Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] WRKLDS-1449: Rebase 1.31.0 #2055

Closed
wants to merge 2,529 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
2529 commits
Select commit Hold shift + click to select a range
fc03f3e
Merge pull request #126125 from mprahl/stop-idempotent
k8s-ci-robot Jul 23, 2024
dc13e42
[kube-proxy:nftables] cleanup: remove unused parameter and fix typo.
npinaeva Jun 5, 2024
3ccf5b8
[kube-proxy:nftables] Add partialSync mode to only transact changed
npinaeva Jun 5, 2024
2ec3929
[kube-proxy:nftables] Add partial sync unit test.
npinaeva Jul 22, 2024
17521f0
PSA: allow procMount type Unmasked in baseline
haircommander Jul 23, 2024
7e750a6
PSA: small cleanups for tests that use RelaxPolicyForUserNamespacePods
haircommander Jul 23, 2024
d7194eb
Merge pull request #124884 from carlory/report-event-when-kubelet-att…
k8s-ci-robot Jul 23, 2024
7590cb7
Merge pull request #125257 from vinayakankugoyal/armor
k8s-ci-robot Jul 23, 2024
a4f9910
Merge pull request #126014 from PannagaRao/kep-ephemeral-storage-quota
k8s-ci-robot Jul 23, 2024
fbdfb9d
Merge pull request #126031 from harche/kubelet_cgroupv1_arg
k8s-ci-robot Jul 23, 2024
8e175c6
Merge pull request #126165 from haircommander/selinux-engine_t
k8s-ci-robot Jul 23, 2024
fe24ebf
Merge pull request #126205 from kwilczynski/feature/promote-4191-to-beta
k8s-ci-robot Jul 23, 2024
77c3859
Merge pull request #126270 from stlaz/aggroapi-refactor
k8s-ci-robot Jul 23, 2024
046e976
cap the num of nodes on the noSNAT test and remove slow and NoSNAT tag
aojea Jul 23, 2024
b5c9496
DRA e2e: fix the quota name
pohly Jul 23, 2024
1f43a80
DRA quota: unit test case for resource.k8s.io quota names
pohly Jul 23, 2024
299ecde
DRA quota: add ResourceClaim v1.ResourceQuota limits
pohly Sep 12, 2023
b580eb1
Update AppArmor e2e tests to use Pod field instead of annotations.
vinayakankugoyal Jul 22, 2024
c5b01a3
test/e2e/windows: drop securityContext test for ProcMount
sohankunkerkar Jul 17, 2024
a00181d
Merge pull request #121902 from carlory/kep-3751-pv-controller
k8s-ci-robot Jul 23, 2024
4259096
Merge pull request #126013 from npinaeva/nft-incremental
k8s-ci-robot Jul 23, 2024
67c7e77
Merge pull request #126047 from cpanato/upgrade-go-123
k8s-ci-robot Jul 23, 2024
9c2302d
Merge pull request #126201 from aroradaman/revert-debug-steps
k8s-ci-robot Jul 23, 2024
6834a1e
Merge pull request #126293 from aroradaman/kube-proxy-refactor-intern…
k8s-ci-robot Jul 23, 2024
25c2731
Job: Use type parameters instead of type casting for the ptr libraries
tenzen-y Jul 23, 2024
05bb5f7
Merge pull request #120611 from pohly/dra-resource-quotas
k8s-ci-robot Jul 23, 2024
04d2f33
Merge pull request #124061 from Jefftree/conversion-webhook-invalidca
k8s-ci-robot Jul 23, 2024
e83fca8
Merge pull request #124530 from sttts/sttts-controlplane-plumbing-split
k8s-ci-robot Jul 23, 2024
13d9d7c
Merge pull request #124819 from carlory/add-warning-MountOptionAnnota…
k8s-ci-robot Jul 23, 2024
c01bc31
Merge pull request #126163 from haircommander/procMount-baseline
k8s-ci-robot Jul 23, 2024
16c2ad5
Add labels to PVCollector bound/unbound PVC metrics for VolumeAttribu…
AndrewSirenko Jul 23, 2024
ad80538
Merge pull request #126291 from haircommander/proc-mount-disable
k8s-ci-robot Jul 23, 2024
107f621
Merge pull request #126108 from gnufied/changes-volume-recovery
k8s-ci-robot Jul 23, 2024
c2fdeca
Merge pull request #126145 from carlory/kep-3751-api
k8s-ci-robot Jul 23, 2024
e79d20d
Add KUBE_EMULATED_VERSION env variable to set the emulated-version of…
siyuanfoundation Jul 23, 2024
59daed7
DRA: refactor checkpointing
bart0sh Jul 18, 2024
35fbbc5
DRA: use crc32.ChecksumIEEE to calculate checkpoint checksum
bart0sh Jul 23, 2024
59555c6
DRA: move dra/checkpont/* to dra/state/*
bart0sh Jul 23, 2024
ac2c450
Update with stdlib errors
cici37 Jul 23, 2024
c0d922e
DRA: Kubelet code cleanup
bart0sh Jul 23, 2024
320f1ab
Merge pull request #126182 from sohankunkerkar/fix-procmount
k8s-ci-robot Jul 23, 2024
f93fe41
Merge pull request #126281 from saschagrunert/oci-volume-docs
k8s-ci-robot Jul 23, 2024
2a372a9
Merge pull request #126290 from tenzen-y/use-type-parameters-instead-…
k8s-ci-robot Jul 23, 2024
fa4b8f3
Merge pull request #125935 from gjkim42/fix-125880
k8s-ci-robot Jul 23, 2024
a48a92c
Allowing direct CEL reserved keyword usage in CRD (#126188)
cici37 Jul 23, 2024
1353c08
Merge pull request #126298 from vinayakankugoyal/apparmortest
k8s-ci-robot Jul 23, 2024
16e8911
add AllocatedResourcesStatus field to ContainerStatus
SergeyKanzhelev Jul 22, 2024
2253b53
generated files
SergeyKanzhelev Jul 22, 2024
3790ee2
reset fields when the feature gate was not set
SergeyKanzhelev Jul 22, 2024
62f96d2
set AllocatedResourcesStatus in the Pod Status
SergeyKanzhelev Jul 22, 2024
638128e
Merge pull request #119019 from gjkim42/add-e2e-node-test-restarting-…
k8s-ci-robot Jul 24, 2024
39a8079
Merge pull request #122628 from sanposhiho/pod-smaller-events
k8s-ci-robot Jul 24, 2024
d97cf3a
Merge pull request #126303 from bart0sh/PR150-dra-refactor-checkpoint…
k8s-ci-robot Jul 24, 2024
59776b5
Merge pull request #126306 from siyuanfoundation/env-var
k8s-ci-robot Jul 24, 2024
49ff255
Merge pull request #126308 from cici37/hotFix
k8s-ci-robot Jul 24, 2024
5af1710
Merge pull request #126243 from SergeyKanzhelev/devicePluginFailures
k8s-ci-robot Jul 24, 2024
c75e30d
Merge pull request #126294 from aojea/nosnat
k8s-ci-robot Jul 24, 2024
57d197f
Merge pull request #124430 from AllenXu93/fix-kubelet-restart-notReady
k8s-ci-robot Jul 24, 2024
c4851c6
remove volumeoptions from VolumePlugin and BlockVolumePlugin
carlory May 23, 2024
a43cc08
Fix runtime panic in imagevolume `CanSupport` method
saschagrunert Jul 24, 2024
a145f15
