IDsPerPod is the mapping length of subids for UserNS.
The length must be multiple of 65536.
Default: 65536
Implements kubernetes/enhancements PR 5020 (addendum to KEP-127)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Kubernetes-commit: 1592bfa4a81182ffb2ad599d600778e92564e3c0
* Add feature gate, API, and conflict validation tests for enablecrashloopbackoffmax
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Handle when current base is longer than node max
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Update pkg/features/kube_features.go
Co-authored-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* Fix indentation
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Follow convention for success test
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Normalize casing, and change field to Duration
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Fix json name and some other casing errors
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Another one I missed before
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Don't clobber global max function
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Change to flat value in defaults.go
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Streamline validation and defaults
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Fix typecheck
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Lint
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Tighten up validation for subsecond values
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Rename field from MaxBackOffPeriod to MaxContainerRestartPeriod
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* A few missed references to renames
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Only compare flags in flags test
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Don't mess with SetDefault signature
Nobody messes with SetDefault signature
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Fix stale signature change, and update test data
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Inspect current feature gates at defaulting time
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Don't use the global feature gate for temp usage
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Expose default error, and some comments
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Hint fuzzer for less arbitrary values to FeatureGates
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---------
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
Co-authored-by: Tsubasa Nagasawa <toversus2357@gmail.com>
Kubernetes-commit: 7fe41da5221b215d097e930c6b7aa52e88324f66
Added EnableNodeLogQuery field to kubelet/apis/config/types.go and
staging/src/k8s.io/kubelet/config/v1beta1/types.go, then executed.
`hack/update-codegen.sh`.
This new field will default to off and will need to be explicitly
enabled in addition to the NodeLogQuery gate to use the feature.
Kubernetes-commit: aadad094101e4b69f8b3fc245925ad630f90f337
This patch adds new Kubelet option topologyManagerPolicyOptions.
To introduce new TopologyManager options, first we need to introduce new
flag called `topology-manager-policy-options` to allow users to modify
behaviour of best-effort and restricted policies.
Signed-off-by: PiotrProkop <pprokop@nvidia.com>
Kubernetes-commit: daee219210afa5ae3a00fa4767f1f7ab9df8af62
This change is to promote local storage capacity isolation feature to GA
At the same time, to allow rootless system disable this feature due to
unable to get root fs, this change introduced a new kubelet config
"localStorageCapacityIsolation". By default it is set to true. For
rootless systems, they can set this configuration to false to disable
the feature. Once it is set, user cannot set ephemeral-storage
request/limit because capacity and allocatable will not be set.
Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
Kubernetes-commit: 0064010cddfa009fe16ae23fcd0c57f4f15d227c
This implements the replacement of klog output to different files per level
with optionally splitting JSON output into two streams: one for info messages
on stdout, one for error messages on stderr. The info messages can get buffered
to increase performance. Because stdout and stderr might be merged by the
consumer, the info stream gets flushed before writing an error, to ensure that
the order of messages is preserved.
This also ensures that the following code pattern doesn't leak info messages:
klog.ErrorS(err, ...)
os.Exit(1)
Commands explicitly have to flush before exiting via logs.FlushLogs. Most
already do. But buffered info messages can still get lost during an unexpected
program termination, therefore buffering is off by default.
The new options get added to the v1alpha1 LoggingConfiguration with new command
line flags. Because it is an alpha field, changing it inside the v1beta kubelet
config should be okay as long as the fields are clearly marked as alpha.
Kubernetes-commit: b22263d8351e873961aeff5d065faf3443de9acb
This adds the gate `SeccompDefault` as new alpha feature. Seccomp path
and field fallbacks are now passed to the helper functions, whereas unit
tests covering those code paths have been added as well.
Beside enabling the feature gate, the feature has to be enabled by the
`SeccompDefault` kubelet configuration or its corresponding
`--seccomp-default` CLI flag.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Apply suggestions from code review
Co-authored-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Kubernetes-commit: 8b7003aff4c81f124851041eafb8899ea7e83ffd
Update kubelet config API to use slice of MemoryReservation
structs instead of slice of maps.
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
Kubernetes-commit: b7cfc40debe424837423052ba67f2be9ea633809
The commit also includes generated files after `make generated_files`.
Signed-off-by: Byonggon Chun <bg.chun@samsung.com>
Kubernetes-commit: 93accb51e4c24bc36b730812a44381b7780ca918
Implements KEP 2000, Graceful Node Shutdown:
https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2000-graceful-node-shutdown
* Add new FeatureGate `GracefulNodeShutdown` to control
enabling/disabling the feature
* Add two new KubeletConfiguration options
* `ShutdownGracePeriod` and `ShutdownGracePeriodCriticalPods`
* Add new package, `nodeshutdown` that implements the Node shutdown
manager
* The node shutdown manager uses the systemd inhibit package, to
create an system inhibitor, monitor for node shutdown events, and
gracefully terminate pods upon a node shutdown.
Kubernetes-commit: 16f71c6d47843c359e78c0eea2f34814f4cf055b
When node lease feature is enabled, kubelet reports node status to api server
only if there is some change or it didn't report over last report interval.
Kubernetes-commit: 98fc4a107a8e6da008669b2792044a154f4a75a7
Akihiro Suda
Stanislav Láznička
vaibhav2107
lauralorenz
utam0k
Harshal Patil
Harsha Narayana
Peter Hunt
Aravindh Puthiyaparambil
ruiwen-zhao
PiotrProkop
jinxu
Sally O'Malley
Aditi Sharma
Shiming Zhang
caozhiyuan
Patrick Ohly
Haleygo
Stephen Augustus
Francesco Romani
Li Bo
Elana Hashman
Sascha Grunert
Sri Saran Balaji Vellore Rajakumar
Artyom Lukianov
David Porter
amash
Amim Knabben
Seth Jennings
Zhen Wang
Lucas Käldström