WIP: Rebase 1.36 - for debugging InPlacePodVerticalScaling failures#2669
Closed
jubittajohn wants to merge 2963 commits into
Closed
WIP: Rebase 1.36 - for debugging InPlacePodVerticalScaling failures#2669jubittajohn wants to merge 2963 commits into
jubittajohn wants to merge 2963 commits into
Conversation
KEP-5491: DRA: List Types for Attributes [Alpha]
The fast-delete pod status tests currently require the intentionally failing "fail" container to report exit code 1. In CI, some runtimes occasionally report exit code 2 with reason=Error even though the tested invariant still holds: the container failed and the blocked workload container never started. The latest dims/test-k8s failure on master showed exactly that state: the pod remained Failed, Initialized=False, the blocked container reported started=false, and only the failing init container drifted from exit 1 to exit 2. This matches kubernetes/kubernetes issue 135713 and the related pending-container history in PR 131605. Accept exit code 2 in this verifier so the test continues to assert the behavior it is meant to cover instead of a lower-layer exit-code detail. Fixes issue 135713 Tested: - hack/verify-gofmt.sh - hack/verify-test-code.sh - hack/verify-typecheck.sh ./test/e2e/node/... - go test ./test/e2e/node -run TestNonExistent -count=1 Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Replace plain bool with sync/atomic.Bool for the useStreaming field in remoteRuntimeService and remoteImageService to eliminate a data race when multiple goroutines concurrently read/write the field during Unimplemented fallback. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
…logquery-lock-defualt [FeatureGate] Promote NodeLogQuery to GA in v1.36 and lock default to `true`
…-flake Set WithSerial on HPA tests that conflict api registration
…able-tolerance-e2e-deterministic-cpu-load fix: [sig-autoscaling] flaky HPAConfigurableTolerance e2e should scale up but should not scale down
…-pod-status-exit-2 test/e2e/node: tolerate exit code 2 in pod status flake
gRPC defaults to the DNS resolver for bare targets passed to NewClient. For CRI socket endpoints, GetAddressAndDialer returns a socket path plus a custom dialer, but handing the bare path to grpc.NewClient still lets gRPC resolve the target first. That breaks unix socket clients with errors like "name resolver error: produced zero addresses" before the custom dialer ever sees the raw path. Use the passthrough resolver for socket-style addresses so the runtime and image clients hand the original endpoint directly to the custom dialer. Add a regression test for unix sockets, Windows named pipes, and TCP addresses. Precedent: https://github.com/etcd-io/etcd/blob/v3.3.27/clientv3/client.go#L266-L270 https://github.com/grpc/grpc-go/blob/v1.72.2/dialoptions.go#L448-L451 Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
…nt-unix-socket-dialing cri-client: use passthrough resolver for socket endpoints
KEP-5729: DRA: ResourceClaim Support for Workloads
…v1alpha2 Add workload aware preemption
…g-fixes [InPlacePodLevelResourcesVerticalScaling] Plr ippr kubelet bug fixes
[InPlacePodLevelResourcesVerticalScaling] Ippr flaky test
[PodLevelResources] Graduate InPlacePodLevelResourcesVerticalScaling feature to beta
cri-client: use atomic.Bool for useStreaming to fix data race
Fix restartable init container startup race
Fix user namespace test cleanup race
This reverts commit 4a69899.
