New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rebase 1.30.0 rc.2 #1943
Rebase 1.30.0 rc.2 #1943
Conversation
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
…or-control-plane Check taints as well for control-plane
…test Integration test for change in syncOrphanPod for managedBy jobs
Follow up fix to the job status update test
Signed-off-by: Monis Khan <mok@microsoft.com>
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
Require email_verified to be used when email is set as username via CEL
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
[Storage Version Migration] feat: implements Storage Version Migration
…b-unit Job: Use the fake clock in TestTrackJobStatusAndRemoveFinalizers
The map is changed to an array so as to retain the order of the original array propagated from the CRI runtime. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit modifies the following files: - pkg/apis/core/types.go - staging/src/k8s.io/api/core/v1/types.go Other changes were auto-generated by running `make update`. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
See <https://kep.k8s.io/3857>. An example manifest: ```yaml apiVersion: v1 kind: Pod metadata: name: rro spec: volumes: - name: mnt hostPath: # tmpfs is mounted on /mnt/tmpfs path: /mnt containers: - name: busybox image: busybox args: ["sleep", "infinity"] volumeMounts: # /mnt-rro/tmpfs is not writable - name: mnt mountPath: /mnt-rro readOnly: true mountPropagation: None recursiveReadOnly: IfPossible # /mnt-ro/tmpfs is writable - name: mnt mountPath: /mnt-ro readOnly: true # /mnt-rw/tmpfs is writable - name: mnt mountPath: /mnt-rw ``` Requirements: - Feature gate "RecursiveReadOnlyMounts" to be enabled - Linux kernel >= 5.12 - runc >= 1.1 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Usage: ``` make test-e2e-node \ TEST_ARGS='--service-feature-gates=RecursiveReadOnlyMounts=true --kubelet-flags="--feature-gates=RecursiveReadOnlyMounts=true"' \ FOCUS="Mount recursive read-only" SKIP="" ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Kevin Klues <kklues@nvidia.com>
KEP-3857: Recursive Read-only (RRO) mounts
Signed-off-by: Monis Khan <mok@microsoft.com>
Add dynamic reload support for authentication configuration
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
…fig_reload_metrics Add metrics for authentication config reload
Kubelet should advertise the shared cpus as extedned resources. This has the benefit of limiting the amount of containers that can request an access to the shared cpus. For more information see - openshift/enhancements#1396 Signed-off-by: Talor Itzhak <titzhak@redhat.com>
…force 2nd labeling to make tests work
This commit needs to be carried until we rebase onto Kube 1.31. We have backported the library changes to 1.28, which means they can then be used in 1.29. Upstream, they were only introduced in 1.30 which means they wouldn't be usable until 1.31. This allows us to improve our API validation from OpenShift 4.16 onwards, instead of OpenShift 4.18 onwards. UPSTREAM: <carry>: Set up CEL IP/CIDR library from 4.14 onwards Carry until K8s 1.31 rebase.
pod .spec.nodeName should not override project node selector in podNodeEnvironment admission plugin UPSTREAM: <carry>: Update management webhook pod admission logic Updating the logic for pod admission to allow a pod creation with workload partitioning annotations to be run in a namespace that has no workload allow annoations. The pod will be stripped of its workload annotations and treated as if it were normal, a warning annoation will be placed to note the behavior on the pod. Signed-off-by: ehila <ehila@redhat.com> UPSTREAM: <carry>: add new admission for handling shared cpus Adding a new mutation plugin that handles the following: 1. In case of `workload.openshift.io/enable-shared-cpus` request, it adds an annotation to hint runtime about the request. runtime is not aware of extended resources, hence we need the annotation. 2. It validates the pod's QoS class and return an error if it's not a guaranteed QoS class 3. It validates that no more than a single resource is being request. 4. It validates that the pod deployed in a namespace that has mixedcpus workloads allowed annotation. For more information see - openshift/enhancements#1396 Signed-off-by: Talor Itzhak <titzhak@redhat.com> UPSTREAM: <carry>: Add context to ObjectValidator TODO: add router validation logic to implement ctx add in ObjectValidator Co-authored-by: Swarup Ghosh <swghosh@redhat.com> Signed-off-by: Swarup Ghosh <swghosh@redhat.com>
…t-install architectures
- inject openshift feature gates into pkg/features Signed-off-by: Swarup Ghosh <swghosh@redhat.com>
This is a short term fix, once we improve the cert rotation logic in library-go that does not depend on this hack, then we can remove this carry patch.
squash with the previous PR during the rebase openshift#1924
squash with the previous PRs during the rebase openshift#1924 openshift#1929
when static pods have workload partitioning enabled we should not alter their resources if they are Guaranteed QoS, this change adds a check for Guaranteed QoS Signed-off-by: ehila <ehila@redhat.com> test: add unit tests for error states Signed-off-by: ehila <ehila@redhat.com>
…bjectValidator Co-authored-by: Thejas N <thn@redhat.com> Signed-off-by: Swarup Ghosh <swghosh@redhat.com>
Signed-off-by: Vu Dinh <vudinh@outlook.com>
ba19210
to
bc38443
Compare
Signed-off-by: Vu Dinh <vudinh@outlook.com>
Signed-off-by: Vu Dinh <vudinh@outlook.com>
dbe54e7
to
80dd84d
Compare
@dinhxuanvu: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Superseded by #1953 |
@dinhxuanvu: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: