github-personal/kubernetes
1
0
Fork 0
mirror of https://github.com/outbackdingo/kubernetes.git synced 2026-01-27 18:19:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
131,921 Commits 1 Branch 0 Tags
master
Commit Graph

6892 Commits

Author SHA1 Message Date
Richa Banker
8b2cee83c1 Replace StorageVersion API with aggregated discovery to fetch served resources by a peer for MVP 
Co-authored-by: Joe Betz <jpbetz@google.com>

Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
 2025-03-18 13:27:27 -07:00
Patrick Ohly
13d04d4a92 DRA device taints: copy taintseviction controller 
This is a verbatim copy of the current pkg/controller/taintseviction code,
revision fc268ecd09 (v1.33.0 plus one commit),
minus the TimedWorker helper.

The intent is to modify the code such that it enforces eviction of pods which
use tainted devices.
 2025-03-18 20:52:54 +01:00
Eddie Torres
c766a52356 Implement KEP 4876 Mutable CSINode (#130007) 
* Implement KEP-4876 Mutable CSINode Allocatable Count

Signed-off-by: torredil <torredil@amazon.com>

* Update TestGetNodeAllocatableUpdatePeriod

Signed-off-by: torredil <torredil@amazon.com>

* Implement CSINodeUpdater

Signed-off-by: torredil <torredil@amazon.com>

* Use sync.Once in csiNodeUpdater

Signed-off-by: torredil <torredil@amazon.com>

* ImVerify driver is installed before running periodic updates

Signed-off-by: torredil <torredil@amazon.com>

* Update NodeAllocatableUpdatePeriodSeconds type comment

Signed-off-by: torredil <torredil@amazon.com>

* Leverage apivalidation.ValidateImmutableField in ValidateCSINodeUpdate

Signed-off-by: torredil <torredil@amazon.com>

* Update strategy functions

Signed-off-by: torredil <torredil@amazon.com>

* Run hack/update-openapi-spec.sh

Signed-off-by: torredil <torredil@amazon.com>

* Update VolumeError.ErrorCode field

Signed-off-by: torredil <torredil@amazon.com>

* CSINodeUpdater improvements

Signed-off-by: torredil <torredil@amazon.com>

* Iron out concurrency in syncDriverUpdater

Signed-off-by: torredil <torredil@amazon.com>

* Run hack/update-openapi-spec.sh

Signed-off-by: torredil <torredil@amazon.com>

* Revise logging

Signed-off-by: torredil <torredil@amazon.com>

* Revise log in VerifyExhaustedResource

Signed-off-by: torredil <torredil@amazon.com>

* Update API validation

Signed-off-by: torredil <torredil@amazon.com>

* Add more code coverage

Signed-off-by: torredil <torredil@amazon.com>

* Fix pull-kubernetes-linter-hints

Signed-off-by: torredil <torredil@amazon.com>

* Update API types documentation

Signed-off-by: torredil <torredil@amazon.com>

* Update strategy and validation for new errorCode field

Signed-off-by: torredil <torredil@amazon.com>

* Update validation tests after strategy changes

Signed-off-by: torredil <torredil@amazon.com>

* Update VA status strategy

Signed-off-by: torredil <torredil@amazon.com>

---------

Signed-off-by: torredil <torredil@amazon.com>
 2025-03-18 12:45:49 -07:00
xigang
aa32537e9a Add workqueue for node updates in DaemonSetController 
Signed-off-by: xigang <wangxigang2014@gmail.com>
 2025-03-19 01:09:44 +08:00
mchtech
381ccf0f4c Fix empty describedObject in hpa status (#124555) 
* fix empty DescribedObject in hpa MetricStatus when object target type is AverageValue

