scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-12-13 19:37:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
126,882 Commits 1 Branch 0 Tags
b209a62483d42c151326173f2700273b044eba59
Commit Graph

433 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
9660e5c4cd Merge pull request #127360 from knight42/feat/split-stdout-stderr-server-side 
API: add a new `Stream` field to `PodLogOptions`
 2024-11-07 19:44:45 +00:00
Lan Liang
6e5a3cde50 Remove PodHostIPs feature gates. 
Signed-off-by: Lan Liang <gcslyp@gmail.com>
 2024-11-06 23:10:36 -08:00
Jian Zeng
94cd0a0892 feat(kubelet): only returns logs that match the given stream 
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
 2024-11-07 13:52:16 +08:00
Tim Allclair
ea53083c14 Don't checkpoint ResizeStatus 2024-11-05 15:48:35 -08:00
Tim Allclair
4a4748d23c Determine resize status from state in handlePodResourcesResize 2024-11-05 15:41:49 -08:00
Kubernetes Prow Robot
f81a68f488 Merge pull request #128377 from tallclair/allocated-status-2 
[FG:InPlacePodVerticalScaling] Implement AllocatedResources status changes for Beta
 2024-11-05 23:21:49 +00:00
carlory
c6e6fadc48 fix pull-kubernetes-linter-hints 2024-11-05 21:26:00 +08:00
carlory
b6c9c2d6fa 1. When the kubelet constructs the cri mounts for the container which references an image volume source type, It passes the missing mount attributes to the CRI implementation, including readOnly, propagation, and recursiveReadOnly. When the readOnly field of the containerMount is explicitly set to false, the kubelet will take the readOnlyas true to the CRI implementation because the image volume plugin requires the mount to be read-only. 
2. Fix a bug where the pod is unexpectedly running when the `image` volume source type is used and mounted to `/etc/hosts` in the container.
 2024-11-05 19:47:12 +08:00
Tim Allclair
bf4f1832e2 Don't clear resize status when resources are missing 2024-11-01 14:02:59 -07:00
Tim Allclair
84201658c3 Fix ResizeStatus state transitions 2024-11-01 14:02:59 -07:00
Tim Allclair
04aeb40793 Comment clarifying definition of non-resizable containers 2024-11-01 14:02:58 -07:00
Tim Allclair
d37634a930 Fixup linting 2024-11-01 14:02:58 -07:00
Tim Allclair
32e6eac753 Fix clearing pod resize status 2024-11-01 14:02:58 -07:00
Tim Allclair
61c1beeda2 Always set status Resources, default to allocated 2024-11-01 14:02:58 -07:00
Tim Allclair
0f0e27d226 Move container status AllocatedResources behind a separate feature gate 2024-11-01 14:02:58 -07:00
Tim Allclair
321eff34f7 Rework allocated resources handling 2024-10-24 09:27:40 -07:00
Tim Allclair
53aa727708 Checkpoint allocated requests and limits 2024-10-22 11:26:48 -07:00
Itamar Holder
9545d45c5d Remove TODO regarding extended resources 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-08-28 16:27:05 +03:00
Itamar Holder
090961f8c8 Add limits and request processing for storage resources 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-08-28 15:38:06 +03:00
Itamar Holder
8811817e7b Refactor: improve convertCustomResources() variable names 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-08-28 15:38:06 +03:00
Itamar Holder
b9109ab7e4 Refactor: avoid code duplication when converting custom resources 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-08-28 15:37:39 +03:00
Itamar Holder
a482d8937b Add extended resources to ContainerStatuses[i].Resources 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-08-28 15:36:55 +03:00
Ed Bartosh
e1bc8defac kubelet: Migrate DRA Manager to contextual logging 
Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
 2024-08-22 11:12:41 +03:00
Antonio Ojea
5845492cb4 hostNetwork pods mount /etc/hosts without network 
hostNetwork pods mount the /etc/hosts from the root namespaces, hence
does not depend on PodIPs to be populated to mount the /etc/hosts file
and add the argumentes specified in the Pod.Spec like hostAliases.
 2024-08-06 16:56:57 +00:00
Sergey Kanzhelev
62f96d2748 set AllocatedResourcesStatus in the Pod Status 2024-07-24 00:29:35 +00:00
Kubernetes Prow Robot
581a073dc4 Merge pull request #125663 from saschagrunert/oci-volumesource-kubelet 
[KEP-4639] Add `ImageVolumeSource` implementation
 2024-07-22 15:48:33 -07:00
Sascha Grunert
979863d15c Add ImageVolumeSource implementation 
This patch adds the kubelet implementation of the image volume source
feature.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-22 18:46:46 +02:00
Kubernetes Prow Robot
558c9536a1 Merge pull request #123678 from kinvolk/userns-use-kubelet-user-mappings 
kubelet: Add logs for userns custom mappings parsing
 2024-07-20 19:59:57 -07:00
Kubernetes Prow Robot
a8d354bf39 Merge pull request #126122 from HirazawaUi/remove-unused-options 
kubelet: Remove unused run container options
 2024-07-19 18:05:16 -07:00
HirazawaUi
0dbf1d3ceb remove kubelet unused run container options 2024-07-16 20:43:02 +08:00
carlory
850bc09e9b clean up codes after PodDisruptionConditions was promoted to GA and locked to default 2024-07-11 10:40:21 +08:00
Kubernetes Prow Robot
e6616033cb Merge pull request #120844 from bzsuni/cleanup/sets/kubelet 
[kubelet] Use a generic Set instead of a specified Set
 2024-06-14 09:09:17 -07:00
Kubernetes Prow Robot
009a291573 Merge pull request #124677 from HirazawaUi/add-const-ContainerStatusUnknown 
kubelet: Use constant replace same value variables of the ContainerStateTerminated Reason field
 2024-06-06 17:05:23 -07:00
Kubernetes Prow Robot
a8d51f4f05 Use a generic Set instead of a specified Set in kubelet 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
 2024-06-04 14:25:43 +08:00
Shingo Omura
552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
 2024-05-29 15:40:29 -07:00
Davanum Srinivas
fd06dcd604 Switch hard error to a WARNING for kernel version check 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-12 20:23:48 -04:00
Davanum Srinivas
8597b343fa Enforce the Minimum Kernel Version 6.3 for UserNamespacesSupport feature 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-07 16:01:42 -04:00
HirazawaUi
7a4531c5ba add ContainerStatusUnknown constant 2024-05-03 00:27:19 +08:00
Kubernetes Prow Robot
ef2c682635 Merge pull request #122082 from carlory/remove-keep-terminated-pod-volumes 
keep-terminated-pod-volumes flag on kubelet is removed
 2024-04-17 23:59:54 -07:00
Maksym Pavlenko
be4b7176dc Fix Abs path validation on Windows (#124084) 
* Windows: Consider slash-prefixed paths as absolute

