-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Rebase 1.25 #1357
WIP: Rebase 1.25 #1357
Commits on Aug 2, 2022
-
Merge pull request kubernetes#111475 from alculquicondor/clear_pod_di…
…sruption Add worker to clean up stale DisruptionTarget condition
Configuration menu - View commit details
-
Copy full SHA for bc4c493 - Browse repository at this point
Copy the full SHA bc4c493View commit details -
Configuration menu - View commit details
-
Copy full SHA for d19f6fb - Browse repository at this point
Copy the full SHA d19f6fbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0f0d61f - Browse repository at this point
Copy the full SHA 0f0d61fView commit details -
Configuration menu - View commit details
-
Copy full SHA for f051cc7 - Browse repository at this point
Copy the full SHA f051cc7View commit details -
Configuration menu - View commit details
-
Copy full SHA for caf2f41 - Browse repository at this point
Copy the full SHA caf2f41View commit details -
Configuration menu - View commit details
-
Copy full SHA for 42b24b7 - Browse repository at this point
Copy the full SHA 42b24b7View commit details -
Configuration menu - View commit details
-
Copy full SHA for a0a5aa3 - Browse repository at this point
Copy the full SHA a0a5aa3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2f533cd - Browse repository at this point
Copy the full SHA 2f533cdView commit details -
Merge pull request kubernetes#111522 from ii/promote-namespace-status…
…-test Promote NamespaceStatus endpoints test +3 Endpoints
Configuration menu - View commit details
-
Copy full SHA for d4c7542 - Browse repository at this point
Copy the full SHA d4c7542View commit details -
Merge pull request kubernetes#111547 from kerthcet/feat/mark-cc-v1bet…
…a2-deprecated Deprecate kubescheduler ComponentConfig v1beta2
Configuration menu - View commit details
-
Copy full SHA for 96439a0 - Browse repository at this point
Copy the full SHA 96439a0View commit details -
Merge pull request kubernetes#111557 from alexzielenski/update-smd-422
update smd to 4.2.3
Configuration menu - View commit details
-
Copy full SHA for 22eab13 - Browse repository at this point
Copy the full SHA 22eab13View commit details -
Merge pull request kubernetes#111633 from pohly/ginkgo-no-color
ginkgo: disable color escape sequences by default when not connected to a terminal
Configuration menu - View commit details
-
Copy full SHA for 448e48b - Browse repository at this point
Copy the full SHA 448e48bView commit details -
Merge pull request kubernetes#111278 from arpitsardhana/master
KEP-3327: Add CPUManager policy option to align CPUs by Socket instead of by NUMA node
Configuration menu - View commit details
-
Copy full SHA for 9fb1f67 - Browse repository at this point
Copy the full SHA 9fb1f67View commit details -
Merge pull request kubernetes#111301 from mattcary/migration-feature
Upgrade CSIMigrationGCE feature gate to GA
Configuration menu - View commit details
-
Copy full SHA for 369a465 - Browse repository at this point
Copy the full SHA 369a465View commit details -
Merge pull request kubernetes#111462 from jprzychodzen/controllers
Enable 'running_managed_controllers' for KCM/CCM controllers: routes, services and cloud-node
Configuration menu - View commit details
-
Copy full SHA for 1de16be - Browse repository at this point
Copy the full SHA 1de16beView commit details -
Merge pull request kubernetes#111642 from harche/evented_pleg_cri_cha…
…nges Update CRI API to support Evented PLEG
Configuration menu - View commit details
-
Copy full SHA for 8f3b281 - Browse repository at this point
Copy the full SHA 8f3b281View commit details -
modify the signing/approving controller to tolerate either set of usa…
…ges for kubelet client and serving certificates Signed-off-by: Paco Xu <paco.xu@daocloud.io>
Configuration menu - View commit details
-
Copy full SHA for e6176c2 - Browse repository at this point
Copy the full SHA e6176c2View commit details -
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for eee5fa8 - Browse repository at this point
Copy the full SHA eee5fa8View commit details -
pkg/apis, staging: add HostUsers to pod spec
It is used to request that a pod runs in a unique user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com> Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 9e9b23f - Browse repository at this point
Copy the full SHA 9e9b23fView commit details -
Merge pull request kubernetes#111448 from cici37/testForCelBeta
Move e2e test from alpha with feature promoted to beta
Configuration menu - View commit details
-
Copy full SHA for 236fd8e - Browse repository at this point
Copy the full SHA 236fd8eView commit details -
Merge pull request kubernetes#111467 from RomanBednar/retro-sc-assign…
…ment Allow retroactive storage class assigment to PVCs
Configuration menu - View commit details
-
Copy full SHA for 90f9a52 - Browse repository at this point
Copy the full SHA 90f9a52View commit details -
CRI changes to support implementation of in-place pod resize.
KEP: /enhancements/keps/sig-node/1287-in-place-update-pod-resources
Configuration menu - View commit details
-
Copy full SHA for 0ef263c - Browse repository at this point
Copy the full SHA 0ef263cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 007d93a - Browse repository at this point
Copy the full SHA 007d93aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 09fb5da - Browse repository at this point
Copy the full SHA 09fb5daView commit details -
Merge pull request kubernetes#111435 from soltysh/cronjob_timezone_beta
Promote CronJobTimeZone to beta
Configuration menu - View commit details
-
Copy full SHA for 6fbeacd - Browse repository at this point
Copy the full SHA 6fbeacdView commit details -
Fix JobTrackingWithFinalizers when a pod succeeds after the job fails
Change-Id: I3be351fb3b53216948a37b1d58224f8fbbf22b47
Configuration menu - View commit details
-
Copy full SHA for ca8cebe - Browse repository at this point
Copy the full SHA ca8cebeView commit details
Commits on Aug 3, 2022
-
Merge pull request kubernetes#111646 from alculquicondor/fix_failed_s…
…uceeded Fix JobTrackingWithFinalizers when a pod succeeds after the job fails
Configuration menu - View commit details
-
Copy full SHA for 182e098 - Browse repository at this point
Copy the full SHA 182e098View commit details -
Merge pull request kubernetes#111061 from pacoxu/key-encipherment-opt…
…ional modify the signing/approving controller to tolerate either set of usages for kubelet client and serving certificates
Configuration menu - View commit details
-
Copy full SHA for cb41d50 - Browse repository at this point
Copy the full SHA cb41d50View commit details -
Update kubectl kustomize to kyaml/v0.13.9, cmd/config/v0.10.9, api/v0…
….12.1, kustomize/v4.5.7 (kubernetes#111606)
Configuration menu - View commit details
-
Copy full SHA for 83c3c37 - Browse repository at this point
Copy the full SHA 83c3c37View commit details -
don't quota events.k8s.io events by default
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9680e3f - Browse repository at this point
Copy the full SHA 9680e3fView commit details -
Merge pull request kubernetes#111645 from vinaykul/restart-free-pod-v…
…ertical-scaling-cri CRI changes to support in-place pod resize
Configuration menu - View commit details
-
Copy full SHA for aea9f98 - Browse repository at this point
Copy the full SHA aea9f98View commit details -
Promote Local storage capacity isolation feature to GA
This change is to promote local storage capacity isolation feature to GA At the same time, to allow rootless system disable this feature due to unable to get root fs, this change introduced a new kubelet config "localStorageCapacityIsolation". By default it is set to true. For rootless systems, they can set this configuration to false to disable the feature. Once it is set, user cannot set ephemeral-storage request/limit because capacity and allocatable will not be set. Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
Configuration menu - View commit details
-
Copy full SHA for 0064010 - Browse repository at this point
Copy the full SHA 0064010View commit details -
add test for GetAPIServerVirtualIP
modify modify modify modify modify
Configuration menu - View commit details
-
Copy full SHA for 4af5cc3 - Browse repository at this point
Copy the full SHA 4af5cc3View commit details -
features: add UserNamespacesSupport feature
define a feature gate for the user namespaces support. The feature is not enabled by default. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 482e76d - Browse repository at this point
Copy the full SHA 482e76dView commit details -
Merge pull request kubernetes#111627 from chendave/trim_report
e2e: Trim junit reporter to adapt with testgrid
Configuration menu - View commit details
-
Copy full SHA for cf777ab - Browse repository at this point
Copy the full SHA cf777abView commit details -
Merge pull request kubernetes#111613 from dims/avoid-hardcoding-os-an…
…d-arch-installing-etcd Avoid hard coding Operating System and Architecture in hack/lib/etcd.sh
Configuration menu - View commit details
-
Copy full SHA for 49bcbe6 - Browse repository at this point
Copy the full SHA 49bcbe6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5b31224 - Browse repository at this point
Copy the full SHA 5b31224View commit details -
Merge pull request kubernetes#111668 from endocrimes/revert-111627-tr…
…im_report Revert "e2e: Trim junit reporter to adapt with testgrid"
Configuration menu - View commit details
-
Copy full SHA for 1a916f2 - Browse repository at this point
Copy the full SHA 1a916f2View commit details -
e2e: trim junit report for Spyglass, avoid "open stdout"
Including the full information for successful tests makes the resulting XML file too large for the 200GB limit in Spyglass when running large jobs (like scale testing). The original solution from kubernetes#111627 broke JUnit reporting in other test suites, in particular test/e2e_node. Keeping the code inside the framework ensures that all test suites continue to have the JUnit reporting. AfterReadingAllFlags is a good place to set this up because all test suites using the test context are expected to call it before running tests and after parsing flags. Removing the ReportEntries added by ginkgo.By from all test reports usually avoids the `system-err` part in the JUnit file, which in Spyglass avoids the extra "open stdout" button. Co-authored-by: Patrick Ohly <patrick.ohly@intel.com> Co-authored-by: Dave Chen <dave.chen@arm.com>
Configuration menu - View commit details
-
Copy full SHA for c299a12 - Browse repository at this point
Copy the full SHA c299a12View commit details -
Configuration menu - View commit details
-
Copy full SHA for 133c265 - Browse repository at this point
Copy the full SHA 133c265View commit details -
vendor: Bump cAdvisor to v0.45.0
Signed-off-by: David Porter <david@porter.me>
Configuration menu - View commit details
-
Copy full SHA for d9fda8a - Browse repository at this point
Copy the full SHA d9fda8aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 84f795d - Browse repository at this point
Copy the full SHA 84f795dView commit details -
apis: add validation for HostUsers
This commit just adds a validation according to KEP-127. We check that only the supported volumes for phase 1 of the KEP are accepted. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for cf8164b - Browse repository at this point
Copy the full SHA cf8164bView commit details -
it is used to allocate and keep track of the unique users ranges assigned to each pod that runs in a user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com> Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 6346228 - Browse repository at this point
Copy the full SHA 6346228View commit details -
kubelet: add GetUserNamespaceMappings to RuntimeHelper
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9b2fc63 - Browse repository at this point
Copy the full SHA 9b2fc63View commit details -
kubelet: add GetHostIDsForPod()
In future commits we will need this to set the user/group of supported volumes of KEP 127 - Phase 1. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for d07c268 - Browse repository at this point
Copy the full SHA d07c268View commit details -
volume: use GetHostIDsForPod()
This commit only changes the UID/GID if user namespaces is enabled. When it is enabled, it changes it so the hostUID and hostGID that are mapped to the currently used UID/GID. This is needed so volumes are created with the hostUID/hostGID and the user inside the container can read them. If user namespaces are disabled for this pod, this is a no-op: there is no user namespace mapping, so the hostUID/hostGID are the same as inside the container. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 695b30e - Browse repository at this point
Copy the full SHA 695b30eView commit details -
kubelet: propagate errors from namespacesForPod
it is a preparatory change for the next commit. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 67b38ff - Browse repository at this point
Copy the full SHA 67b38ffView commit details -
kubelet: set user namespace options
Set the user namespace options to use for the pod. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 138e808 - Browse repository at this point
Copy the full SHA 138e808View commit details -
tests: add e2e tests for userns
Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for b1eaf6a - Browse repository at this point
Copy the full SHA b1eaf6aView commit details -
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 8dc98c9 - Browse repository at this point
Copy the full SHA 8dc98c9View commit details -
Configuration menu - View commit details
-
Copy full SHA for bd648f3 - Browse repository at this point
Copy the full SHA bd648f3View commit details -
Merge pull request kubernetes#111647 from bobbypage/bump_cadvisor_0_45_0
vendor: Bump cAdvisor to v0.45.0
Configuration menu - View commit details
-
Copy full SHA for d6a3a68 - Browse repository at this point
Copy the full SHA d6a3a68View commit details -
- add feature gate - add encrypted object and run generated_files - generate protobuf for encrypted object and add unit tests - move parse endpoint to util and refactor - refactor interface and remove unused interceptor - add protobuf generate to update-generated-kms.sh - add integration tests - add defaulting for apiVersion in kmsConfiguration - handle v1/v2 and default in encryption config parsing - move metrics to own pkg and reuse for v2 - use Marshal and Unmarshal instead of serializer - add context for all service methods - check version and keyid for healthz Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f19f3f4 - Browse repository at this point
Copy the full SHA f19f3f4View commit details -
Merge pull request kubernetes#111090 from kinvolk/rata/userns-support…
…-2022 Add support for user namespaces phase 1 (KEP 127)
Configuration menu - View commit details
-
