New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2024643: Rebase v1.22.5 #1103
Bug 2024643: Rebase v1.22.5 #1103
Conversation
Removing myself for now as I navigate the transition to the Prow team.
hostPath volume plugin creates a directory within /tmp on host machine, to be mounted as volume. inject-pod writes content to the volume, and a client-pod tried the read the contents and verify. when SELinux is enabled on the host, client-pod can not read the content, with permission denied. running the client-pod as privileged, so that it can access the volume content, even when SEinux is enabled on the host.
During volume detach, the following might happen in reconciler 1. Pod is deleting 2. remove volume from reportedAsAttached, so node status updater will update volumeAttached list 3. detach failed due to some issue 4. volume is added back in reportedAsAttached 5. reconciler loops again the volume, remove volume from reportedAsAttached 6. detach will not be trigged because exponential back off, detach call will fail with exponential backoff error 7. another pod is added which using the same volume on the same node 8. reconciler loops and it will NOT try to tigger detach anymore At this point, volume is still attached and in actual state, but volumeAttached list in node status does not has this volume anymore, and will block volume mount from kubelet. The fix in first round is to add volume back into the volume list that need to reported as attached at step 6 when detach call failed with error (exponentical backoff). However this might has some performance issue if detach fail for a while. During this time, volume will be keep removing/adding back to node status which will cause a surge of API calls. So we changed to logic to check first whether operation is safe to retry which means no pending operation or it is not in exponentical backoff time period before calling detach. This way we can avoid keep removing/adding volume from node status. Change-Id: I5d4e760c880d72937d34b9d3e904ecad125f802e
… fixes Signed-off-by: Carlos Panato <ctadeu@gmail.com>
…ck-of-#105734-upstream-release-1.22 Automated cherry pick of kubernetes#105734: Fix race condition in logging when request times out
…ick-of-#105511-upstream-release-1.22 Automated cherry pick of kubernetes#105511: Free APF seats for watches handled by an aggregated
…leged-storage-client Cherry pick of kubernetes#104551: Run storage hostpath e2e test client pod as privileged
…pick-of-#105755-upstream-release-1.22 Automated cherry pick of kubernetes#105755: Support cgroupv2 in node problem detector test
…ick-of-#105997-release-1.22 Automated cherry pick of kubernetes#105997: Fixing how EndpointSlice Mirroring handles Service selector
…-pick-of-#105673-upstream-release-1.22 Automated cherry pick of kubernetes#105673: support more than 100 disk mounts on Windows
…ick-of-#105946-upstream-release-1.22 Automated cherry pick of kubernetes#105946: Remove nodes with Cluster Autoscaler taint from LB backends.
Update debian, debian-iptables, setcap images to pick up CVEs fixes
… logging (kubernetes#105137) * added keys for structured logging * used KObj Co-authored-by: Shivanshu Raj Shrivastava <shivanshu1333@gmail.com>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
The logic to detect stale endpoints was not assuming the endpoint readiness. We can have stale entries on UDP services for 2 reasons: - an endpoint was receiving traffic and is removed or replaced - a service was receiving traffic but not forwarding it, and starts to forward it. Add an e2e test to cover the regression
Bump kube-openapi against kube-openapi/release-1.22 branch Signed-off-by: Alper Rifat Ulucinar <ulucinar@users.noreply.github.com>
tests are permafailing |
The kube-proxy code in this PR doesn't get built in OCP; so you're running new e2e tests that depend on a kube-proxy bugfix in 1.22.5 against openshift-sdn's kube-proxy code which is based on https://github.com/openshift/kubernetes/tree/sdn-4.9-kubernetes-1.22.0-rc.0 and doesn't have that bugfix. |
c2ac04f
to
91ce514
Compare
/override ci/prow/verify-commits |
@soltysh: Overrode contexts on behalf of soltysh: ci/prow/verify-commits In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test k8s-e2e-aws-serial |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Confirmed all the contents of this PR
/lgtm
/remove-label backports/unvalidated-commits
/label backport/validated-commits
@soltysh: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/label backports/validated-commits |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: josefkarasek, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest-required |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest e2e-aws-csi |
@josefkarasek: The
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test e2e-agnostic-cmd |
/test e2e-aws-csi |
/test e2e-aws-downgrade |
@josefkarasek: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@josefkarasek: All pull requests linked via external trackers have merged: Bugzilla bug 2024643 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
CHANGELOG: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md#v1225