scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-12-23 16:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
126,108 Commits 1 Branch 0 Tags
753b6fe40b8caeafa6d521dd29b9c85890f92d6d
Commit Graph

876 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
141951cd6b Merge pull request #126420 from hoskeri/fix-container-succeeded-check-status 
kuberuntime_manager: fix container success check.
 2024-10-17 20:31:04 +01:00
Kubernetes Prow Robot
d1e03f3a77 Merge pull request #127195 from yaojunyu/fix-pod-alway-restart-open-envetedpleg 
EventedPLEG: Set Timestamp in PodStatus for Generic PLEG more accurate
 2024-10-14 23:36:20 +01:00
Kubernetes Prow Robot
36122d5a9b Merge pull request #125103 from hjet/kuberuntime-testcov 
[FG:InPlacePodVerticalScaling] Expand coverage for TestGenerateLinuxContainerResources
 2024-10-09 01:58:22 +01:00
Kubernetes Prow Robot
a7fcc89ac0 Merge pull request #125936 from sivchari/use-ptr 
use utils/ptr package instead of utils/pointer
 2024-10-07 01:02:04 +01:00
sivchari
4eab3cca0a use utils/ptr package instead of utils/pointer 
Signed-off-by: sivchari <shibuuuu5@gmail.com>
 2024-10-03 11:33:12 +09:00
Kubernetes Prow Robot
e34f7f4d80 Merge pull request #127671 from mmorel-35/testify/error-contains 
fix: use `ErrorContains(t, err` instead of `Contains(t, err.Error()`
 2024-09-28 19:18:01 +01:00
Matthieu MOREL
f736cca0e5 fix: enable expected-actual rule from testifylint in module k8s.io/kubernetes 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-09-27 07:56:31 +02:00
Matthieu MOREL
f777addb05 fix: use ErrorContains(t, err instead of Contains(t, err.Error() 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-09-26 22:22:20 +02:00
Matthieu MOREL
27b98be303 fix: enable nil-compare and error-nil rules from testifylint in module k8s.io/kubernetes 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-09-25 06:02:47 +02:00
Davanum Srinivas
02c6df0436 Treat Timestamp as nanoseconds which response by PodSandboxStatus(e.g. CRI-O) and fix zero Timestamp without setting (e.g. containerd) change to now. 2024-09-22 15:59:43 +08:00
Abhishek Kr Srivastav
95860cff1c Fix Go vet errors for master golang 
Co-authored-by: Rajalakshmi-Girish <rajalakshmi.girish1@ibm.com>
Co-authored-by: Abhishek Kr Srivastav <Abhishek.kr.srivastav@ibm.com>
 2024-09-20 12:36:38 +05:30
Kubernetes Prow Robot
5c68f560a1 Merge pull request #122781 from pacoxu/fix-channel-panic 
kubelet: delete channel from the terminated after closing it
 2024-09-09 04:56:27 +01:00
Kubernetes Prow Robot
b73f84c934 Merge pull request #126543 from gjkim42/restart-failed-to-start-container 
Restart the init container to not be stuck in created state
 2024-09-06 20:07:58 +01:00
Gunju Kim
be89a6120b Avoid SidecarContainers code path for non-sidecar pods 
This fixes a regression in the SidecarContainers feature by minimizing
the impact of the new code path. Use the old code path for pods without
restartable init containers, and apply the new code path only to pods
with restartable init containers.
 2024-09-06 22:36:43 +09:00
Gunju Kim
4363a8453c Restart the init container to not be stuck in created state 
The main sync loop should have created and started the container in one
step. If the init container is in the 'created' state, it's likely that
the container runtime failed to start it. To prevent the container from
getting stuck in the 'created' state, restart it.
 2024-09-05 22:37:45 +09:00
Ed Bartosh
e1bc8defac kubelet: Migrate DRA Manager to contextual logging 
Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
 2024-08-22 11:12:41 +03:00
Kubernetes Prow Robot
702cea241d Merge pull request #123952 from kinvolk/rata/userns-add-tests-namespacesForPod 
pkg/kubelet/kuberuntime: Add userns tests for NamespacesForPod
 2024-08-14 04:23:22 -07:00
Abhijit Hoskeri
ae5268431a kuberuntime_manager: fix container success check. 
When evaluating whether a container ran to completion,
we only check whether the CRI container status `ExitCode` is 0.

But, the ExitCode is only meaningful if the container has actually
run and exited.