Copy full SHA for 4b6134b - Browse repository at this point
Copy the full SHA 4b6134bView commit details -
Merge pull request kubernetes#111513 from jingxu97/july/localstorage
Promote Local storage capacity isolation feature to GA
Configuration menu - View commit details
-
Copy full SHA for 442574f - Browse repository at this point
Copy the full SHA 442574fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 88e86a7 - Browse repository at this point
Copy the full SHA 88e86a7View commit details -
Configuration menu - View commit details
-
Copy full SHA for d52cdea - Browse repository at this point
Copy the full SHA d52cdeaView commit details -
Merge pull request kubernetes#110495 from alexzielenski/atomic-object…
…reference make ObjectReference field ownership granular
Configuration menu - View commit details
-
Copy full SHA for a0e7027 - Browse repository at this point
Copy the full SHA a0e7027View commit details -
Merge pull request kubernetes#109706 from alexanderConstantinescu/etp…
…-local-svc Avoid re-syncing LBs for ETP=local services
Configuration menu - View commit details
-
Copy full SHA for aee13fc - Browse repository at this point
Copy the full SHA aee13fcView commit details -
Merge pull request kubernetes#111126 from aramase/kms-v2alpha1-impl
Implement KMS v2alpha1
Configuration menu - View commit details
-
Copy full SHA for 0a2ae7a - Browse repository at this point
Copy the full SHA 0a2ae7aView commit details
Commits on Aug 4, 2022
-
Merge pull request kubernetes#111620 from Jiawei0227/storageos
cleanup: Remove storageos volume plugins from k8s codebase
Configuration menu - View commit details
-
Copy full SHA for d4795e4 - Browse repository at this point
Copy the full SHA d4795e4View commit details -
Stop panic in govet-levee CI job
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 30e2fcd - Browse repository at this point
Copy the full SHA 30e2fcdView commit details -
run lint-dependencies and follow directions
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 34742f2 - Browse repository at this point
Copy the full SHA 34742f2View commit details -
Update kubecross version to v1.25.0-go1.19-bullseye.0
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for 79df9e6 - Browse repository at this point
Copy the full SHA 79df9e6View commit details -
Bump test Makefile to final 1.19
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for 5d2de18 - Browse repository at this point
Copy the full SHA 5d2de18View commit details -
Update default go to 1.19 in pubbot rules
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for 2be8ac8 - Browse repository at this point
Copy the full SHA 2be8ac8View commit details -
Update versions and images to go 1.19 versions
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for 7324b78 - Browse repository at this point
Copy the full SHA 7324b78View commit details -
Update default go version in common.sh to 1.19
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
Configuration menu - View commit details
-
Copy full SHA for f17efe9 - Browse repository at this point
Copy the full SHA f17efe9View commit details -
Merge pull request kubernetes#110939 from Abirdcfly/deleteutil
don't quota events.k8s.io events by default
Configuration menu - View commit details
-
Copy full SHA for b661944 - Browse repository at this point
Copy the full SHA b661944View commit details -
Merge pull request kubernetes#111669 from pohly/trim_report_framework
e2e: trim junit report for Spyglass
Configuration menu - View commit details
-
Copy full SHA for feec955 - Browse repository at this point
Copy the full SHA feec955View commit details -
Merge pull request kubernetes#111677 from dims/stop-panic-in-govet-levee
Stop panic in govet levee under golang 1.19
Configuration menu - View commit details
-
Copy full SHA for ef7fc10 - Browse repository at this point
Copy the full SHA ef7fc10View commit details -
Update publishing-bot rules for go1.17.13 and go1.18.5
Signed-off-by: cpanato <ctadeu@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 90291ee - Browse repository at this point
Copy the full SHA 90291eeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 34dc6b2 - Browse repository at this point
Copy the full SHA 34dc6b2View commit details -
Add CSIDriverSpec.SELinuxMount
The new field tells Kubernetes if the CSI driver supports mounting of volumes with -o context=XYZ or not.
Configuration menu - View commit details
-
Copy full SHA for 3efeeef - Browse repository at this point
Copy the full SHA 3efeeefView commit details -
Configuration menu - View commit details
-
Copy full SHA for 189f19a - Browse repository at this point
Copy the full SHA 189f19aView commit details -
Configuration menu - View commit details
-
Copy full SHA for f2fd9c1 - Browse repository at this point
Copy the full SHA f2fd9c1View commit details -
Add SELinux mount option to NewMounter() and MountDevice()
Let volume plugins decide if they want to mount volumes with "-o context=XYZ" or let the container runtime relabel the volume on container startup. Using NewMounter, as it's the call where a volume plugin gets the other MountOptions.
Configuration menu - View commit details
-
Copy full SHA for f99cf51 - Browse repository at this point
Copy the full SHA f99cf51View commit details -
Add SupportsSELinuxContextMount
Add a new call to VolumePlugin interface and change all its implementations. Kubelet's VolumeManager will be interested whether a volume supports mounting with -o conext=XYZ or not to hanle SetUp() / MountDevice() accordingly.
Configuration menu - View commit details
-
Copy full SHA for cdb3ead - Browse repository at this point
Copy the full SHA cdb3eadView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4cfb277 - Browse repository at this point
Copy the full SHA 4cfb277View commit details -
Add SELinux context tracking to volume manager
Both ActualStateOfWorld and DesiredStateOfWorld must track SELinux context of volume mounts.
Configuration menu - View commit details
-
Copy full SHA for 48b0751 - Browse repository at this point
Copy the full SHA 48b0751View commit details -
Add metrics for SELinux context mount
Add separate _errors and _warnings to capture volumes that were rejected from those will be rejected when the feature is expanded to all access mode.
Configuration menu - View commit details
-
Copy full SHA for b2e18c0 - Browse repository at this point
Copy the full SHA b2e18c0View commit details -
Configuration menu - View commit details
-
Copy full SHA for de7f5b6 - Browse repository at this point
Copy the full SHA de7f5b6View commit details -
Add SELinux mount support to CSI driver
With some minor refactoring to use common getCSIDriver function.
Configuration menu - View commit details
-
Copy full SHA for 5c90474 - Browse repository at this point
Copy the full SHA 5c90474View commit details -
Extract getSELinuxLabel from AddPodToVolume
To keep the function smaller.
Configuration menu - View commit details
-
Copy full SHA for 49148dd - Browse repository at this point
Copy the full SHA 49148ddView commit details -
Add SELinux feature check for iSCSI volume plugin
In theory the check is not necessary, but for sake of robustness and completenes, let's check SELinuxMountReadWriteOncePod feature gate before assuming anything about SELinux labels.
Configuration menu - View commit details
-
Copy full SHA for 4df3f58 - Browse repository at this point
Copy the full SHA 4df3f58View commit details -
Extract SELinux context error handling into a common func
Add handlerSELinuxMetricError() which bumps the right metric + either consumes a SELinux error or lets it propagate up the stack.
Configuration menu - View commit details
-
Copy full SHA for 8d6b721 - Browse repository at this point
Copy the full SHA 8d6b721View commit details -
Configuration menu - View commit details
-
Copy full SHA for d9f7926 - Browse repository at this point
Copy the full SHA d9f7926View commit details -
Add interface for SELinuxOptionsToFileLabel
github.com/opencontainers/selinux/go-selinux needs OS that supports SELinux and SELinux enabled in it to return useful data, therefore add an interface in front of it, so we can mock its behavior in unit tests.
Configuration menu - View commit details
-
Copy full SHA for 17d850e - Browse repository at this point
Copy the full SHA 17d850eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0793ece - Browse repository at this point
Copy the full SHA 0793eceView commit details -
The error would be logged every reconciler sync (100 ms).
Configuration menu - View commit details
-
Copy full SHA for 1490d51 - Browse repository at this point
Copy the full SHA 1490d51View commit details -
To be able to update content of the function to other access modes when we implement SELinux mount for more of them.
Configuration menu - View commit details
-
Copy full SHA for a01e720 - Browse repository at this point
Copy the full SHA a01e720View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2609124 - Browse repository at this point
Copy the full SHA 2609124View commit details -
Configuration menu - View commit details
-
Copy full SHA for 39f0d78 - Browse repository at this point
Copy the full SHA 39f0d78View commit details -
Configuration menu - View commit details
-
Copy full SHA for f9c7ce5 - Browse repository at this point
Copy the full SHA f9c7ce5View commit details -
Add e2e HPA Behavior tests: scale up&down limited by number of Pods p…
…er minute, scale up&down limited by percentage of Pods per minute
Configuration menu - View commit details
-
Copy full SHA for aa9ed52 - Browse repository at this point
Copy the full SHA aa9ed52View commit details -
Merge pull request kubernetes#111685 from cpanato/prombot
Update publishing-bot rules for go1.17.13 and go1.18.5
Configuration menu - View commit details
-
Copy full SHA for 785f2fb - Browse repository at this point
Copy the full SHA 785f2fbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 59e90f4 - Browse repository at this point
Copy the full SHA 59e90f4View commit details -
Merge pull request kubernetes#111596 from muyangren2/addtest_virtualIP
add test for GetAPIServerVirtualIP
Configuration menu - View commit details
-
Copy full SHA for e539bb5 - Browse repository at this point
Copy the full SHA e539bb5View commit details -
Merge pull request kubernetes#111675 from ii/revert-apiservice-lifecy…
…cle-test Revert "e2e: should manage the lifecycle of an APIService"
Configuration menu - View commit details
-
Copy full SHA for 8923661 - Browse repository at this point
Copy the full SHA 8923661View commit details -
Merge pull request kubernetes#111679 from puerco/kubecross-1.19
[go] Bump images, dependencies and versions to go 1.19
Configuration menu - View commit details
-
Copy full SHA for 305ad47 - Browse repository at this point
Copy the full SHA 305ad47View commit details -
volume: FeatureGate access to GetHostIDsForPod()
After the userns PR got merged: kubernetes#111090 gnufied decided it might be safer if we feature gate this part of the code, due to the kubelet volume host type assertion. That is a great catch and this patch just moves the code inside the feature gate if. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 4267f2e - Browse repository at this point
Copy the full SHA 4267f2eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 00db9f0 - Browse repository at this point
Copy the full SHA 00db9f0View commit details -
[golang] Fix things commented out in 1.19rc2
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for a2408f3 - Browse repository at this point
Copy the full SHA a2408f3View commit details -
Merge pull request kubernetes#111521 from wongma7/ephemeralcopy
Clear ephemeral container resources field when creating one in volume test
Configuration menu - View commit details
-
Copy full SHA for 15d290f - Browse repository at this point
Copy the full SHA 15d290fView commit details -
Switch klog call to use structured logging
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8bec318 - Browse repository at this point
Copy the full SHA 8bec318View commit details -
Merge pull request kubernetes#111678 from dims/fix-things-commented-o…
…ut-in-1.19-rc2 [golang] Fix things commented out in 1.19rc2
Configuration menu - View commit details
-
Copy full SHA for c8edeab - Browse repository at this point
Copy the full SHA c8edeabView commit details -
Configuration menu - View commit details
-
Copy full SHA for bf9ce70 - Browse repository at this point
Copy the full SHA bf9ce70View commit details -
Merge pull request kubernetes#108692 from jsafrane/selinux
Speed up SELinux volume relabeling using mounts MVP
Configuration menu - View commit details
-
Copy full SHA for b6d0f6a - Browse repository at this point
Copy the full SHA b6d0f6aView commit details -
Merge pull request kubernetes#111696 from liggitt/go119mod
Update go.mod to go1.19
Configuration menu - View commit details
-
Copy full SHA for 897cdea - Browse repository at this point
Copy the full SHA 897cdeaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5f59159 - Browse repository at this point
Copy the full SHA 5f59159View commit details -
Merge pull request kubernetes#111691 from alexanderConstantinescu/rem…
…ove-sched-pred-from-ccm [CCM - service controller] Remove schedulability predicate for LB set
Configuration menu - View commit details
-
Copy full SHA for d0c92ae - Browse repository at this point
Copy the full SHA d0c92aeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5f77483 - Browse repository at this point
Copy the full SHA 5f77483View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ee8fed - Browse repository at this point
Copy the full SHA 0ee8fedView commit details -
Merge pull request kubernetes#111113 from mimowo/retriable-pod-failur…
…es-job-controller Support handling of pod failures with respect to the configured rules
Configuration menu - View commit details
-
Copy full SHA for eefcf6a - Browse repository at this point
Copy the full SHA eefcf6aView commit details -
Fix e2e network dns_configmap test
Updates predicate to check for a length >=2 to avoid the index out of bounds panic. Signed-off-by: Edwin Xie <exie@vmware.com> Co-authored-by: Tyler Schultz <tschultz@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for f167b9f - Browse repository at this point
Copy the full SHA f167b9fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5e9b42e - Browse repository at this point
Copy the full SHA 5e9b42eView commit details
Commits on Aug 5, 2022
-
Merge pull request kubernetes#111702 from flawedmatrix/fix-e2e-networ…
…k-test-flake Fix e2e network dns_configmap test
Configuration menu - View commit details
-
Copy full SHA for bd9444c - Browse repository at this point
Copy the full SHA bd9444cView commit details -
Introduce networking/v1alpha1 api, ClusterCIDR type
Introduce networking/v1alpha1 api group. Add `ClusterCIDR` type to networking/v1alpha1 api group, this type will enable the NodeIPAM controller to support multiple ClusterCIDRs.
