scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-25 10:55:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
128,234 Commits 1 Branch 0 Tags
b51cbb1d17ca680139d306b43a88c723e72a6103
Commit Graph

1116 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
b14fad5adc Merge pull request #130181 from natasha41575/apiserver-generation 
start setting pod metadata.generation
 2025-02-24 10:48:29 -08:00
Natasha Sarkar
d02401dea9 start setting pod metadata.generation 2025-02-24 16:22:14 +00:00
sunnylovestiramisu
21f899596e Promote AnyVolumeDataSource to GA 2025-02-19 17:58:09 +00:00
Kubernetes Prow Robot
7a8a4c201a Merge pull request #129933 from serathius/deprecate-namespace-index 
Disable StorageNamespaceIndex feature gate when BtreeWatchCache enabled and deprecate it
 2025-02-11 06:29:59 -08:00
Kubernetes Prow Robot
0634e21fb5 Merge pull request #128367 from vivzbansal/sidecar-2 
[FG:InPlacePodVerticalScaling] Implement resize for sidecar containers
 2025-02-05 14:38:15 -08:00
Marek Siarkowicz
b1ad53c533 Disable StorageNamespaceIndex feature gate when BtreeWatchCache is enabled and deprecate it 
Previously, the cache used a map keyed by the full object key,
requiring iteration and filtering by namespace for namespace-scoped requests.
This index allowed for faster responses by avoiding this iteration.

With the introduction of the BtreeWatchCache, this optimization is no longer necessary.
The B-tree structure allows efficient prefix-based searches,
including fetching objects by namespace.
Furthermore, the B-tree returns elements ordered by key, eliminating the need for separate sorting.

Performance improvements with the BtreeWatchCache have been validated through benchmarks matching K8s scalability dimentions (see table below).
These results demonstrate that the B-tree approach provides comparable or better performance than the map with index.
Therefore, the StorageNamespaceIndex feature flag can be safely flipped to false and subsequently deprecated.

| Benchmark                                                                         | Btree with Index (current) | Btree without Index    | Map with Index         | Map without Index (sanity check) |
| --------------------------------------------------------------------------------- | -------------------------- | ---------------------- | ---------------------- | -------------------------------- |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)             | 20.77µs ± 10%              | 20.14µs ± 13% (~0%)    | 19.73µs ± 6% (~0%)     | 1067.34µs ± 10% (+5037.73%)      |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope) | 3.943µs ± 6%               | 3.928µs ± 6% (~0%)     | 3.665µs ± 3% (-7.05%)  | 944.641µs ± 1% (+23857.41%)      |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)              | 303.3µs ± 2%               | 258.2µs ± 2% (-14.85%) | 340.1µs ± 3% (+12.15%) | 1668.6µs ± 4% (+450.23%)         |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope)  | 286.2µs ± 3%               | 234.7µs ± 1% (-17.99%) | 326.9µs ± 2% (+14.22%) | 1347.7µs ± 4% (+370.91%)         |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=, Namespace Scope)             | 125.3µs ± 2%               | 112.3µs ± 5% (-10.38%) | 137.5µs ± 2% (+9.81%)  | 1395.1µs ± 8% (+1013.78%)        |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=NotOlderThan, Namespace Scope) | 120.6µs ± 2%               | 113.2µs ± 1% (-6.13%)  | 133.8µs ± 1% (+10.92%) | 1719.1µs ± 5% (+1325.35%)        |
| Geometric Mean                                                                    | 68.94µs                    | 62.73µs (-9.02%)       | 72.72µs (+5.48%)       | 1.326ms (+1823.40%)              |
 2025-02-05 10:49:22 +01:00
Kubernetes Prow Robot
76506f1d87 Merge pull request #129816 from sambdavidson/master 
Improve SA max token expiry with external signer logic, and plumb extended expiry duration.
 2025-01-29 16:41:29 -08:00
Kubernetes Prow Robot
f05b5dddb8 Merge pull request #129870 from yongruilin/fix-componentstatus-500 
chore: use NewNotFound error for missing components
 2025-01-29 12:09:29 -08:00
Samuel Davidson
7936d64e03 Replace IsExternalSigner boolean with ExtendedSigningDuration throughout apiserver to ensure consistent token signing length between local and external token signing. 2025-01-29 17:49:22 +00:00
yongruilin
bde75d6020 chore: use NotFound error for missing components 
In this way, the return status could be 404 instead of 500
 2025-01-28 17:29:30 -08:00
Maciej Szulik
1fa995224a Update scale sub-resource to return the same error everywhere 
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
 2025-01-28 15:42:08 +01:00
vivzbansal
242dec3e34 Updated some unit tests and resolved some review comments 2025-01-27 19:46:54 +00:00
vivzbansal
8fa8277908 Added some unit tests 2025-01-27 19:46:54 +00:00
vivzbansal
1cf4587277 Fix build error 2025-01-27 19:42:14 +00:00
vivzbansal
591b0f547a Fix issue of pod spec mismatch if there is any non-restarble init container present 2025-01-27 19:42:13 +00:00
vivzbansal
3885d2f8ab Added sidecar support in ValidatePodResize and dropNonResizeUpdates 2025-01-27 19:42:13 +00:00
Antonio Ojea
d3e8572d70 cluster ip allocator should check first on the legacy allocators 
Kubernetes clusters allow to define an IPv6 range of /108 for IPv6
despite the old allocators will only use the first /112 of that range.

The new allocators does not have this limitation, so they can allocate
IPs on the whole space, the problem happens on upgrades from clusters
that were already using this size, since the new allocators by default
will try to allocate addresses that works for both new and old allocatos
to allow safe upgrades.

The new allocators, when configured to keep compatibility with the old
allocators, must try first to allocate an IP that is compatible with the
old allocators and only fall back to the new behavior if it is not
possible.
 2025-01-24 15:48:52 +00:00
Kubernetes Prow Robot
a444a5bfed Merge pull request #129732 from dims/switch-to-v2.6.3-of-gopkg.in/go-jose/go-jose.v2 
Switch to gopkg.in/go-jose/go-jose.v2 @ v2.6.3 and github.com/coreos/go-oidc @ v2.3.0
 2025-01-22 13:40:38 -08:00
Davanum Srinivas
c9e81cd84c Switch to gopkg.in/go-jose/go-jose.v2 @ v2.6.3 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-01-21 09:21:27 -05:00
Antonio Ojea
ad511cd249 update registry 2025-01-20 13:01:53 +00:00
Patrick Ohly
8a908e0c0b remove import doc comments 
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:

- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.

This commit was generated with
   sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')

Everything was included, except for
   package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".
 2024-12-02 16:59:34 +01:00
Kevin Hannon
3d08c10c8a fix PodLogsQuerySplitStream if feature is enabled and using defaults 2024-11-08 22:32:30 -05:00
Abu Kashem
b6773f1589 api: add a new field to meta/v1 DeleteOptions 
- add a new boolean field
  IgnoreStoreReadErrorWithClusterBreakingPotential to meta/v1 DeleteOptions

- add validation for the new delete option
add validation for the new field in the delete options
ignoreStoreReadErrorWithClusterBreakingPotential

