scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-06 13:18:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
128,785 Commits 1 Branch 0 Tags
master
Commit Graph

129 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
07d66d9c26 Merge pull request #130574 from natasha41575/drop_proposed_resize_status 
[FG:InPlacePodVerticalScaling] Drop `Proposed` resize status
 2025-03-11 09:49:46 -07:00
Kubernetes Prow Robot
3782b558a2 Merge pull request #128786 from danwinship/bad-ip-warnings 
warn on bad IPs in objects
 2025-03-11 00:11:47 -07:00
Natasha Sarkar
8a20e90839 [FG:InPlacePodVerticalScaling] Drop 'Proposed' resize status 2025-03-10 20:46:02 +00:00
Dan Winship
7316d83137 Add warnings to all IP/CIDR-valued fields 2025-03-07 11:00:11 -05:00
Natasha Sarkar
bb3ba9d073 Preserve old observedGen if incoming attempts to clear it 2025-03-06 20:14:46 +00:00
Natasha Sarkar
abdc760ba5 call dropDisabledPodFields from pod status strategy 2025-03-06 17:05:36 +00:00
Natasha Sarkar
f91105a77e fix prep and validation for pod subresource updates 2025-02-28 16:51:10 +00:00
Natasha Sarkar
d02401dea9 start setting pod metadata.generation 2025-02-24 16:22:14 +00:00
Kubernetes Prow Robot
7a8a4c201a Merge pull request #129933 from serathius/deprecate-namespace-index 
Disable StorageNamespaceIndex feature gate when BtreeWatchCache enabled and deprecate it
 2025-02-11 06:29:59 -08:00
Marek Siarkowicz
b1ad53c533 Disable StorageNamespaceIndex feature gate when BtreeWatchCache is enabled and deprecate it 
Previously, the cache used a map keyed by the full object key,
requiring iteration and filtering by namespace for namespace-scoped requests.
This index allowed for faster responses by avoiding this iteration.

With the introduction of the BtreeWatchCache, this optimization is no longer necessary.
The B-tree structure allows efficient prefix-based searches,
including fetching objects by namespace.
Furthermore, the B-tree returns elements ordered by key, eliminating the need for separate sorting.

Performance improvements with the BtreeWatchCache have been validated through benchmarks matching K8s scalability dimentions (see table below).
These results demonstrate that the B-tree approach provides comparable or better performance than the map with index.
Therefore, the StorageNamespaceIndex feature flag can be safely flipped to false and subsequently deprecated.