Configuration menu - View commit details
-
Copy full SHA for 7093b10 - Browse repository at this point
Copy the full SHA 7093b10View commit details -
Configuration menu - View commit details
-
Copy full SHA for 299724d - Browse repository at this point
Copy the full SHA 299724dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ee3719 - Browse repository at this point
Copy the full SHA 0ee3719View commit details -
Add cidrset to support multiple CIDRs
Add a new cidrset named `multicidrset` which extends the current cidrset mechanism to track allocatable Pod and Service CIDRs. multicidrset stores the info about allocated CIDRs in a Map as opposed to the current cidrset implementation where it is stored in a bitmap.
Configuration menu - View commit details
-
Copy full SHA for b6392a4 - Browse repository at this point
Copy the full SHA b6392a4View commit details -
Add a priority queue to implement MultiCIDR tie-breaks
The Priority is determined as follows: P0: ClusterCIDR with higher number of matching labels has highest priority. P1: ClusterCIDR having cidrSet with fewer allocatable Pod CIDRs has higher priority. P2: ClusterCIDR with a PerNodeMaskSize having fewer IPs has higher priority. P3: ClusterCIDR having label with lower alphanumeric value has higher priority. P4: ClusterCIDR with a cidrSet having a smaller IP address value has higher priority.
Configuration menu - View commit details
-
Copy full SHA for 02d944d - Browse repository at this point
Copy the full SHA 02d944dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5ec9d4a - Browse repository at this point
Copy the full SHA 5ec9d4aView commit details -
Remove potential goroutine leak in NewFramework
Signed-off-by: kerthcet <kerthcet@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 97e3e50 - Browse repository at this point
Copy the full SHA 97e3e50View commit details -
Fix deleting UIDs tracking expectations
Change-Id: I5dad644cf5cb232ebed0950a14b35a781a38eeb0
Configuration menu - View commit details
-
Copy full SHA for c1e0dac - Browse repository at this point
Copy the full SHA c1e0dacView commit details -
Merge pull request kubernetes#111693 from kinvolk/rata/userns-support…
…-2022 volume: FeatureGate access to GetHostIDsForPod()
Configuration menu - View commit details
-
Copy full SHA for 11d4cb5 - Browse repository at this point
Copy the full SHA 11d4cb5View commit details -
Merge pull request kubernetes#111721 from alculquicondor/fix-delete-e…
…xpectations Fix deleting UIDs tracking expectations
Configuration menu - View commit details
-
Copy full SHA for 1374391 - Browse repository at this point
Copy the full SHA 1374391View commit details -
Merge pull request kubernetes#111258 from dobsonj/kep-596-ga-feature-…
…flag KEP-596: Move CSIInlineVolume feature to GA
Configuration menu - View commit details
-
Copy full SHA for 64ed914 - Browse repository at this point
Copy the full SHA 64ed914View commit details
Commits on Aug 6, 2022
-
Introduce MultiCIDRRangeAllocator
MultiCIDRRangeAllocator is a new Range Allocator which makes using multiple ClusterCIDRs possible. It consists of two controllers, one for reconciling the ClusterCIDR API objects and the other for allocating Pod CIDRs to the nodes. The allocation is based on the rules defined in https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/2593-multiple-cluster-cidrs
Configuration menu - View commit details
-
Copy full SHA for 5b801ba - Browse repository at this point
Copy the full SHA 5b801baView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1473e13 - Browse repository at this point
Copy the full SHA 1473e13View commit details -
Merge pull request kubernetes#110182 from kerthcet/cleanup/remove-pot…
…ential-goroutine-leak-in-metric-recorder Remove potential goroutine leak in testing framework
Configuration menu - View commit details
-
Copy full SHA for 985c920 - Browse repository at this point
Copy the full SHA 985c920View commit details
Commits on Aug 7, 2022
-
Merge pull request kubernetes#109090 from sarveshr7/multicidr-rangeal…
…locator Enhance NodeIPAM to support multiple ClusterCIDRs
Configuration menu - View commit details
-
Copy full SHA for 759785e - Browse repository at this point
Copy the full SHA 759785eView commit details
Commits on Aug 8, 2022
-
Prevent panic in cloud-provider
Prevent panic when cloud-provider InstancesV2.InstanceMetadata returns (nil,nil) Signed-off-by: zhaodiaoer <ddaaren@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for fd67e04 - Browse repository at this point
Copy the full SHA fd67e04View commit details -
Configuration menu - View commit details
-
Copy full SHA for e844205 - Browse repository at this point
Copy the full SHA e844205View commit details -
Configuration menu - View commit details
-
Copy full SHA for 645f667 - Browse repository at this point
Copy the full SHA 645f667View commit details -
Merge pull request kubernetes#111749 from endocrimes/dani/dbus-restar…
…t-test node_e2e: add a dbus restart test
Configuration menu - View commit details
-
Copy full SHA for 0d9aaf1 - Browse repository at this point
Copy the full SHA 0d9aaf1View commit details -
Merge pull request kubernetes#111440 from verb/111025-ec-conformance
Promote Ephemeral Containers e2e test to Conformance
Configuration menu - View commit details
-
Copy full SHA for 25a3274 - Browse repository at this point
Copy the full SHA 25a3274View commit details
Commits on Aug 9, 2022
-
Merge pull request kubernetes#111751 from dobsonj/issue111740
Fix flaky CSIInlineVolumes e2e test (issue 111740)
Configuration menu - View commit details
-
Copy full SHA for a837be0 - Browse repository at this point
Copy the full SHA a837be0View commit details -
Merge pull request kubernetes#111346 from piotrnosek/hpa-tests-2
Add e2e HPA Behavior tests: scale up/down limited by number of Pods / min, scale up/down limited by percentage / min
Configuration menu - View commit details
-
Copy full SHA for f0bd02c - Browse repository at this point
Copy the full SHA f0bd02cView commit details -
add integration tests for retroactive SC assignment
Also stress tested for ~2 hours to minimize possible races: $ stress ./volume.test -test.run=TestRetroactiveStorageClassAssignment ... 1h59m50s: 3198 runs so far, 0 failures 1h59m55s: 3200 runs so far, 0 failures 2h0m0s: 3201 runs so far, 0 failures 2h0m5s: 3202 runs so far, 0 failures
Configuration menu - View commit details
-
Copy full SHA for 77d904f - Browse repository at this point
Copy the full SHA 77d904fView commit details -
Merge pull request kubernetes#111748 from zhaodiaoer/check-nil-Instan…
…ceMetadata Prevent panic in cloud-provider
Configuration menu - View commit details
-
Copy full SHA for 42a5eb4 - Browse repository at this point
Copy the full SHA 42a5eb4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 48091db - Browse repository at this point
Copy the full SHA 48091dbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 00ca624 - Browse repository at this point
Copy the full SHA 00ca624View commit details -
Merge pull request kubernetes#111657 from aojea/hc_nodeport
document that services healthcheckNodePort is inmutable once set
Configuration menu - View commit details
-
Copy full SHA for 3e396db - Browse repository at this point
Copy the full SHA 3e396dbView commit details -
Merge pull request kubernetes#111770 from cici37/testForCelBeta
[test] Remove feature to enable e2e tests
Configuration menu - View commit details
-
Copy full SHA for d1a9a77 - Browse repository at this point
Copy the full SHA d1a9a77View commit details -
Configuration menu - View commit details
-
Copy full SHA for a38bb7e - Browse repository at this point
Copy the full SHA a38bb7eView commit details
Commits on Aug 10, 2022
-
Configuration menu - View commit details
-
Copy full SHA for faad73a - Browse repository at this point
Copy the full SHA faad73aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1457ad5 - Browse repository at this point
Copy the full SHA 1457ad5View commit details -
Revert "enforce strict alpha handling for API serving"
This reverts commit 233e0cb.
Configuration menu - View commit details
-
Copy full SHA for 696e41a - Browse repository at this point
Copy the full SHA 696e41aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3d2ffc5 - Browse repository at this point
Copy the full SHA 3d2ffc5View commit details -
Merge pull request kubernetes#111784 from deads2k/fix-cleaner
Revert "enforce strict alpha handling for API serving"
Configuration menu - View commit details
-
Copy full SHA for 518e0ac - Browse repository at this point
Copy the full SHA 518e0acView commit details -
Signed-off-by: Jeremy Rickard <jeremyrrickard@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ac1d38b - Browse repository at this point
Copy the full SHA ac1d38bView commit details -
Merge pull request kubernetes#111746 from RomanBednar/retro-sc-assign…
…ment-int Add integration test for Retroactive default StorageClass assignement
Configuration menu - View commit details
-
Copy full SHA for 3b945fd - Browse repository at this point
Copy the full SHA 3b945fdView commit details -
Merge pull request kubernetes#111786 from jeremyrickard/publishing-re…
…lease-125 staging/publishing: add release-1.25 branch
Configuration menu - View commit details
-
Copy full SHA for f595671 - Browse repository at this point
Copy the full SHA f595671View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9153e96 - Browse repository at this point
Copy the full SHA 9153e96View commit details
Commits on Aug 11, 2022
-
Merge pull request kubernetes#111773 from amewayne/fix_mem_leak_in_pr…
…eemption fix a memory leakage problem when calling DryRunPreemption
Configuration menu - View commit details
-
Copy full SHA for 7b1b801 - Browse repository at this point
Copy the full SHA 7b1b801View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7ba98ac - Browse repository at this point
Copy the full SHA 7ba98acView commit details
Commits on Aug 12, 2022
-
Merge pull request kubernetes#111697 from thockin/master
Docs: node-port-range should not overlap ephemeral
Configuration menu - View commit details
-
Copy full SHA for 132f297 - Browse repository at this point
Copy the full SHA 132f297View commit details
Commits on Aug 13, 2022
-
Configuration menu - View commit details
-
Copy full SHA for bf3889a - Browse repository at this point
Copy the full SHA bf3889aView commit details
Commits on Aug 15, 2022
-
Fix capture loop vars in parallel or ginkgo tests
Fixes instances of kubernetes#98213 (to ultimately complete kubernetes#98213 linting is required). This commit fixes a few instances of a common mistake done when writing parallel subtests or Ginkgo tests (basically any test in which the test closure is dynamically created in a loop and the loop doesn't wait for the test closure to complete). I'm developing a very specific linter that detects this king of mistake and these are the only violations of it it found in this repo (it's not airtight so there may be more). In the case of Ginkgo tests, without this fix, only the last entry in the loop iteratee is actually tested. In the case of Parallel tests I think it's the same problem but maybe a bit different, iiuc it depends on the execution speed. Waiting for the CI to confirm the tests are still passing, even after this fix - since it's likely it's the first time those test cases are executed - they may be buggy or testing code that is buggy. Another instance of this is in `test/e2e/storage/csi_mock_volume.go` and is still failing so it has been left out of this commit and will be addressed in a separate one
Configuration menu - View commit details
-
Copy full SHA for eb317ec - Browse repository at this point
Copy the full SHA eb317ecView commit details -
Merge pull request kubernetes#111846 from omertuc/fixparallelclosure
Fix capture loop vars in parallel or ginkgo tests
Configuration menu - View commit details
-
Copy full SHA for d5fdf31 - Browse repository at this point
Copy the full SHA d5fdf31View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4cac11b - Browse repository at this point
Copy the full SHA 4cac11bView commit details
Commits on Aug 16, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 89ffb87 - Browse repository at this point
Copy the full SHA 89ffb87View commit details
Commits on Aug 18, 2022
-
Configuration menu - View commit details
-
Copy full SHA for d8dfd68 - Browse repository at this point
Copy the full SHA d8dfd68View commit details -
UPSTREAM: 74956: apiserver: switch authorization to use protobuf client
openshift-rebase(v1.24):source=bb9c3262208