Merge pull request #125087 from carlory/volumeoptions
k8s-ci-robot Jul 24, 2024
ceb58a4
Merge pull request #126323 from saschagrunert/image-volume-runtime-panic
k8s-ci-robot Jul 24, 2024
bc45288
Add `ImageVolumeSource` e2e tests
saschagrunert Jul 19, 2024
ab470aa
Merge pull request #126220 from saschagrunert/image-volumesource-e2e
k8s-ci-robot Jul 24, 2024
3999b98
Coordinated Leader Election Alpha API
Jefftree Jul 21, 2024
e3e56eb
CLE storage and type registration changes
Jefftree Jul 21, 2024
9b16b0d
CLE feature gate
Jefftree Jul 21, 2024
b5a62f1
CLE rbac for lease and leasecandidate in kube-system
Jefftree Jul 21, 2024
c47ff1e
CLE controller and client changes
Jefftree Jul 21, 2024
e0c6987
add gc and improve testing
Jefftree Jul 23, 2024
68226b0
Review feedback
sttts Jul 23, 2024
fac7581
feedback: leasecandidate clients
Jefftree Jul 23, 2024
42678f1
regen clients
Jefftree Jul 23, 2024
a64418b
Review feedback
sttts Jul 23, 2024
e1ea24a
fix ordering issue in candidates
Jefftree Jul 23, 2024
6407f32
fix etcd data
Jefftree Jul 23, 2024
15affef
Review feedback: handle non-kube strategy correctly
sttts Jul 23, 2024
a738daa
Review feedback: fix context handling in LeaseCandidateGCController
sttts Jul 23, 2024
0c774d0
Change PingTime to be persistent
Jefftree Jul 23, 2024
919e7ab
update codegen and openapi
Jefftree Jul 23, 2024
56b278d
fix flake in TestLeaseCandidateCleanup
Jefftree Jul 24, 2024
3e642ae
move container fs check so that we only check if system is split
kannon92 Jul 24, 2024
696ad19
Merge pull request #126242 from bzsuni/bz/etcd/build/v3.5.15
k8s-ci-robot Jul 24, 2024
df69a52
Merge pull request #126335 from kannon92/split-filesystem-fix
k8s-ci-robot Jul 24, 2024
77541c1
Relax noise margin in TestOneWeightedHistogram
MikeSpreitzer Jul 24, 2024
6ac2067
Merge pull request #126274 from ConnorJC3/flaky-vac-test
k8s-ci-robot Jul 24, 2024
4ad2cd9
Update etcd from v3.5.14 to v3.5.15
bzsuni Jul 19, 2024
b95f9c3
Merge pull request #126282 from macsko/fix_scheduler_perf_tests_takin…
k8s-ci-robot Jul 25, 2024
5359098
kube-proxy: internal config: fuzz cidr values for unit tests
aroradaman Jul 24, 2024
bdb51f2
fix a typo in kubeadm v1beta4 doc
pacoxu Jul 24, 2024
eeae981
set LocalStorageCapacityIsolationFSQuotaMonitoring to false by default
haircommander Jul 25, 2024
087134c
add workdir in etcd Dockerfile for windows
pacoxu Jul 25, 2024
08a74f2
Fix verify-vendor script to check all go.mod and go.sum files
liggitt Jul 25, 2024
aeb6074
revendor dependencies
thaJeztah Jul 25, 2024
9edabd6
Merge pull request #126353 from liggitt/fix-vendor
k8s-ci-robot Jul 25, 2024
e9d9a82
Merge pull request #124101 from haircommander/process_stats-with-pid-fix
k8s-ci-robot Jul 25, 2024
5f5c02d
Merge pull request #124012 from Jefftree/le-controller
k8s-ci-robot Jul 25, 2024
9a16c96
Merge pull request #126324 from pacoxu/v1beta4-typo
k8s-ci-robot Jul 25, 2024
c853ca4
Merge pull request #126355 from haircommander/fs-quotas-false
k8s-ci-robot Jul 25, 2024
b4dcbbe
Merge pull request #126356 from pacoxu/fix-etcd-build-windows
k8s-ci-robot Jul 25, 2024
bee5e03
Merge pull request #126333 from aroradaman/master
k8s-ci-robot Jul 25, 2024
87f4044
kube-apiserver/leaderelection: remove broken printf
sttts Jul 26, 2024
f44f7b7
Merge pull request #126377 from sttts/sttts-cle-fix-TestPickBestStrategy
k8s-ci-robot Jul 26, 2024
b98817c
build: fix README instructions to load the output image tar
flavianmissi Jun 24, 2024
92e62bf
Update the Comment for StableLoadBalancerNodeSet Feature Gate.
Shubham82 Jul 26, 2024
3a8a60e
Merge pull request #126240 from bzsuni/bz/etcd/update/v3.5.15
k8s-ci-robot Jul 26, 2024
a1bbae8
fix resource health status test failures in unlabeled jobs
kannon92 Jul 26, 2024
86e2e26
Merge pull request #125674 from flavianmissi/builds-doc
k8s-ci-robot Jul 26, 2024
ebdca53
[sample-apiserver] Fix: Use Correct Effective Version for kube (#125941)
fxierh Jul 26, 2024
250f7b5
Merge pull request #126386 from kannon92/126367-device-plugin-label
k8s-ci-robot Jul 26, 2024
c7a1fa4
Call non-blocking informerFactory.Start synchronously to avoid races
sttts Jul 27, 2024
cd69335
informers: add comment that Start does not block
Jefftree Jul 27, 2024
ba6141a
Merge pull request #126405 from sttts/sttts-sync-informerfactory-start
k8s-ci-robot Jul 27, 2024
8c971c5
kube-apiserver/leaderelection/test: fixing waiting for informer
sttts Jul 27, 2024
b8045f9
kube-apiserver/leaderelection/tests: use fake clock
sttts Jul 27, 2024
f173f0c
kube-apiserver/leaderelection/tests: fix test case PingTime should be…
Jefftree Jul 27, 2024
2aa468c
Merge pull request #126344 from MikeSpreitzer/fix-120112
k8s-ci-robot Jul 27, 2024
a2106b5
Merge pull request #126407 from Jefftree/fake-clock
k8s-ci-robot Jul 27, 2024
b13aab9
kube-apiserver/leaderelection: remove klog noise
sttts Jul 29, 2024
3987d85
kube-apiserver/leaderelection/test: clean up controller test
sttts Jul 29, 2024
c203b12
Revert "Bump images, dependencies and versions to go 1.23rc2"
ArkaSaha30 Jul 29, 2024
d1dfeed
Revert "Bump images, dependencies and versions to go 1.23rc1"
ArkaSaha30 Jul 29, 2024
aa28bd6
Revert distroless-iptables from v0.6.1 to v0.5.6
ArkaSaha30 Jul 29, 2024
78d3830
ignore order of containers status allocated resources
pacoxu Jul 29, 2024
9ee99a9
skip if ResourceHealthStatus is disabled
pacoxu Jul 29, 2024
05934d6
Merge pull request #126330 from ArkaSaha30/revert-to-go1.22
k8s-ci-robot Jul 29, 2024
7a4c962
Merge pull request #126428 from sttts/sttts-cle-controller-test
k8s-ci-robot Jul 29, 2024
50e430b
Fix kubelet cadvisor stats runtime panic
saschagrunert Jul 29, 2024
a7af830
Rename kubelet CSR admission feature gate
micahhausler Jul 29, 2024
aab56e9
Merge pull request #126441 from micahhausler/kubelet-cert-feature-gat…