- prevent the pod eviction handler from issuing an unsafe pod delete
prevent the pod eviction handler from enabling the
'ignoreStoreReadErrorWithClusterBreakingPotential' delete option
 2024-11-07 15:12:56 -05:00
Kubernetes Prow Robot
9660e5c4cd Merge pull request #127360 from knight42/feat/split-stdout-stderr-server-side 
API: add a new `Stream` field to `PodLogOptions`
 2024-11-07 19:44:45 +00:00
Harshal Neelkamal
6fdacf0411 Add plugin and key-cache for ExternalJWTSigner integration 2024-11-07 03:16:23 +00:00
Kubernetes Prow Robot
4c487b00af Merge pull request #128627 from kannon92/revert-128046-ga3960 
Revert "Graduate PodLifecycleSleepAction to GA"
 2024-11-07 00:25:51 +00:00
Kevin Hannon
350b0d2b93 Revert "Graduate PodLifecycleSleepAction to GA" 2024-11-06 16:29:19 -05:00
Ben Luddy
439d2f7b40 Wire serving codecs to CBOR feature gate. 
Integration testing has to this point relied on patching serving codecs for built-in APIs. The
test-only patching is removed and replaced by feature gated checks at runtime.
 2024-11-06 15:41:39 -05:00
Jian Zeng
d9687a8c3a feat(apiserver): set stream param in LogLocation 
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
 2024-11-06 22:42:18 +08:00
Anish Shah
e55bf09ca5 Fix unit tests 2024-11-06 01:33:16 +00:00
Anish Shah
832d7f7dc2 apply feedback 2024-11-06 01:33:15 +00:00
Anish Shah
4c69bf2496 implement GetResetFieldsFilter 
GetResetFieldsFilter returns a set of fields filter reset
by pod resize strategy. This is needed to make server-side apply
work correctly.
 2024-11-06 01:33:15 +00:00
Anish Shah
3b91edb660 unit tests to ensure pod metadata cannot be updated during resize. 2024-11-06 01:33:15 +00:00
Anish Shah
07ca0b09bb refactor logic to override pod fields 2024-11-06 01:33:14 +00:00
Anish Shah
878c54fc9a test: add unit tests to verify the .status.resize field 2024-11-06 01:33:14 +00:00
Anish Shah
2bf1f2349c validate resize request 
We validate resize request by ensuring that pod QoS is unchanged and
only cpu and memory resources and resize policies are mutated.
 2024-11-06 01:33:14 +00:00
Anish Shah
8f967c19b3 drop unrelated changes for /resize request 
Since resize request takes the full pod object as the request type, drop
any unrelated changes. Only container resources and resize policy should
be validated.
 2024-11-06 01:33:13 +00:00
Anish Shah
507ce443b0 introduce resize REST object 
This commit introduces a basic REST object for resize subresource and
adds it to the pod storage.
 2024-11-06 01:33:13 +00:00
Kubernetes Prow Robot
bc79d3ba87 Merge pull request #128396 from ritazh/deprecate-EnforceMountableSecretsAnnotation 
deprecate EnforceMountableSecretsAnnotation in 1.32
 2024-11-05 06:07:40 +00:00
Kubernetes Prow Robot
9fe41b6198 Merge pull request #128046 from AxeZhan/ga3960 
Graduate PodLifecycleSleepAction to GA
 2024-11-04 22:09:35 +00:00
Rita Zhang
e7cdc59555 deprecate EnforceMountableSecretsAnnotation in 1.32 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
 2024-11-04 13:13:32 -08:00
AxeZhan
200a61b6b9 Graduate PodLifecycleSleepAction to GA 2024-11-02 11:05:36 +08:00
carlory
9cb7d58b3c Tighten validation on the qosClass field of pod status 2024-11-01 10:36:03 +08:00
Kubernetes Prow Robot
d88b4e3b6e Merge pull request #127777 from tkashem/refactor-delete-option 
KEP-4795: refactor: add delete options for Delete method in storage interface
 2024-10-10 16:36:27 +01:00
Aohan Yang
da5738d9aa Set feature gate emulation version during test 2024-10-10 19:26:31 +08:00
Abu Kashem
bc0ea34bc3 refactor: add delete options for Delete method in storage interface 2024-10-08 10:45:15 -04:00
Antonio Ojea
7a9bca3888 bugfix: initialize secondary range registry with the right value 
When MultiCIDRServiceAllocator feature is enabled, we added an
additional feature gate DisableAllocatorDualWrite that allows to enable
a mirror behavior on the old allocator to deal with problems during
cluster upgrades.

During the implementation the secondary range of the legacy allocator
was initialized with the valuye of the primary range, hence, when a
Service tried to allocate a new IP on the secondary range, it succeded
in the new ip allocator but failed when it tried to allocate the same IP
on the legacy allocator, since it has a different range.

Expand the integration test that run over all the combinations of
Service ClusterIP possibilities to run with all the possible
combinations of the feature gates.

The integration test need to change the way of starting the apiserver
otherwise it will timeout.
 2024-09-24 17:48:13 +00:00
Anish Ramasekar
c22a41e879 Set credential-id in userinfo.extra for jwt authenticators if jti claim present 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-08-30 11:02:44 -07:00
Sakuralbj
9064bfbe87 don't watch headless services on kube-proxy 2024-08-19 22:57:47 +08:00
古九
fc07c23b73 set service-ip-repair-controller wait time match with etcd dial timeout 2024-08-16 15:45:47 +08:00