New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] k8s 1.28.0 #1658
[WIP] k8s 1.28.0 #1658
Conversation
…ng-requests Track executing requests
The 10 second timeout was too low. Given that the retry loop for the kubelet itself is 90s, increasing the timeout to half of this seems reasonable. Ideally we would pull in the variable that sets the retry timeout to 90s and then just set our local timeout to half of that. Unfortunately, this is not exported, so we settle (for now with just explicitly setting it to 45s. Signed-off-by: Kevin Klues <kklues@nvidia.com>
…extensions/crd-validation-ratcheting CRD Validation Ratcheting alpha implementation
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Increase timeout for DRA kubelet plugin client
KEP-3939: pod gc changes for pod replacement policy kep
Unknown Version Interoperability Proxy Impl
This implements a drop-in configuration directory for the kubelet by introducing a "--config-dir" flag. Users can provide individual kubelet config snippets in separate files, formatted similarly to kubelet.conf. The kubelet will process the files in alphanumeric order, appending configurations if subfield(s) doesn't exist, overwriting them if they do, and handling lists by overwriting instead of merging. Co-authored-by: Yu Qi Zhang <jerzhang@redhat.com>
cmd/kubelet: implement drop-in configuration directory for kubelet
cronjob: return immediately when failed to create job for the namespace is terminating
…tes#118041) * Add reason and fieldPath in CRD validation rules. * Auto updates * Simplify field path append --------- Co-authored-by: Joe Betz <jpbetz@google.com>
…gator-v2 Fix making OpenAPI V2 aggregator lazy
feat: improves metric and logging
The `diff` binary (required by the `kubectl diff` e2e test) gets statically or dynamically linked based on the used glibc version. We cannot really predict that behavior for the various platforms of debian-base and therefore cannot copy the binary around. This means that distroless is not a great choice for the conformance image unless we stop relying on `diff`. This means we now switch back to `debian-base` for the conformance image to simplify the build process and reduce the amount of moving parts. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Signed-off-by: Itamar Holder <iholder@redhat.com>
Use haveKeys() matcher from previous commit to ensure required keys exist. Signed-off-by: Itamar Holder <iholder@redhat.com>
…extensions/use-statusSchema apiextensions: validate status updates with status schema
…licy-job-api-only add podReplacementPolicy and terminating field to job api
…ures-in-backoff Include ignored pods when computing backoff delay for Job pod failures
…rce-metric-test Add `pod_swap_usage_bytes` as an expected metric in resource metric e2e test
…aged is enabled Previously, cpu load balancing was enabled in cri-o by manually changing the sched_domain of cpus in sysfs. However, RHEL 9 dropped support for this knob, instead requiring it be changed in cgroups directly. To enable cpu load balancing on cgroupv1, the specified cgroup must have cpuset.sched_load_balance set to 0, as well as all of that cgroup's parents, plus all of the cgroups that contain a subset of the cpus that load balancing is disabled for. By default, all cpusets inherit the set from their parent and sched_load_balance as 1. Since we need to keep the cpus that need load balancing disabled in the root cgroup, all slices will inherit the full cpuset. Rather than rebalancing every cgroup whenever a new guaranteed cpuset cgroup is created, the approach this PR takes is to set load balancing to disabled for all slices. Since slices definitionally don't have any processes in them, setting load balancing won't affect the actual scheduling decisions of the kernel. All it will do is open the opportunity for CRI-O to set the actually set load balancing to disabled for containers that request it. Signed-off-by: Peter Hunt <pehunt@redhat.com> UPSTREAM: <carry>: kubelet/cm: disable cpu load balancing on slices when using static cpu manager policy There are situations where cpu load balance disabling is desired when the kubelet is not in managed state. Instead of using that condition, set the cpu load balancing parameter for new slices when the cpu policy is static Signed-off-by: Peter Hunt <pehunt@redhat.com>
If it is useful we will combine this with the following carry: 20caad9: UPSTREAM: 115328: annotate early and late requests
…util/managedfields Some of the code we use in openshift-tests was recently made internal in kubernetes#115065. This patch exposes the code we need there.
…rnetes.default.svc, don't wait for aggregated availability
…orages.operator.openshift.io
…cted permissions watch-termination uses lumberjack for loging. it creates permissive files by default 0644 and at the moment there is no way to specify permission while creating a file, the only way to workaround is to create a file before. this pr touches a file with restrictive permissions 0600 and relies on the fact that lumberjack respects and copies permission over if the file already exist
…ing .start.ordinal Drop [Feature: tag to make sure this tests runs on pre-submits In v1.27 StatefulSetStartOrdinal became beta, which makes it on by default, but we forgot to turn these tests on along with it. This makes these tests run always.
…roups that have kinds that are served by both CRDs and external apiservers (eg openshift-apiserver) this includes: - authorization.openshift.io (rolebindingrestrictions served by a CRD) - security.openshift.io (securitycontextconstraints served by a CRD) - quota.openshift.io (clusterresourcequotas served by a CRD) By merging all sources, we ensure that kinds served by a CRD will have openapi discovery and spec available even when openshift-apiserver is unavailable.
…self-SARs that have user:check-access Otherwise, the request will inherit any scopes that an access token might have and the scopeAuthorizer will deny the access review if the scopes do not include user:full
Prevent potential concurrent map access by taking a lock before reading the topology cache's hintsPopulatedByService map. * staging/src/k8s.io/endpointslice/topologycache/topologycache.go (setHintsLocked, hasPopulatedHintsLocked): New helper functions. These are the same as the existing SetHints and HasPopulatedHints methods except that these helpers assume that a lock is already held. (SetHints): Use setHintsLocked. (HasPopulatedHints): Take a lock and use hasPopulatedHintsLocked. (AddHints): Take a lock and use setHintsLocked and hasPopulatedHintsLocked. * staging/src/k8s.io/endpointslice/topologycache/topologycache_test.go (TestTopologyCacheRace): Add a goroutine that calls HasPopulatedHints.
/test unit |
/test unit |
3 similar comments
/test unit |
/test unit |
/test unit |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@soltysh: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: