scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-12-15 20:37:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
110,558 Commits 1 Branch 0 Tags
a4ad8f4154bb07be9cbb98d12d82c51afaffeac6
Commit Graph

45335 Commits

Author SHA1 Message Date
Jan Safranek
4cfb277e8b Implement mounting with -o context= in iSCSI volume plugin 2022-08-04 10:51:31 +02:00
Jan Safranek
cdb3ead5a9 Add SupportsSELinuxContextMount 
Add a new call to VolumePlugin interface and change all its
implementations.

Kubelet's VolumeManager will be interested whether a volume supports
mounting with -o conext=XYZ or not to hanle SetUp() / MountDevice()
accordingly.
 2022-08-04 10:51:28 +02:00
Jan Safranek
f99cf5180e Add SELinux mount option to NewMounter() and MountDevice() 
Let volume plugins decide if they want to mount volumes with "-o
context=XYZ" or let the container runtime relabel the volume on container
startup.

Using NewMounter, as it's the call where a volume plugin gets the other MountOptions.
 2022-08-04 10:51:11 +02:00
Jan Safranek
f2fd9c1c16 Regenerate files 2022-08-04 10:51:01 +02:00
Jan Safranek
189f19a698 Update generation when SELinuxMount is changed 2022-08-04 10:51:00 +02:00
Jan Safranek
3efeeef346 Add CSIDriverSpec.SELinuxMount 
The new field tells Kubernetes if the CSI driver supports mounting of
volumes with -o context=XYZ or not.
 2022-08-04 10:51:00 +02:00
Jan Safranek
34dc6b2587 Add SELinuxMountReadWriteOncePod feature gate 2022-08-04 10:51:00 +02:00
Kubernetes Prow Robot
b661944b65 Merge pull request #110939 from Abirdcfly/deleteutil 
don't quota events.k8s.io events by default
 2022-08-03 20:49:46 -07:00
Kubernetes Prow Robot
d4795e4bec Merge pull request #111620 from Jiawei0227/storageos 
cleanup: Remove storageos volume plugins from k8s codebase
 2022-08-03 18:05:36 -07:00
Kubernetes Prow Robot
a0e702763e Merge pull request #110495 from alexzielenski/atomic-objectreference 
make ObjectReference field ownership granular
 2022-08-03 14:21:48 -07:00
Jiawei Wang
d52cdeae79 cleanup: Remove storageos volume plugins from k8s codebase 2022-08-03 20:19:59 +00:00
Kubernetes Prow Robot
442574f3a7 Merge pull request #111513 from jingxu97/july/localstorage 
Promote Local storage capacity isolation feature to GA
 2022-08-03 13:05:59 -07:00
Kubernetes Prow Robot
4b6134b6dc Merge pull request #111090 from kinvolk/rata/userns-support-2022 
Add support for user namespaces phase 1 (KEP 127)
 2022-08-03 13:05:47 -07:00
Rodrigo Campos
8dc98c9b8e Update autogenerated files 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
138e80819e kubelet: set user namespace options 
Set the user namespace options to use for the pod.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
67b38ffe6e kubelet: propagate errors from namespacesForPod 
it is a preparatory change for the next commit.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
695b30e91c volume: use GetHostIDsForPod() 
This commit only changes the UID/GID if user namespaces is enabled. When
it is enabled, it changes it so the hostUID and hostGID that are mapped
to the currently used UID/GID. This is needed so volumes are created
with the hostUID/hostGID and the user inside the container can read
them.

If user namespaces are disabled for this pod, this is a no-op: there is
no user namespace mapping, so the hostUID/hostGID are the same as inside
the container.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
d07c2688fe kubelet: add GetHostIDsForPod() 
In future commits we will need this to set the user/group of supported
volumes of KEP 127 - Phase 1.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
9b2fc639a0 kubelet: add GetUserNamespaceMappings to RuntimeHelper 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
63462285d5 kubelet: add userns manager 
it is used to allocate and keep track of the unique users ranges
assigned to each pod that runs in a user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
cf8164bccf apis: add validation for HostUsers 
This commit just adds a validation according to KEP-127. We check that
only the supported volumes for phase 1 of the KEP are accepted.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Alexander Zielenski
84f795d04a mark persistentvolume's claimRef as granular 2022-08-03 10:01:14 -07:00
kerthcet
b4277e7ce4 Fix potential goroutine leakages in taint manager tests 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2022-08-04 00:00:48 +08:00
Stanislav Kardashov
8b9578bf76 Generate specs after fixing typo in documentation 2022-08-03 14:18:36 +03:00
Giuseppe Scrivano
482e76dc2c features: add UserNamespacesSupport feature 
define a feature gate for the user namespaces support.  The feature is
not enabled by default.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 13:18:11 +02:00
jinxu
0064010cdd Promote Local storage capacity isolation feature to GA 
This change is to promote local storage capacity isolation feature to GA

At the same time, to allow rootless system disable this feature due to
unable to get root fs, this change introduced a new kubelet config
"localStorageCapacityIsolation". By default it is set to true. For
rootless systems, they can set this configuration to false to disable
the feature. Once it is set, user cannot set ephemeral-storage
request/limit because capacity and allocatable will not be set.

Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
 2022-08-02 23:45:48 -07:00
zhangxiaoyang
7375ba4e27 add validation test for features.GracefulNodeShutdownBasedOnPodPriority 2022-08-03 14:43:00 +08:00
Kubernetes Prow Robot
aea9f9887d Merge pull request #111645 from vinaykul/restart-free-pod-vertical-scaling-cri 
CRI changes to support in-place pod resize
 2022-08-02 21:27:51 -07:00
Abirdcfly
9680e3f7d6 don't quota events.k8s.io events by default 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
 2022-08-03 12:13:35 +08:00
Kubernetes Prow Robot
cb41d5002c Merge pull request #111061 from pacoxu/key-encipherment-optional 
modify the signing/approving controller to tolerate either set of usages for kubelet client and serving certificates
 2022-08-02 18:55:51 -07:00
Kubernetes Prow Robot
182e0989ec Merge pull request #111646 from alculquicondor/fix_failed_suceeded 
Fix JobTrackingWithFinalizers when a pod succeeds after the job fails
 2022-08-02 17:45:52 -07:00
Aldo Culquicondor
ca8cebe5ba Fix JobTrackingWithFinalizers when a pod succeeds after the job fails 
Change-Id: I3be351fb3b53216948a37b1d58224f8fbbf22b47
 2022-08-02 19:33:06 -04:00
Kubernetes Prow Robot
6fbeacdf73 Merge pull request #111435 from soltysh/cronjob_timezone_beta 
Promote CronJobTimeZone to beta
 2022-08-02 16:23:51 -07:00
Vinay Kulkarni
007d93ad08 Handle UpdateContainerResources for Windows in v1alpha2 2022-08-02 15:31:00 -07:00
Vinay Kulkarni
0ef263c3b0 CRI changes to support implementation of in-place pod resize. 
KEP: /enhancements/keps/sig-node/1287-in-place-update-pod-resources
 2022-08-02 15:08:25 -07:00
Kubernetes Prow Robot
90f9a52db6 Merge pull request #111467 from RomanBednar/retro-sc-assignment 
Allow retroactive storage class assigment to PVCs
 2022-08-02 15:05:57 -07:00
Giuseppe Scrivano
9e9b23fd3c pkg/apis, staging: add HostUsers to pod spec 
It is used to request that a pod runs in a unique user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-02 23:47:58 +02:00
Giuseppe Scrivano
eee5fa8b8d volume: use the effective uid 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-02 23:47:58 +02:00
Paco Xu
e6176c28b7 modify the signing/approving controller to tolerate either set of usages for kubelet client and serving certificates 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2022-08-03 05:12:04 +08:00
Kubernetes Prow Robot
8f3b2813dc Merge pull request #111642 from harche/evented_pleg_cri_changes 
Update CRI API to support Evented PLEG
 2022-08-02 13:59:16 -07:00
Kubernetes Prow Robot
369a465fae Merge pull request #111301 from mattcary/migration-feature 
Upgrade CSIMigrationGCE feature gate to GA
 2022-08-02 13:58:57 -07:00
Kubernetes Prow Robot
9fb1f67af7 Merge pull request #111278 from arpitsardhana/master 
KEP-3327: Add CPUManager policy option to align CPUs by Socket instead of by NUMA node
 2022-08-02 13:58:45 -07:00
Roman Bednar
2f533cd572 add tests for pv controller 2022-08-02 20:52:04 +02:00
Roman Bednar
a0a5aa3680 allow retroactive storage class assignment in pv controller 2022-08-02 20:52:04 +02:00
Roman Bednar
42b24b7baf move storage class helpers to utils 2022-08-02 20:52:04 +02:00
Roman Bednar
caf2f41084 add tests for pvc update validation 2022-08-02 20:52:04 +02:00
Roman Bednar
f051cc7e0e allow pvc spec StorageClass name mutation if the feature is enabled 2022-08-02 20:52:04 +02:00
Roman Bednar
0f0d61f91c pass down feature gate to PVC validation opts 2022-08-02 20:52:04 +02:00
Roman Bednar
d19f6fba29 add RetroactiveDefaultStorageClass feature gate 2022-08-02 20:52:04 +02:00
Kubernetes Prow Robot
bc4c4930ff Merge pull request #111475 from alculquicondor/clear_pod_disruption 
Add worker to clean up stale DisruptionTarget condition
 2022-08-02 11:38:18 -07:00