scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 11:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
128,366 Commits 1 Branch 0 Tags
bb79c29dd51f46003e0d35cd3d3683a2338448b1
Commit Graph

178 Commits

Author SHA1 Message Date
Paco Xu
bb79c29dd5 remove feature gate RemainingItemCount that was GAed in v1.29 2025-03-03 10:45:39 +08:00
Kubernetes Prow Robot
c5b83f7c6c Merge pull request #129375 from carlory/remove-fg-AppArmor 
Remove general available feature-gate AppArmor
 2025-03-02 05:18:55 -08:00
Kubernetes Prow Robot
d04883c90c Merge pull request #130061 from mimowo/make-backoffperindex-stable 
Graduate Backoff Limit Per Index as stable
 2025-02-28 13:37:02 -08:00
Kubernetes Prow Robot
2fc329c857 Merge pull request #129334 from serathius/streaming-json-list-encoder 
Streaming json list encoder
 2025-02-28 13:36:55 -08:00
Marek Siarkowicz
e7c743b2eb Streaming JSON encoder for List 2025-02-28 13:33:36 +01:00
carlory
28d359beec promote HonorPVReclaimPolicy to GA 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-02-27 14:01:22 +08:00
Kubernetes Prow Robot
e8ed01179a Merge pull request #129498 from carlory/JobPodFailurePolicy 
Remove general available feature-gate JobPodFailurePolicy
 2025-02-26 18:48:36 -08:00
Kubernetes Prow Robot
b38bf6c312 Merge pull request #130035 from cici37/nsDeletion 
[KEP-5080]Ordered Namespace Deletion
 2025-02-26 10:16:30 -08:00
Michal Wozniak
a91ed902fe Graduate Backoff Limit Per Index as stable 
Reenable the JobBackoffLimitPerIndex_Reenabling integration test
 2025-02-26 17:06:37 +01:00
Kubernetes Prow Robot
4b12e89d0d Merge pull request #130279 from serathius/watchcache-snapshot 
Watchcache snapshot
 2025-02-25 05:08:37 -08:00
Marek Siarkowicz
2de2093bce Add snapshotting of watch cache behind a feature gate 2025-02-24 17:15:50 +01:00
carlory
afa266d7ef remove genernal available feature-gate AppArmor 2025-02-24 10:30:14 +08:00
Kubernetes Prow Robot
0a08529144 Merge pull request #129770 from sunnylovestiramisu/promoteGA 
Promote Beta AnyVolumeDataSource to GA
 2025-02-21 16:50:26 -08:00
Kubernetes Prow Robot
c75960c414 Merge pull request #129497 from carlory/remove-fg-AppArmorFields 
Remove general available feature-gate AppArmorFields
 2025-02-19 14:38:26 -08:00
sunnylovestiramisu
21f899596e Promote AnyVolumeDataSource to GA 2025-02-19 17:58:09 +00:00
Kubernetes Prow Robot
bff54e4020 Merge pull request #130013 from yongruilin/crd-racheting-ga 
KEP-4008: promote CRDValidationRatcheting to GA
 2025-02-18 18:08:25 -08:00
Kubernetes Prow Robot
821bc2e15e Merge pull request #130128 from adrianmoisey/bump-kep-4427-to-beta 
Bump KEP-4427 : AllowRelaxedDNSSearchValidation to Beta
 2025-02-18 12:10:34 -08:00
carlory
2382c0125b remove Removed generally available feature-gate DisableCloudProviders and DisableKubeletCloudCredentialProviders 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-02-17 09:59:59 +08:00
Adrian Moisey
6d58125111 Bump KEP-4427 : AllowRelaxedDNSSearchValidation to Beta 2025-02-14 19:39:18 +02:00
Kubernetes Prow Robot
d7774fce9a Merge pull request #129653 from danwinship/nftables-ga 
KEP-3866 nftables kube-proxy to GA
 2025-02-13 08:42:20 -08:00
Dan Winship
83595f500a NFTablesProxyMode to GA 2025-02-13 10:27:14 -05:00
Kubernetes Prow Robot
fbdf8905ea Merge pull request #130058 from gjkim42/add-disableLegacySidecarContainers 
Add LegacySidecarContainers feature gate
 2025-02-12 13:16:27 -08:00
Kubernetes Prow Robot
cd2959b798 Merge pull request #127525 from scott-grimes/patch-1 
fix: pods meeting qualifications for static placement when cpu-manager-policy=static should not have cfs quota enforcement
 2025-02-12 12:02:21 -08:00
Gunju Kim
f2f4634bd3 Add LegacySidecarContainers feature gate 
This adds LegacySidecarContainers feature gate that enables the legacy
code path that predates the SidecarContainers feature to safely remove
the code.