k8s-ci-robot Jul 29, 2024
e8588e6
Merge pull request #126429 from saschagrunert/kubelet-panic
k8s-ci-robot Jul 29, 2024
d092513
Use fake clock for controller/leaderelection:TestController
Jefftree Jul 29, 2024
b5b2171
Merge pull request #126427 from pacoxu/fix-TestUpdateAllocatedResourc…
k8s-ci-robot Jul 29, 2024
17d7d28
Merge pull request #126431 from pacoxu/device-plugin-falures-pod-status
k8s-ci-robot Jul 30, 2024
634c9cd
Address comments
sttts Jul 30, 2024
0fc1671
Merge pull request #126446 from Jefftree/fix-leaderelection-flake-tes…
k8s-ci-robot Jul 30, 2024
11ace3a
Release commit for Kubernetes v1.31.0-rc.0
k8s-release-robot Jul 30, 2024
3596256
Implement fallback for consistent reads from cache
serathius Jul 30, 2024
c838004
Move APIServingWithRoutine to alpha and disabled by default.
benluddy Jul 30, 2024
974f3d3
Merge pull request #126467 from serathius/fallback
k8s-ci-robot Jul 30, 2024
2ca56aa
Move ConsistentListFromCache to Beta default again
serathius Jul 30, 2024
d0ced54
kube-up.sh: drop unnecessary legacy mirror config, enable injecting r…
BenTheElder Jul 29, 2024
f9d2297
Merge pull request #126470 from benluddy/apiservingwithroutine-alpha-…
k8s-ci-robot Jul 31, 2024
2a1d417
Merge pull request #126448 from BenTheElder/5k-mirror
k8s-ci-robot Jul 31, 2024
9413cf2
CHANGELOG: Update directory for v1.31.0-rc.0 release
k8s-release-robot Jul 30, 2024
f72233c
Merge remote-tracking branch 'origin/master' into release-1.31
k8s-release-robot Jul 31, 2024
eb729d1
Merge pull request #126469 from serathius/beta2
k8s-ci-robot Jul 31, 2024
93a10a7
Introduce ConcurrentWatchObjectDecode feature gate disabled by default
serathius Jul 30, 2024
bb686f2
Make object transformation concurrent to remove watch cache scalabili…
serathius Jul 22, 2024
8855ca8
Merge remote-tracking branch 'origin/master' into release-1.31
k8s-release-robot Jul 31, 2024
017d7b8
releng: update publishing bot rules for 1.31
mehabhalodiya Jul 31, 2024
c19d9ed
Merge pull request #126329 from serathius/concurrent-transformation-c…
k8s-ci-robot Jul 31, 2024
f8d5b20
Merge pull request #126489 from mehabhalodiya/bump-publishing-131
k8s-ci-robot Jul 31, 2024
cb08f03
Merge remote-tracking branch 'origin/master' into release-1.31
k8s-release-robot Jul 31, 2024
dbc2b0a
Merge pull request #126383 from Shubham82/correct_comment_for_StableL…
k8s-ci-robot Aug 1, 2024
12cc220
Merge remote-tracking branch 'origin/master' into release-1.31
k8s-release-robot Aug 1, 2024
4fc6d8d
[kube-proxy] add log verbosity to endpoint topology hint loop - Take 2
dims Aug 2, 2024
00236ae
Merge pull request #126519 from dims/bjhaid-bjhaid-topology-verbosity…
k8s-ci-robot Aug 3, 2024
1d1cc29
Merge remote-tracking branch 'origin/master' into release-1.31
k8s-release-robot Aug 4, 2024
7734673
Release commit for Kubernetes v1.31.0-rc.1
k8s-release-robot Aug 6, 2024
a24dafa
Update CHANGELOG/CHANGELOG-1.31.md for v1.31.0-rc.1
k8s-release-robot Aug 6, 2024
60c4c2b
CHANGELOG: Update directory for v1.31.0-rc.1 release
k8s-release-robot Aug 6, 2024
3ea0248
Merge remote-tracking branch 'origin/master' into release-1.31
k8s-release-robot Aug 6, 2024
fad6c42
wait: don't lowercase condition in --for argument
soltysh Aug 12, 2024
099a883
Merge pull request #126638 from soltysh/fix_wait
k8s-ci-robot Aug 12, 2024
57846e1
Merge remote-tracking branch 'origin/master' into release-1.31
k8s-release-robot Aug 12, 2024
9edcffc
Release commit for Kubernetes v1.31.0
k8s-release-robot Aug 13, 2024
72bbd13
Merge remote-tracking branch 'openshift/master' into rebase-1.31.0
atiratree Sep 13, 2024
990b41a
UPSTREAM: 74956: apiserver: switch authorization to use protobuf client
mfojtik Oct 29, 2020
f521823
UPSTREAM: 93286: wait for apiservices on startup
deads2k Oct 29, 2020
e7cff88
UPSTREAM: <carry>: filter out CustomResourceQuota paths from OpenAPI
sttts Oct 29, 2020
ea724f8
UPSTREAM: <carry>: patch aggregator to allow delegating resources
mfojtik Oct 29, 2020
8828bdf
UPSTREAM: <carry>: remove apiservice from sync in CRD registration wh…
mfojtik Oct 29, 2020
4b15d01
UPSTREAM: <carry>: hardcoded restmapper with a few entries to reboots…
deads2k Oct 29, 2020
5a6b52e
UPSTREAM: <carry>: Extend NodeLogQuery feature
aravindhp Apr 12, 2023
faff1f5
UPSTREAM: <carry>: kube-controller-manager: add service serving cert …
deads2k Oct 29, 2020
5836ed3
UPSTREAM: <carry>: kube-controller-manager: allow running bare kube-c…
deads2k Oct 29, 2020
72ff444
UPSTREAM: <carry>: kube-controller-manager: exclude some origin resou…
deads2k Oct 29, 2020
d57293b
UPSTREAM: <carry>: kube-apiserver: add our immortal namespaces direct…
deads2k Oct 29, 2020
a935625
UPSTREAM: <carry>: openshift-kube-apiserver: add kube-apiserver patches
deads2k Oct 29, 2020
adfd458
UPSTREAM: <carry>: openshift-kube-apiserver: add openshift-kube-apise…
deads2k Oct 29, 2020
afa3dff
UPSTREAM: <carry>: kube-apiserver: priorize some CRD groups over others
deads2k Oct 29, 2020
f6ee327
UPSTREAM: <carry>: kube-apiserver: wire through isTerminating into ha…
sttts Oct 29, 2020
5ce6921
UPSTREAM: <carry>: create termination events
sttts Oct 29, 2020
178adb5
UPSTREAM: <carry>: bootstrap-rbac-policy: move over .well-known rules
sttts Oct 29, 2020
0ebf8b8
UPSTREAM: <carry>: warn only about unknown feature gates
sttts Oct 29, 2020
620b711
UPSTREAM: <carry>: disable AES24, not supported by FIPS
rphillips Oct 29, 2020
f3a7db6
UPSTREAM: <carry>: Remove excessive e2e logging
p0lyn0mial Oct 29, 2020
9f5448a
UPSTREAM: <carry>: conditionally fill the UserAgent from the currentl…
p0lyn0mial Oct 29, 2020
9104c37
UPSTREAM: <carry>: refactor/improve CRD publishing e2e tests in an HA…
p0lyn0mial Oct 29, 2020
c3a4fe9
UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs
marun Oct 29, 2020
73c4d66
UPSTREAM: <carry>: export HandleFlags