Co-authored-by: Omar Sayed <omarsayed@google.com>
…acheGC is enabled Squash into UPSTREAM: <carry>: create termination events
…s the gc integration test issue
Could squash into UPSTREAM: <carry>: emit event when readyz goes true
Squash into: UPSTREAM: <carry>: add management support to kubelet
kuberc subcommand is not yet registered in oc. Tests will be re-enabled after oc is bumped to 1.36 To be squashed with the commit UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs before 1.36 rebase bump merges Signed-off-by: jubittajohn <jujohn@redhat.com>
… driver when not enabled The upstream csi-hostpath-plugin.yaml manifest now includes a csi-snapshot-metadata sidecar container and volume (added in k/k#130918). Upstream PR k/k#137057 added conditional stripping of these when CapSnapshotMetadata is not enabled, but only for the upstream hostpathCSIDriver. The OpenShift-specific groupSnapshotHostpathCSIDriver was never updated, causing the driver pod to fail with "secret csi-snapshot-metadata-server-certs not found" and all csi-hostpath-groupsnapshot tests to fail in techpreview jobs. Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: Sai Ramesh Vanka <svanka@redhat.com>
instead, check whether the pod is allocated, and return that when we return allocated pods Signed-off-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: Peter Hunt <pehunt@redhat.com>
openshift-ci-robot
added
the
backports/unvalidated-commits
jubittajohn
changed the title
openshift-ci
Bot
added
the
do-not-merge/work-in-progress
WalkthroughThis pull request introduces broad Kubernetes API surface updates centered on sharded list/watch support and pod scheduling groups. It updates toolchains, infrastructure configuration, and adds extensive OpenAPI specification changes across all major Kubernetes API groups. ChangesInfrastructure, Configuration, and Ownership
API Specification and Discovery Updates
🎯 4 (Complex) | ⏱️ ~60 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jubittajohn The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@api/openapi-spec/README.md`:
- Line 59: The README line and any occurrences that currently reference the
incorrect extension name "x-kubernetes-list-maps-keys" should be updated to the
correct extension "x-kubernetes-list-map-keys" (remove the extra 's'); search
for and replace that exact string in places like the sentence starting with
"Operations and Definitions may have `x-kubernetes-list-maps-keys`" and in the
accompanying header/example so the header, body text, and examples consistently
use "x-kubernetes-list-map-keys".
In `@api/openapi-spec/v3/apis__authentication.k8s.io__v1_openapi.json`:
- Line 135: Update the description text to reference the correct plural field
name: replace the incorrect `status.audience` with `status.audiences` in the
TokenReviewStatus description so it consistently refers to
`TokenReviewStatus.audiences` (and `status.audiences`) used in the schema and
client code.
In `@api/openapi-spec/v3/apis__batch__v1_openapi.json`:
- Around line 43-45: The CronJob schema was changed to mark "spec" as required,
which incorrectly forces status-update endpoints to require spec; revert that
change by removing "spec" from the shared CronJob schema's "required" array and
instead introduce a separate request schema (e.g., CronJobCreate or
CronJobStatusReplaceRequest) used only by create/update endpoints; update the
OpenAPI operation objects for create/update to reference the new schema while
leaving status-related operations (like the /status replace endpoints) pointed
at the unchanged shared CronJob schema so status bodies are not required to
include spec.
- Around line 2982-2998: The PodSchedulingGroup schema allows an empty object
despite stating "Exactly one field must be specified"; update the
io.k8s.api.core.v1.PodSchedulingGroup definition to enforce that by making
podGroupName required (add a "required": ["podGroupName"] array) so clients
cannot pass {} for spec.schedulingGroup; ensure the change is applied alongside
the existing "podGroupName" property and leave the x-kubernetes-unions entry
intact.
In `@api/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.json`:
- Line 240: Update the description string for the proofOfPossession field in the
OpenAPI JSON (apis__certificates.k8s.io__v1beta1_openapi.json) to correct typos:
change "contructed" to "constructed" and remove the duplicated "the" in "the the
signature" so it reads "the signature"; ensure the rest of the wording
(references to RSA/RSASSA-PSS, ECDSA/SignASN1, ED25519/Sign and the deprecation
note about StubPKCS10Request) remains unchanged and intact.