This temporary feature gate is disabled by default, only available in
v1.33, and will be removed in v1.34.
 2025-02-12 20:15:49 +09:00
Scott Grimes
437cd38e19 add feature gate 
Co-authored-by: Francesco Romani <fromani@redhat.com>
 2025-02-11 13:42:22 -05:00
Kubernetes Prow Robot
7a8a4c201a Merge pull request #129933 from serathius/deprecate-namespace-index 
Disable StorageNamespaceIndex feature gate when BtreeWatchCache enabled and deprecate it
 2025-02-11 06:29:59 -08:00
Kubernetes Prow Robot
e2b0cfa3a1 Merge pull request #129934 from serathius/graduate-btree 
Graduate BtreeWatchCache feature gate to GA
 2025-02-10 12:05:56 -08:00
yongruilin
8ab075578a feat: promote CRDValidationRatcheting to GA 2025-02-07 14:04:22 -08:00
Cici Huang
0907f745a0 Add the feature gate OrderedNamespaceDeletion for apiserver. 2025-02-06 17:12:36 -08:00
Anish Ramasekar
cd9fc8bc71 Enable ServiceAccountNodeAudienceRestriction feature gate by default in v1.33 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-02-06 14:11:17 -06:00
Anish Ramasekar
5738ee4def Disable ServiceAccountNodeAudienceRestriction feature gate by default in v1.32 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-02-06 14:10:20 -06:00
Kubernetes Prow Robot
9a03243789 Merge pull request #129929 from serathius/deprecate-separate-rpc 
Flip SeparateCacheWatchRPC feature gate to false and deprecate it
 2025-02-05 17:18:16 -08:00
Kubernetes Prow Robot
925cf7db71 Merge pull request #129930 from serathius/deprecate-watch-from-storage 
Deprecate WatchFromStorageWithoutResourceVersion
 2025-02-05 10:18:23 -08:00
Marek Siarkowicz
065bf2004d Deprecate WatchFromStorageWithoutResourceVersion 
Around the 1.31 release, we discovered that a change introduced in 1.27 allowead
clients to open WATCH requests directly to etcd. This had detrimental consequences,
enabling abusive clients to bypass caching and overwhelm etcd.
Unlike the API server, etcd lacks protection against such behavior.

To mitigate this, we redirected all WATCH requests to be served from the cache.
The WatchFromStorageWithoutResourceVersion feature gate was retained as an escape hatch.
However, since we have no plans to allow direct WATCH requests to etcd again,
this flag is now obsolete.

Direct WATCH requests to etcd offer no advantage, as they don't provide stronger
consistency guarantees. WATCH operations are inherently inconsistent; unlike LIST
operations, they do not confirm the resource version with a quorum. While Kubernetes
uses the WithRequireLeader option on WATCH requests to prevent maintaining connections
to isolated etcd members, the API server provides the same level of guarantee through
its health checks, which fail if it cannot connect to etcd member.  Therefore,
the WatchFromStorageWithoutResourceVersion feature gate can be deprecated and removed.
 2025-02-05 11:42:18 +01:00
Marek Siarkowicz
b1ad53c533 Disable StorageNamespaceIndex feature gate when BtreeWatchCache is enabled and deprecate it 
Previously, the cache used a map keyed by the full object key,
requiring iteration and filtering by namespace for namespace-scoped requests.
This index allowed for faster responses by avoiding this iteration.

With the introduction of the BtreeWatchCache, this optimization is no longer necessary.
The B-tree structure allows efficient prefix-based searches,
including fetching objects by namespace.
Furthermore, the B-tree returns elements ordered by key, eliminating the need for separate sorting.