| Benchmark                                                                         | Btree with Index (current) | Btree without Index    | Map with Index         | Map without Index (sanity check) |
| --------------------------------------------------------------------------------- | -------------------------- | ---------------------- | ---------------------- | -------------------------------- |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)             | 20.77µs ± 10%              | 20.14µs ± 13% (~0%)    | 19.73µs ± 6% (~0%)     | 1067.34µs ± 10% (+5037.73%)      |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope) | 3.943µs ± 6%               | 3.928µs ± 6% (~0%)     | 3.665µs ± 3% (-7.05%)  | 944.641µs ± 1% (+23857.41%)      |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)              | 303.3µs ± 2%               | 258.2µs ± 2% (-14.85%) | 340.1µs ± 3% (+12.15%) | 1668.6µs ± 4% (+450.23%)         |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope)  | 286.2µs ± 3%               | 234.7µs ± 1% (-17.99%) | 326.9µs ± 2% (+14.22%) | 1347.7µs ± 4% (+370.91%)         |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=, Namespace Scope)             | 125.3µs ± 2%               | 112.3µs ± 5% (-10.38%) | 137.5µs ± 2% (+9.81%)  | 1395.1µs ± 8% (+1013.78%)        |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=NotOlderThan, Namespace Scope) | 120.6µs ± 2%               | 113.2µs ± 1% (-6.13%)  | 133.8µs ± 1% (+10.92%) | 1719.1µs ± 5% (+1325.35%)        |
| Geometric Mean                                                                    | 68.94µs                    | 62.73µs (-9.02%)       | 72.72µs (+5.48%)       | 1.326ms (+1823.40%)              |
 2025-02-05 10:49:22 +01:00
vivzbansal
242dec3e34 Updated some unit tests and resolved some review comments 2025-01-27 19:46:54 +00:00
vivzbansal
1cf4587277 Fix build error 2025-01-27 19:42:14 +00:00
vivzbansal
591b0f547a Fix issue of pod spec mismatch if there is any non-restarble init container present 2025-01-27 19:42:13 +00:00
vivzbansal
3885d2f8ab Added sidecar support in ValidatePodResize and dropNonResizeUpdates 2025-01-27 19:42:13 +00:00
Jian Zeng
d9687a8c3a feat(apiserver): set stream param in LogLocation 
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
 2024-11-06 22:42:18 +08:00
Anish Shah
832d7f7dc2 apply feedback 2024-11-06 01:33:15 +00:00
Anish Shah
4c69bf2496 implement GetResetFieldsFilter 
GetResetFieldsFilter returns a set of fields filter reset
by pod resize strategy. This is needed to make server-side apply
work correctly.
 2024-11-06 01:33:15 +00:00
Anish Shah
3b91edb660 unit tests to ensure pod metadata cannot be updated during resize. 2024-11-06 01:33:15 +00:00
Anish Shah
07ca0b09bb refactor logic to override pod fields 2024-11-06 01:33:14 +00:00
Anish Shah
2bf1f2349c validate resize request 
We validate resize request by ensuring that pod QoS is unchanged and
only cpu and memory resources and resize policies are mutated.
 2024-11-06 01:33:14 +00:00
Anish Shah
8f967c19b3 drop unrelated changes for /resize request 
Since resize request takes the full pod object as the request type, drop
any unrelated changes. Only container resources and resize policy should
be validated.
 2024-11-06 01:33:13 +00:00
Anish Shah
507ce443b0 introduce resize REST object 
This commit introduces a basic REST object for resize subresource and
adds it to the pod storage.
 2024-11-06 01:33:13 +00:00
carlory
9cb7d58b3c Tighten validation on the qosClass field of pod status 2024-11-01 10:36:03 +08:00
Kubernetes Prow Robot
7590cb7adf Merge pull request #125257 from vinayakankugoyal/armor 
KEP-24: Update AppArmor feature gates to GA stage.
 2024-07-23 09:20:52 -07:00
Vinayak Goyal
bc06071495 Update AppArmor feature gates to GA stage. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2024-07-15 23:29:37 +00:00
Kubernetes Prow Robot
b616d91675 Merge pull request #122636 from lianghao208/pod_condition 
kube-scheduler: fix empty lastTransitionTime in pod condition
 2024-06-18 10:39:35 -07:00
Tim Allclair
7bd78b06e9 Warn on deprecated AppArmor annotation use 2024-03-07 09:51:48 -08:00
Tim Allclair
2d86cbf261 Separate feature-gate for AppArmor fields 2024-03-06 10:46:32 -08:00
Tim Allclair
06caf32ecd Validate localhost profile max length 2024-03-06 10:46:31 -08:00
Tim Allclair
0eb5f52d06 Rename AppArmor annotation constants with Deprecated 2024-03-06 10:46:31 -08:00
Tim Allclair
ec325b328d Match annotations against pod AppArmor field 2024-03-05 12:22:50 -08:00
Tim Allclair
289ec02e8b Implement version skew strategy 2024-03-05 12:22:50 -08:00
Wei Huang
01db4ae9e7 Graduate PodSchedulingReadiness to stable 2024-02-28 23:18:44 -08:00
Huan Yan
01dbb85974 fix: correct incorrect comment & function name about SchedulingGated 2024-01-31 11:27:14 +08:00
lianghao208
bbcb4ee690 fix null lastTransitionTime in pod condition when setting scheduling gate 2024-01-08 12:24:39 +08:00
ahutsunshine
d8bd150784 support pod namespace indexer 
fix comments

optimize code

small optimization for the namespace scope check
 2023-11-30 18:39:09 +08:00
Kensei Nakada
d5d3c26337 feature(scheduler): implement matchLabelKeys in PodAffinity and PodAntiAffinity 2023-10-18 11:28:02 +00:00
Kubernetes Prow Robot
370c85f5ab Merge pull request #118493 from kerthcet/cleanup/pod-status-reason 
Remove reasons from PodConditionType
 2023-08-30 01:40:47 -07:00
Dan Winship
bb0c3a0818 Remove proxyutil.IsProxyableIP / IsProxyableHostname 
These don't belong in pkg/proxy/util; they involve a completely
unrelated definition of proxying.