In `@api/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.json`:
- Around line 1940-1948: The description for the query parameter named
"shardSelector" in the deletecollection operations currently says it "restricts
the list of returned objects" but should say it restricts the set of objects
selected for deletion; update the description text for the "shardSelector" query
parameter (the object with "name": "shardSelector", "in": "query", and the same
schema) in each deletecollection block so that the wording clarifies it limits
which objects will be deleted (preserve the rest of the explanatory text,
examples, and notes about alpha feature gate).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 53e0aab4-6b7c-4091-b4b5-f19dc91ea56b
⛔ Files ignored due to path filters (26)
LICENSES/vendor/github.com/armon/circbuf/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/cenkalti/backoff/v4/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/cenkalti/backoff/v5/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/gregjones/httpcache/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/karrick/godirwalk/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/libopenstorage/openstorage/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/mohae/deepcopy/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/mrunalp/fileutils/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/pkg/errors/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/metric/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/sdk/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/trace/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.uber.org/zap/LICENSEis excluded by!**/vendor/**LICENSES/vendor/k8s.io/utils/third_party/forked/golang/LICENSEis excluded by!**/vendor/**LICENSES/vendor/k8s.io/utils/third_party/forked/golang/btree/LICENSEis excluded by!**/vendor/**cmd/kubeadm/app/discovery/token/testdata/ca-cert.pemis excluded by!**/*.pemcmd/kubeadm/app/util/config/testdata/mynode.pemis excluded by!**/*.pemcmd/kubeadm/app/util/pubkeypin/testdata/test-cert.pemis excluded by!**/*.pemcmd/kubeadm/app/util/pubkeypin/testdata/test-cert2.pemis excluded by!**/*.pem
📒 Files selected for processing (274)
.ci-operator.yaml.github/PULL_REQUEST_TEMPLATE.md.gitignore.go-versionCHANGELOG/CHANGELOG-1.35.mdCHANGELOG/CHANGELOG-1.36.mdCHANGELOG/README.mdOWNERS_ALIASESapi/api-rules/sample_controller_violation_exceptions.listapi/api-rules/violation_exceptions.listapi/discovery/aggregated_v2.jsonapi/discovery/apis.jsonapi/discovery/apis__admissionregistration.k8s.io__v1.jsonapi/discovery/apis__resource.k8s.io__v1alpha3.jsonapi/discovery/apis__resource.k8s.io__v1beta2.jsonapi/discovery/apis__scheduling.k8s.io.jsonapi/discovery/apis__scheduling.k8s.io__v1alpha1.jsonapi/discovery/apis__scheduling.k8s.io__v1alpha2.jsonapi/discovery/apis__storage.k8s.io__v1.jsonapi/discovery/apis__storage.k8s.io__v1beta1.jsonapi/openapi-spec/README.mdapi/openapi-spec/swagger.jsonapi/openapi-spec/v3/api__v1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__apiregistration.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__apps__v1_openapi.jsonapi/openapi-spec/v3/apis__authentication.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__authorization.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__autoscaling__v1_openapi.jsonapi/openapi-spec/v3/apis__autoscaling__v2_openapi.jsonapi/openapi-spec/v3/apis__batch__v1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1alpha2_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__discovery.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__events.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__flowcontrol.apiserver.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__internal.apiserver.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__networking.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__node.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__policy__v1_openapi.jsonapi/openapi-spec/v3/apis__rbac.authorization.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1alpha3_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1beta2_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1alpha2_openapi.jsonapi/openapi-spec/v3/apis__storage.