mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 20:59:41 +02:00
19347a7c4e
1591 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Christopher Clark
|
19347a7c4e |
qemuboot, xen-image-minimal: enable runqemu for qemuarm64 Xen images
The Xen hypervisor built for Arm 64-bit targets can be launched with runqemu by providing a Device Tree binary and configuration for Qemu, which enables interactive testing of Xen images. Add qemuboot-xen-dtb.bbclass to add a new bitbake task for generating the dtb file by using lopper on a device tree produced by Qemu. Add qemuboot-xen-defaults.bbclass to supply working default parameters for the qemuarm64 machine and general support for qemuboot for Xen, and adjust the defaults as needed to boot successfully in testing. Development aided by this script by Stewart Hildebrand of DornerWorks: https://gist.github.com/stewdk/110f43e0cc1d905fc6ed4c7e10d8d35e Signed-off-by: Christopher Clark <christopher.clark@starlab.io> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Christopher Clark
|
29796322c2 |
lopper, python-dtc: add new recipes for device tree tools
This device tree tooling is being added as a prequisite for enabling qemuboot with the Arm 64-bit version of the Xen hypervisor. lopper: a tool for performing operations on device tree files. A new recipe inspired by the original from meta-xilinx-bsp. python-dtc: a python library for the Device Tree compiler. This is a prerequisite for lopper. Updated import of recipe from meta-xilinx-bsp for the latest release, version 1.6.1. Signed-off-by: Christopher Clark <christopher.clark@starlab.io> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
11036424a9 |
k8s: update to v1.12.0-alpha
Bumping kubernetes to version v1.23.0-alpha.0-33-gd9d4f0c69cb, which comprises the following commits:
363d47c08c8 staging/publishing: fix rules for legacy-cloud-providers for 1.22
6d1556df7bb Update to using apiserver-network-proxy v1.22
7728428f017 Do not try to create an audit log file named "-"
77afa53f9d3 Add e2e testing manifest bundle to e2e_node test suite
0cce9a4a6c6 Remove conformance status from a sysctl test and relabel
0aa16fae5b8 staging/publishing: add release-1.22 rules
3af4fe8c9b6 Use pointer gomega comparison for UsageNanoCores
2a4a1c1d005 disable aufs module
0610968bfaa bump metrics-server to 0.5.0
c5aead020b6 cluster: fix CI metrics-server deployment
9103b7187c9 Fetch metrics from controller manager & scheduler no run once
236e72cf8a9 Make CSR cleaner tolerate objects with invalid status.certificate
c1bac408803 Fix SIG Node SSH e2e test
33feaee2c2d Fix windows storage tests
fac3dd6914f CHANGELOG: Update directory for v1.22.0-rc.0 release
59c0523bca0 Using ServiceIPs instead of DNS names in the NetworkPolicy Probes + adding Interface decoupling (#102354)
536cf819747 Add konnectivity agent to log dump
d7ee024cc5d kubelet: Make condition processing in one spot
c2a6d07b8f0 kubelet: Avoid allocating multiple times during status
9efd40d72ad kubelet: Preserve reason/message when phase changes
9d0b32858a5 update cos 85 version to latest.
e5b434e990d kubelet/cm: don't set Devices
eb5df869baa vendor: bump runc to 1.0.1
aeb82243fc8 Revert "tests for statefulset PersistentVolumeClaimDeletePolicy api change"
faed88bb720 Add additional APF test for handling other panic types
ef435b85b47 Optimize APF support for watch initialization to fix the pod startup time regression.
