scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-01 10:48:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
128,785 Commits 1 Branch 0 Tags
master
Commit Graph

3459 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
9acdca64e0 Merge pull request #130724 from jpbetz/replication-controller-to-declarative 
Enable Declarative Validation for ReplicationController
 2025-03-12 22:41:53 -07:00
Joe Betz
b5bc283808 ReplicationController: Add declarative validation test suite 
Introduce a test suite that ensures declarative test cases
are fully tested and that validation errors are compared
with handwritten validation to ensure consistency.

Co-authored-by: Tim Hockin <thockin@google.com>
Co-authored-by: Aaron Prindle <aprindle@google.com>
Co-authored-by: Yongrui Lin <yongrlin@google.com>
 2025-03-12 19:53:44 -04:00
Joe Betz
5a5ed81e1f ReplicationController: Enable declarative validation 
After declarative validation is enabled in the ReplicationController
strategy in this way, the generated declarative validation code
in pkg/apis/core/v1/zz.generated.validations.go will be run
when the strategy validates ReplicationController.

Co-authored-by: Tim Hockin <thockin@google.com>
Co-authored-by: Aaron Prindle <aprindle@google.com>
Co-authored-by: Yongrui Lin <yongrlin@google.com>
Co-authored-by: David Eads <deads@redhat.com>
 2025-03-12 19:51:31 -04:00
Dan Winship
ad22c0d495 Fix IP/CIDR validation to allow updates to existing invalid objects 
Ignore pre-existing bad IP/CIDR values in:
  - pod.spec.podIP(s)
  - pod.spec.hostIP(s)
  - service.spec.externalIPs
  - service.spec.clusterIP(s)
  - service.spec.loadBalancerSourceRanges (and corresponding annotation)
  - service.status.loadBalancer.ingress[].ip
  - endpoints.subsets
  - endpointslice.endpoints
  - networkpolicy.spec.{ingress[].from[],egress[].to[]}.ipBlock
  - ingress.status.loadBalancer.ingress[].ip

In the Endpoints and EndpointSlice case, if *any* endpoint IP is
changed, then the entire object must be valid; invalid IPs are only
allowed to remain in place for updates that don't change any IPs.
(e.g., changing the labels or annotations).