Configuration menu - View commit details
-
Copy full SHA for f560def - Browse repository at this point
Copy the full SHA f560defView commit details -
UPSTREAM: 84466: gce: ensureInternalInstanceGroups: reuse instance-gr…
…oups for internal load balancers UPSTREAM: 84466: legacy-cloud-providers/gce/gce_fake.go: NewFakeGCECloud: make sure that the secondary zone is also part of managedZones Origin-commit: 79d66e294a3906efd0351f125cefb4b9cc1c9ab4 UPSTREAM: 84466: gce: ensureInternalInstanceGroups: reuse instance-groups for internal load balancers Origin-commit: cfb25370a7c8f9bed9688cb334b4bc1c3342da0d UPSTREAM: 84466: gce: add ExternalInstanceGroupsPrefix to filter instance groups that will be re-used for ILB backend Origin-commit: e29c0b6ce3c068e02419a7b3cbc381b919981f50 UPSTREAM: 84466: gce: skip ensureInstanceGroup for a zone that has no remaining nodes for k8s managed IG Origin-commit: 3915cef99ee4eedc9755d454abb7e4efa2a63bff openshift-rebase(v1.24):source=8bd488b66eb openshift-rebase(v1.24):source=8bd488b66eb openshift-rebase(v1.24):source=8bd488b66eb
Configuration menu - View commit details
-
Copy full SHA for 11bd192 - Browse repository at this point
Copy the full SHA 11bd192View commit details -
UPSTREAM: 93286: wait for apiservices on startup
openshift-rebase(v1.24):source=193d763adc1
Configuration menu - View commit details
-
Copy full SHA for 4fb707e - Browse repository at this point
Copy the full SHA 4fb707eView commit details -
UPSTREAM: <carry>: filter out CustomResourceQuota paths from OpenAPI
Origin-commit: b992ee2fcb5cd610e9242c3165908b6bc6e423f5 UPSTREAM: <carry>: filter out RBR and SCC paths from OpenAPI Origin-commit: 5ce9a77a641ec9d0399226af572e429317d3daf6 UPSTREAM: <carry>: filter out RBR and SCC paths from OpenAPI Origin-commit: 0ee08c7a5e138e8df2bd7d010e9ab59a6543cf63 Revise as per openshift/kubernetes-apiserver#12 openshift-rebase(v1.24):source=c6840e84f86
Configuration menu - View commit details
-
Copy full SHA for 9da2e20 - Browse repository at this point
Copy the full SHA 9da2e20View commit details -
UPSTREAM: <carry>: patch aggregator to allow delegating resources
Origin-commit: 14ba1f8ece9a7bb00ececb2a35b5f8f5fbeacc83 UPSTREAM: <carry>: prevent apiservice registration by CRD controller when delegating Origin-commit: 3d216eab7adcbd8596606d72d31b6af621bfd350 UPSTREAM: <carry>: prevent CRD registration from fighting with APIServices Origin-commit: c1c87eeade4730a2271cb98b4c6ea16af07e3e68 UPSTREAM: <carry>: always delegate namespaced resources Origin-commit: 7f0815b5a88d57046a92fbdbc493bab2ad28a79c openshift-rebase(v1.24):source=f9a6b73ca78 openshift-rebase(v1.24):source=f9a6b73ca78 openshift-rebase(v1.24):source=f9a6b73ca78
Configuration menu - View commit details
-
Copy full SHA for b8ff23a - Browse repository at this point
Copy the full SHA b8ff23aView commit details -
UPSTREAM: <carry>: remove apiservice from sync in CRD registration wh…
…en it exists Origin-commit: d3ceac4e065c3d2689192fda102303030cfdb928 openshift-rebase(v1.24):source=a1c12a7dd32
Configuration menu - View commit details
-
Copy full SHA for d61d0c5 - Browse repository at this point
Copy the full SHA d61d0c5View commit details -
UPSTREAM: <carry>: hardcoded restmapper with a few entries to reboots…
…trap SDN when SDN is down Origin-commit: 36c5e7d672bf82bd09ee382564bc03ef8e1b3a76 openshift-rebase(v1.24):source=b4aee491855 UPSTREAM: <carry>: use hardcoded rest mapper from library-go openshift-rebase(v1.24):source=58f3815bab1 openshift-rebase(v1.24):source=58f3815bab1 openshift-rebase(v1.24):source=58f3815bab1
Configuration menu - View commit details
-
Copy full SHA for 7034a49 - Browse repository at this point
Copy the full SHA 7034a49View commit details -
UPSTREAM: <carry>: kubelet: Expose a simple journald shim on the kube…
…let logs endpoint Provide an administrator a streaming view of journal logs without them having to implement a client side reader. Only available to cluster admins. openshift-rebase(v1.24):source=c2c9d7451f5
Configuration menu - View commit details
-
Copy full SHA for 769f6cc - Browse repository at this point
Copy the full SHA 769f6ccView commit details -
UPSTREAM: <carry>: kube-controller-manager: add service serving cert …
…signer to token controller :100644 100644 b32534e... 3e694fc... M pkg/controller/serviceaccount/tokens_controller.go openshift-rebase(v1.24):source=194864933ce openshift-rebase(v1.24):source=194864933ce openshift-rebase(v1.24):source=194864933ce
Configuration menu - View commit details
-
Copy full SHA for 79a9908 - Browse repository at this point
Copy the full SHA 79a9908View commit details -
UPSTREAM: <carry>: kube-controller-manager: allow running bare kube-c…
…ontroller-manager UPSTREAM: <carry>: (squash) kube-controller-manager: allow running bare kube-controller-manager UPSTREAM: <carry>: kube-controller-manager: allow running bare kube-controller-manager openshift-rebase(v1.24):source=18bbb151dd9 openshift-rebase(v1.24):source=18bbb151dd9 openshift-rebase(v1.24):source=18bbb151dd9 UPSTREAM: <carry>: (squash) remove egressnetworkpolicies from gc ignored resources egressnetworkpolicies should not be in garbage collector ignored resources, so users can delete them using "--cascade=foreground" flag. Signed-off-by: Flavio Fernandes <flaviof@redhat.com> openshift-rebase(v1.24):source=771b4b56597
Configuration menu - View commit details
-
Copy full SHA for 8668eb4 - Browse repository at this point
Copy the full SHA 8668eb4View commit details -
UPSTREAM: <carry>: kube-controller-manager: exclude some origin resou…
…rces from quota openshift-rebase(v1.24):source=02ce9b3d6d1
Configuration menu - View commit details
-
Copy full SHA for bc1aeec - Browse repository at this point
Copy the full SHA bc1aeecView commit details -
UPSTREAM: <carry>: kube-apiserver: add our immortal namespaces direct…
…ly to admission plugin openshift-rebase(v1.24):source=fcb3456b7fb
Configuration menu - View commit details
-
Copy full SHA for d124623 - Browse repository at this point
Copy the full SHA d124623View commit details -
UPSTREAM: <carry>: kube-apiserver: allow injection of kube-apiserver …
…options Origin-commit: 33a71aff9bb4e204bf2e15af4cdfb5bd0525ce4e openshift-rebase(v1.24):source=ee6f24dc718
Configuration menu - View commit details
-
Copy full SHA for 0a5599a - Browse repository at this point
Copy the full SHA 0a5599aView commit details -
UPSTREAM: <carry>: kube-apiserver: priorize some CRD groups over others
Origin-commit: 10c14ca7ae63428823e58790c16078d8094e4b95 openshift-rebase(v1.24):source=c16c14dfa73
Configuration menu - View commit details
-
Copy full SHA for 12393a7 - Browse repository at this point
Copy the full SHA 12393a7View commit details -
UPSTREAM: <carry>: Always test PDB's during service upgrade test
The upstream can't enable this, but we need to do so in order to properly validate that cluster upgrades retain availability. Origin-commit: 917e8cb064643370573808e9aba8dbec5df456ff openshift-rebase(v1.24):source=02dabaf4678
Configuration menu - View commit details
-
Copy full SHA for 654df06 - Browse repository at this point
Copy the full SHA 654df06View commit details -
UPSTREAM: <carry>: kube-apiserver: allow rewiring
openshift-rebase(v1.24):source=87f75213acc openshift-rebase(v1.24):source=87f75213acc openshift-rebase(v1.24):source=87f75213acc
Configuration menu - View commit details
-
Copy full SHA for a6bed40 - Browse repository at this point
Copy the full SHA a6bed40View commit details
Commits on Aug 19, 2022
-
UPSTREAM: <carry>: openshift-kube-apiserver: add kube-apiserver patches
Origin-commit: 170dd7d25cca990fd7683eaf424d00bcd776c39c Origin-commit: 35ef039cb099dc609c576cf594aadd849212a00b UPSTREAM: <carry>: openshift-kube-apiserver: enabled conversion gen for admission configs UPSTREAM: <carry>: openshift-kube-apiserver/admission: fix featuregates resource name UPSTREAM: <carry>: openshift-kube-apiserver/admission: add missing FeatureSets UPSTREAM: <carry>: openshift-kube-apiserver: use github.com/openshift/apiserver-library-go/pkg/labelselector UPSTREAM: <carry>: openshift authenticator: don't allow old-style tokens UPSTREAM: <carry>: oauth-authn: support sha256 prefixed tokens UPSTREAM: <carry>: oauth-token-authn: switch to sha256~ prefix UPSTREAM: <carry>: oauth-token-authn: add sha256~ support to bootstrap authenticator UPSTREAM: <drop>: remove the openshift authenticator from the apiserver In 4.8, we moved the authenticator to be configured via webhookTokenAuthenticators to an endpoint in the oauth-apiserver, this should now be safe to remove. UPSTREAM: <carry>: set ResourceQuotaValidationOptions to true When PodAffinityNamespaceSelector goes to beta or GA this might affect how our ClusterResourceQuota might work UPSTREAM: <carry>: simplify the authorizer patch to allow the flags to function Origin-commit: 0d7fb2d769d631054ec9ac0721aee623c96c1001 UPSTREAM: <carry>: eliminate unnecessary closure in openshift configuration wiring Origin-commit: 3b0c72dd7b9f9367dda8f8645909d9277a6c29e9 openshift-rebase(v1.24):source=78e37fdfb28 UPSTREAM: <carry>: add crdvalidation for apiserver.spec.tlsSecurityProfile Origin-commit: 84ba7fc304870a30df7136da14bccb4d5232f075 openshift-rebase(v1.24):source=eecae1591a1 UPSTREAM: <carry>: openshift-kube-apiserver: Add custom resource validation for network spec openshift-rebase(v1.24):source=2af991c43b1 UPSTREAM: <carry>: stop overriding flags that are explicitly set openshift-rebase(v1.24):source=8355d726bbf UPSTREAM: <carry>: add readyz check for openshift apiserver availability openshift-rebase(v1.24):source=3784942f6fc UPSTREAM: <carry>: wait for oauth-apiserver accessibility openshift-rebase(v1.24):source=0c175222685 UPSTREAM: <carry>: provide a new admission plugin to mutate management pods CPUs requests The ManagementCPUOverride admission plugin replaces pod container CPU requests with a new management resource. It applies to all pods that: 1. are in an allowed namespace 2. and have the workload annotation. It also sets the new management resource request and limit and set resource annotation that CRI-O can recognize and apply the relevant changes. For more information, see - openshift/enhancements#703 Conditions for CPUs requests deletion: 1. The namespace should have allowed annotation "workload.openshift.io/allowed": "management" 2. The pod should have management annotation: "workload.openshift.io/management": "{"effect": "PreferredDuringScheduling"}" 3. All nodes under the cluster should have new management resource - "management.workload.openshift.io/cores" 4. The CPU request deletion will not change the pod QoS class Signed-off-by: Artyom Lukianov <alukiano@redhat.com> UPSTREAM: <carry>: Does not prevent pod creation because of no nodes reason when it runs under the regular cluster Check the `cluster` infrastructure resource status to be sure that we run on top of a SNO cluster and in case if the pod runs on top of regular cluster, exit before node existence check. Signed-off-by: Artyom Lukianov <alukiano@redhat.com> UPSTREAM: <carry>: do not mutate pods when it has a container with both CPU request and limit Removing the CPU request from the container that has a CPU limit will result in the defaulter to set the CPU request back equals to the CPU limit. Signed-off-by: Artyom Lukianov <alukiano@redhat.com> UPSTREAM: <carry>: Reject the pod creation when we can not decide the cluster type It is possible a race condition between pod creation and the update of the infrastructure resource status with correct values under Status.ControlPlaneTopology and Status.InfrastructureTopology. Signed-off-by: Artyom Lukianov <alukiano@redhat.com> openshift-rebase(v1.24):source=ea874aa684f UPSTREAM: <carry>: add CRD validation for dnses Add an admission plugin that validates the dnses.operator.openshift.io custom resource. For now, the plugin only validates the DNS pod node-placement parameters. This commit fixes bug 1967745. https://bugzilla.redhat.com/show_bug.cgi?id=1967745 * openshift-kube-apiserver/admission/customresourcevalidation/attributes.go (init): Install operatorv1 into supportedObjectsScheme. * openshift-kube-apiserver/admission/customresourcevalidation/customresourcevalidationregistration/cr_validation_registration.go (AllCustomResourceValidators, RegisterCustomResourceValidation): Register the new plugin. * openshift-kube-apiserver/admission/customresourcevalidation/dns/validate_dns.go: New file. (PluginName): New const. (Register): New function. Register the plugin. (toDNSV1): New function. Convert a runtime object to a versioned DNS. (dnsV1): New type to represent a runtime object that is validated as a versioned DNS. (ValidateCreate, ValidateUpdate, ValidateStatusUpdate): New methods. Implement the ObjectValidator interface, using the validateDNSSpecCreate and validateDNSSpecUpdate helpers. (validateDNSSpecCreate, validateDNSSpecUpdate): New functions. Validate a DNS, using the validateDNSSpec helper. (validateDNSSpec): New function. Validate the spec field of a DNS, using the validateDNSNodePlacement helper. (validateDNSNodePlacement): New function. Validate the node selector and tolerations in a DNS's node-placement parameters, using validateTolerations. (validateTolerations): New function. Validate a slice of corev1.Toleration. * openshift-kube-apiserver/admission/customresourcevalidation/dns/validate_dns_test.go: New file. (TestFailValidateDNSSpec): Verify that validateDNSSpec rejects invalid DNS specs. (TestSucceedValidateDNSSpec): Verify that validateDNSSpec accepts valid DNS specs. * vendor/*: Regenerate. openshift-rebase(v1.24):source=bd9a55803db UPSTREAM: <carry>: prevent the kubecontrollermanager service-ca from getting less secure openshift-rebase(v1.24):source=cc96bfa11af UPSTREAM: <carry>: allow SCC to be disabled on a per-namespace basis openshift-rebase(v1.24):source=6f2d9a525bc UPSTREAM: <carry>: verify required http2 cipher suites In the Apiserver admission, we need to return an error if the required http2 cipher suites are missing from a custom tlsSecurityProfile. Currently, custom cipher suites missing ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 result in invalid http2 Server configuration causing the apiservers to crash. See: go/x/net/http2.ConfigureServer for futher information. Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com> openshift-rebase(v1.24):source=e2fb8191644 UPSTREAM: <carry>: drop the warning to use --keep-annotations When a user runs the `oc debug` command for the pod with the management resource, we will inform him that he should pass `--keep-annotations` parameter to the debug command. Signed-off-by: Artyom Lukianov <alukiano@redhat.com> openshift-rebase(v1.24):source=9726268c979 UPSTREAM: <carry>: admission/managementcpusoverride: cover the roll-back case During the upgrade and roll-back flow 4.7->4.8->4.7, the topology related fields under the infrastructure can be empty because the old API does not support them. The code will equal the empty infrastructure section with the current one. When the status has some other non-empty field, and topology fields are empty, we assume that the cluster currently passes via roll-back and not via the clean install. Signed-off-by: Artyom Lukianov <alukiano@redhat.com> openshift-rebase(v1.24):source=35a93248f51 UPSTREAM: <carry>: Remove pod warning annotation when workload partitioning is disabled openshift-rebase(v1.24):source=67e1c1dac22 UPSTREAM: <carry>: use new access token inactivity timeout field. openshift-rebase(v1.24):source=79be14211df UPSTREAM: <carry>: apirequestcount validation openshift-rebase(v1.24):source=5fbf4195cbb UPSTREAM: <carry>: Added config node object validation for extreme latency profiles Signed-off-by: Swarup Ghosh <swghosh@redhat.com> UPSTREAM: <carry>: Add Upstream validation in the DNS admission check patches
Configuration menu - View commit details
-
Copy full SHA for f2248ed - Browse repository at this point
Copy the full SHA f2248edView commit details -
UPSTREAM: <carry>: kube-apiserver: wire through isTerminating into ha…
…ndler chain Origin-commit: 5772e7285acbe901762d8cd8cb1fc33d8b459d04 openshift-rebase(v1.24):source=c7c48fdacb0 openshift-rebase(v1.24):source=c7c48fdacb0 openshift-rebase(v1.24):source=c7c48fdacb0 UPSTREAM: <carry>: use lifeCycleSignals for isTerminating openshift-rebase(v1.24):source=d3045350e43
Configuration menu - View commit details
-
Copy full SHA for 72f4012 - Browse repository at this point
Copy the full SHA 72f4012View commit details -
UPSTREAM: <carry>: create termination events
Origin-commit: a869af0c97e3d97bddedcd76af8a62da6c879c02 UPSTREAM: <carry>: apiserver: log new connections during termination Origin-commit: 89d1c3ceeb91755aae9099cd5f76c42a22de18c5 UPSTREAM: <carry>: apiserver: create LateConnections events on events in the last 20% of graceful termination time Origin-commit: 91bc33b6ddf9e1d80906717db5bd9096183e8795 UPSTREAM: <carry>: apiserver: log source in LateConnections event Origin-commit: 575e54740eb7c2ba635c73f24c22ad77cb5a6e70 UPSTREAM: <carry>: apiserver: skip local IPs and probes for LateConnections Origin-commit: 2109b95866e81b84a290f34f0806becc2cbd83e9 UPSTREAM: <carry>: only create valid LateConnections/GracefulTermination events UPSTREAM: <carry>: kube-apiserver: log non-probe requests before ready UPSTREAM: <carry>: apiserver: create hasBeenReadyCh channel UPSTREAM: <carry>: kube-apiserver: log non-probe requests before ready UPSTREAM: <carry>: kube-apiserver: log non-probe requests before ready UPSTREAM: <carry>: fix termination event(s) validation failures UPSTREAM: <carry>: during the rebase collapse to create termination event it makes recording termination events a non-blocking operation. previously closing delayedStopCh might have been delayed on preserving data in the storage. the delayedStopCh is important as it signals the HTTP server to start the shutdown procedure. it also sets a hard timeout of 3 seconds for the storage layer since we are bypassing the API layer. openshift-rebase(v1.24):source=7b9aa03e491 UPSTREAM: <carry>: rename termination events to use lifecycleSignals openshift-rebase(v1.24):source=e90b78a9199
Configuration menu - View commit details
-
Copy full SHA for 21435ee - Browse repository at this point
Copy the full SHA 21435eeView commit details -
UPSTREAM: <carry>: bootstrap-rbac-policy: move over .well-known rules
Origin-commit: 45f159f05b92c893c175ffe968f89a34f5581f5b openshift-rebase(v1.24):source=538170825bb
Configuration menu - View commit details
-
Copy full SHA for 40eb983 - Browse repository at this point
Copy the full SHA 40eb983View commit details -
UPSTREAM: <carry>: warn only about unknown feature gates
openshift-rebase(v1.24):source=8d9bda8f24c
Configuration menu - View commit details
-
Copy full SHA for f64f7b8 - Browse repository at this point
Copy the full SHA f64f7b8View commit details -
UPSTREAM: <carry>: disable AES24, not supported by FIPS
Origin-commit: beac12d815b4099cfd4f4d953da4b8789054be51 openshift-rebase(v1.24):source=198209159d4
Configuration menu - View commit details
-
Copy full SHA for 1231ea1 - Browse repository at this point
Copy the full SHA 1231ea1View commit details -
UPSTREAM: <carry>: bump nodes ready timeout
Origin-commit: 4498bb4de03ff3a910fed10bed337ba2fcdf321d openshift-rebase(v1.24):source=4cfb8fafa6f
Configuration menu - View commit details
-
Copy full SHA for c0eb8f0 - Browse repository at this point
Copy the full SHA c0eb8f0View commit details -
UPSTREAM: <carry>: Remove excessive e2e logging
UPSTREAM: <carry>: Remove a redundant output in the tests This line is not necessary for our test usage and should not be an issue in OpenShift (openshift-tests already verifies this correctly). UPSTREAM: <carry>: Remove excessive logging during e2e upgrade test This line makes the upgrade log output unreadable and provides no value during the set of tests it's used in: ``` Jan 12 20:49:25.628: INFO: cluster upgrade is Progressing: Working towards registry.svc.ci.openshift.org/ci-op-jbtg7jjb/release@sha256:144e73d125cce620bdf099be9a85225ade489a95622a70075d264ea3ff79219c: downloading update Jan 12 20:49:26.692: INFO: Poke("http://a74e3476115ce4d2d817a1e5ea608dad-802917831.us-east-1.elb.amazonaws.com:80/echo?msg=hello"): success Jan 12 20:49:28.727: INFO: Poke("http://a74e3476115ce4d2d817a1e5ea608dad-802917831.us-east-1.elb.amazonaws.com:80/echo?msg=hello"): success ``` Origin-commit: 1cdf04c0e15b79fad3e3a6ba896ed2bb3df42b78 openshift-rebase(v1.24):source=dd0d3bfa831
Configuration menu - View commit details
-
Copy full SHA for c7f8581 - Browse repository at this point
Copy the full SHA c7f8581View commit details -
UPSTREAM: <carry>: conditionally fill the UserAgent from the currentl…
…y running test OpenShift uses these function before any test is run and they cause NPE openshift-rebase(v1.24):source=52b73523b4c
Configuration menu - View commit details
-
Copy full SHA for ac867ee - Browse repository at this point
Copy the full SHA ac867eeView commit details -
UPSTREAM: 89885: allow to read openstack cloud provider config from a…
… secret This patch brings back the downstream changes that were introduced to allow reading openstack cloud provider config from a secret. They are available in release-4.4, but were reverted in master with openshift/origin#24719 This change includes: - Ability to read metadata values for kubelet. Since the service does not have access to the secret to read the configuration, but it needs data to download (e.g. hostname or flavor), we are trying to get it from the metadata server. - Deprecation of kubeConfig parameter. Now we read the file that was provided with --kubeconfig option. Origin-commit: f95edc26155a29769b3c5b80c03755a01a87b5fc UPSTREAM: 89885: legacy-cloud-provider/openstack: include / prefix in instance ID output When we want to read an instance ID from the metadata service, cloud provider doesn't include "/" prefix, which is required for successful parsing of provider the ID later. This commit adds the missing "/" prefix to the output. UPSTREAM: 89885: SQUASH: Fix Cinder provisioning crashing on nil cloud provider OpenStack cloud provider must not use nil when provisioning a Cinder volume. UPSTREAM: 89885: SQUASH: Report OpenStack cloud initialization errors openshift-rebase(v1.24):source=dbe70e455ee UPSTREAM: <carry>: Set informer for openstack Set informer for the openstack cloud provider to ensure it is properly initialized when reading config from a secret. Upstream 89885 was closed in favor of 96750. Co-authored-by: Hemant Kumar <hekumar@redhat.com> openshift-rebase(v1.24):source=d7ecbd903e2 UPSTREAM: 89885: SQUASH: Retry fetching clouds.conf The OpenStack secret is not guaranteed to be present at the time kube-controller-manager is initialised. Co-authored-by: Martin André <m.andre@redhat.com> Co-authored-by: Pierre Prinetti <pierreprinetti@redhat.com> openshift-rebase(v1.24):source=8bc9dd29ef0 UPSTREAM: 89885: Fix panic in openstack.InstanceExistsByProviderID() ... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
Configuration menu - View commit details
-
Copy full SHA for 7992bf8 - Browse repository at this point
Copy the full SHA 7992bf8View commit details -
UPSTREAM: 90452: refactor/improve CRD publishing e2e tests in an HA s…
…etup openshift-rebase(v1.24):source=4d63cde7462
Configuration menu - View commit details
-
Copy full SHA for d6e0d01 - Browse repository at this point
Copy the full SHA d6e0d01View commit details -
UPSTREAM: <carry>: Bug 1852056: change etcd health check timeout to 10s
Origin-commit: 87d123196e9f9b77ff08d8b94c5b1348f3b35a8d openshift-rebase(v1.24):source=b6fed67c9c4
Configuration menu - View commit details
-
Copy full SHA for ba9caf9 - Browse repository at this point
Copy the full SHA ba9caf9View commit details
Commits on Aug 22, 2022
-
UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs
UPSTREAM: <carry>: Copy hack scripts and tools from openshift/origin UPSTREAM: <carry>: Fix shellcheck failures for copied openshift-hack bash UPSTREAM: <carry>: Enable build, test and verify UPSTREAM: <carry>: Copy README content from origin UPSTREAM: <carry>: Copy watch-termination command from openshift/origin UPSTREAM: <carry>: Switch image and rpm build to golang 1.14 UPSTREAM: <carry>: Copy test annotation from origin UPSTREAM: <carry>: Build openshift-compatible kube e2e binary UPSTREAM: <carry>: Updating openshift-hack/images/hyperkube/Dockerfile.rhel baseimages to mach ocp-build-data config UPSTREAM: <carry>: Update test annotation rules UPSTREAM: <carry>: Enable k8s-e2e-serial UPSTREAM: <carry>: Update test annotation rules UPSTREAM: <carry>: Build with golang 1.15 UPSTREAM: <carry>: (squash) Stop installing recent bash and protoc from source UPSTREAM: <carry>: Add rebase instructions UPSTREAM: <carry>: (squash) Update README.openshift to reflect transition UPSTREAM: <carry>: (squash) Stop annotating origin tests with [Suite:openshift] The detection logic was error-prone (different results based on the repo existing in GOPATH vs not) and whether a test comes from origin can be inferred from the absence of the `[Suite:k8s]` tag. UPSTREAM: <carry>: (squash) Update hyperkube version UPSTREAM: <carry>: (squash) Update OpenShift docs UPSTREAM: <carry>: watch-termination: fix deletion race and write non-graceful message also to termination.log UPSTREAM: <carry>: watch-termination: avoid false positives of NonGracefulTermination events UPSTREAM: <carry>: (squash) remove servicecatalog e2e that was dropped upstream UPSTREAM: <carry>: (squash) Fix annotation rules UPSTREAM: <carry>: (squash) Fix image refs UPSTREAM: <carry>: Updating openshift-enterprise-hyperkube builder & base images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/b0ab44b419faae6b18e639e780a1fa50a1df8521/images/openshift-enterprise-hyperkube.yml UPSTREAM: <carry>: (squash) Retry upstream flakes UPSTREAM: <carry>: (squash) Update test exclussions for 1.20.0 UPSTREAM: <carry>: (squash) Add detail to rebase doc - Add new section 'Maintaining this document' - Move checklist above the instructions to emphasize their importance - Add new section 'Reacting to new commits' - Mention that generated changes in carries should be dropped UPSTREAM: <carry>: Enable CSI snapshot e2e tests All images were uploaded to our quay.io mirror and the tests should succeed. UPSTREAM: <carry>: Stop skipping multi-az test (skipped upstream) UPSTREAM: <carry>: bump tag version & update rebase doc UPSTREAM: <carry>: update rebase doc & image UPSTREAM: <carry>: update rebase doc UPSTREAM: <carry>: update rebase doc UPSTREAM: <carry>: update rebase doc UPSTREAM: <carry>: Add Dockerfile to build pause image Ensuring the target directory exists before writing a file to it. UPSTREAM: <carry>: disable part of hack/verify-typecheck-providerless.sh due to our carry patches UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/691e628254f318ce56efda5edc7448ec743c37b8/images/openshift-enterprise-pod.yml UPSTREAM: <carry>: Updating openshift-enterprise-hyperkube images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/691e628254f318ce56efda5edc7448ec743c37b8/images/openshift-enterprise-hyperkube.yml UPSTREAM: <carry>: Add process overlap detection event to watch-termination NOTE: Squash this to watch-termination commit on rebase. UPSTREAM: <carry>: openshift-hack/images/os/Dockerfile: Add io.openshift.build.versions, etc. For example, consider the current 4.10 RHCOS: $ oc image info -o json registry.ci.openshift.org/ocp/4.10:machine-os-content | jq -r '.config.config.Labels | to_entries[] | .key + ": " + .value' | grep '^io\.k8s\|^io\.openshift' io.k8s.description: The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly. io.k8s.display-name: Red Hat Universal Base Image 8 io.openshift.build.version-display-names: machine-os=Red Hat Enterprise Linux CoreOS io.openshift.build.versions: machine-os=49.84.202109102026-0 io.openshift.expose-services: io.openshift.tags: base rhel8 A bunch of those seem to be inherited from the UBI base image, so we can leave them alone. But the io.openshift.build.* entries are RHCOS-specific, and are consumed by 'oc adm release new ...' [1,2] and friends to answer questions like "which RHCOS is in this release?": $ oc adm release info -o json quay.io/openshift-release-dev/ocp-release:4.8.12-x86_64 | jq .displayVersions { "kubernetes": { "Version": "1.21.1", "DisplayName": "" }, "machine-os": { "Version": "48.84.202109100857-0", "DisplayName": "Red Hat Enterprise Linux CoreOS" } } Setting this label will avoid failures when consumers like driver-toolkit's version consumer [3]: name: 0.0.1-snapshot-machine-os bump into ci-tools-built machine-os-content images that lack the io.openshift.build.versions declaration of machine-os version [4]: error: unable to create a release: unknown version reference "machine-os" I've gone with generic testing values, so hopefully this is not something that local maintainers need to remember to bump for each OpenShift z stream. [1]: https://github.com/openshift/oc/blob/f94afb52dc8a3185b3b9eacaf92ec34d80f8708d/pkg/cli/admin/release/image_mapper.go#L328-L334 [2]: https://github.com/openshift/oc/blob/f94afb52dc8a3185b3b9eacaf92ec34d80f8708d/pkg/cli/admin/release/annotations.go#L19-L28 [3]: openshift/driver-toolkit@464acca#diff-4caed9b2b966a8fa7a016ae28976634a2d3d1b635c4e820d5c038b2305d6af53R18 [4]: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_kubernetes/959/pull-ci-openshift-kubernetes-master-images/1438398678602616832#1:build-log.txt%3A97 UPSTREAM: <carry>: update rebase doc UPSTREAM: <carry>: squash with the rest of tooling UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/5b89f5b601508a0bcc0399fd3f34b7aa2e86e90e/images/openshift-enterprise-pod.yml UPSTREAM: <carry>: Updating openshift-enterprise-hyperkube images to be consistent with ART Reconciling with https://github.com/openshift/ocp-build-data/tree/5b89f5b601508a0bcc0399fd3f34b7aa2e86e90e/images/openshift-enterprise-hyperkube.yml UPSTREAM: <carry>: rebase script openshift-rebase(v1.24):source=b2b619077ea UPSTREAM: <carry>: Fix networking-related test exclusions Tests that fail on openshift-sdn specifically should be tagged as such, so that they don't also get skipped when running under ovn-kubernetes or third-party network plugins. UPSTREAM: <carry>: Skip "subPath should be able to unmount" NFS test Due to a kernel bug https://bugzilla.redhat.com/show_bug.cgi?id=1854379 in Linux 5.7+ this test fails - the bind-mounted NFS share cannot be cleanly unmounted, gets "Stale file handle" error instead on umount. As a result this test is permafailing on Fedora CoreOS nodes. UPSTREAM: <carry>: Skip GlusterFS tests GlusterFS is not supported in 4.x, we've been running its tests just because we could. Now it does not work on IPv6 systems. E [MSGID: 101075] [common-utils.c:312:gf_resolve_ip6] 0-resolver: getaddrinfo failed (Address family for hostname not supported) UPSTREAM: <carry>: Skip GlusterFS tests The previous commit left two GlusterFS test still running: [sig-storage] Volumes GlusterFS should be mountable [Skipped:ibmcloud] [Suite:openshift/conformance/parallel] [Suite:k8s] [sig-storage] Dynamic Provisioning GlusterDynamicProvisioner should create and delete persistent volumes Skip it, we don't support Gluster and it does not work on ipv6 UPSTREAM: <carry>: 1.22 alpha & other tests disablement UPSTREAM: <carry>: 1.21 alpha & other tests disablement UPSTREAM: <carry>: Enable GenerciEphemeralVolume tests UPSTREAM: <carry>: Re-enable [Feature:NetworkPolicy] tests which were wrongly disabled in rebase UPSTREAM: <carry>: Reenable NetworkPolicy test Signed-off-by: Mohamed Mahmoud <mmahmoud@redhat.com> UPSTREAM: <carry>: Conformance tests (sysctls) should be run We have to run this test for conformance, and the tests pass. Reenable this block which has been disabled for 2 releases (but appears to work fine). UPSTREAM: <carry>: Don't force-disable IPv6, dual-stack, and SCTP tests Instead, openshift-tests will enable or disable them depending on cluster configuration. UPSTREAM: <carry>: update Multi-AZ Cluster Volumes test name This test was renamed upstream in kubernetes@006dc74 UPSTREAM: <carry>: re-enable networking tests after rebase During a bump to k8 ver. 1.22.0, networking tests were disabled to accomplish the bump. This disabled netpol and older network tests. Netpol tests will be enabled in a following PR and therefore only partially fixes BZ. This commit partially fixes bug 1986307. https://bugzilla.redhat.com/show_bug.cgi?id=1986307 Signed-off-by: Martin Kennelly <mkennell@redhat.com> UPSTREAM: <drop>: update test annotate rules openshift-rebase(v1.24):source=7725d540b11 UPSTREAM: <carry>: Add DOWNSTREAM_OWNERS UPSTREAM: <carry>: clarify downstream approver rules openshift-rebase(v1.24):source=d74d9a2173b UPSTREAM: <carry>: copy extensions into resulting image openshift-rebase(v1.24):source=0bca5f4fa8e UPSTREAM: <carry>: update rebase doc openshift-rebase(v1.24):source=9b19ca983f4 UPSTREAM: <carry>: Fix conformance and serial tests by stopping node cordoning Master nodes already have `master` taint which cannot be tolerated by normal workloads. If we manually cordon the master nodes again, some of the control plane components cannot get rescheduled unless they have toleration to the `node.kubernetes.io/unschedulable` taint. Even if we have the toleration in the pod spec, because of the backwards compability issues scheduler will ignore nodes which have `unschedulable` field set. IOW: - Cordoning master nodes is redundant as masters already have taints - Cordoning master nodes can cause issues which are hard to debug as control-plane components may be evicted/preempted during e2e run(highly unlikely but a possibility). So, let's stop cordoning master nodes. openshift-rebase(v1.24):source=9755d206dd5 UPSTREAM: <carry>: enable internal traffic policy tests Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1986307 Signed-off-by: Martin Kennelly <mkennell@redhat.com> openshift-rebase(v1.24):source=f921d48224f UPSTREAM: <carry>: update rebase doc openshift-rebase(v1.24):source=9119117160a UPSTREAM: <carry>: enable e2e test after 1.23 rebase in sdn Enable "[sig-network] Conntrack should be able to preserve UDP traffic when initial unready endpoints get ready" after 1.23 rebase in openshift/sdn Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com> openshift-rebase(v1.24):source=32ce0d0897c openshift-rebase(v1.24):source=32ce0d0897c openshift-rebase(v1.24):source=32ce0d0897c UPSTREAM: <carry>: Unskip OCP SDN related tests Unskip networkPolicy tests concerning IpBlock and egress rules since both features have now been implemented. Signed-off-by: astoycos <astoycos@redhat.com> openshift-rebase(v1.24):source=aba8d2093ce UPSTREAM: <carry>: enable should drop INVALID conntrack entries test Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com> openshift-rebase(v1.24):source=3f7f68a7ce3 openshift-rebase(v1.24):source=3f7f68a7ce3 openshift-rebase(v1.24):source=3f7f68a7ce3 UPSTREAM: <carry>: update e2es openshift-rebase(v1.24):source=96a18e04df7 UPSTREAM: revert: <carry>: Unskip OCP SDN related tests These newly-enabled tests are breaking some CI, possibly due to race conditions in the tests. Re-disable them for now. This reverts commit aba8d20. openshift-rebase(v1.24):source=d032c6e6463 UPSTREAM: <carry>: update hyperkube and image version UPSTREAM: <drop>: disable e2e tests - disable 'ProxyTerminatingEndpoints' feature e2e tests - disable [sig-network] [Feature:Topology Hints] should distribute endpoints evenly see https://bugzilla.redhat.com/show_bug.cgi?id=2079958 for more context UPSTREAM: <carry>: Add kubensenter to the openshift RPM This carry-patch adds the kubensenter script to the openshift-hyperkube RPM, by importing it via the new hack/update-kubensenter.sh script. Signed-off-by: Jim Ramsay <jramsay@redhat.com> UPSTREAM: <carry>: Skip session affinity timeout tests in 4.12 and higher the default CNI is OVNKubernetes and these two tests do not pass. Skip them. They are also skipping in the origin test suites for ovnk. Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5c25df2 - Browse repository at this point
Copy the full SHA 5c25df2View commit details -
UPSTREAM: <carry>: export HandleFlags
openshift-rebase(v1.24):source=d1e53633876
Configuration menu - View commit details
-
Copy full SHA for 332abdd - Browse repository at this point
Copy the full SHA 332abddView commit details -
UPSTREAM: <carry>: noderestrictions: add node-role.kubernetes.io/* to…
… allowed node labels Server side validation of node labels was added in kubernetes#90307. We only disabled kubelet-side validation before to make our node role labels work. openshift-rebase(v1.24):source=6da1c7d4562
Configuration menu - View commit details
-
Copy full SHA for 6e854f4 - Browse repository at this point
Copy the full SHA 6e854f4View commit details -
UPSTREAM: <carry>: Skip unit tests incompatible with openshift ci
openshift-rebase(v1.24):source=39aab47dea8
Configuration menu - View commit details
-
Copy full SHA for 1a11b79 - Browse repository at this point
Copy the full SHA 1a11b79View commit details -
UPSTREAM: <carry>: Stop ignoring generated openapi definitions
openshift/origin needs to be able to vendor these definitions so they need to be committed. openshift-rebase(v1.24):source=1ca04429c95
Configuration menu - View commit details
-
Copy full SHA for 12b5757 - Browse repository at this point
Copy the full SHA 12b5757View commit details -
UPSTREAM: <carry>: Release lock on KCM and KS termination
UPSTREAM: <carry>: Force releasing the lock on exit for KS squash with UPSTREAM: <carry>: Release lock on KCM and KS termination openshift-rebase(v1.24):source=93017a1df89 openshift-rebase(v1.24):source=93017a1df89 openshift-rebase(v1.24):source=93017a1df89