1f2902a336c Fix panic in master upgrade tests
e5a1f86e0ac add apiserver tracing integration test, and fix endpoint validation
10a3cc815be Revert "statefulset PersistentVolumeClaimDeletePolicy api change"
fb5b966a88a Revert "Add StatefulSetAutoDeletePVC feature gate"
0d1aa3a1b87 CHANGELOG: Update directory for v1.21.3 release
1e5ba82fd0b CHANGELOG: Update directory for v1.20.9 release
fc6a5be694a CHANGELOG: Update directory for v1.19.13 release
be34dc95b5d Remove E2E test for NodePreferAvoidPods scheduling Score
a2ea04bab3e tests: Updates cuda-vector-add:1.0 image to the promoted registry
a3b6f0557d2 device-plugins: replace gcr.io/gke-release to use the community registry
f5bc129a991 CHANGELOG: Update directory for v1.22.0-beta.2 release
a6ac42082b4 client-go exec: fix metrics related to plugin not found
5e1b5ec398c Revert counting deleted pods as failures for Job
75748c185ea enable verify-golangci-lint.sh
07332ad3985 fix ineffassign and varcheck
26cc8e40a8f fix deadcode issues
b74fe232e34 update golangci-lint to newer version
416efdab26a Remove Endpoints write access from aggregated edit role
6c61ee51b90 Revert granting EndpointSlice write access to edit role
de9cdab5ae3 kubelet: Prevent runtime-only pods from going into terminated phase
aaa7de0ac67 Update API description for probe.terminationGracePeriodSeconds
bf2ae14501e Move feature flag to beta (but leave as false) and remove the feature flag from Kubelet
83f8d1ad72d [go1.16] Update to go1.16.6
65618bfd696 Add sync reconstructed volume from desired state of world for volumemanager
9fa641b9add test/integration/endpoints: check for pod existencen in TestEndpointWithTerminatingPod
1280a365e4a Revert "use PermitWithoutStream=true for etcd: send pings even without active stream"
bc475373b24 Drop direct dependency on gotest.tools
32783f75684 PodSecurity: Initial webhook implementation
2878e472ad7 test/integration/endpoints: improve docs for TestEndpointWithTerminatingPod
0aa1b3b0bfc test/integration/endpoints: add a test to ensure Endpoints does not include terminating pods
642eff0c69d Rename NodeSwapEnabled flag to NodeSwap
d1ef44242a3 Make khenidak a sig-net approver
c2aaf0667fd PodSecurity: make integration tests run sparsely
9dd59017c4c add tracing to webhook requests
581b088f760 integration test: provide a timeout for /health
a570008cbd6 apf: fix virtual clock
5918869ed6c Revert 103327: "kube-scheduler: ensure the default config output of --write-to-config is usable"
1727cea64c1 Fix index out of range if multiple default plugins are overridden
b14c10ae301 create LeaderMigrationConfiguration v1beta1
40b2155ddb7 promote ControllerManagerLeaderMigration to beta.
995278c9fbb add ControllerManagerLeaderMigration as beta
513bd93f76d update test for feature gate
412962204ff Fix the code is leaking the defaulting between unrelated pod instances
2b88dc381e1 [PodSecurity] Add test coverage for pod-template-containing objects
0fa01c371c9 Mark volume mount as uncertain in case of volume expansion fails
fd0db61d6c3 test/intergration/endpointslice: add tests for endpointslice terminating condition
826a5219dac promote EndpointSliceTerminatingCondition to Beta
a2fb8b00392 smtalign: e2e: add tests
23abdab2b77 smtalign: propagate policy options to policies
6dcec345dfb smtalign: cm: factor out admission response
c5cb263dcf2 smtalign: propagate policy options to cpumanager