Signed-off-by: mchtech <michu_an@126.com>

* add test

Signed-off-by: mchtech <michu_an@126.com>

---------

Signed-off-by: mchtech <michu_an@126.com>
 2025-03-18 09:33:56 -07:00
Natasha Sarkar
4c2be4bdde kubelet sets observedGeneration in conditions 2025-03-18 15:43:24 +00:00
xigang
5c4948ff31 controller: factor out pod node name indexer helper function 
Signed-off-by: xigang <wangxigang2014@gmail.com>
 2025-03-17 20:21:30 +08:00
Kubernetes Prow Robot
9fd0e20bc2 Merge pull request #129345 from pohly/log-client-go-workqueue 
client-go workqueue: add optional logger
 2025-03-14 06:37:53 -07:00
Kubernetes Prow Robot
af3b4cd57a Merge pull request #130718 from kei01234kei/feature/use_generic_set 
Use generic set in pkg/controller/nodelifecycle
 2025-03-14 01:21:47 -07:00
Kubernetes Prow Robot
04fb7ac18b Merge pull request #130536 from tenzen-y/promote-successpolicy-to-ga 
KEP-3998: Promote JobSuccessPolicy to Stable
 2025-03-13 13:27:54 -07:00
Kubernetes Prow Robot
1c756849d6 Merge pull request #130591 from fmuyassarov/devel/logging 
Refine logging levels in job, IPAM, and replicaSet
 2025-03-12 07:13:47 -07:00
Kubernetes Prow Robot
309c4c17fb Merge pull request #128499 from stlaz/ctb_betav1 
ClusterTrustBundles - move to beta
 2025-03-11 12:47:45 -07:00
Kubernetes Prow Robot
652f681c2b Merge pull request #130650 from natasha41575/pod-conditions-controller 
[FG:PodObservedGenerationTracking] controller sets observedGeneration on pod conditions
 2025-03-11 11:27:54 -07:00
Stanislav Láznička
5b3b68a3a1 KCM: CTBPublisher: use generics to handle both alpha/beta APIs 2025-03-11 18:07:29 +01:00
Stanislav Láznička
e0f536bf1f use the ClusterTrustBundles beta API 2025-03-11 18:07:24 +01:00
Keisuke Ishigami
efac8fdea2 Delete todo comment to ignore update where 'old' is equivalent to 'cur' (#130322) 
* use resource version to ignore updating pdb

* delete todo comment
 2025-03-11 07:13:46 -07:00
Keisuke Ishigami
cdac61b902 use generic set in sig-node 2025-03-11 20:00:15 +09:00
Feruzjon Muyassarov
4c6971007b Refine logging levels in Job, IPAM, and ReplicaSet controllers. 
Adjust logging levels in Job, IPAM, and ReplicaSet controllers from
V(0) to V(2), V(4), V(4) respectively to reduce noise. These logs
provide minimal value at the debug level (V(0)), so they have been
adjusted for better log clarity

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@est.tech>
 2025-03-11 10:25:16 +02:00
Kubernetes Prow Robot
3782b558a2 Merge pull request #128786 from danwinship/bad-ip-warnings 
warn on bad IPs in objects
 2025-03-11 00:11:47 -07:00
Keerthan Reddy Mala
73afab1856 handle review comments 2025-03-10 14:01:29 -07:00
Natasha Sarkar
af9ac325b1 controller sets observedGeneration on pod conditions 2025-03-10 16:37:55 +00:00
Tim Hockin
e54719bb66 Use randfill, do API renames 2025-03-08 15:18:00 -08:00
Kubernetes Prow Robot
2effa5e3cf Merge pull request #130352 from natasha41575/kubelet-pod-observedgen 
[FG:PodObservedGenerationTracking] Kubelet sets pod `status.observedGeneration` when updating the pod status
 2025-03-07 13:33:45 -08:00
Dan Winship
d4c55d06cf Export endpoints, endpointslice, mirroring controller names 2025-03-07 10:52:54 -05:00
Kubernetes Prow Robot
9d45ea8b9d Merge pull request #128586 from mortent/DRAPrioritizedList 
Prioritized Alternatives in Device Requests
 2025-03-06 21:01:44 -08:00
Keerthan Reddy Mala
51fdd55e87 use sync map for the cache 2025-03-06 15:56:07 -08:00
Natasha Sarkar
701b76f10d pod gc controller sets status.observedGeneration upon pod failure 2025-03-06 22:31:15 +00:00
Yuki Iwai
749f03a49f Gradeate Job SuccessPolicy to Stable 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2025-03-07 07:21:12 +09:00
Cici Huang
6645022d8b Update status before returning err 2025-03-06 10:54:45 -08:00
Kubernetes Prow Robot
50927130ff Merge pull request #130582 from tenzen-y/use-suspended-job-util 
Job: Use jobSuspended util for suspended detection
 2025-03-05 15:49:51 -08:00
Kubernetes Prow Robot
8873c7e875 Merge pull request #130564 from danwinship/label-endpoints 
Add "endpoints.kubernetes.io/managed-by" label to Endpoints
 2025-03-05 13:29:45 -08:00
Yuki Iwai
8202b791e9 Job: Use jobSuspended util for suspended detection 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2025-03-05 18:12:59 +09:00
Kubernetes Prow Robot
76b80b1c15 Merge pull request #130507 from cici37/updateFG 
Update OrderedNamespaceDeletion feature gate on by default
 2025-03-04 14:49:52 -08:00
Keerthan Reddy Mala
547c005cb7 handle job complete update delayed event 2025-03-04 14:42:13 -08:00
Dan Winship
c4ea350ef6 Add "endpoints.kubernetes.io/managed-by" label to Endpoints 
Add a label to allow us to recognize endpoint-controller-generated
Endpoints in the future. (In particular, to allow us to recognize
stale Endpoints whose Service gets deleted while the Endpoints
controller is not running.)