In most of the other cases, when the invalid IP is part of an array,
it can be moved around within the array without triggering
revalidation.
 2025-03-12 12:41:32 -04:00
Kubernetes Prow Robot
1b6e321e23 Merge pull request #129407 from serathius/streaming-proto-list-encoder 
Implement streaming proto list encoder
 2025-03-11 17:11:45 -07:00
Marek Siarkowicz
f5dd7107f7 Implement streaming proto encoding 2025-03-11 21:49:50 +01:00
Kubernetes Prow Robot
309c4c17fb Merge pull request #128499 from stlaz/ctb_betav1 
ClusterTrustBundles - move to beta
 2025-03-11 12:47:45 -07:00
Stanislav Láznička
e0f536bf1f use the ClusterTrustBundles beta API 2025-03-11 18:07:24 +01:00
Kubernetes Prow Robot
07d66d9c26 Merge pull request #130574 from natasha41575/drop_proposed_resize_status 
[FG:InPlacePodVerticalScaling] Drop `Proposed` resize status
 2025-03-11 09:49:46 -07:00
Kubernetes Prow Robot
3782b558a2 Merge pull request #128786 from danwinship/bad-ip-warnings 
warn on bad IPs in objects
 2025-03-11 00:11:47 -07:00
Natasha Sarkar
8a20e90839 [FG:InPlacePodVerticalScaling] Drop 'Proposed' resize status 2025-03-10 20:46:02 +00:00
Tim Hockin
e54719bb66 Use randfill, do API renames 2025-03-08 15:18:00 -08:00
Kubernetes Prow Robot
2effa5e3cf Merge pull request #130352 from natasha41575/kubelet-pod-observedgen 
[FG:PodObservedGenerationTracking] Kubelet sets pod `status.observedGeneration` when updating the pod status
 2025-03-07 13:33:45 -08:00
Dan Winship
7316d83137 Add warnings to all IP/CIDR-valued fields 2025-03-07 11:00:11 -05:00
Kubernetes Prow Robot
9d45ea8b9d Merge pull request #128586 from mortent/DRAPrioritizedList 
Prioritized Alternatives in Device Requests
 2025-03-06 21:01:44 -08:00
Natasha Sarkar
bb3ba9d073 Preserve old observedGen if incoming attempts to clear it 2025-03-06 20:14:46 +00:00
Natasha Sarkar
abdc760ba5 call dropDisabledPodFields from pod status strategy 2025-03-06 17:05:36 +00:00
Kubernetes Prow Robot
cd451c6a36 Merge pull request #130282 from natasha41575/podresizevalidation 
Clean up preparation for pod subresource updates
 2025-03-05 14:41:45 -08:00
Jefftree
1a1b566d61 Revert "LeaseCandidate alpha -> beta," 
This reverts commit ac7a95efb0.
 2025-03-01 14:14:19 +00:00
Kubernetes Prow Robot
d04883c90c Merge pull request #130061 from mimowo/make-backoffperindex-stable 
Graduate Backoff Limit Per Index as stable
 2025-02-28 13:37:02 -08:00
Kubernetes Prow Robot
2fc329c857 Merge pull request #129334 from serathius/streaming-json-list-encoder 
Streaming json list encoder
 2025-02-28 13:36:55 -08:00
Morten Torkildsen
a716095a8a DRA: Update validation for Prioritized Alternatives in Device Requests 2025-02-28 19:28:50 +00:00
Natasha Sarkar
f91105a77e fix prep and validation for pod subresource updates 2025-02-28 16:51:10 +00:00
Marek Siarkowicz
e7c743b2eb Streaming JSON encoder for List 2025-02-28 13:33:36 +01:00
Jefftree
ac7a95efb0 LeaseCandidate alpha -> beta, 2025-02-27 17:50:36 +00:00
Michal Wozniak
a91ed902fe Graduate Backoff Limit Per Index as stable 
Reenable the JobBackoffLimitPerIndex_Reenabling integration test
 2025-02-26 17:06:37 +01:00
Kubernetes Prow Robot
b14fad5adc Merge pull request #130181 from natasha41575/apiserver-generation 
start setting pod metadata.generation
 2025-02-24 10:48:29 -08:00
Natasha Sarkar
d02401dea9 start setting pod metadata.generation 2025-02-24 16:22:14 +00:00
sunnylovestiramisu
21f899596e Promote AnyVolumeDataSource to GA 2025-02-19 17:58:09 +00:00
Kubernetes Prow Robot
7a8a4c201a Merge pull request #129933 from serathius/deprecate-namespace-index 
Disable StorageNamespaceIndex feature gate when BtreeWatchCache enabled and deprecate it
 2025-02-11 06:29:59 -08:00
Kubernetes Prow Robot
0634e21fb5 Merge pull request #128367 from vivzbansal/sidecar-2 
[FG:InPlacePodVerticalScaling] Implement resize for sidecar containers
 2025-02-05 14:38:15 -08:00
Marek Siarkowicz
b1ad53c533 Disable StorageNamespaceIndex feature gate when BtreeWatchCache is enabled and deprecate it 
Previously, the cache used a map keyed by the full object key,
requiring iteration and filtering by namespace for namespace-scoped requests.
This index allowed for faster responses by avoiding this iteration.

With the introduction of the BtreeWatchCache, this optimization is no longer necessary.
The B-tree structure allows efficient prefix-based searches,
including fetching objects by namespace.
Furthermore, the B-tree returns elements ordered by key, eliminating the need for separate sorting.

Performance improvements with the BtreeWatchCache have been validated through benchmarks matching K8s scalability dimentions (see table below).
These results demonstrate that the B-tree approach provides comparable or better performance than the map with index.
Therefore, the StorageNamespaceIndex feature flag can be safely flipped to false and subsequently deprecated.