Configuration menu - View commit details
-
Copy full SHA for 0a58df6 - Browse repository at this point
Copy the full SHA 0a58df6View commit details -
UPSTREAM: 96120: kubelet: Expose a simple Get-WinEvent shim on the ku…
…belet logs endpoint Provide an administrator a streaming view of event logs on Windows machines without them having to implement a client side reader. The kubelet API for querying the Linux journal is re-used for invoking the Get-WinEvent cmdlet in a PowerShell. Parameters that have no functional equivalence in Get-WinEvent are ignored when assembling the command. Only available to cluster admins. openshift-rebase(v1.24):source=6a457760045
Configuration menu - View commit details
-
Copy full SHA for fa28c1e - Browse repository at this point
Copy the full SHA fa28c1eView commit details -
UPSTREAM: <carry>: Override termination grace period on annotation
openshift-rebase(v1.24):source=b8796c6f7c3
Configuration menu - View commit details
-
Copy full SHA for 026eeb5 - Browse repository at this point
Copy the full SHA 026eeb5View commit details -
UPSTREAM: <carry>: kube-apiserver: ignore SIGTERM/INT after the first…
… one UPSTREAM: <carry>: kube-apiserver: set up separate signal handler functions to ignore further signals This patches the changes from openshift#558 to provide these new functions without changing the behavior for other repos that depend on them, such as library-go. openshift-rebase(v1.24):source=bfea75be7a2
Configuration menu - View commit details
-
Copy full SHA for 8f6a2c5 - Browse repository at this point
Copy the full SHA 8f6a2c5View commit details -
UPSTREAM: <carry>: use hardcoded metrics scraping authorizer for dele…
…gated apiservers openshift-rebase(v1.24):source=7d4d48c9482
Configuration menu - View commit details
-
Copy full SHA for 25ecc9e - Browse repository at this point
Copy the full SHA 25ecc9eView commit details -
UPSTREAM: <carry>: allow kubelet to self-authorize metrics scraping
openshift-rebase(v1.24):source=fc65be016bd
Configuration menu - View commit details
-
Copy full SHA for 0ad26ab - Browse repository at this point
Copy the full SHA 0ad26abView commit details -
UPSTREAM: <carry>: provide events, messages, and bodies for probe fai…
…lures of important pods openshift-rebase(v1.24):source=75bef3ca784 openshift-rebase(v1.24):source=75bef3ca784 openshift-rebase(v1.24):source=75bef3ca784 UPSTREAM: <carry>: provide unique reason for pod probe event during termination
Configuration menu - View commit details
-
Copy full SHA for edacb0e - Browse repository at this point
Copy the full SHA edacb0eView commit details -
UPSTREAM: <carry>: allows for switching KS to talk to Kube API over l…
…ocalhost to force KS to use localhost set the following flag in kubescheduler (oc edit kubescheduler cluster) unsupportedConfigOverrides: arguments: unsupported-kube-api-over-localhost:: - "true" openshift-rebase(v1.24):source=04eabe53d2a openshift-rebase(v1.24):source=04eabe53d2a openshift-rebase(v1.24):source=04eabe53d2a UPSTREAM: <carry>: allows for switching KS to talk to Kube API over localhost-squash to other This commit is addendum to openshift@04eabe5 to stop using cc and start relying on scheduler config options openshift-rebase(v1.24):source=f89b437f6f0
Configuration menu - View commit details
-
Copy full SHA for 1ec3b00 - Browse repository at this point
Copy the full SHA 1ec3b00View commit details -
UPSTREAM: <carry>: openshift KCM volume plugin manager uses a disjoin…
…t set of featuregates The volume plugin manager for openshfit's Attach Detach controller in kube-controller-manager uses a set of featuregates that are NOT the same as the the other controllers in KCM and the kubelet. This means these featuregates (if we kept the old names) would be inconsistent inside of a single binary. There are now separate featuregates for the volumepluginmanger when running in the Attach Detach controller to reflect this distintion. See openshift/enhancements#549 for details. Stop <carrying> the patch when CSI migration becomes GA (i.e. features.CSIMigrationAWS / features.CSIMigrationOpenStack are GA). UPSTREAM: <carry>: add CSI migration feature gates for GCE PD and Azure Disk This commit is the next natural step for commit 2d9a8f9. It introduces custom feature gates to enable the CSI migration in GCE PD and Azure Disk plugins. See openshift/enhancements#549 for details. Stop <carrying> the patch when CSI migration becomes GA (i.e. features.CSIMigrationAzureDisk / features.CSIMigrationGCE are GA). UPSTREAM: <carry>: Set CSI migration off when a test needs it In OCP we carry a patch that forces CSI migration to be enabled in Attach/Detach controller (ADC). Update ADC unit tests to disable the migration there when an unit test needs it disabled. openshift-rebase(v1.24):source=ec8a203cd68
Configuration menu - View commit details
-
Copy full SHA for 88c4f34 - Browse repository at this point
Copy the full SHA 88c4f34View commit details -
UPSTREAM: <carry>: add management support to kubelet
UPSTREAM: <carry>: management workloads enhancement 741 UPSTREAM: <carry>: lower verbosity of managed workloads logging Support for managed workloads was introduced by PR#627. However, the the CPU manager reconcile loop now seems to flood kubelet log with "reconcileState: skipping pod; pod is managed" warnings. Lower the verbosity of these log messages. openshift-rebase(v1.24):source=9e63356d4a9
Configuration menu - View commit details
-
Copy full SHA for 53d825e - Browse repository at this point
Copy the full SHA 53d825eView commit details -
UPSTREAM: <carry>: deprecateApiRequestHandler
UPSTREAM: <carry>: simplify apirequest counter code UPSTREAM: <carry>: add more unit tests UPSTREAM: <carry>: fix SetRequestCountsForNode UPSTREAM: <carry>: switch to apirequestcount for all resources UPSTREAM: <carry>: temporarily bypass validation for apirequest count removedInRelease UPSTREAM: <carry>: apirequestcount to show dominators instead of fewest UPSTREAM: <carry>: keep apirequestcounts for non-persisted users between updates UPSTREAM: <carry>: properly honor the max number of users in spec UPSTREAM: <carry>: apirequest count with empty .status.removedInRelease UPSTREAM: <carry>: add apirequestcount useragent UPSTREAM: <carry>: limit cardinality of useragent for removedrequest handling UPSTREAM: <carry>: correct apirequestcount lock UPSTREAM: <carry>: apirequestcount: smear out CR updates over interval squash with UPSTREAM: <carry>: deprecateApiRequestHandler openshift-rebase(v1.24):source=f1b2addabc1 UPSTREAM: <carry>: update list of deprecated apis UPSTREAM: <carry>: update list of deprecated apis openshift-rebase(v1.24):source=5ef33bccf60 UPSTREAM: <carry>: fix request count log rotation - discover existing resource request logs on restart - prevent un-needed updates - fixup small typos - reduce chatter in apiserver logs openshift-rebase(v1.24):source=bbd16356c37 UPSTREAM: <carry>: update list of deprecated apis Update the list of deprecated APIs marked for removal base on the latest [Deprecated API Migration Guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide). openshift-rebase(v1.24):source=0c3aeba7b49 UPSTREAM: <carry>: apirequestcount filter should skip non-resources openshift-rebase(v1.24):source=5b8b08c1629 UPSTREAM: <carry>: ignore invalid apirequestcounts openshift-rebase(v1.24):source=e23f142b9ed UPSTREAM: <carry>: update list of deprecated apis
Configuration menu - View commit details
-
Copy full SHA for 89b35e3 - Browse repository at this point
Copy the full SHA 89b35e3View commit details -
UPSTREAM: <carry>: allows for switching KCM to talk to Kube API over …
…localhost to force KCM to use localhost set the following flag in kubecontrollermanager (oc edit kubecontrollermanager cluster) unsupportedConfigOverrides: extendedArguments: unsupported-kube-api-over-localhost: - "true" openshift-rebase(v1.24):source=0ac43f622c4 openshift-rebase(v1.24):source=0ac43f622c4 openshift-rebase(v1.24):source=0ac43f622c4
Configuration menu - View commit details
-
Copy full SHA for ed3c93f - Browse repository at this point
Copy the full SHA ed3c93fView commit details -
UPSTREAM: <carry>: Ensure service ca is mounted for projected tokens
OpenShift since 3.x has injected the service serving certificate ca (service ca) bundle into service account token secrets. This was intended to ensure that all pods would be able to easily verify connections to endpoints secured with service serving certificates. Since breaking customer workloads is not an option, and there is no way to ensure that customers are not relying on the service ca bundle being mounted at /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt, it is necessary to continue mounting the service ca bundle in the same location in the bound token projected volumes enabled by the BoundServiceAccountTokenVolume feature (enabled by default in 1.21). A new controller is added to create a configmap per namespace that is annotated for service ca injection. The controller is derived from the controller that creates configmaps for the root ca. The service account admission controller is updated to include a source for the new configmap in the default projected volume definition. UPSTREAM: <carry>: <squash> Add unit testing for service ca configmap publishing This commit should be squashed with: UPSTREAM: <carry>: Ensure service ca is mounted for projected tokens openshift-rebase(v1.24):source=efe0cfeaa21
Configuration menu - View commit details
-
Copy full SHA for ffbb53e - Browse repository at this point
Copy the full SHA ffbb53eView commit details -
UPSTREAM: <carry>: apiserver: add system_client=kube-{apiserver,cm,s}…
… to apiserver_request_total UPSTREAM: <carry>: apiserver: add cluster-policy-controller to system client in apiserver_request_total openshift-rebase(v1.24):source=7fd9897d2cb
Configuration menu - View commit details
-
Copy full SHA for cfb6d7b - Browse repository at this point
Copy the full SHA cfb6d7bView commit details -
UPSTREAM: <carry>: annotate audit events for requests during unready …
…phase and graceful termination phase openshift-rebase(v1.24):source=2f57c5b68bd
Configuration menu - View commit details
-
Copy full SHA for e3d97da - Browse repository at this point
Copy the full SHA e3d97daView commit details -
UPSTREAM: <carry>: emit event when readyz goes true
openshift-rebase(v1.24):source=2fac715cabd
Configuration menu - View commit details
-
Copy full SHA for c1c3dfd - Browse repository at this point
Copy the full SHA c1c3dfdView commit details -
UPSTREAM: <carry>: crd: add ClusterOperator condition message table c…
…olumn The logic is not exressible via JSONPath. Hence, if we want this, we have to help a little with this custom column writer. openshift-rebase(v1.24):source=eddcc518beb openshift-rebase(v1.24):source=eddcc518beb openshift-rebase(v1.24):source=eddcc518beb
Configuration menu - View commit details
-
Copy full SHA for 2a08120 - Browse repository at this point
Copy the full SHA 2a08120View commit details -
UPSTREAM: <carry>: only chown if non-windows machine
Upstream worked on under kubernetes#102868 openshift-rebase(v1.24):source=ebbd98c4af1
Configuration menu - View commit details
-
Copy full SHA for 63a331a - Browse repository at this point
Copy the full SHA 63a331aView commit details -
UPSTREAM: <carry>: openshift's kube-apiserver is in openshift-kube-ap…
…iserver openshift-rebase(v1.24):source=07bf20738e9
Configuration menu - View commit details
-
Copy full SHA for 424aec8 - Browse repository at this point
Copy the full SHA 424aec8View commit details -
UPSTREAM: 103612: tolerate additional, but congruent, events for inte…
…gration test openshift-rebase(v1.24):source=c83ceebb078
Configuration menu - View commit details
-
Copy full SHA for 0e3f686 - Browse repository at this point
Copy the full SHA 0e3f686View commit details -
UPSTREAM: <carry>: add a way to inject a vulnerable, legacy service-c…
…a.crt for migration compatibility openshift-rebase(v1.24):source=791d41e279c
Configuration menu - View commit details
-
Copy full SHA for 5268cd0 - Browse repository at this point
Copy the full SHA 5268cd0View commit details -
UPSTREAM: <carry>: 104437: run etcd healthcheck in the background and…
… reply with a cached value openshift-rebase(v1.24):source=9ebab947279
Configuration menu - View commit details
-
Copy full SHA for 072da10 - Browse repository at this point
Copy the full SHA 072da10View commit details -
UPSTREAM: <carry>: skip posting failures to aggregated APIs to avoid …