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__storage.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__storagemigration.k8s.io__v1beta1_openapi.jsonbuild/build-image/cross/VERSIONbuild/common.shbuild/dependencies.yamlbuild/lib/release.shbuild/nsswitch.confbuild/pause/CHANGELOG.mdbuild/pause/Dockerfile.Rhelbuild/pause/Makefilebuild/server-image/Dockerfilebuild/server-image/kube-apiserver/Dockerfilebuild/tools.gocluster/addons/dns/coredns/coredns.yaml.basecluster/addons/dns/coredns/coredns.yaml.incluster/addons/dns/coredns/coredns.yaml.sedcluster/addons/dns/kube-dns/kube-dns.yaml.basecluster/addons/dns/kube-dns/kube-dns.yaml.incluster/addons/dns/kube-dns/kube-dns.yaml.sedcluster/addons/dns/nodelocaldns/nodelocaldns.yamlcluster/addons/kube-proxy/OWNERScluster/addons/kube-proxy/kube-proxy-ds.yamlcluster/addons/kube-proxy/kube-proxy-rbac.yamlcluster/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yamlcluster/gce/addons/konnectivity-agent/konnectivity-agent-ds.yamlcluster/gce/config-common.shcluster/gce/config-default.shcluster/gce/config-test.shcluster/gce/gci/configure-helper.shcluster/gce/gci/configure.shcluster/gce/gci/master.yamlcluster/gce/gci/mounter/mounter.gocluster/gce/gci/node.yamlcluster/gce/manifests/cloud-controller-manager.manifestcluster/gce/manifests/etcd.manifestcluster/gce/manifests/konnectivity-server.yamlcluster/gce/manifests/kube-proxy.manifestcluster/gce/upgrade-aliases.shcluster/gce/util.shcluster/gce/windows/k8s-node-setup.psm1cluster/gce/windows/smoke-test.shcluster/images/etcd/Dockerfilecluster/images/etcd/Dockerfile.windowscluster/images/etcd/Makefilecluster/images/etcd/OWNERScluster/images/etcd/README.mdcluster/images/etcd/cloudbuild.yamlcluster/images/etcd/migrate-if-needed.batcluster/images/etcd/migrate-if-needed.shcluster/images/etcd/migrate/copy_file.gocluster/images/etcd/migrate/data_dir.gocluster/images/etcd/migrate/data_dir_test.gocluster/images/etcd/migrate/integration_test.gocluster/images/etcd/migrate/migrate.gocluster/images/etcd/migrate/migrate_client.gocluster/images/etcd/migrate/migrate_server.gocluster/images/etcd/migrate/migrator.gocluster/images/etcd/migrate/options.gocluster/images/etcd/migrate/options_test.gocluster/images/etcd/migrate/testdata/datadir_with_version/version.txtcluster/images/etcd/migrate/testdata/datadir_without_version/.placeholdercluster/images/etcd/migrate/util_others.gocluster/images/etcd/migrate/utils_windows.gocluster/images/etcd/migrate/versions.gocluster/images/etcd/migrate/versions_test.gocmd/cloud-controller-manager/.import-restrictionscmd/genfeaturegates/genfeaturegates.gocmd/kube-apiserver/OWNERScmd/kube-apiserver/app/aggregator.gocmd/kube-apiserver/app/testing/testserver.gocmd/kube-controller-manager/app/batch.gocmd/kube-controller-manager/app/controller_descriptor.gocmd/kube-controller-manager/app/controllermanager.gocmd/kube-controller-manager/app/controllermanager_test.gocmd/kube-controller-manager/app/core.gocmd/kube-controller-manager/app/options/options.gocmd/kube-controller-manager/app/options/options_test.gocmd/kube-controller-manager/app/options/resourceclaimcontroller.gocmd/kube-controller-manager/app/plugins.gocmd/kube-controller-manager/app/plugins_providers.gocmd/kube-controller-manager/app/plugins_test.gocmd/kube-controller-manager/app/resource.gocmd/kube-controller-manager/app/scheduling.gocmd/kube-controller-manager/app/scheduling_test.gocmd/kube-controller-manager/app/storageversionmigrator.gocmd/kube-controller-manager/app/testing/testserver.gocmd/kube-controller-manager/names/controller_names.gocmd/kube-proxy/app/conntrack.gocmd/kube-proxy/app/init_linux.gocmd/kube-proxy/app/init_other.gocmd/kube-proxy/app/init_windows.gocmd/kube-proxy/app/options.gocmd/kube-proxy/app/server.gocmd/kube-proxy/app/server_linux.gocmd/kube-proxy/app/server_linux_test.gocmd/kube-proxy/app/server_other.gocmd/kube-proxy/app/server_test.gocmd/kube-proxy/app/server_windows.gocmd/kube-scheduler/app/options/options.gocmd/kube-scheduler/app/options/options_test.gocmd/kube-scheduler/app/server.gocmd/kubeadm/app/apis/kubeadm/v1beta3/defaults_unix.gocmd/kubeadm/app/apis/kubeadm/v1beta3/defaults_windows.gocmd/kubeadm/app/apis/kubeadm/v1beta4/defaults_unix.gocmd/kubeadm/app/apis/kubeadm/v1beta4/defaults_windows.gocmd/kubeadm/app/apis/kubeadm/validation/util_unix.gocmd/kubeadm/app/apis/kubeadm/validation/util_windows.gocmd/kubeadm/app/cmd/certs_test.gocmd/kubeadm/app/cmd/config.gocmd/kubeadm/app/cmd/init.gocmd/kubeadm/app/cmd/options/constant.gocmd/kubeadm/app/cmd/phases/init/bootstraptoken.gocmd/kubeadm/app/cmd/phases/init/data.gocmd/kubeadm/app/cmd/phases/init/data_test.gocmd/kubeadm/app/cmd/phases/init/kubeletfinalize.gocmd/kubeadm/app/cmd/phases/init/uploadconfig.gocmd/kubeadm/app/cmd/phases/init/waitcontrolplane.gocmd/kubeadm/app/cmd/phases/join/controlplanejoin.gocmd/kubeadm/app/cmd/phases/join/data.gocmd/kubeadm/app/cmd/phases/join/data_test.gocmd/kubeadm/app/cmd/phases/join/kubelet.gocmd/kubeadm/app/cmd/phases/reset/cleanupnode.gocmd/kubeadm/app/cmd/phases/reset/data.gocmd/kubeadm/app/cmd/phases/reset/data_test.gocmd/kubeadm/app/cmd/phases/reset/removeetcdmember_test.gocmd/kubeadm/app/cmd/phases/reset/testdata/etcd-pod-without-data-volume.yamlcmd/kubeadm/app/cmd/phases/reset/testdata/etcd-pod.yamlcmd/kubeadm/app/cmd/phases/reset/unmount.gocmd/kubeadm/app/cmd/phases/reset/unmount_linux.gocmd/kubeadm/app/cmd/phases/reset/unmount_linux_test.gocmd/kubeadm/app/cmd/phases/upgrade/apply/bootstraptoken.gocmd/kubeadm/app/cmd/phases/upgrade/apply/uploadconfig.gocmd/kubeadm/app/cmd/phases/upgrade/data.gocmd/kubeadm/app/cmd/phases/upgrade/data_test.gocmd/kubeadm/app/cmd/phases/upgrade/postupgrade.gocmd/kubeadm/app/cmd/reset.gocmd/kubeadm/app/cmd/testdata/token-config.yamlcmd/kubeadm/app/cmd/token_test.gocmd/kubeadm/app/cmd/upgrade/common_test.gocmd/kubeadm/app/cmd/upgrade/plan.gocmd/kubeadm/app/cmd/upgrade/testdata/config-token.yamlcmd/kubeadm/app/cmd/util_other_test.gocmd/kubeadm/app/cmd/util_windows_test.gocmd/kubeadm/app/componentconfigs/kubelet_unix.gocmd/kubeadm/app/componentconfigs/kubelet_unix_test.gocmd/kubeadm/app/componentconfigs/kubelet_windows.gocmd/kubeadm/app/componentconfigs/kubelet_windows_test.gocmd/kubeadm/app/constants/constants.gocmd/kubeadm/app/constants/constants_test.gocmd/kubeadm/app/constants/constants_unix.gocmd/kubeadm/app/constants/constants_windows.gocmd/kubeadm/app/discovery/discovery.gocmd/kubeadm/app/discovery/discovery_test.gocmd/kubeadm/app/discovery/testdata/ca.crtcmd/kubeadm/app/discovery/token/testdata/expected-kubeconfig.yamlcmd/kubeadm/app/discovery/token/token_test.gocmd/kubeadm/app/features/features.gocmd/kubeadm/app/phases/addons/dns/dns_test.gocmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.gocmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap_test.gocmd/kubeadm/app/phases/certs/certlist.gocmd/kubeadm/app/phases/controlplane/manifests_test.gocmd/kubeadm/app/phases/controlplane/volumes.gocmd/kubeadm/app/phases/controlplane/volumes_test.gocmd/kubeadm/app/phases/copycerts/testutil_umask.gocmd/kubeadm/app/phases/copycerts/testutil_umask_noop.gocmd/kubeadm/app/phases/etcd/local.gocmd/kubeadm/app/phases/etcd/local_test.gocmd/kubeadm/app/phases/kubeconfig/kubeconfig.gocmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.gocmd/kubeadm/app/phases/upgrade/health.gocmd/kubeadm/app/preflight/checks.gocmd/kubeadm/app/preflight/checks_darwin.gocmd/kubeadm/app/preflight/checks_linux.gocmd/kubeadm/app/preflight/checks_other.gocmd/kubeadm/app/preflight/checks_unix.gocmd/kubeadm/app/preflight/checks_windows.gocmd/kubeadm/app/util/apiclient/wait.gocmd/kubeadm/app/util/chroot_unix.gocmd/kubeadm/app/util/chroot_windows.gocmd/kubeadm/app/util/config/cluster.gocmd/kubeadm/app/util/config/cluster_test.gocmd/kubeadm/app/util/config/common.gocmd/kubeadm/app/util/config/common_test.gocmd/kubeadm/app/util/config/initconfiguration.gocmd/kubeadm/app/util/config/initconfiguration_test.gocmd/kubeadm/app/util/config/testdata/kubelet-with-embedded-cert.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-invalid-context.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-invalid-user.