6dccad45b4f smtalign: add auto generated code
cc76a756e40 smtalign: add cpu-manager-policy-options flag in Kubelet
649b87aaf85 prevent mutation of deletion options during delete collection
d95b14e1abf Revert "apiserver: add callback to get notified of object count"
d5d9327351d Only use dualstack if the node and config supports it
8e2b728c68a Explicitly skip host file mounting for windows
2dd26221881 Track Job Pods completion in status
7da1a0b2304 update the help text of KubeletConfig following the DynamicKubletConfig feature deprecation
41c5bca3496 kubectl: update set command description to include cronjob resource (#102503)
bb56a0bd048 Add Job.status.uncountedPodUIDs
418fa71b6b1 Simplify use of the fake dynamic client
62d7a417fa6 CHANGELOG: Update directory for v1.22.0-beta.1 release
40f1db8d2d4 update license gathering script for forked code
79e230ea212 fix kubelet panic when DynamicKubeletConfig enabled
b6b3a692843 Don't set sysctl net.ipv4.vs.conn_reuse_mode for kernels >=5.9
369c4a2b98b Use cmp.Diff() replace reflect and diagnosis
7f9d2eda828 limit warnings to requests that would otherwise succeed, reformat warning message
36907db929e PodSecurity: Drop field path from container visitor
78953990777 PodSecurity: seLinuxOptions: regenerate files
d5419707516 PodSecurity: seLinuxOptions: cleanup
19c8ab297c0 PodSecurity: sysctls: cleanup
e178695c25b PodSecurity: seccompProfile_baseline: regenerate files
bebf6129672 PodSecurity: seccompProfile_baseline: cleanup
2af08d1a5a0 PodSecurity: seccompProfile_restricted: regenerate files
88a12412998 PodSecurity: seccompProfile_restricted: cleanup
43146d4377f PodSecurity: runAsNonRoot: regenerate files
5fc06591a2c PodSecurity: runAsNonRoot: cleanup
edb7cdb02aa PodSecurity: restrictedVolumes: regenerate files
676240a342a PodSecurity: restrictedVolumes: cleanup
4a69c579923 PodSecurity: procMount: cleanup
f9b8dfd0e69 PodSecurity: privileged: cleanup
7c704674003 PodSecurity: windowsHostProcess: regenerate files
9dce1d6a493 PodSecurity: windowsHostProcess: cleanup
45485bb7aea PodSecurity: hostPorts: cleanup
f709cf05f41 PodSecurity: hostPathVolumes: regenerate files
a39c448684a PodSecurity: hostPathVolumes: cleanup
826c57701c7 PodSecurity: hostNamespaces: cleanup
62b71175e74 PodSecurity: restricted capabilities: regenerate files
f10dfc6e304 PodSecurity: restricted capabilities: cleanup
bd4dc42a72e PodSecurity: baseline capabilities: regenerate files
809abf4f5b9 PodSecurity: baseline capabilities: cleanup
b390e9e32dd PodSecurity: appArmorProfile: cleanup
8291f8490b9 PodSecurity: allowPrivilegeEscalation: regenerate files
1e2886341a6 PodSecurity: allowPrivilegeEscalation: cleanup
648b970718e PodSecurity: add message helper
92541f46e6b Restore ability to print long strings
5d80665b0a6 Fix dbus config path for GracefulNodeShutdown e2e
6c72fbaa899 update vendor after switch
79d0c6cdc10 switch from golang-lru to the one in k8s.io/utils
3a221b33324 update to new k8s.io/utils
a3f57886a26 fix CleanScope so we can resolve correct verb for apiserver_request_terminations_total
a6b30e96294 podsecurity: added ValidatePodSecurityConfiguration
c3d9b10ca83 feature: support Memory QoS for cgroups v2
80dda49ce22 Service: Fix semantics for Update wrt allocations
6cf3e36c370 kubeadm: statically default the "from cluster" InitConfiguration
0a42f7b9890 Graduate EndpointSliceProxying and WindowsEndpointSliceProxying Gates
