02fc056a remove default value comment for pod exec and update openapi spec 2021-10-23 03:28:44 +00:00
Kubernetes Prow Robot
89dd275dde
Merge pull request #105584 from goofy-z/fix-extension-point-postfilter-comment 
update extension point PostFilter comment
 2021-10-22 20:00:20 -07:00
Kubernetes Prow Robot
7fbb384e15
Merge pull request #105682 from pohly/generic-ephemeral-volume-raw-block 
storage validation: accept generic ephemeral volumes as volume device
 2021-10-22 18:04:50 -07:00
Kubernetes Prow Robot
a5cd438b9f
Merge pull request #104877 from pohly/json-kobj 
component-base: test and fix JSON output for KObj
 2021-10-22 13:24:42 -07:00
Marc Khouzam
5f22baeaf1 Add completion to the --output/-o flag 
For example:
$ kubectl get -o json<TAB>
json   jsonpath   jsonpath-as-json  jsonpath-file

Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
 2021-10-22 15:16:23 -04:00
Kubernetes Prow Robot
54ad99f523
Merge pull request #105752 from yselkowitz/s390x-test-images 
test: use newer test images for better s390x coverage
 2021-10-22 11:14:54 -07:00
haichao li
679f520acc
Update glusterdynamic-provisioner to provide support for arm64 (#105754) 
Signed-off-by: Haichao Li <Haichao.li@arm.com>
Change-Id: I69ca60e57cbe8cd98e4b7bb723a635c300e308dc
 2021-10-22 10:10:49 -07:00
Kubernetes Prow Robot
491d9ae754
Merge pull request #94786 from ii/proxy-301-redirect 
Write Pod- & ServiceProxy Test - +12 endpoint coverage
 2021-10-22 10:10:37 -07:00
Kubernetes Prow Robot
03571886e8
Merge pull request #105718 from CIPHERTron/migrated-dir 
mark kube-proxy structured logs as migrated
 2021-10-22 07:46:37 -07:00
Patrick Ohly
e36d54ce62 component-base: test json output for KObj and KObjs 
Thanks to the new klog, logr and zapr releases, ObjectRef is now
logged as struct in JSON output.
 2021-10-22 15:32:20 +02:00
Patrick Ohly
169e8b65a0 klog 2.30.0, logr 1.2.0, zapr 1.2.0 
The new releases fix logging of KObj in JSON output: klog implements the new
logr.Marshaler interface and zapr uses it instead of Stringer when logging the
ObjectRef created by KObj.
 2021-10-22 15:32:20 +02:00
Kubernetes Prow Robot
9251115fa1
Merge pull request #105807 from jonyhy96/fix-magic-number 
kubeadm: make constant of the magic-number in bootstraptoken util
 2021-10-22 04:46:37 -07:00
Qi Ni
81eb757430 fix: remove VMSS and VMSS instances from SLB backend pool only when necessary 2021-10-22 16:09:08 +08:00