Since each is only used from one place, just inline them at the
callers.
 2023-07-01 08:49:38 -04:00
kerthcet
96ab232f5f Remove reasons from PodConditionType 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2023-06-07 11:47:47 +08:00
Tim Hockin
4bbf611773 Retool validation for pod HostNetwork ports 
This will ensure that HostPort == ContainerPort for pods and that
HostPort == 0 || HostPort == ContainerPort for embedded PodSpecs.
 2023-05-09 18:10:44 -07:00
Kubernetes Prow Robot
25a25e27a9 Merge pull request #110477 from halfcrazy/feat/hostnetwork-fieldsel 
support fieldSelector spec.hostNetwork
 2023-04-21 18:13:11 -07:00
Yan Zhu
7fb88eec73 support fieldSelector spec.hostNetwork 
Signed-off-by: Yan Zhu <hackzhuyan@gmail.com>
 2023-04-17 13:19:35 +08:00
Vinay Kulkarni
76962b0fa7 In-place Pod Vertical Scaling - API changes 
1. Define ContainerResizePolicy and add it to Container struct.
 2. Add ResourcesAllocated and Resources fields to ContainerStatus struct.
 3. Define ResourcesResizeStatus and add it to PodStatus struct.
 4. Add InPlacePodVerticalScaling feature gate and drop disabled fields.
 5. ResizePolicy validation & defaulting and Resources mutability for CPU/Memory.
 6. Various fixes from code review feedback (originally committed on Apr 12, 2022)
KEP: /enhancements/keps/sig-node/1287-in-place-update-pod-resources
 2023-02-24 17:18:04 +00:00
Kubernetes Prow Robot
6ce055d62d Merge pull request #114947 from saschagrunert/seccomp-ga-cleanup 
Make seccomp annotations non-functional
 2023-01-12 13:48:54 -08:00
Sascha Grunert
af1f6a230b Make seccomp annotations non-functional 
This cleanup has been planned to finish the corresponding KEP:
https://github.com/kubernetes/kubernetes/issues/91286

As follow-up on the partly removal of the seccomp annotations in
https://github.com/kubernetes/kubernetes/pull/109819, we now drop
the version skew handling completely, but still warn as well as keep
the validation in place if both (annotation and field) are set.

The Pod Security Admission code has been already changed in
https://github.com/kubernetes/kubernetes/pull/114846.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2023-01-12 17:11:52 +01:00
Tim Hockin
7c7d79b058 Make the warning about pod name clearer 
Previously this was cut-paste from deployment.  It didn't make much
sense for pod.
 2022-12-25 14:20:55 -08:00
Tim Hockin
c555d290c1 pod: API warn when name is not DNS label 2022-12-16 13:05:17 -08:00
Wei Huang
7b6293b6b6 APIs, Validation and condition enforcements 
- New API field .spec.schedulingGates
- Validation and drop disabled fields
- Disallow binding a Pod carrying non-nil schedulingGates
- Disallow creating a Pod with non-nil nodeName and non-nil schedulingGates
- Adds a {type:PodScheduled, reason:WaitingForGates} condition if necessary
- New literal SchedulingGated in the STATUS column of `k get pod`
 2022-11-03 14:32:34 -07:00
Sascha Grunert
584783ee9f Partly remove support for seccomp annotations 
We now partly drop the support for seccomp annotations which is planned
for v1.25 as part of the KEP:

https://github.com/kubernetes/enhancements/issues/135

Pod security policies are not touched by this change and therefore we
have to keep the annotation key constants.

This means we only allow the usage of the annotations for backwards
compatibility reasons while the synchronization of the field to
annotation is no longer supported. Using the annotations for static pods
is also not supported any more.

Making the annotations fully non-functional will be deferred to a
future release.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2022-08-01 09:19:29 +02:00