soltysh Jul 21, 2021
67dc219
UPSTREAM: <carry>: noderestrictions: add node-role.kubernetes.io/* to…
sttts Oct 29, 2020
34d498e
UPSTREAM: <carry>: kube-apiserver: ignore SIGTERM/INT after the first…
sttts Feb 8, 2021
529466e
UPSTREAM: <carry>: use hardcoded metrics scraping authorizer for dele…
deads2k Feb 22, 2021
a2f0abe
UPSTREAM: <carry>: allow kubelet to self-authorize metrics scraping
deads2k Mar 1, 2021
7b55518
UPSTREAM: <carry>: provide events, messages, and bodies for probe fai…
deads2k Mar 9, 2021
2567b6a
UPSTREAM: <carry>: allows for switching KS to talk to Kube API over l…
p0lyn0mial Mar 24, 2021
bc967e9
UPSTREAM: <carry>: add management support to kubelet
rphillips Mar 29, 2021
8c15efd
UPSTREAM: <carry>: allows for switching KCM to talk to Kube API over …
p0lyn0mial Mar 4, 2021
b99e4f0
UPSTREAM: <carry>: Ensure service ca is mounted for projected tokens
marun May 10, 2021
eda46ce
UPSTREAM: <carry>: apiserver: add system_client=kube-{apiserver,cm,s}…
sttts Jun 3, 2021
6b5422f
UPSTREAM: <carry>: emit event when readyz goes true
deads2k Jun 14, 2021
4658af7
UPSTREAM: <carry>: crd: add ClusterOperator condition message table c…
sttts Jun 16, 2021
cfe883a
UPSTREAM: 103612: tolerate additional, but congruent, events for inte…
deads2k Jul 9, 2021
d557b28
UPSTREAM: <carry>: add a way to inject a vulnerable, legacy service-c…
deads2k Jul 9, 2021
e6071ea
UPSTREAM: <carry>: Revert "Remove Endpoints write access from aggrega…
danwinship Aug 23, 2021
ed4703c
UPSTREAM: <carry>: skip posting failures to aggregated APIs to avoid …
p0lyn0mial Aug 24, 2021
4c24d6f
UPSTREAM: <carry>: send Retry-After when not ready with a caller opt in
tkashem Aug 25, 2021
3fcc5eb
UPSTREAM: <carry>: add max_housekeeping_interval
rphillips Jul 7, 2021
86d795d
UPSTREAM: <carry>: sets X-OpenShift-Internal-If-Not-Ready HTTP Header…
p0lyn0mial Aug 26, 2021
7fc6ec8
UPSTREAM: <carry>: Release lock on KCM and KS termination
tnozicka Oct 29, 2020
870a00f
UPSTREAM: <carry>: use console-public config map for console redirect
atiratree Jan 12, 2022
c4dd26e
UPSTREAM: <carry>: fix [sig-auth] ServiceAccounts no secret-based ser…
tkashem Apr 29, 2022
abfd6a7
UPSTREAM: <carry>: optionally enable retry after until apiserver is r…
tkashem Aug 17, 2022
8f1249e
UPSTREAM: <carry>: make the PSA workload admission warnings honor the…
deads2k Oct 17, 2022
5357c7e
UPSTREAM: <carry>: PSa metrics: log platform namespaces in audit denies
stlaz Jan 16, 2023
678af6d
UPSTREAM: 115328: annotate early and late requests
tkashem Mar 13, 2023
adc3ed2
UPSTREAM: <carry>: disable load balancing on created cgroups when man…
haircommander Mar 20, 2023
b94374e
UPSTREAM: <carry>: APISelfSubjectReview: only test v1beta1 API
bertinatto Apr 3, 2023
fe70aa6
UPSTREAM: <carry>: Export internal code from k8s.io/apimachinery/pkg/…
bertinatto Apr 27, 2023
1531d16
UPSTREAM: <carry>: when only this kube-apiserver can fulfill the kube…
deads2k Jun 23, 2023
4fdf816
UPSTREAM: <carry>: merge v3 openapi discovery and specs for special g…
atiratree Aug 3, 2023
f4ebd7f
UPSTREAM: <carry>: selfsubjectaccessreview: grant user:full scope to …
liouk Mar 1, 2023
b740781
UPSTREAM: <carry>: retry etcd Unavailable errors
p0lyn0mial Aug 29, 2023
5572ecc
UPSTREAM: <carry>: Export cpu stats of ovs.slice via prometheus
MarSik Aug 31, 2023
c995379
UPSTREAM: <carry>: advertise shared cpus for mixed cpus feature
Tal-or Nov 9, 2023
5ef503a
UPSTREAM: <carry>: temporarily disable reporting e2e text bugs and en…
soltysh Dec 2, 2023
a3000d4
UPSTREAM: <carry>: add new admission for handling shared cpus
Tal-or Nov 12, 2023
06c9e77
UPSTREAM: <carry>: Add openshift feature gates to kube-apiserver - in…
swghosh Mar 15, 2024
4c9404c
UPSTREAM: <carry>: allow type mutation for specific secrets
tkashem Mar 29, 2024
8c185d8
UPSTREAM: 125337: ccm integration test for node status addresses and …
aojea Jun 3, 2024
0be0fda
UPSTREAM: <carry>: bump cadvisor for 3516 upstream patches
harche Jul 4, 2024
d02fe41
UPSTREAM: 126213: add test about container metrics from cadvisor
rphillips Jul 31, 2024
b915016
UPSTREAM: 126641: e1e/storage: update block device test to always spe…
haircommander Aug 12, 2024
80e1d58
UPSTREAM: 126994: Add required FieldManager for validatingadmissionpo…
dgoodwin Aug 29, 2024
4ed26dc
UPSTREAM: 126295: dynamiccertificates: denoise Kubelet logs by skippi…
sohankunkerkar Jul 23, 2024
05fe02f
UPSTREAM: <carry>: annotate audit events for requests during unready …
tkashem Sep 5, 2024
7c3f19e
UPSTREAM: 127243: Fix invalid label use in validatingadmissionpolicy e2e
dgoodwin Sep 3, 2024
11fed00
UPSTREAM: <carry>: add etcd3RetryingProberMonitor for retrying etcd U…
p0lyn0mial Sep 9, 2024
49db130
UPSTREAM: <carry>: replace newETCD3ProberMonitor with etcd3RetryingPr…
p0lyn0mial Sep 9, 2024
c52e50f
UPSTREAM: <carry>: skip Kubectl logs tests until the oc is bumped to …
atiratree Aug 22, 2024
68a0eff
UPSTREAM: 126846: Fix the localhost nodeport metrics test to not fail…
danwinship Aug 21, 2024
421fd9f
UPSTREAM: 126920: add missing RBAC to statefulset-controller for Stat…
atiratree Aug 26, 2024
7836a37
UPSTREAM: <drop>: disable ResilientWatchCacheInitialization feature
bertinatto Sep 18, 2024
2c4bd6c
UPSTREAM: 127492: pkg/storage/cacher/cacher_whitebox_test: deflake Te…
p0lyn0mial Sep 20, 2024
7106e83
UPSTREAM: 127493: storage/cacher/cacher_whitebox_test:deflake TestCac…
p0lyn0mial Sep 20, 2024
a8b0bc3
UPSTREAM: <drop>: do not run TestWatchSemantics cases in parallel
bertinatto Sep 19, 2024
1d4b303
UPSTREAM: <drop>: hack/update-vendor.sh
atiratree Sep 13, 2024
e5ff0db
UPSTREAM: <drop>: make update
atiratree Sep 13, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs
UPSTREAM: <carry>: Copy hack scripts and tools from openshift/origin

