forked from kubernetes/kubernetes
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DO NOT MERGE: ocp-next #1647
Draft
bertinatto
wants to merge
1,924
commits into
openshift:master
Choose a base branch
from
bertinatto:ocp-next
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
DO NOT MERGE: ocp-next #1647
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci
bot
added
the
do-not-merge/hold
Indicates that a PR should not merge because someone has issued a /hold command.
label
Jul 27, 2023
openshift-ci-robot
added
the
backports/unvalidated-commits
Indicates that not all commits come to merged upstream PRs.
label
Jul 27, 2023
openshift-ci
bot
added
the
do-not-merge/work-in-progress
Indicates that a PR should not merge because it is a work in progress.
label
Jul 27, 2023
/test k8s-e2e-gcp-ovn |
/test k8s-e2e-gcp-ovn |
/test images |
/test k8s-e2e-gcp-ovn |
@bertinatto: could not list commits in this pull request. Please try again with /validate-backports. Get "http://ghproxy/repos/openshift/kubernetes/pulls/1647/commits?per_page=100": dial tcp 172.30.229.2:80: i/o timeout |
/test k8s-e2e-gcp-serial |
/test all |
/test all |
…util/managedfields Some of the code we use in openshift-tests was recently made internal in kubernetes#115065. This patch exposes the code we need there.
…rnetes.default.svc, don't wait for aggregated availability
…roups that have kinds that are served by both CRDs and external apiservers (eg openshift-apiserver) this includes: - authorization.openshift.io (rolebindingrestrictions served by a CRD) - security.openshift.io (securitycontextconstraints served by a CRD) - quota.openshift.io (clusterresourcequotas served by a CRD) By merging all sources, we ensure that kinds served by a CRD will have openapi discovery and spec available even when openshift-apiserver is unavailable.
…self-SARs that have user:check-access Otherwise, the request will inherit any scopes that an access token might have and the scopeAuthorizer will deny the access review if the scopes do not include user:full
This commit renews openshift#327 What has changed compared to the original PR is: - The retryClient interface has been adapted to storage.Interface. - The isRetriableEtcdError method has been completely changed; it seems that previously the error we wanted to retry was not being retried. Even the unit tests were failing. Overall, I still think this is not the correct fix. The proper fix should be added to the etcd client. UPSTREAM: <carry>: retry etcd Unavailable errors This is the second commit for the retry logic. This commit adds unit tests and slightly improves the logging. During a rebase squash with the previous one.
When a PerformanceProfile configures a node for cpu partitioning, it also lets OVS use all the cpus available to burstable pods. To be able to do that, OVS was moved to its own slice and that slice needs to be re-added to cAdvisor for monitoring purposes.
Signed-off-by: Harshal Patil <harpatil@redhat.com>
Kubelet should advertise the shared cpus as extedned resources. This has the benefit of limiting the amount of containers that can request an access to the shared cpus. For more information see - openshift/enhancements#1396 Signed-off-by: Talor Itzhak <titzhak@redhat.com>
Adding a new mutation plugin that handles the following: 1. In case of `workload.openshift.io/enable-shared-cpus` request, it adds an annotation to hint runtime about the request. runtime is not aware of extended resources, hence we need the annotation. 2. It validates the pod's QoS class and return an error if it's not a guaranteed QoS class 3. It validates that no more than a single resource is being request. 4. It validates that the pod deployed in a namespace that has mixedcpus workloads allowed annotation. For more information see - openshift/enhancements#1396 Signed-off-by: Talor Itzhak <titzhak@redhat.com>
…force 2nd labeling to make tests work
This commit needs to be carried until we rebase onto Kube 1.31. We have backported the library changes to 1.28, which means they can then be used in 1.29. Upstream, they were only introduced in 1.30 which means they wouldn't be usable until 1.31. This allows us to improve our API validation from OpenShift 4.16 onwards, instead of OpenShift 4.18 onwards.
…force 2nd labeling to make tests work
Updating the logic for pod admission to allow a pod creation with workload partitioning annotations to be run in a namespace that has no workload allow annoations. The pod will be stripped of its workload annotations and treated as if it were normal, a warning annoation will be placed to note the behavior on the pod. Signed-off-by: ehila <ehila@redhat.com>
Tests require SSH configuration and is part of the parallel suite, which does not create the bastion host. Enabling the test would result in the bastion being created for every parallel test execution. Given that we have existing oc and WMCO tests that cover this functionality, we can safely disable it.
…t-install architectures
…t ci This reverts commit c22611b.
…labels This reverts commit da2d390.
…to subpackages This change should allow us to install a much smaller set of binaries into RHCOS while preserving functional compatibility with with anyone who installs `openshift-hyperkube` today as it requires all sub packages. Those wishing to have just the kubelet can begin installing `openshift-hyperkube-kubelet` -rwxr-xr-x. 2 root root 129M Jan 1 1970 /usr/bin/kube-apiserver -rwxr-xr-x. 2 root root 114M Jan 1 1970 /usr/bin/kube-controller-manager -rwxr-xr-x. 2 root root 54M Jan 1 1970 /usr/bin/kube-scheduler -rwxr-xr-x. 2 root root 105M Jan 1 1970 /usr/bin/kubelet -rwxr-xr-x. 2 root root 3.5K Jan 1 1970 /usr/bin/kubensenter Should save about 297M or 74% in most environments where the kubelet is all that's desired. It's not clear to me why these were ever in the RPM since OCP 4.x but this packaging should remain compatible as openshift-hyperkube depends on - openshift-kubelet - openshift-kube-apiserver - openshift-kube-scheduler - openshift-kube-controller-manager
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
backports/unvalidated-commits
Indicates that not all commits come to merged upstream PRs.
do-not-merge/hold
Indicates that a PR should not merge because someone has issued a /hold command.
do-not-merge/work-in-progress
Indicates that a PR should not merge because it is a work in progress.
vendor-update
Touching vendor dir or related files
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Auto-generated by https://github.com/bertinatto/ocp-next.
/hold