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-linked-cert.yamlcmd/kubeadm/app/util/config/testdata/kubelet-without-cert.yamlcmd/kubeadm/app/util/config/upgradeconfiguration.gocmd/kubeadm/app/util/copy_unix.gocmd/kubeadm/app/util/copy_windows.gocmd/kubeadm/app/util/etcd/etcd.gocmd/kubeadm/app/util/etcd/etcd_test.gocmd/kubeadm/app/util/initsystem/initsystem_unix.gocmd/kubeadm/app/util/initsystem/initsystem_windows.gocmd/kubeadm/app/util/kubeconfig/kubeconfig.gocmd/kubeadm/app/util/kubeconfig/kubeconfig_test.gocmd/kubeadm/app/util/kubeconfig/testdata/user1.yamlcmd/kubeadm/app/util/kubeconfig/testdata/user2.yamlcmd/kubeadm/app/util/marshal_test.gocmd/kubeadm/app/util/pubkeypin/pubkeypin_test.gocmd/kubeadm/app/util/runtime/fake_impl.gocmd/kubeadm/app/util/runtime/impl.gocmd/kubeadm/app/util/runtime/runtime.gocmd/kubeadm/app/util/runtime/runtime_unix.gocmd/kubeadm/app/util/runtime/runtime_windows.gocmd/kubeadm/app/util/staticpod/testdata/invalid-with-default-fields.yamlcmd/kubeadm/app/util/staticpod/testdata/valid-pod-different-order.yamlcmd/kubeadm/app/util/staticpod/testdata/valid-pod.yamlcmd/kubeadm/app/util/staticpod/testdata/valid-pod2.yamlcmd/kubeadm/app/util/staticpod/utils.gocmd/kubeadm/app/util/staticpod/utils_linux.gocmd/kubeadm/app/util/staticpod/utils_linux_test.gocmd/kubeadm/app/util/staticpod/utils_others.go
💤 Files with no reviewable changes (1)
- api/discovery/apis__scheduling.k8s.io__v1alpha1.json
|
|
||
| ### `x-kubernetes-list-map-keys` | ||
|
|
||
| Operations and Definitions may have `x-kubernetes-list-maps-keys` if they |
There was a problem hiding this comment.
Fix the typo in the extension name.
The text incorrectly references x-kubernetes-list-maps-keys but the correct extension name is x-kubernetes-list-map-keys (without the 's' in "maps"). This inconsistency could confuse readers, as the header and example both use the correct name.
📝 Proposed fix for the typo
-Operations and Definitions may have `x-kubernetes-list-maps-keys` if they
+Operations and Definitions may have `x-kubernetes-list-map-keys` if they📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| Operations and Definitions may have `x-kubernetes-list-maps-keys` if they | |
| Operations and Definitions may have `x-kubernetes-list-map-keys` if they |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/README.md` at line 59, The README line and any occurrences
that currently reference the incorrect extension name
"x-kubernetes-list-maps-keys" should be updated to the correct extension
"x-kubernetes-list-map-keys" (remove the extra 's'); search for and replace that
exact string in places like the sentence starting with "Operations and
Definitions may have `x-kubernetes-list-maps-keys`" and in the accompanying
header/example so the header, body text, and examples consistently use
"x-kubernetes-list-map-keys".
| "properties": { | ||
| "audiences": { | ||
| "description": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.", | ||
| "description": "audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.", |
There was a problem hiding this comment.
Fix field name mismatch in TokenReviewStatus.audiences description.
Line 135 says status.audience (singular), but the actual field is status.audiences. Please align the description to avoid client confusion.
✏️ Suggested patch
- "description": "audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
+ "description": "audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audiences field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "description": "audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.", | |
| "description": "audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audiences field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.", |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__authentication.k8s.io__v1_openapi.json` at line
135, Update the description text to reference the correct plural field name:
replace the incorrect `status.audience` with `status.audiences` in the
TokenReviewStatus description so it consistently refers to
`TokenReviewStatus.audiences` (and `status.audiences`) used in the schema and
client code.
