We now graduate `KubeletTracing` to beta, which means we enable the
feature gate per default.
Part of https://github.com/kubernetes/enhancements/issues/2831
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Kubernetes-commit: a28385ebe28ffa692e4b407b109d83018b0e5df7
Added EnableNodeLogQuery field to kubelet/apis/config/types.go and
staging/src/k8s.io/kubelet/config/v1beta1/types.go, then executed.
`hack/update-codegen.sh`.
This new field will default to off and will need to be explicitly
enabled in addition to the NodeLogQuery gate to use the feature.
Kubernetes-commit: aadad094101e4b69f8b3fc245925ad630f90f337
Updating the required code and docs for SeccompDefault to go GA, which
now means that we enable the feature per default.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Kubernetes-commit: 37caed0e1957b1b6a8b2b96e44c7dc04b5b30fb3
This patch adds new Kubelet option topologyManagerPolicyOptions.
To introduce new TopologyManager options, first we need to introduce new
flag called `topology-manager-policy-options` to allow users to modify
behaviour of best-effort and restricted policies.
Signed-off-by: PiotrProkop <pprokop@nvidia.com>
Kubernetes-commit: daee219210afa5ae3a00fa4767f1f7ab9df8af62
cpu.cfs_period_us is measured in microseconds in the kernel but
provided in time.Duration by the user, that change clarifies the code
to make this evident to the reader.
Also, the minimum value for that feature is 1ms and not 1μs, and this
change alters the validation to reject values smaller than 1ms.
Kubernetes-commit: d0f9e6dc36fb0f6cfff95988e27eb3796c4e6bce
cpu.cfs_period_us is 100μs by default despite having an "ms" unit
for some unfortunate reason. Documentation:
https://www.kernel.org/doc/html/latest/scheduler/sched-bwc.html#management
The desired effect of that change is to match
k8s default `CPUCFSQuotaPeriod` value (100ms before that change)
with one used in k8s without the `CustomCPUCFSQuotaPeriod` flag enabled
and Linux CFS (100us, 1000x smaller than 100ms).
Kubernetes-commit: f2d591fae62822a8e96b0e015e6e42224286b5d5
This change is to promote local storage capacity isolation feature to GA
At the same time, to allow rootless system disable this feature due to
unable to get root fs, this change introduced a new kubelet config
"localStorageCapacityIsolation". By default it is set to true. For
rootless systems, they can set this configuration to false to disable
the feature. Once it is set, user cannot set ephemeral-storage
request/limit because capacity and allocatable will not be set.
Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
Kubernetes-commit: 0064010cddfa009fe16ae23fcd0c57f4f15d227c
Making the LoggingConfiguration part of the versioned component-base/config API
had the theoretic advantage that components could have offered different
configuration APIs with experimental features limited to alpha versions (for
example, sanitization offered only in a v1alpha1.KubeletConfiguration). Some
components could have decided to only use stable logging options.
In practice, this wasn't done. Furthermore, we don't want different components
to make different choices regarding which logging features they offer to
users. It should always be the same everywhere, for the sake of consistency.
This can be achieved with a saner Go API by dropping the distinction between
internal and external LoggingConfiguration types. Different stability levels of
indidividual fields have to be covered by documentation (done) and potentially
feature gates (not currently done).
Advantages:
- everything related to logging is under component-base/logs;
previously this was scattered across different packages and
different files under "logs" (why some code was in logs/config.go
vs. logs/options.go vs. logs/logs.go always confused me again
and again when coming back to the code):
- long-term config and command line API are clearly separated
into the "api" package underneath that
- logs/logs.go itself only deals with legacy global flags and
logging configuration
- removal of separate Go APIs like logs.BindLoggingFlags and
logs.Options
- LogRegistry becomes an implementation detail, with less code
and less exported functionality (only registration needs to
be exported, querying is internal)
Kubernetes-commit: 1aceac797d404b4ac3b3d02fe43d495d1f645aba
The kubelet does not support attach/detach operations on CSI volumes. As
a result, CSI volumes rely on the Attach/Detach controller enabled.
Kubernetes-commit: 8150cf8d96035c789068778e42568887de777063
In this patch we enhance the kubelet configuration to support
cpuManagerPolicyOptions.
In order to introduce SMT-awareness in CPU Manager, we introduce a
new flag in Kubelet to allow the user to specify an additional flag
called `cpumanager-policy-options` to allow the user to modify the
behaviour of static policy to strictly guarantee allocation of whole
core.
Co-authored-by: Francesco Romani <fromani@redhat.com>
Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
Kubernetes-commit: cc76a756e409d08959b8b6e623e317619399f015
This adds the gate `SeccompDefault` as new alpha feature. Seccomp path
and field fallbacks are now passed to the helper functions, whereas unit
tests covering those code paths have been added as well.
Beside enabling the feature gate, the feature has to be enabled by the
`SeccompDefault` kubelet configuration or its corresponding
`--seccomp-default` CLI flag.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Apply suggestions from code review
Co-authored-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Kubernetes-commit: 8b7003aff4c81f124851041eafb8899ea7e83ffd
- Change the feature gate from alpha to beta and enable it by default
- Update a few of the unit tests due to feature gate being enabled by
default
- Small refactor in `nodeshutdown_manager` which adds `featureEnabled`
function (which checks that feature gate and that
`kubeletConfig.ShutdownGracePeriod > 0`).
- Use `featureEnabled()` to exit early from shutdown manager in the case
that the feature is disabled
- Update kubelet config defaulting to be explicit that
`ShutdownGracePeriod` and `ShutdownGracePeriodCriticalPods` default to
zero and update the godoc comments.
- Update defaults and add featureGate tag in api config godoc.
With this feature now in beta and the feature gate enabled by default,
to enable graceful shutdown all that will be required is to configure
`ShutdownGracePeriod` and `ShutdownGracePeriodCriticalPods` in the
kubelet config. If not configured, they will be defaulted to zero, and
graceful shutdown will effectively be disabled.
Kubernetes-commit: 893f5fd4f007775d48536cae192d79f209eeeac2
HirazawaUi
Harshal Patil
Kevin Hannon
Maksym Pavlenko
Harsha Narayana
Peter Hunt
Dan Winship
Leonard Cohnen
Sascha Grunert
Aravindh Puthiyaparambil
Paco Xu
Swati Sehgal
Wojciech Tyczyński
ruiwen-zhao
songxiao-wang87
Aditi Sharma
PiotrProkop
Monis Khan
Dmitry Verkhoturov
Antonio Ojea
jinxu
Sally O'Malley
saltbo
Patrick Ohly
Fabio Bertinatto
Sergey Kanzhelev
Shiming Zhang
caozhiyuan
Author cyclinder
Haleygo
Elana Hashman
Li Bo
Qiming Teng
David Porter
Sri Saran Balaji Vellore Rajakumar