UPSTREAM: <carry>: Fix shellcheck failures for copied openshift-hack bash

UPSTREAM: <carry>: Enable build, test and verify

UPSTREAM: <carry>: Copy README content from origin

UPSTREAM: <carry>: Copy watch-termination command from openshift/origin

UPSTREAM: <carry>: Switch image and rpm build to golang 1.14

UPSTREAM: <carry>: Copy test annotation from origin

UPSTREAM: <carry>: Build openshift-compatible kube e2e binary

UPSTREAM: <carry>: Updating openshift-hack/images/hyperkube/Dockerfile.rhel baseimages to mach ocp-build-data config

UPSTREAM: <carry>: Update test annotation rules

UPSTREAM: <carry>: Enable k8s-e2e-serial

UPSTREAM: <carry>: Build with golang 1.15

UPSTREAM: <carry>: (squash) Stop installing recent bash and protoc from source

UPSTREAM: <carry>: Add rebase instructions

UPSTREAM: <carry>: (squash) Update README.openshift to reflect transition

UPSTREAM: <carry>: (squash) Stop annotating origin tests with [Suite:openshift]

The detection logic was error-prone (different results based on the
repo existing in GOPATH vs not) and whether a test comes from origin
can be inferred from the absence of the `[Suite:k8s]` tag.

UPSTREAM: <carry>: (squash) Update hyperkube version

UPSTREAM: <carry>: (squash) Update OpenShift docs

UPSTREAM: <carry>: watch-termination: fix deletion race and write non-graceful message also to termination.log

UPSTREAM: <carry>: watch-termination: avoid false positives of NonGracefulTermination events

UPSTREAM: <carry>: (squash) remove servicecatalog e2e that was dropped upstream

UPSTREAM: <carry>: (squash) Fix annotation rules

UPSTREAM: <carry>: (squash) Fix image refs

UPSTREAM: <carry>: Updating openshift-enterprise-hyperkube builder & base images to be consistent with ART
Reconciling with https://github.com/openshift/ocp-build-data/tree/b0ab44b419faae6b18e639e780a1fa50a1df8521/images/openshift-enterprise-hyperkube.yml

UPSTREAM: <carry>: (squash) Retry upstream flakes

UPSTREAM: <carry>: (squash) Update test exclussions for 1.20.0

UPSTREAM: <carry>: (squash) Add detail to rebase doc

- Add new section 'Maintaining this document'
- Move checklist above the instructions to emphasize their importance
- Add new section 'Reacting to new commits'
- Mention that generated changes in carries should be dropped

UPSTREAM: <carry>: Enable CSI snapshot e2e tests

All images were uploaded to our quay.io mirror and the tests should
succeed.

UPSTREAM: <carry>: Stop skipping multi-az test (skipped upstream)

UPSTREAM: <carry>: bump tag version & update rebase doc

UPSTREAM: <carry>: update rebase doc & image

UPSTREAM: <carry>: Add Dockerfile to build pause image

Ensuring the target directory exists before writing a file to it.

UPSTREAM: <carry>: disable part of hack/verify-typecheck-providerless.sh due to our carry patches

UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART
Reconciling with https://github.com/openshift/ocp-build-data/tree/691e628254f318ce56efda5edc7448ec743c37b8/images/openshift-enterprise-pod.yml

UPSTREAM: <carry>: Updating openshift-enterprise-hyperkube images to be consistent with ART
Reconciling with https://github.com/openshift/ocp-build-data/tree/691e628254f318ce56efda5edc7448ec743c37b8/images/openshift-enterprise-hyperkube.yml

UPSTREAM: <carry>: Add process overlap detection event to watch-termination

NOTE: Squash this to watch-termination commit on rebase.

UPSTREAM: <carry>: openshift-hack/images/os/Dockerfile: Add io.openshift.build.versions, etc.

For example, consider the current 4.10 RHCOS:

  $ oc image info -o json registry.ci.openshift.org/ocp/4.10:machine-os-content
  io.k8s.description: The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.
  io.k8s.display-name: Red Hat Universal Base Image 8
  io.openshift.build.version-display-names: machine-os=Red Hat Enterprise Linux CoreOS
  io.openshift.build.versions: machine-os=49.84.202109102026-0
  io.openshift.expose-services:
  io.openshift.tags: base rhel8

A bunch of those seem to be inherited from the UBI base image, so we
can leave them alone.  But the io.openshift.build.* entries are
RHCOS-specific, and are consumed by 'oc adm release new ...' [1,2] and
friends to answer questions like "which RHCOS is in this release?":

  $ oc adm release info -o json quay.io/openshift-release-dev/ocp-release:4.8.12-x86_64
  {
    "kubernetes": {
      "Version": "1.21.1",
      "DisplayName": ""
    },
    "machine-os": {
      "Version": "48.84.202109100857-0",
      "DisplayName": "Red Hat Enterprise Linux CoreOS"
    }
  }

Setting this label will avoid failures when consumers like
driver-toolkit's version consumer [3]:

  name: 0.0.1-snapshot-machine-os

bump into ci-tools-built machine-os-content images that lack the
io.openshift.build.versions declaration of machine-os version [4]:

  error: unable to create a release: unknown version reference "machine-os"

I've gone with generic testing values, so hopefully this is not
something that local maintainers need to remember to bump for each
OpenShift z stream.

[1]: https://github.com/openshift/oc/blob/f94afb52dc8a3185b3b9eacaf92ec34d80f8708d/pkg/cli/admin/release/image_mapper.go#L328-L334
[2]: https://github.com/openshift/oc/blob/f94afb52dc8a3185b3b9eacaf92ec34d80f8708d/pkg/cli/admin/release/annotations.go#L19-L28
[3]: openshift/driver-toolkit@464acca#diff-4caed9b2b966a8fa7a016ae28976634a2d3d1b635c4e820d5c038b2305d6af53R18
[4]: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_kubernetes/959/pull-ci-openshift-kubernetes-master-images/1438398678602616832#1:build-log.txt%3A97

UPSTREAM: <carry>: update rebase doc

UPSTREAM: <carry>: squash with the rest of tooling

UPSTREAM: <carry>: Updating openshift-enterprise-pod images to be consistent with ART
Reconciling with https://github.com/openshift/ocp-build-data/tree/5b89f5b601508a0bcc0399fd3f34b7aa2e86e90e/images/openshift-enterprise-pod.yml

UPSTREAM: <carry>: Updating openshift-enterprise-hyperkube images to be consistent with ART
Reconciling with https://github.com/openshift/ocp-build-data/tree/5b89f5b601508a0bcc0399fd3f34b7aa2e86e90e/images/openshift-enterprise-hyperkube.yml

UPSTREAM: <carry>: rebase script

UPSTREAM: <carry>: Fix networking-related test exclusions

Tests that fail on openshift-sdn specifically should be tagged as
such, so that they don't also get skipped when running under
ovn-kubernetes or third-party network plugins.

UPSTREAM: <carry>: Skip "subPath should be able to unmount" NFS test

Due to a kernel bug https://bugzilla.redhat.com/show_bug.cgi?id=1854379
in Linux 5.7+ this test fails - the bind-mounted NFS share cannot be
cleanly unmounted, gets "Stale file handle" error instead on umount.
As a result this test is permafailing on Fedora CoreOS nodes.

UPSTREAM: <carry>: Skip GlusterFS tests

GlusterFS is not supported in 4.x, we've been running its tests just
because we could. Now it does not work on IPv6 systems.

E [MSGID: 101075] [common-utils.c:312:gf_resolve_ip6] 0-resolver: getaddrinfo failed (Address family for hostname not supported)

UPSTREAM: <carry>: Skip GlusterFS tests

The previous commit left two GlusterFS test still running:

[sig-storage] Volumes GlusterFS should be mountable [Skipped:ibmcloud] [Suite:openshift/conformance/parallel] [Suite:k8s]
[sig-storage] Dynamic Provisioning GlusterDynamicProvisioner should create and delete persistent volumes

Skip it, we don't support Gluster and it does not work on ipv6

UPSTREAM: <carry>: 1.22 alpha & other tests disablement

UPSTREAM: <carry>: 1.21 alpha & other tests disablement

UPSTREAM: <carry>: Enable GenerciEphemeralVolume tests

UPSTREAM: <carry>: Re-enable [Feature:NetworkPolicy] tests which were wrongly disabled in rebase

UPSTREAM: <carry>: Reenable NetworkPolicy test

UPSTREAM: <carry>: Conformance tests (sysctls) should be run

We have to run this test for conformance, and the tests pass. Reenable
this block which has been disabled for 2 releases (but appears to work fine).

UPSTREAM: <carry>: Don't force-disable IPv6, dual-stack, and SCTP tests

Instead, openshift-tests will enable or disable them depending on
cluster configuration.

UPSTREAM: <carry>: update Multi-AZ Cluster Volumes test name

This test was renamed upstream in
kubernetes@006dc74

UPSTREAM: <carry>: re-enable networking tests after rebase

During a bump to k8 ver. 1.22.0, networking
tests were disabled to accomplish the bump.
This disabled netpol and older network tests.
Netpol tests will be enabled in a following
PR and therefore only partially fixes BZ.

This commit partially fixes bug 1986307.
https://bugzilla.redhat.com/show_bug.cgi?id=1986307

UPSTREAM: <drop>: update test annotate rules

UPSTREAM: <carry>: Add DOWNSTREAM_OWNERS

UPSTREAM: <carry>: clarify downstream approver rules

UPSTREAM: <carry>: copy extensions into resulting image

UPSTREAM: <carry>: update rebase doc

UPSTREAM: <carry>: Fix conformance and serial tests by stopping node cordoning

Master nodes already have `master` taint which
cannot be tolerated by normal workloads. If we manually
cordon the master nodes again, some of the control plane
components cannot get rescheduled unless they have
toleration to the `node.kubernetes.io/unschedulable`
taint. Even if we have the toleration in the pod
spec, because of the backwards compability issues
scheduler will ignore nodes which have `unschedulable`
field set. IOW:

- Cordoning master nodes is redundant as masters already
  have taints
- Cordoning master nodes can cause issues which are hard
  to debug as control-plane components may be evicted/preempted
  during e2e run(highly unlikely but a possibility).

So, let's stop cordoning master nodes.

UPSTREAM: <carry>: enable internal traffic policy tests

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1986307

UPSTREAM: <carry>: update rebase doc

UPSTREAM: <carry>: enable e2e test after 1.23 rebase in sdn

Enable "[sig-network] Conntrack should be able to preserve UDP traffic when initial unready endpoints get ready" after 1.23 rebase in openshift/sdn

UPSTREAM: <carry>: Unskip OCP SDN related tests

Unskip networkPolicy tests concerning IpBlock and
egress rules since both features have now been
implemented.

UPSTREAM: <carry>: enable should drop INVALID conntrack entries test

UPSTREAM: <carry>: update e2es

UPSTREAM: revert: <carry>: Unskip OCP SDN related tests

These newly-enabled tests are breaking some CI, possibly due to race
conditions in the tests. Re-disable them for now.

This reverts commit aba8d20.

UPSTREAM: <carry>: update hyperkube and image version

UPSTREAM: <drop>: disable e2e tests

- disable 'ProxyTerminatingEndpoints' feature e2e tests

- disable [sig-network] [Feature:Topology Hints] should distribute endpoints evenly
see https://bugzilla.redhat.com/show_bug.cgi?id=2079958 for more context

UPSTREAM: <carry>: Add kubensenter to the openshift RPM

This carry-patch adds the kubensenter script to the openshift-hyperkube
RPM, by importing it via the new hack/update-kubensenter.sh script.

UPSTREAM: <carry>: Skip session affinity timeout tests

in 4.12 and higher the default CNI is OVNKubernetes and
these two tests do not pass. Skip them. They are also
skipping in the origin test suites for ovnk.

UPSTREAM: <carry>: Update kubensenter to use exec instead of direct call

Because kubelet relies on systemd's Type=notify mechanism, we don't need
or want kubensenter to keep itself in the process tree. exec is best.

UPSTREAM: <carry>: update to ginkgo v2 - squash to tooling

UPSTREAM: <carry>: update rebase doc

UPSTREAM: <carry>: allow annotating with a specific suite

If a test specifies a suite, don't append another one to it. We want the
ability to add tests to a particular suite without automatically being
added to parallel conformance.

UPSTREAM: <carry>: Ensure balanced brackets in annotated test names

We recently started marking tests with apigroups, and in one case we
missed the closing bracket on the annotation resulting in the test being
erroneously skipped.

This adds a check in the annotation generation, and errors when brackets
are unbalanced.

```
Example:
$ ./hack/verify-generated.sh
FAILURE after 12.870s: hack/verify-generated.sh:13: executing '/home/stbenjam/go/src/github.com/openshift/origin/hack/update-generated.sh' expecting success: the command returned the wrong error code
Standard output from the command:
Nov  4 14:11:25.026: INFO: Enabling in-tree volume drivers
Nov  4 14:11:25.026: INFO: Warning: deprecated ENABLE_STORAGE_GCE_PD_DRIVER used. This will be removed in a future release. Use --enabled-volume-drivers=gcepd instead
Nov  4 14:11:25.026: INFO: Enabled gcepd and windows-gcepd in-tree volume drivers

Standard error from the command:
failed: unbalanced brackets in test name:
[Top Level] [sig-scheduling][Early] The openshift-console console pods [apigroup:console.openshift.io should be scheduled on different nodes
                                                                       ^
```

UPSTREAM: <carry>: add CSI migration feature gates for vSphere and Azure File

This commit is the next natural step for commits 2d9a8f9
and d37e84c. It introduces custom feature gates to enable
the CSI migration in vSphere and Azure File plugins.