Comment on lines
+43
to
+45
| "required": [ | ||
| "spec" | ||
| ], |
There was a problem hiding this comment.
Avoid making CronJob.spec globally required in the shared schema.
This schema is reused by the /status replace endpoints later in the file, so marking spec as required here turns status-update bodies into “must include spec” from the published OpenAPI contract’s perspective. That is a breaking change for generated clients and local validators even if the apiserver still ignores spec on status updates.
Suggested fix
- "required": [
- "spec"
- ],
"type": "object",If the intent is to require spec only for create/read semantics, the safer fix is to keep the shared CronJob schema unchanged and use a dedicated status request schema instead.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "required": [ | |
| "spec" | |
| ], | |
| "type": "object", |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__batch__v1_openapi.json` around lines 43 - 45, The
CronJob schema was changed to mark "spec" as required, which incorrectly forces
status-update endpoints to require spec; revert that change by removing "spec"
from the shared CronJob schema's "required" array and instead introduce a
separate request schema (e.g., CronJobCreate or CronJobStatusReplaceRequest)
used only by create/update endpoints; update the OpenAPI operation objects for
create/update to reference the new schema while leaving status-related
operations (like the /status replace endpoints) pointed at the unchanged shared
CronJob schema so status bodies are not required to include spec.
Comment on lines
+2982
to
+2998
| "io.k8s.api.core.v1.PodSchedulingGroup": { | ||
| "description": "PodSchedulingGroup identifies the runtime scheduling group instance that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics. Exactly one field must be specified.", | ||
| "properties": { | ||
| "podGroupName": { | ||
| "description": "PodGroupName specifies the name of the standalone PodGroup object that represents the runtime instance of this group. Must be a DNS subdomain.", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "type": "object", | ||
| "x-kubernetes-unions": [ | ||
| { | ||
| "fields-to-discriminateBy": { | ||
| "podGroupName": "PodGroupName" | ||
| } | ||
| } | ||
| ] | ||
| }, |
There was a problem hiding this comment.
Require podGroupName in PodSchedulingGroup.
The description says “Exactly one field must be specified,” but this schema currently accepts {}. That weakens client-side validation for spec.schedulingGroup and makes the published contract looser than the server-side behavior.
Suggested fix
"io.k8s.api.core.v1.PodSchedulingGroup": {
"description": "PodSchedulingGroup identifies the runtime scheduling group instance that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics. Exactly one field must be specified.",
"properties": {
"podGroupName": {
"description": "PodGroupName specifies the name of the standalone PodGroup object that represents the runtime instance of this group. Must be a DNS subdomain.",
"type": "string"
}
},
+ "required": [
+ "podGroupName"
+ ],
"type": "object",
"x-kubernetes-unions": [📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "io.k8s.api.core.v1.PodSchedulingGroup": { | |
| "description": "PodSchedulingGroup identifies the runtime scheduling group instance that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics. Exactly one field must be specified.", | |
| "properties": { | |
| "podGroupName": { | |
| "description": "PodGroupName specifies the name of the standalone PodGroup object that represents the runtime instance of this group. Must be a DNS subdomain.", | |
| "type": "string" | |
| } | |
| }, | |
| "type": "object", | |
| "x-kubernetes-unions": [ | |
| { | |
| "fields-to-discriminateBy": { | |
| "podGroupName": "PodGroupName" | |
| } | |
| } | |
| ] | |
| }, | |
| "io.k8s.api.core.v1.PodSchedulingGroup": { | |
| "description": "PodSchedulingGroup identifies the runtime scheduling group instance that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics. Exactly one field must be specified.", | |
| "properties": { | |
| "podGroupName": { | |
| "description": "PodGroupName specifies the name of the standalone PodGroup object that represents the runtime instance of this group. Must be a DNS subdomain.", | |
| "type": "string" | |
| } | |
| }, | |
| "required": [ | |
| "podGroupName" | |
| ], | |
| "type": "object", | |
| "x-kubernetes-unions": [ | |
| { | |
| "fields-to-discriminateBy": { | |
| "podGroupName": "PodGroupName" | |
| } | |
| } | |
| ] | |
| }, |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__batch__v1_openapi.json` around lines 2982 - 2998,
The PodSchedulingGroup schema allows an empty object despite stating "Exactly
one field must be specified"; update the io.k8s.api.core.v1.PodSchedulingGroup
definition to enforce that by making podGroupName required (add a "required":
["podGroupName"] array) so clients cannot pass {} for spec.schedulingGroup;
ensure the change is applied alongside the existing "podGroupName" property and
leave the x-kubernetes-unions entry intact.