There are other states, eg: `Created` where the container runtime never
set an ExitCode - we shouldn't read it in that case.
 2024-07-28 17:18:41 -07:00
Kubernetes Prow Robot
fa4b8f32ac Merge pull request #125935 from gjkim42/fix-125880 
Terminate restartable init containers ignoring not-started containers
 2024-07-23 15:45:11 -07:00
Kubernetes Prow Robot
581a073dc4 Merge pull request #125663 from saschagrunert/oci-volumesource-kubelet 
[KEP-4639] Add `ImageVolumeSource` implementation
 2024-07-22 15:48:33 -07:00
Sascha Grunert
979863d15c Add ImageVolumeSource implementation 
This patch adds the kubelet implementation of the image volume source
feature.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-22 18:46:46 +02:00
Itamar Holder
6c1f14c468 unit tests: exclude critical pods from swapping 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-07-22 17:56:52 +03:00
Itamar Holder
532cd5f84c Exclude critical pods from having swap access 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-07-22 17:56:52 +03:00
Rodrigo Campos
6f81aa6aa9 pkg/kubelet/kuberuntime: Add userns tests for NamespacesForPod 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-07-19 12:32:57 +02:00
Shingo Omura
f46ecf5648 KEP-3619: Wiring up from RuntimeFeatures.SupplementalGroupsPolicy(CRI) to NodeFeatures.SupplementalGroupsPolicy(API) 
KEP-3619: fix typos in pkg/kubelet/container/runtime.go
 2024-07-16 12:36:00 +09:00
Kubernetes Prow Robot
2d4514e169 Merge pull request #125802 from mmorel-35/testifylint/len+empty 
fix: enable empty and len rules from testifylint on pkg and staging package
 2024-07-11 23:12:06 -07:00
Gunju Kim
a03affab78 Terminate restartable init containers ignoring not-started containers 
This ensures that the restartable init containers receive a termination
signal even if there are any not-started restartable init containers, by
ignoring the not-running containers.
 2024-07-10 05:50:51 +09:00
Matthieu MOREL
f014b754fb fix: enable empty and len rules from testifylint on pkg package 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>

Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
 2024-07-06 23:15:43 +00:00
Sascha Grunert
ae8f6f002d cri: allow GetContainerEvents to pass a context 
The context can be used for timeout purposes for example, not really for
Kubernetes but other consumers like cri-tools.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-02 12:03:34 +02:00
Stephen Kitt
3f36c83c68 Switch to stretchr/testify / mockery for mocks 
testify is used throughout the codebase; this switches mocks from
gomock to testify with the help of mockery for code generation.

Handlers and mocks in test/utils/oidc are moved to a new package:
mockery operates package by package, and requires packages to build
correctly; test/utils/oidc/testserver.go relies on the mocks and fails
to build when they are removed. Moving the interface and mocks to a
different package allows mockery to process that package without
having to build testserver.go.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2024-06-20 19:42:53 +02:00
Kubernetes Prow Robot
e6616033cb Merge pull request #120844 from bzsuni/cleanup/sets/kubelet 
[kubelet] Use a generic Set instead of a specified Set
 2024-06-14 09:09:17 -07:00
Kubernetes Prow Robot
f057f2de1c Merge pull request #124956 from TommyStarK/remove-deprecated-otel-noop-tracer 
cmd/kubelet: remove deprecated otel NewNoopTracerProvider
 2024-06-06 17:05:34 -07:00
Kubernetes Prow Robot
a8d51f4f05 Use a generic Set instead of a specified Set in kubelet 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
 2024-06-04 14:25:43 +08:00
Sascha Grunert
0c9949b6ec Move pkg/kubelet/kuberuntime/logs to k8s.io/cri-client staging 
Particulary helpful to decouple cri-tools from k/k.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-30 15:13:22 +02:00
Shingo Omura
552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
 2024-05-29 15:40:29 -07:00
hjet
56a259bb65 Remove comment 2024-05-23 14:29:15 -04:00
hjet
de602bfa27 Expand coverage for TestGenerateLinuxContainerResources 2024-05-23 14:23:18 -04:00
Kubernetes Prow Robot
dad8fe71f2 Merge pull request #124220 from HirazawaUi/fix-pod-restarted 
[kubelet]: fixed container restart due to pod spec field changes
 2024-05-22 15:43:36 -07:00
TommyStarK
c0ed4972ac kubelet: remove deprecated otel NewNoopTracerProvider 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2024-05-22 17:38:20 +02:00
HirazawaUi
3ec13c5e37 remove HashWithoutResources field 2024-05-22 10:01:31 +08:00
HirazawaUi
f6b650430a fixed container restart due to field changes 2024-05-22 09:55:46 +08:00
Sascha Grunert
2aa9e76be1 Move pkg/kubelet/cri/remote to cri-client 
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-14 10:58:18 +02:00
Kubernetes Prow Robot
29a4812f03 Merge pull request #124080 from claudiubelu/skip-windows-tests 
Skip failing Windows tests
 2024-05-01 07:48:12 -07:00
Kubernetes Prow Robot
3d49956fde Merge pull request #123795 from saschagrunert/metrics-remote-runtime 
Decouple `kubelet/cri/remote` package from `kubelet/metrics`
 2024-04-26 18:31:48 -07:00
Claudiu Belu
2be8baeaef unittests: Skip failing Windows tests 
Some of the unit tests are currently failing on Windows.

Skip them for now, and remove the skips later, once the underlying issues
have been resolved.
 2024-04-25 14:24:16 +00:00
Marek Siarkowicz
3ee8178768 Cleanup defer from SetFeatureGateDuringTest function call 2024-04-24 20:25:29 +02:00
Kubernetes Prow Robot
7f68d014e5 Merge pull request #123749 from iholder101/swap_log/only_once_avoid_spam 
[KEP2400] Avoid logging that swap cgroup controller is missing for every container
 2024-04-19 17:00:46 -07:00
Kubernetes Prow Robot
528cff12f6 Merge pull request #120969 from skitt/uber-go-mock 
Switch from golang/mock to uber-go/mock
 2024-04-17 23:59:24 -07:00
Akihiro Suda
8963e73f12 kubelet: fix mixing up runtime classes with runtime handlers 
Fix issue 123906

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 08:14:48 +09:00
Akihiro Suda
c7f52b34f3 kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00