Unlike the corresponding EndpointSlice label, this is not defined as
part of the public API, because we have no interest in getting other
controllers to use it. (They should switch to creating EndpointSlices
instead.)
 2025-03-04 11:06:10 -05:00
Cici Huang
9598e5a1a5 Mark the feature gate on by default since it's a security fix. 2025-03-03 14:44:17 -08:00
Kubernetes Prow Robot
df030f3851 Merge pull request #130472 from jsafrane/selinux-controller-ignore-recursive 
selinux: Ignore pods with Recursive policy
 2025-03-03 14:29:56 -08:00
Kubernetes Prow Robot
d04883c90c Merge pull request #130061 from mimowo/make-backoffperindex-stable 
Graduate Backoff Limit Per Index as stable
 2025-02-28 13:37:02 -08:00
Morten Torkildsen
36d8a44b9c DRA: Update controller for Prioritized Alternatives in Device Requests 2025-02-28 19:32:59 +00:00
Jan Safranek
052f1fe820 Update tests 2025-02-28 16:42:20 +01:00
carlory
28d359beec promote HonorPVReclaimPolicy to GA 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-02-27 14:01:22 +08:00
Kubernetes Prow Robot
b38bf6c312 Merge pull request #130035 from cici37/nsDeletion 
[KEP-5080]Ordered Namespace Deletion
 2025-02-26 10:16:30 -08:00
Michal Wozniak
a91ed902fe Graduate Backoff Limit Per Index as stable 
Reenable the JobBackoffLimitPerIndex_Reenabling integration test
 2025-02-26 17:06:37 +01:00
Kubernetes Prow Robot
81f03c2f5b Merge pull request #124137 from ratnadeepb/testForceDetachMetric_invoke 
fix: Ensure testForceDetachMetric works on the delta of ForceDetachMetricCounter
 2025-02-25 09:40:29 -08:00
Jan Safranek
eeabc3ac6c selinux: Ignore pods with Recursive policy 
Pod that explicitly opted into "seLinuxChangePolicy: Recursive" should not
report conflicts with another SELinux labels. They will only report a
conflict with other Pods using the same volume with "seLinuxChangePolicy:
Mount" (or nil).
 2025-02-25 16:34:02 +01:00
Cici Huang
06fa6158a0 Update namespace deletion process when feature gate OrderedNamespaceDeletion enabled. 2025-02-20 20:33:46 -08:00
Kubernetes Prow Robot
5822bb5232 Merge pull request #130101 from danwinship/controller-ip-canonicalization 
Canonicalize IPs written out by controllers
 2025-02-20 19:48:26 -08:00
Jan Safranek
2050d6fc69 selinux: add a new SELinux translator to the controller 
A real SELinuxOptionsToFileLabel function needs access to host's
/etc/selinux to read the defaults. This is not possible in
kube-controller-manager that often runs in a container and does not have
access to /etc on the host. Even if it had, it could run on a different
Linux distro than worker nodes.

Therefore implement a custom SELinuxOptionsToFileLabel that does not
default fields in SELinuxOptions and uses just fields provided by the Pod.

Since the controller cannot default empty SELinux label components,
treat them as incomparable.
Example: "system_u:system_r:container_t:s0:c1,c2" *does not* conflict with ":::s0:c1,c2",
because the node that will run such a Pod may expand "":::s0:c1,c2" to "system_u:system_r:container_t:s0:c1,c2".
However, "system_u:system_r:container_t:s0:c1,c2" *does* conflict with ":::s0:c98,c99".
 2025-02-17 13:32:10 +01:00
Dan Winship
6512de76ce Make EndpointSlice mirroring controller always canonicalize the IPs it writes out 
(Also rearrange some code to avoid parsing the IP twice.)
 2025-02-11 21:46:15 -05:00
Dan Winship
29be52b3f7 Make EndpointSlice controller always canonicalize the IPs it writes out 2025-02-11 21:46:15 -05:00