…getting false positives until the server becomes ready the availability checks depend on fully initialized SDN OpenShift carries a few reachability checks that affect /readyz protocol we skip posting failures to avoid getting false positives until the server becomes ready UPSTREAM: <carry>: skip posting failures to aggregated APIs to avoid getting false positives until the server becomes ready marks availability of the server before checking the aggregate APIs as it can change as we are running the checks. in that case, skip posting failures to avoid false positives. note on the next rebase please squash with the previous commit openshift-rebase(v1.24):source=30214940c21
Configuration menu - View commit details
-
Copy full SHA for 0ca3c45 - Browse repository at this point
Copy the full SHA 0ca3c45View commit details -
UPSTREAM: <carry>: expose HasBeenReady lifecycle signal
openshift-rebase(v1.24):source=110aaa7c54c openshift-rebase(v1.24):source=110aaa7c54c openshift-rebase(v1.24):source=110aaa7c54c
Configuration menu - View commit details
-
Copy full SHA for 7d89afa - Browse repository at this point
Copy the full SHA 7d89afaView commit details -
UPSTREAM: <carry>: Revert "Remove Endpoints write access from aggrega…
…ted edit role" OpenShift has an admission controller to prevent restricted Endpoints changes, and there's no reason to block non-restricted changes (such as modifying the annotations of an Endpoints, which is done by "oc idle"). This reverts commit 416efda. openshift-rebase(v1.24):source=573d6345f81 openshift-rebase(v1.24):source=573d6345f81 openshift-rebase(v1.24):source=573d6345f81
Configuration menu - View commit details
-
Copy full SHA for 6abfb0a - Browse repository at this point
Copy the full SHA 6abfb0aView commit details -
UPSTREAM: <carry>: send Retry-After when not ready with a caller opt in
openshift-rebase(v1.24):source=24428447834
Configuration menu - View commit details
-
Copy full SHA for 19d4525 - Browse repository at this point
Copy the full SHA 19d4525View commit details -
UPSTREAM: <carry>: add max_housekeeping_interval
openshift-rebase(v1.24):source=ea2d15e503c
Configuration menu - View commit details
-
Copy full SHA for 5e646cf - Browse repository at this point
Copy the full SHA 5e646cfView commit details -
UPSTREAM: <carry>: Make RestrictedEndpointsAdmission check NotReadyAd…
…dresses UPSTREAM: <carry>: Make RestrictedEndpointsAdmission restrict EndpointSlices as well openshift-rebase(v1.24):source=819a64c501a
Configuration menu - View commit details
-
Copy full SHA for bd8e25f - Browse repository at this point
Copy the full SHA bd8e25fView commit details -
UPSTREAM: <carry>: sets X-OpenShift-Internal-If-Not-Ready HTTP Header…
… for GC and Namespace controllers In general, setting the header will result in getting 429 when the server hasn't been ready. This prevents certain controllers like GC, Namespace from accidentally removing resources when the caches haven't been fully synchronized. openshift-rebase(v1.24):source=57afba23a2f openshift-rebase(v1.24):source=57afba23a2f openshift-rebase(v1.24):source=57afba23a2f
Configuration menu - View commit details
-
Copy full SHA for 2737706 - Browse repository at this point
Copy the full SHA 2737706View commit details -
UPSTREAM: <carry>: change opt-in due to upstream revert
openshift-rebase(v1.24):source=4954e48523c
Configuration menu - View commit details
-
Copy full SHA for 24a7dab - Browse repository at this point
Copy the full SHA 24a7dabView commit details -
UPSTREAM: <carry>: add control plane to allow roles
openshift-rebase(v1.24):source=4ac30cd9474
Configuration menu - View commit details
-
Copy full SHA for 3598b29 - Browse repository at this point
Copy the full SHA 3598b29View commit details -
UPSTREAM: <carry>: add CSI migration feature gates for vSphere and Az…
…ure File This commit is the next natural step for commits 2d9a8f9 and d37e84c. It introduces custom feature gates to enable the CSI migration in vSphere and Azure File plugins. See openshift/enhancements#549 for details. Stop <carrying> the patch when CSI migration becomes GA (i.e. features.CSIMigrationAzureFile / features.CSIMigrationVSphere are GA). openshift-rebase(v1.24):source=2701d71abb4
Configuration menu - View commit details
-
Copy full SHA for cf6f444 - Browse repository at this point
Copy the full SHA cf6f444View commit details -
UPSTREAM: <carry>: delay queuing deletion for PV to allow nodes some …
…time to unmount UPSTREAM: <carry>: Fix sync of PV deletion in PV controller Always queue PV deletion events immediately, without any wait. It does not affect dynamic de-provisioning / deletion of volumes, it's done on PVC deletion. This de-flakes unit tests, which expect that PV deletion is processed without waiting too much. This updates carry patch b24f93e. It still waits for 21 seconds after *PVC* deletion! UPSTREAM: <carry>: delay queuing deletion for PV to allow nodes some time to unmount openshift-rebase(v1.24):source=c5fd3449734
Configuration menu - View commit details
-
Copy full SHA for 14f860c - Browse repository at this point
Copy the full SHA 14f860cView commit details -
UPSTREAM: 90452: refactor/improve CRD publishing e2e tests in an HA s…
…etup openshift-rebase(v1.24):source=ce8d63d76a0
Configuration menu - View commit details
-
Copy full SHA for fd0f5b4 - Browse repository at this point
Copy the full SHA fd0f5b4View commit details -
UPSTREAM: <carry>: hardens the aggregated API e2e tests in an HA setup
openshift-rebase(v1.24):source=ab75ff1a507
Configuration menu - View commit details
-
Copy full SHA for 3911f4b - Browse repository at this point
Copy the full SHA 3911f4bView commit details -
UPSTREAM: <carry>: set correctly static pods CPUs when workload parti…
…tioning is disabled Signed-off-by: Artyom Lukianov <alukiano@redhat.com> openshift-rebase(v1.24):source=aa8752060b0
Configuration menu - View commit details
-
Copy full SHA for 92d60ed - Browse repository at this point
Copy the full SHA 92d60edView commit details -
UPSTREAM: <carry>: use console-public config map for console redirect
openshift-rebase(v1.24):source=d7b268fffba
Configuration menu - View commit details
-
Copy full SHA for 97e81ee - Browse repository at this point
Copy the full SHA 97e81eeView commit details -
UPSTREAM: <carry>: Skip in-tree topology tests win Azure Disk migrate…
…d to CSI Skip test that depend on in-tree Azure Disk volume plugin that (wrongly) uses failure domains for value of "topology.kubernetes.io/zone" label in Azure regions that don't have availability zones. Our e2e tests blindly use that label and expect that a volume provisioned in such a "zone" can be used only by nodes in that "zone" (= topology domain). This is false, Azure Disk CSI driver can use such a volume in any zone and therefore the test may randomly fail. See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2066865 openshift-rebase(v1.24):source=7871e95298a
Configuration menu - View commit details
-
Copy full SHA for cc7fb5e - Browse repository at this point
Copy the full SHA cc7fb5eView commit details -
UPSTREAM: <carry>: e2e-framework: don't autosync PodSecurity labels
In the tests, we oftentimes create pods directly by the administrative user and so their SCC-related privileges are being used to create the pods. The PSa label syncher however works by introspecting SAs in each namespace, and since the SAs in the direct pod creation use-cases don't have the SCC-related privileges, the labelsyncer evaluates these namespaces as "restricted" because only the "restricted-v2" SCC is ever assigned in the namespaces. This breaks tests where pods are created directly. openshift-rebase(v1.24):source=35dc012e1f5
Configuration menu - View commit details
-
Copy full SHA for 7919623 - Browse repository at this point
Copy the full SHA 7919623View commit details
Commits on Aug 23, 2022
-
UPSTREAM: <carry>: fix [sig-auth] ServiceAccounts no secret-based ser…
…vice account token should be auto-generated
Configuration menu - View commit details
-
Copy full SHA for c08d657 - Browse repository at this point
Copy the full SHA c08d657View commit details -
UPSTREAM: <carry>: Remove reserved CPUs from default set
Remove reserved CPUs from default set when workload partitioning is enabled. Co-Authored-By: Brent Rowsell <browsell@redhat.com> Signed-off-by: Don Penney <dpenney@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 3a1ed96 - Browse repository at this point
Copy the full SHA 3a1ed96View commit details -
Configuration menu - View commit details
-
Copy full SHA for 09bc939 - Browse repository at this point
Copy the full SHA 09bc939View commit details -
Configuration menu - View commit details
-
Copy full SHA for 957dfcd - Browse repository at this point
Copy the full SHA 957dfcdView commit details -
UPSTREAM: <drop>: temporary hack: remove -report-dir so that reports …
…aren't causing problems when auto-attached by ginkgo
Configuration menu - View commit details
-
Copy full SHA for 67d02cd - Browse repository at this point
Copy the full SHA 67d02cdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2379829 - Browse repository at this point
Copy the full SHA 2379829View commit details -
Configuration menu - View commit details
-
Copy full SHA for 31c1a11 - Browse repository at this point
Copy the full SHA 31c1a11View commit details -
UPSTREAM: <drop>: add missing import restrictions
when we run verify-import-boss.sh it fails with the following error errors in package "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node": the following imports did not match any allowed prefix: gopkg.in/yaml.v3 k8s.io/kube-openapi/pkg/validation/spec note: this should be an upstream fix, not sure why we don't see this error in upstream, does upstream not run this job in verify? investigate and take proper action for this commit
Configuration menu - View commit details
-
Copy full SHA for d3049a5 - Browse repository at this point
Copy the full SHA d3049a5View commit details -
UPSTREAM: <drop>: change GA CSIMigrationGCE and CSIMigrationAWS featu…
…res lock to false
Configuration menu - View commit details
-
Copy full SHA for a6797a6 - Browse repository at this point
Copy the full SHA a6797a6View commit details
Commits on Aug 26, 2022
-
UPSTREAM: 111789: Update Netpol e2e tests to use framework CreateName…
…space The main purpose of this change is to update the e2e Netpol tests to use the srandard CreateNamespace function from the Framework. Before this change, a custom Namespace creation function was used, with the following consequences: * Pod security admission settings had to be enforced locally (not using the centralized mechanism) * the custom function was brittle, not waiting for default Namespace ServiceAccount creation, causing tests to fail in some infrastructures * tests were not benefiting from standard framework capabilities: Namespace name generation, automatic Namespace deletion, etc. As part of this change, we also do the following: * clearly decouple responsibilities between the Model, which defines the K8s objects to be created, and the KubeManager, which has access to runtime information (actual Namespace names after their creation by the framework, Service IPs, etc.) * simplify / clean-up tests and remove as much unneeded logic / funtions as possible for easier long-term maintenance * remove the useFixedNamespaces compile-time constant switch, which aimed at re-using existing K8s resources across test cases. The reasons: a) it is currently broken as setting it to true causes most tests to panic on the master branch, b) it is not a good idea to have some switch like this which changes the behavior of the tests and is never exercised in CI, c) it cannot possibly work as different test cases have different Model requirements (e.g., the protocols list can differ) and hence different K8s resource requirements. For kubernetes#108298 Signed-off-by: Antonin Bas <abas@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 8aadd1d - Browse repository at this point
Copy the full SHA 8aadd1dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6778b36 - Browse repository at this point
Copy the full SHA 6778b36View commit details -
Revert "Quota Monitoring fg: update promotion version to v1.25"
This reverts commit 91ec31b.
Configuration menu - View commit details
-
Copy full SHA for 020f1c0 - Browse repository at this point
Copy the full SHA 020f1c0View commit details -
Revert "promote LSCIQuotaFeature to beta"
This reverts commit b36786e.
Configuration menu - View commit details
-
Copy full SHA for 97b8938 - Browse repository at this point
Copy the full SHA 97b8938View commit details