| }, | ||
| "proofOfPossession": { | ||
| "description": "proofOfPossession proves that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).", | ||
| "description": "A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).\n\nDeprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty.", |
There was a problem hiding this comment.
Fix typos in the proofOfPossession description.
Line 240 has wording issues ("contructed" and "the the signature"), which can confuse API consumers reading generated docs.
✏️ Proposed text fix
- "description": "A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).\n\nDeprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty.",
+ "description": "A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is constructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, then the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).\n\nDeprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty.",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "description": "A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, the the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).\n\nDeprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty.", | |
| "description": "A proof that the requesting kubelet holds the private key corresponding to pkixPublicKey.\n\nIt is constructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.\n\nkube-apiserver validates the proof of possession during creation of the PodCertificateRequest.\n\nIf the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).\n\nIf the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0](https://www.secg.org/sec1-v2.pdf) (as implemented by the golang library function crypto/ecdsa.SignASN1)\n\nIf the key is an ED25519 key, then the signature is as described by the [ED25519 Specification](https://ed25519.cr.yp.to/) (as implemented by the golang library crypto/ed25519.Sign).\n\nDeprecated: This field is replaced by StubPKCS10Request. If StubPKCS10Request is set, this field must be empty.", |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.json` at line
240, Update the description string for the proofOfPossession field in the
OpenAPI JSON (apis__certificates.k8s.io__v1beta1_openapi.json) to correct typos:
change "contructed" to "constructed" and remove the duplicated "the" in "the the
signature" so it reads "the signature"; ensure the rest of the wording
(references to RSA/RSASSA-PSS, ECDSA/SignASN1, ED25519/Sign and the deprecation
note about StubPKCS10Request) remains unchanged and intact.
Comment on lines
+1940
to
+1948
| { | ||
| "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | ||
| "in": "query", | ||
| "name": "shardSelector", | ||
| "schema": { | ||
| "type": "string", | ||
| "uniqueItems": true | ||
| } | ||
| }, |
There was a problem hiding this comment.
Clarify shardSelector semantics for deletecollection operations
Line 1941 (and the same text in the other deletecollection blocks) says this parameter restricts “the list of returned objects”, but these operations are deletecollection calls. Please update the description to state it restricts the set of objects selected for deletion.
Also applies to: 3027-3035, 3944-3952, 5200-5208, 6307-6315
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.json` around lines
1940 - 1948, The description for the query parameter named "shardSelector" in
the deletecollection operations currently says it "restricts the list of
returned objects" but should say it restricts the set of objects selected for
deletion; update the description text for the "shardSelector" query parameter
(the object with "name": "shardSelector", "in": "query", and the same schema) in
each deletecollection block so that the wording clarifies it limits which
objects will be deleted (preserve the rest of the explanatory text, examples,
and notes about alpha feature gate).
Author
|
/retest |
Author
|
/test e2e-aws-ovn-serial-1of2 |
Author
|
/test e2e-aws-ovn-techpreview-serial-1of2 |
Author
|
/test k8s-e2e-gcp-serial |
|
@jubittajohn: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Member
|
replaced by #2672 |
|
@haircommander: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is mainly to debug the
[sig-node] [Serial] Pod InPlace Resize Container (deferred-resizes) [FeatureGate:InPlacePodVerticalScaling] pod-resize-retry-deferred-test-2failureSummary by CodeRabbit
New Features
shardSelectorquery parameter across multiple APIs.MutatingAdmissionPolicy,MutatingAdmissionPolicyBinding,PodGroup,DeviceTaintRule, andResourcePoolStatusRequest.schedulingGroupfield to Pod specifications and newShardInfometadata for list responses.Chores
Documentation