Bug 2008827: Rebase v1.22.2 #985
Conversation
vendor: bump k8s.io/util to get fix for LRU cache
For the complete release notes, see - https://github.com/opencontainers/runc/releases/tag/v1.0.2 In particular, this fixes the check cgroup v1 systemd manager check if a container needs to be frozen before Set(), and adds a knob to skip the check/freeze entirely (to be used by the next commit). Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This is a knob added by runc 1.0.2 specifically for kubernetes, which tells runc/libcontainer/cgroups/systemd v1 manager to not freeze the cgroup in Set(). We set this knob here because this code is only used for pods (rather than containers) management, and in this place we create or update the pod cgroup with no device limits set, so we can skip the freeze. If this knob is not set, libcontainer's cgroup v1 manager tries to figure out whether the freeze is needed or not, but it's a somewhat expensive check to perform, thus the knob is a shortcut. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> (cherry picked from commit c06a851) Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: qhdxssm@qq.com <qhdxssm@qq.com>
[1.22] vendor: bump runc to 1.0.2
…watch based manager
…ick-of-#104604-upstream-release-1.22 Automated cherry pick of kubernetes#104604: Don't prematurely close reflectors in case of slow
Fixes two issues with how the pod worker refactor calculated the pods that admission could see (GetActivePods() and filterOutTerminatedPods()) First, completed pods must be filtered from the "desired" state for admission, which arguably should be happening earlier in config. Exclude the two terminal pods states from GetActivePods() Second, the previous check introduced with the pod worker lifecycle ownership changes was subtly wrong for the admission use case. Admission has to include pods that haven't yet hit the pod worker, which CouldHaveRunningContainers was filtering out (because the pod worker hasn't seen them). Introduce a weaker check - IsPodKnownTerminated() - that returns true only if the pod is in a known terminated state (no running containers AND known to pod worker). This weaker check may only be called from components that need admitted pods, not other kubelet subsystems. This commit does not fix the long standing bug that force deleted pods are omitted from admission checks, which must be fixed by having GetActivePods() also include pods "still terminating".
Prior to 1.22 a user could change NodePort values within a service
during an update, and the apiserver would allocate values for any that
were not specified.
Consider a YAML like:
```
apiVersion: v1
kind: Service
metadata:
name: foo
spec:
type: NodePort
ports:
- name: p
port: 80
- name: q
port: 81
selector:
app: foo
```
When this is created, nodeport values will be allocated for each port.
Something like:
```
apiVersion: v1
kind: Service
metadata:
name: foo
spec:
clusterIP: 10.0.149.11
type: NodePort
ports:
- name: p
nodePort: 30872
port: 80
protocol: TCP
targetPort: 9376
- name: q
nodePort: 31310
port: 81
protocol: TCP
targetPort: 81
selector:
app: foo
```
If the user PUTs (kubectl replace) the original YAML, we would see that
`.nodePort = 0`, and allocate new ports. This was ugly at best.
In 1.22 we fixed this to not allocate new values if we still had the old
values, but instead re-assign them. Net new ports would still be seen
as `.nodePort = 0` and so new allocations would be made.
This broke a corner case as follows:
Prior to 1.22, the user could PUT this YAML:
```
apiVersion: v1
kind: Service
metadata:
name: foo
spec:
type: NodePort
ports:
- name: p
nodePort: 31310 # note this is the `q` value
port: 80
- name: q
# note this nodePort is not specified
port: 81
selector:
app: foo
```
The `p` port would take the `q` port's value. The `q` port would be
seen as `.nodePort = 0` and a new value allocated. In 1.22 this results
in an error (duplicate value in `p` and `q`).
This is VERY minor but it is an API regression, which we try to avoid,
and the fix is not too horrible.
This commit adds more robust testing of this logic.
…pick-of-#104577-upstream-release-1.22 Automated cherry pick of kubernetes#104577: kubelet: Admission must exclude completed pods and avoid
This partially reverts commit 39cfe232325d66bcdbc935af7aaf7022562e7010and PR kubernetes#98057 the original problem was caused by not using {end} at the end of the range
This behaviour was broken by commit 39cfe23 and PR kubernetes#98057
…pick-of-#104172-upstream-release-1.22 Automated cherry pick of kubernetes#104172: revert "fix wrong output when using jsonpath"
Signed-off-by: Dave Chen <dave.chen@arm.com>
…y-pick-of-#104703-upstream-release-1.22 Automated cherry pick of kubernetes#104703: Fix the key missing issue for structured log
…ck-of-#103532-kubernetes#104601-upstream-release-1.22 Automated cherry pick of kubernetes#103532: Service: Fix semantics for Update wrt allocations kubernetes#104601: Fix a small regression in Service updates
…ck-of-#104279-upstream-release-1.22 Automated cherry pick of kubernetes#104279: Copy golang license to staging copies
…ick-of-#104384-kubernetes#104382-upstream-release-1.22 Automated cherry pick of kubernetes#104384: fix: skip case sensitivity when checking Azure NSG rules kubernetes#104382: fix: ensure InstanceShutdownByProviderID return false for
When doing partial updates for uncountedTerminatedPods, the controller might have removed UIDs for Pods which still had finalizers. Also make more space by removing UIDs that don't have finalizers at the beginning of the sync.
…-of-#104845-upstream-release-1.22 Automated cherry pick of kubernetes#104845: e2e iperf2 change threshold to 10MBps = 80 Mbps
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
10 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest e2e-azure-upgrade |
|
@josefkarasek: The
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test e2e-azure-upgrade |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/override ci/prow/e2e-openstack-csi-cinder |
|
@soltysh: Overrode contexts on behalf of soltysh: ci/prow/e2e-openstack-csi-cinder, ci/prow/e2e-openstack-csi-manila In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test e2e-azure-upgrade |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@josefkarasek: All pull requests linked via external trackers have merged: Bugzilla bug 2008827 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
CHANGELOG: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md#v1222