filepath.IsAbs does not consider "/" or "\" as absolute paths, even
though files can be addressed as such. [1][2]

Currently, there are some unit tests that are failing on Windows due to
this reason.

[1] https://learn.microsoft.com/en-us/dotnet/standard/io/file-path-formats#traditional-dos-paths
[2] https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#fully-qualified-vs-relative-paths

* Add test to verify IsAbs for windows

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Fix abs path validation on windows

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Skipp path clean check for podLogDir on windows

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Implement IsPathClean to validate path

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Add warn comment for IsAbs

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

---------

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Co-authored-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
 2024-04-10 10:13:59 -07:00
Akihiro Suda
8963e73f12 kubelet: fix mixing up runtime classes with runtime handlers 
Fix issue 123906

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 08:14:48 +09:00
Akihiro Suda
4a776f66ec kubelet: silence "unknown runtime class" errors when unsupported 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 07:08:42 +09:00
Rodrigo Campos
e6694b0ede kubelet: Add logs for userns custom mappings parsing 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-13 19:14:54 +01:00
Akihiro Suda
c7f52b34f3 kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
6f12e1d8e5 kubelet: expose containerStatuses.volumeMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Kubernetes Prow Robot
87f9b3891e Merge pull request #123385 from HirazawaUi/allow-special-characters 
Allow almost all printable ASCII characters in environment variables
 2024-03-05 17:31:06 -08:00
HirazawaUi
fa3c101439 relax validation pod envfrom 2024-03-05 17:09:15 +08:00
Kubernetes Prow Robot
4ed7f6b4c4 Merge pull request #123583 from saschagrunert/image-id-container-status 
Add `image_id` to CRI `ContainerStatus` message
 2024-03-04 11:23:41 -08:00
Giuseppe Scrivano
87a057d417 KEP-127: kubelet: honor kubelet user mappings 
allow to specify what IDs must be used by the kubelet to create user
namespaces.

If no additional UIDs/GIDs are not allocated to the "kubelet" user,
then the kubelet assumes it can use any ID on the system.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-03-02 12:15:39 +01:00
carlory
b47c73ee26 keep-terminated-pod-volumes flag on kubelet is removed 2024-03-01 18:42:15 +08:00