See openshift/enhancements#549 for details.

Stop <carrying> the patch when CSI migration becomes GA (i.e.
features.CSIMigrationAzureFile / features.CSIMigrationVSphere
are GA).

UPSTREAM: <carry>: Skip in-tree topology tests win Azure Disk migrated to CSI

Skip test that depend on in-tree Azure Disk volume plugin that (wrongly)
uses failure domains for value of "topology.kubernetes.io/zone" label in
Azure regions that don't have availability zones.

Our e2e tests blindly use that label and expect that a volume provisioned
in such a "zone" can be used only by nodes in that "zone" (= topology
domain). This is false, Azure Disk CSI driver can use such a volume in any
zone and therefore the test may randomly fail.

See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2066865

UPSTREAM: <carry>: Stop ignoring generated openapi definitions

openshift/origin needs to be able to vendor these definitions so they
need to be committed.

OpenShift-Rebase-Source: 514f181
OpenShift-Rebase-Source: 87e220b
OpenShift-Rebase-Source: b25e156
OpenShift-Rebase-Source: 2256387
OpenShift-Rebase-Source: e4d66c1
OpenShift-Rebase-Source: 5af594b

UPSTREAM: <carry>: disable tests for features in alpha

UPSTREAM: <carry>: disable tests dependent on StackDriver

UPSTREAM: <carry>: add default sysctls for kubelet in rpm

UPSTREAM: <carry>: add new approvers

UPSTREAM: <carry>: update rebase doc

UPSTREAM: <carry>: update hyperkube image version

Updated builder as well.

UPSTREAM: <carry>: add missing generated file

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Add CSI mock volume tests. In upstream these tests were moved
to a different package, so we stopped generating their names
in OpenShift. This patch fixes that.

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Disable CSI mock tests for SELinux and RecoverVolumeExpansionFailure, which
are alpha features and require additional work to get enabled.

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

UPSTREAM: <carry>: update rebase doc

UPSTREAM: <carry>: disable failing dnsPolicy test

UPSTREAM: <carry>: Create minimal wrapper needed to run k8s e2e tests

UPSTREAM: <carry>: Change annotation mechanics to allow injecting testMaps and filter out tests

UPSTREAM: <carry>: Move k8s-specific rules to our fork

UPSTREAM: <carry>: Create minimal wrapper needed to run k8s e2e tests

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Update the list of tests that should be skipped.

UPSTREAM: <carry>: Force using host go always and use host libriaries

UPSTREAM: <carry>: ignore vendor when generating code

UPSTREAM: <carry>: ignore vendor when installing ncpu from hack/tools

UPSTREAM: <carry>: move test rules from origin

These were brought back in o/o PRs as follows:
- netpol - openshift/origin#26775
- schedulerpreemption - openshift/origin#27874

UPSTREAM: <carry>: UserNamespacesSupport feature was rename to UserNamespacesStatelessPodsSupport

See commit 531d38e.

UPSTREAM: <carry>: allow apiserver-library-go to depend on k8s.io/kubernetes

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Remove commitchecker.

UPSTREAM: <carry>: Force using host go always and use host libriaries

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Update builder images.

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Bump builder and base images to OCP 4.15 and RHEL 9 (where possible).

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Update REBASE.openshift.md file with new RHEL 9 images.

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

Remove "git rerere" suggestion. This has shown to be problematic in some cases.

UPSTREAM: <carry>: Fix sporadic 141 errors in build-rpms

"head" sometimes exits before "rpmspec" finishes piping it all its data.
Workaround that by separating the rpmspec and head calls.

UPSTREAM: <carry>: Disable e2e tests related to AdmissionWebhookMatchConditions

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs
1. Fix failure while running the verify.import-boss case
2. Add verify-govulncheck.sh to the excluded pattern
   This requires a new package to be installed on the fly and the same fails with the following error.
   `go: golang.org/x/vuln/cmd/govulncheck@v1.0.1: cannot query module due to -mod=vendor`
   The above error needs to be fixed before enabling this `govulncheck`

UPSTREAM: <carry>: switch to go1.21

UPSTREAM: <carry>: use snyk file

UPSTREAM: <carry>: RPM: Split apiserver, scheduler, k-c-m, kubelet into subpackages

This change should allow us to install a much smaller set of binaries
into RHCOS while preserving functional compatibility with with anyone
who installs `openshift-hyperkube` today as it requires all sub packages.
Those wishing to have just the kubelet can begin installing
`openshift-hyperkube-kubelet`

-rwxr-xr-x. 2 root root 129M Jan  1  1970 /usr/bin/kube-apiserver
-rwxr-xr-x. 2 root root 114M Jan  1  1970 /usr/bin/kube-controller-manager
-rwxr-xr-x. 2 root root  54M Jan  1  1970 /usr/bin/kube-scheduler
-rwxr-xr-x. 2 root root 105M Jan  1  1970 /usr/bin/kubelet
-rwxr-xr-x. 2 root root 3.5K Jan  1  1970 /usr/bin/kubensenter

Should save about 297M or 74% in most environments where the kubelet is
all that's desired.

It's not clear to me why these were ever in the RPM since OCP 4.x but this
packaging should remain compatible as openshift-hyperkube depends on
 - openshift-kubelet
 - openshift-kube-apiserver
 - openshift-kube-scheduler
 - openshift-kube-controller-manager

UPSTREAM: <carry>: openshift-hack/images/os: delete

All the logic there is geared towards `machine-os-content` which is no
longer used at all in the cluster.

Nowadays, the container to modify is `rhel-coreos`, which is what is
already being done in CI:

https://github.com/openshift/release/blob/463a8f244ba0f807e76e6fdf974f98d24efd1ced/ci-operator/config/openshift/kubernetes/openshift-kubernetes-master.yaml#L87-L97

UPSTREAM: <carry>: Disable SCCs in k8s-e2e.test namespaces

We want to run upstream e2e tests ignored by SCCs. Make sure the test
namespaces have label
security.openshift.io/disable-securitycontextconstraints: true and disabled
podSecurityLabelSync.

UPSTREAM: <carry>: Enable SELinux tests

Now that k8s-e2e.test is not affected by SCCs, all SELinux tests should
pass.

UPSTREAM: <carry>: update test rules

UPSTREAM: <carry>: permanently disable NodeLogQuery e2e test

Tests require SSH configuration and is part of the parallel suite, which
does not create the bastion host. Enabling the test would result in the
bastion being created for every parallel test execution. Given that we
have existing oc and WMCO  tests that cover this functionality, we can
safely disable it.

UPSTREAM: <carry>: clean OpenShift tooling

UPSTREAM: <carry>: Add Dockerfile to buld kube-apiserver for openshift-install architectures

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

UPSTREAM: <carry>: Create minimal wrapper needed to run k8s e2e tests

UPSTREAM: <carry>: Add update go workspace step to the update flow

Given we verify go workspace, we need to do `update-go-workspace`
step during `make update`

UPSTREAM: <carry>: Provide SCC access via RBAC

UPSTREAM: <carry>: add native build to installer image

This is needed for the s390x/ppc64le arches since we just cross-compile
to linux amd/arm64.