Performance improvements with the BtreeWatchCache have been validated through benchmarks matching K8s scalability dimentions (see table below).
These results demonstrate that the B-tree approach provides comparable or better performance than the map with index.
Therefore, the StorageNamespaceIndex feature flag can be safely flipped to false and subsequently deprecated.

| Benchmark                                                                         | Btree with Index (current) | Btree without Index    | Map with Index         | Map without Index (sanity check) |
| --------------------------------------------------------------------------------- | -------------------------- | ---------------------- | ---------------------- | -------------------------------- |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)             | 20.77µs ± 10%              | 20.14µs ± 13% (~0%)    | 19.73µs ± 6% (~0%)     | 1067.34µs ± 10% (+5037.73%)      |
| StoreList (10k Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope) | 3.943µs ± 6%               | 3.928µs ± 6% (~0%)     | 3.665µs ± 3% (-7.05%)  | 944.641µs ± 1% (+23857.41%)      |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=, Namespace Scope)              | 303.3µs ± 2%               | 258.2µs ± 2% (-14.85%) | 340.1µs ± 3% (+12.15%) | 1668.6µs ± 4% (+450.23%)         |
| StoreList (50 Namespaces, 150k Pods, 5k Nodes, RV=NotOlderThan, Namespace Scope)  | 286.2µs ± 3%               | 234.7µs ± 1% (-17.99%) | 326.9µs ± 2% (+14.22%) | 1347.7µs ± 4% (+370.91%)         |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=, Namespace Scope)             | 125.3µs ± 2%               | 112.3µs ± 5% (-10.38%) | 137.5µs ± 2% (+9.81%)  | 1395.1µs ± 8% (+1013.78%)        |
| StoreList (100 Namespaces, 110k Pods, 1k Nodes, RV=NotOlderThan, Namespace Scope) | 120.6µs ± 2%               | 113.2µs ± 1% (-6.13%)  | 133.8µs ± 1% (+10.92%) | 1719.1µs ± 5% (+1325.35%)        |
| Geometric Mean                                                                    | 68.94µs                    | 62.73µs (-9.02%)       | 72.72µs (+5.48%)       | 1.326ms (+1823.40%)              |
 2025-02-05 10:49:22 +01:00
Gunju Kim
0bee0bcaa7 Promote SidecarContainers feature to GA 2025-02-02 17:45:36 +09:00
Marek Siarkowicz
e0f548183c Graduate BtreeWatchCache feature gate to GA 2025-01-31 15:33:24 +01:00
Marek Siarkowicz
4a5bbc4c15 Flip SeparateCacheWatchRPC feature gate to false and deprecate it. 
Watch requests to etcd are mapped to a single stream that has a limited throughput.
By opening a lot of concurrent watch requests to single resource, users
could starve other watches from getting any events.

Separating the RPC was meant to protect the watch opened by cache.
However, as we are no longer planning to allow users to open watch directly to etcd,
the flag is not needed.
 2025-01-31 14:08:15 +01:00
Kubernetes Prow Robot
2bda5dd8c7 Merge pull request #129656 from vinayakankugoyal/kep2862beta 
KEP-2862: Graduate to BETA.
 2025-01-27 19:05:23 -08:00
Kubernetes Prow Robot
3f26d00557 Merge pull request #129751 from pacoxu/EfficientWatchResumption 
remove GAed EfficientWatchResumption
 2025-01-27 04:51:22 -08:00
Vinayak Goyal
3a780a1c1b KEP-2862: Graduate to BETA. 2025-01-24 21:36:00 +00:00
Kubernetes Prow Robot
659c437b26 Merge pull request #129703 from carlory/InTreePluginPortworxUnregister 
add a comment to InTreePluginPortworxUnregister
 2025-01-24 08:15:33 -08:00
Filip Křepinský
f7c46df665 api: add terminatingReplicas field to ReplicaSet and Deployment statuses 
- update internal ReplicaSet and Deployment type documentation to match with
  versioned API
- made Replicaset and Deployment type documentation more consistent
 2025-01-23 22:26:34 +01:00
Paco Xu
69964319d1 remove GAed EfficientWatchResumption since v1.24 2025-01-22 16:51:37 +08:00
Antonio Ojea
3b48b0627b graduate DisableAllocatorDualWrite to beta disabled by default 2025-01-20 13:01:52 +00:00
Antonio Ojea
f97ff113fa graduate MultiCIDRServiceAllocator to GA 
don't lock feature gate by default
 2025-01-20 13:01:52 +00:00
carlory
7d02a18a64 add a comment to InTreePluginPortworxUnregister 2025-01-20 17:09:14 +08:00
Alexander Constantinescu
45529062e7 KEP-3836: 1.33 - remove feature gate 2025-01-17 17:04:40 +01:00
Paco Xu
8d7aed698b remove APIListChunking which was GAed since v1.29 2025-01-17 15:56:19 +08:00
Ankit Gohil
14936a7f58 Promote Portworx CSI migration to GA 2025-01-16 05:33:51 +00:00