1dfacd3c702 PodSecurity: use code/reason/details from admission library
fb9cafc99be sched: provide an option for plugin developers to move pods to activeQ
9bd857ca047 Truncate endpoints over a 1000 addresses
d9e3fbff949 apf: fix bootstrap ensurer log message
bb3fe633b47 add test for triggering race condition
33e6ebc8f8d update translations
ab1807f2bcb copy podStatus.ContainerStatuses before sorting it
1e0f695afa9 fix translations location in update-translations.sh
6408f3dffc0 Update generated files
250f47a45c5 Rename to capabilities_restricted
08608a24f14 Update dropCapabilities check/fixtures
ce257266aa7 client-go: copying object to fix data race (#103148)
2c116055f7e [disruptioncontroller] Don't error for unmanaged pods
a8793dcb3e2 Implement check_dropAllCapabilities.go and test/fixtures_dropAllCapabilities.go
3fadea4ea2e Bump version of Addon Resizer used by Metrics Server
6b736f34848 Minor adjustments to descriptions and example text
cea1dcfeed2 Add watch tracker to APF for request cost estimation
2df05df6982 Avoid code duplication in watchcache
96406b915d3 Clean up the remaining master names in test/integration
7f1c4977d7a Refinements to pick queue logic in P&F
26e83ac4d43 kubelet: ignore /dev/kmsg error when running in userns
192790c52fe kube-proxy: allow running in userns
dbe01551397 kubelet/cm: ignore sysctl error when running in userns
b16323e37ce New feature gate: KubeletInUserNamespace
af19d7f415d fix delete nil pointer panic
d8fe255f413 Add test for validateProbe
e378600c90d Add validation for Prober TerminationGracePeriodSeconds
1ff5ae2cb5f Regenerate
20de04d6c30 Update API documents
00dba76918e Add DataSourceRef field to PVC spec
5b787aa1843 Clean up testing of AllocateLoadBalancerNodePorts
eae4a19bd35 Fix small bug with AllocateLoadBalancerNodePorts
3eadd1a9ead Keep pod worker running until pod is truly complete
68dadd40d63 Fix pkg/api/pod/util tests to ensure feature gate is set
adcfcfa2e78 add yaml separator validation and avoid silent ignoration
04d59ff2df3 test/e2e/network: add Service internalTrafficPolicy test for pod (w/ host network) -> pod (w/ host network)
9977ea371b1 test/e2e/network: add Service internalTrafficPolicy test for pod -> pod (w/ host network)
025c95a778b test/e2e/network: add Service internalTrafficPolicy test pod (w/ host network) -> pod
f6bc5d01402 test/e2e/network: add Service internalTrafficPolicy test pod to pod
2d0f99fba18 Fix resource metrics e2e test
28152a26fee fix: return empty VMAS name if using standalone VM
ad8275f294f Added unit tests for ExpandPathsToFileVisitors
dffc2a60a28 deprecate and disable by default DynamicKubeletConfig feature flag
68ccb8a9477 Use system-validators v1.5.0
b1f34ea205f add RetryOnConflict to pod status updates
6d4096cc69a Upgrade kustomize-in-kubectl to v4.2.0
a46b42a92b8 Manually update kustomize attachment points.
212ce7c2871 Shorten test time
a42c066af70 Fix Data Race in nodeshutdown restart
c69ad8c57a3 e2e: increase readiness gate timeout
71f810bb71e Add distributed tracing to the etcd client
babebf76d39 Apply PSP container tests to EphemeralContainers
aff49ca6846 Generated code for securityContext in EphemeralContainers
70765fa24d5 Allow securityContext in EphemeralContainers
ebe550bd488 Upgrade etcd to 3.5.0
7839668877e GCE Windows: Set TCP/IP parameters to keep idle connections alive on GCE.