UPSTREAM: <carry>: update docker image to use go 1.22

UPSTREAM: <carry>: update rules.go

UPSTREAM: <carry>: Skip eviction test on tainted nodes for SNO jobs

UPSTREAM: <carry>: OCPBUGS-34102: force static build of linux binaries

Setting `KUBE_STATIC_OVERRIDES` is necessary for the kubernetes build
system to attempt a static build but we also need to set
`GO_COMPLIANCE_EXCLUDE` so the `CGO_ENABLED` value is not overridden by
the fips-or-die toolchain used to build the release payload.

This fixes an issue when running the openshift-installer in
centos7/rhel8 systems which fails with:
```
E0521 18:04:24.925722    2077 server.go:317] "unable to start the controlplane" err="unable to run command \"cluster-api/kube-apiserver\" to check for flag \"insecure-port\": exit status 1" logger="controller-runtime.test-env" tries=4
ERROR failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed to run cluster api system: failed to run local control plane: unable to start control plane itself: failed to start the controlplane. ret\
ried 5 times: unable to run command "cluster-api/kube-apiserver" to check for flag "insecure-port": exit status 1
```
because it's trying to run a dynamically-linked kube-apiserver binary.

UPSTREAM: <carry>: inject k8s version from hyperkube Dockerfile

Squash to openshift tooling.

UPSTREAM: <carry>: sync imports and update test rules

This should be suqashed with tooling.

UPSTREAM: <carry>: use host etcd

UPSTREAM: <carry>: skip storage tests

UPSTREAM: <carry>: skip PodLifecycleSleepAction test

UPSTREAM: <carry>: add tool to validate test packages imported

UPSTREAM: <carry>: update test annotations for sno

recent addition of upstream architecture package to openshift tests include.go is breaking conformance tests for sno
should squash with tooling

Signed-off-by: ehila <ehila@redhat.com>

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

bump images to 4.18 and kubernetes to 1.31.0

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

update Disabled:Alpha test rules

UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs

disable verify-e2e-suites.sh

UPSTREAM: <carry>: skip VolumeAttributesClass tests
  • Loading branch information
marun authored and atiratree committed Sep 13, 2024
commit c3a4fe9e9d500af24754c27c54ddb247c875b118
4 changes: 4 additions & 0 deletions .ci-operator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
build_root_image:
name: release
namespace: openshift
tag: rhel-9-release-golang-1.22-openshift-4.18
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -124,3 +124,10 @@ zz_generated_*_test.go

# generated by verify-vendor.sh
vendordiff.patch

# Ignore openshift source archives produced as part of rpm build
openshift*.tar.gz

# Ensure that openapi definitions are not ignored to ensure that
# openshift/origin can vendor them.
!pkg/generated/openapi/zz_generated.openapi.go
9 changes: 9 additions & 0 deletions .snyk
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# References:
# https://docs.snyk.io/scan-applications/snyk-code/using-snyk-code-from-the-cli/excluding-directories-and-files-from-the-snyk-code-cli-test
# https://docs.snyk.io/snyk-cli/commands/ignore
exclude:
global:
- "**/vendor/**"
- "**/*_test.go"
- "**/testdata/**"
- "**/cluster/**"
32 changes: 32 additions & 0 deletions DOWNSTREAM_OWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# See the OWNERS docs at https://go.k8s.io/owners

filters:
".*":
# Downstream reviewers, don't have to match those in OWNERS
reviewers:
- bertinatto
- deads2k
- jerpeter1
- p0lyn0mial
- soltysh
- tkashem

# Approvers are limited to the team that manages rebases and pays the price for carries that are introduced
approvers:
- bertinatto
- deads2k
- jerpeter1
- p0lyn0mial
- soltysh
- tkashem

"^\\.go.(mod|sum)$":
labels:
- "vendor-update"
"^vendor/.*":
labels:
- "vendor-update"
"^staging/.*":
labels:
- "vendor-update"
component: kube-apiserver
73 changes: 73 additions & 0 deletions README.openshift.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# OpenShift's fork of k8s.io/kubernetes

This respository contains core Kubernetes components with OpenShift-specific patches.

## Cherry-picking an upstream commit into openshift/kubernetes: Why, how, and when.

`openshift/kubernetes` carries patches on top of each rebase in one of two ways:

1. *periodic rebases* against an upstream Kubernetes tag. Eventually,
any code you have in upstream Kubernetes will land in Openshift via
this mechanism.

2. Cherry-picked patches for important *bug fixes*. We really try to
limit feature back-porting entirely. Unless there are exceptional circumstances, your backport should at least be merged in kubernetes master branch. With every carry patch (not included in upstream) you are introducing a maintenance burden for the team managing rebases.

### For Openshift newcomers: Pick my Kubernetes fix into Openshift vs. wait for the next rebase?

Assuming you read the bullets above... If your patch is really far behind, for
example, if there have been 5 commits modifying the directory you care about,
cherry picking will be increasingly difficult and you should consider waiting
for the next rebase, which will likely include the commit you care about or at
least decrease the amount of cherry picks you need to do to merge.

To really know the answer, you need to know *how many commits behind you are in
a particular directory*, often.

To do this, just use git log, like so (using pkg/scheduler/ as an example).

```
MYDIR=pkg/scheduler/algorithm git log --oneline --
${MYDIR} | grep UPSTREAM | cut -d' ' -f 4-10 | head -1
```

The commit message printed above will tell you:

- what the LAST commit in Kubernetes was (which effected
"/pkg/scheduler/algorithm")
- directory, which will give you an intuition about how "hot" the code you are
cherry picking is. If it has changed a lot, recently, then that means you
probably will want to wait for a rebase to land.

### Cherry-picking an upstream change

Since `openshift/kubernetes` closely resembles `k8s.io/kubernetes`,
cherry-picking largely involves proposing upstream commits in a PR to our
downstream fork. Other than the usual potential for merge conflicts, the
commit messages for all commits proposed to `openshift/kubernetes` must
reflect the following:

- `UPSTREAM: <UPSTREAM PR ID>:` The prefix for upstream commits to ensure
correct handling during a future rebase. The person performing the rebase
will know to omit a commit with this prefix if the referenced PR is already
present in the new base history.
- `UPSTREAM: <drop>:` The prefix for downstream commits of code that is
generated (i.e. via `make update`) or that should not be retained by the
next rebase.
- `UPSTREAM: <carry>:` The prefix for downstream commits that maintain
downstream-specific behavior (i.e. to ensure an upstream change is
compatible with OpenShift). Commits with this are usually retained across
rebases.

## Updating openshift/kubernetes to a new upstream release

Instructions for rebasing `openshift/kubernetes` are maintained in a [separate
document](REBASE.openshift.md).

## RPM Packaging

A specfile is included in this repo which can be used to produce RPMs
including the openshift binary. While the specfile will be kept up to
date with build requirements the version is not updated. Building the
rpm with the `openshift-hack/build-rpms.sh` helper script will ensure
that the version is set correctly.
Loading