| Benchmark                                                                         | Btree with Index (current) | Btree without Index    | Map with Index         | Map without Index (sanity check) |
| --------------------------------------------------------------------------------- | -------------------------- | ---------------------- | ---------------------- | -------------------------------- |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)             | 20.77µs ± 10%              | 20.14µs ± 13% (~0%)    | 19.73µs ± 6% (~0%)     | 1067.34µs ± 10% (+5037.73%)      |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope) | 3.943µs ± 6%               | 3.928µs ± 6% (~0%)     | 3.665µs ± 3% (-7.05%)  | 944.641µs ± 1% (+23857.41%)      |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)              | 303.3µs ± 2%               | 258.2µs ± 2% (-14.85%) | 340.1µs ± 3% (+12.15%) | 1668.6µs ± 4% (+450.23%)         |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope)  | 286.2µs ± 3%               | 234.7µs ± 1% (-17.99%) | 326.9µs ± 2% (+14.22%) | 1347.7µs ± 4% (+370.91%)         |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=, Namespace Scope)             | 125.3µs ± 2%               | 112.3µs ± 5% (-10.38%) | 137.5µs ± 2% (+9.81%)  | 1395.1µs ± 8% (+1013.78%)        |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=NotOlderThan, Namespace Scope) | 120.6µs ± 2%               | 113.2µs ± 1% (-6.13%)  | 133.8µs ± 1% (+10.92%) | 1719.1µs ± 5% (+1325.35%)        |
| Geometric Mean                                                                    | 68.94µs                    | 62.73µs (-9.02%)       | 72.72µs (+5.48%)       | 1.326ms (+1823.40%)              |
 2025-02-05 10:49:22 +01:00
Kubernetes Prow Robot
76506f1d87 Merge pull request #129816 from sambdavidson/master 
Improve SA max token expiry with external signer logic, and plumb extended expiry duration.
 2025-01-29 16:41:29 -08:00
Kubernetes Prow Robot
f05b5dddb8 Merge pull request #129870 from yongruilin/fix-componentstatus-500 
chore: use NewNotFound error for missing components
 2025-01-29 12:09:29 -08:00
Samuel Davidson
7936d64e03 Replace IsExternalSigner boolean with ExtendedSigningDuration throughout apiserver to ensure consistent token signing length between local and external token signing. 2025-01-29 17:49:22 +00:00
yongruilin
bde75d6020 chore: use NotFound error for missing components 
In this way, the return status could be 404 instead of 500
 2025-01-28 17:29:30 -08:00
Maciej Szulik
1fa995224a Update scale sub-resource to return the same error everywhere 
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
 2025-01-28 15:42:08 +01:00
vivzbansal
242dec3e34 Updated some unit tests and resolved some review comments 2025-01-27 19:46:54 +00:00
vivzbansal
8fa8277908 Added some unit tests 2025-01-27 19:46:54 +00:00
vivzbansal
1cf4587277 Fix build error 2025-01-27 19:42:14 +00:00
vivzbansal
591b0f547a Fix issue of pod spec mismatch if there is any non-restarble init container present 2025-01-27 19:42:13 +00:00
vivzbansal
3885d2f8ab Added sidecar support in ValidatePodResize and dropNonResizeUpdates 2025-01-27 19:42:13 +00:00
Kubernetes Prow Robot
d36322f8d7 Merge pull request #129815 from dims/linter-to-ensure-go-cmp/cmp-is-used-only-in-tests 
Linter to ensure go-cmp/cmp is used ONLY in tests
 2025-01-25 15:53:21 -08:00
Davanum Srinivas
4e05bc20db Linter to ensure go-cmp/cmp is used ONLY in tests 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-01-24 20:49:14 -05:00
Antonio Ojea
d3e8572d70 cluster ip allocator should check first on the legacy allocators 
Kubernetes clusters allow to define an IPv6 range of /108 for IPv6
despite the old allocators will only use the first /112 of that range.

The new allocators does not have this limitation, so they can allocate
IPs on the whole space, the problem happens on upgrades from clusters
that were already using this size, since the new allocators by default
will try to allocate addresses that works for both new and old allocatos
to allow safe upgrades.

The new allocators, when configured to keep compatibility with the old
allocators, must try first to allocate an IP that is compatible with the
old allocators and only fall back to the new behavior if it is not
possible.
 2025-01-24 15:48:52 +00:00
Filip Křepinský
14783b8a9b add validation, field disablement and tests 2025-01-23 22:26:34 +01:00
Kubernetes Prow Robot
a444a5bfed Merge pull request #129732 from dims/switch-to-v2.6.3-of-gopkg.in/go-jose/go-jose.v2 
Switch to gopkg.in/go-jose/go-jose.v2 @ v2.6.3 and github.com/coreos/go-oidc @ v2.3.0
 2025-01-22 13:40:38 -08:00
Davanum Srinivas
c9e81cd84c Switch to gopkg.in/go-jose/go-jose.v2 @ v2.6.3 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-01-21 09:21:27 -05:00
Antonio Ojea
ad511cd249 update registry 2025-01-20 13:01:53 +00:00
Antonio Ojea
c26a5796fd update networking strategy 2025-01-20 13:01:53 +00:00