30d2ad576ac Remove ManagedPod,ManagedContainer metrics
1c8675fc02f Ensure node e2e apiserver and test suite can open enough files
c4e644406ed test images: Adds windows-nanoserver image
d5cb5065c46 Skip node container manager test on systemd
03d60a89a0c Add build instruction for buildx CLI plugin
82e4ab5ec62 Improve slice allocation in LabelSelectorAsSelector
19c23949154 Add benchmark for LabelSelectorAsSelector
3f0b64ec959 kubectl: show consistent unit format in quota describe
0a83041d4d3 remove Factory that not used
9e372bffeff e2e: test SSH port on NodeSSHHosts
c12aa0f6b75 promote HugePageStorageMediumSize to GA
849dbe034b3 use PermitWithoutStream=true for etcd: send pings even without active streams
29178fff1c9 Add kubelet managed pod metrics
b42c1a3e474 test images: Adds cuda-vector-add-old image
a70323d6320 Updating OWNERS_ALIASES for SIG-Windows
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
b4a4f24b1c |
podman: update to 3.2.3 latest
There's not much here, but we pickup the 3.2.4-dev parsing bump in preparation for that development stream. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
0b31c44e0d |
containerd: update to 1.5.4
Bumping containerd to version v1.5.4-12-g1c13c54ca, which comprises the following commits:
7b17268fd remotes/docker/pusher.go: Fix missing Close()
2f11d5855 remotes/docker/fetcher.go: Fix missing Close()
4c1722e2b Update docker resolver to authorize redirects
166a81f88 snapshot/devmapper: log exported methods correctly
d2cb9949b go.mod: runc v1.0.1
6807d070e update runc binary to v1.0.1
81cfab8f5 Prepare release notes for v1.5.4
d9b284bfd Try next mirror in case of non-404 errors, too
48d7a5c5c Prepare release notes for 1.5.3
defaec610 Update mailmap
43d089233 integration/client: go mod tidy
ac7bd5483 Update Go to 1.16.6 (cont.)
385d9ed00 Update Go to 1.16.6
a695a0704 [Vendor] Update hcsshim to 0.8.18
0515f9d2d Fix missing Body.Close() calls on push to docker remote
f5c7cb6e0 Add test for archive breakout test for lchmod
37a44de17 Cleanup lchmod logic in archive
78b95dff2 update runc binary to v1.0.0 GA
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
9cfb3ae103 |
k3s: update to v1.21.3
Bumping k3s to version v1.21.3+k3s1, which comprises the following commits:
786f91b997 Fix multiple bootstrap keys found
b9cc6409f4 Bump containerd to v1.4.8-k3s1
c15259d925 Fix to allow prune to correctly cleanup custom named snapshots (#3649) (#3672)
659002f153 [release-1.21] Upgrade k3s-root version
9c981b0184 [release-1.21] Bump Kubernetes to v1.21.3 (#3652)
9859ec7a81 [release-1.21] - Backport Fix storing bootstrap data with empty token string (#3514)
5a88b5b3ea Emit events for AddOn lifecycle
ab0520f44e Add comments, clean up imports and function names
411d7e6753 Tidy up function calls with many args
ff0451c4dd Add nodename to UA string for deploy controller
c3d134a405 prevent snapshot save when snapshots are disabled (#3475) (#3610)
267adf64dc Bump the packaged runc binary version
42ab13a869 Update etcd snapshot error message to be more informative when etcd database is not found (#3592)
bbd4fb9888 Dispatch to rancher/system-agent-installer-k3s when tagged
0c5577a8ec [Backport 1.21] Update embedded kube-router (#3557) (#3595)
04d425289f Fix spelling to satisfy codespell check
733ca42b6a go mod vendor
9863b92eb4 Bump rancher/klipper-helm image in airgap image-list.txt
0a5bca7ea2 Bump helm-controller to v0.10.1
0c2d8376d0 Changes local storage pods to have 700 permissions (#3537) (#3548)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
c4fd021309 |
docker-ce: update to 20.10.7
Bumping docker to version v20.10.7-41-g013d6655bb, which comprises the following commits:
067918a8c3 [20.10] update containerd binary v1.4.8
b0da207af4 Bump go 1.16.6 (addresses CVE-2021-34558)
abe8c4e80d updated vendored archive/tar to go1.16.5
7c6645b32b update archive/tar patch for go 1.16
55c363ef48 Bump go 1.16.5
8b0913935c integration: ensurePlugin: disable go modules when building plugin
09a7efb1f7 hack/ci/windows.ps1: disable go modules
6793ff26d8 pkg/fileutils: TestMatches: remove cases no longer valid for go1.16
ab9a92f79c Update test certificates
1d4a06e610 hack: add script to regenerate certificates
feaca9816a hack/vendor: add check for vendored archive/tar
793340a33a [20.10] update containerd binary to v1.4.7
7429792eed docker pull: warn when pulled single-arch image does not match --platform
72b66d56a5 [20.10] vendor github.com/Microsoft/hcsshim 64a2b71405dacf76c95600f4c756a991ad09cf7c (moby branch)
50c392c9ff API: fix 404 status description on container create
025e3a7898 Update v1.41.yaml
b9cf7b7db5 rootless: fix "x509: certificate signed by unknown authority" on openSUSE Tumbleweed
869b50e10b rootless: disable overlay2 if running with SELinux
44f95c7126 dockerd-rootless.sh: avoid /run/xtables.lock EACCES on SELinux hosts
78bb0f445a Dockerfile: update go-swagger to fix validation on Go1.16
618f6a79ab Run s390x tests on Ubuntu 20.04
872cb16edb update runc binary to v1.0.0 GA
4d42e18c05 vendor: swarmkit to fix deadlock in log broker
89edb68e89 Fix possible overlapping IPs
523f8b397c Jenkinsfile: skip ppc64le and s390x by default on pull requests
a57fc0eb15 Fix setting swaplimit=true without checking
6474dada20 vendor: github.com/moby/buildkit v0.8.3-3-g244e8cde
895eaacdd4 vendor: github.com/moby/buildkit v0.8.3
003e3c0551 pkg/signal: ignore SIGURG on all platforms
95551168ac vendor: github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
d29a55c6c3 vendor: github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8
94c1890d39 builder-next: relax second cache key requirements for schema1
2a0c446866 Use v2 capabilities in layer archives
Bumping docker-cli to version v20.10.7-20-ge9b8231d6a, which comprises the following commits:
8a64739631 Update Dockerfiles to latest syntax, remove "experimental"
260ba1a8a2 vendor: cpuguy83/go-md2man/v2 v2.0.1
f63cb8b97e vendor: github.com/russross/blackfriday/v2 v2.1.0
48e6b44379 Dockerfile: remove custom go build for windows/arm64
644c003606 circleCI: update docker engine to 20.10.6
0d17280a30 Jenkinsfile: update old engine version to 19.03
eedfe50a99 Jenkinsfile: update labels to prevent running on cgroups v2
f3dd1ee6c1 Fix minor wording
c7cf60f657 docs: Fix wrong bridge driver option
0168626037 vendor: github.com/docker/docker-credential-helpers v0.6.4
e3a9a92b14 vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compat
ab733b5564 [20.10] vendor: github.com/docker/docker v20.10.7
746c553574 docs: fix link to command-line reference
2945ba4f7a Ignore SIGURG on Darwin too
032e485e1c ForwardAllSignals: check if channel is closed, and remove warning
88de81ff21 Fix `docker start` blocking on signal handling
706ca7985b Revert "[20.10] Revert "Ignore SIGURG on Linux.""
8264f5be8d docs: dockerd: fix broken link and markdown touch-ups
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
ead79994b7 |
moby: update to 20.10.7
Bumping moby to version v20.10.7-41-g013d6655bb, which comprises the following commits:
067918a8c3 [20.10] update containerd binary v1.4.8
b0da207af4 Bump go 1.16.6 (addresses CVE-2021-34558)
abe8c4e80d updated vendored archive/tar to go1.16.5
7c6645b32b update archive/tar patch for go 1.16
55c363ef48 Bump go 1.16.5
8b0913935c integration: ensurePlugin: disable go modules when building plugin
09a7efb1f7 hack/ci/windows.ps1: disable go modules
6793ff26d8 pkg/fileutils: TestMatches: remove cases no longer valid for go1.16
ab9a92f79c Update test certificates
1d4a06e610 hack: add script to regenerate certificates
feaca9816a hack/vendor: add check for vendored archive/tar
793340a33a [20.10] update containerd binary to v1.4.7
7429792eed docker pull: warn when pulled single-arch image does not match --platform
72b66d56a5 [20.10] vendor github.com/Microsoft/hcsshim 64a2b71405dacf76c95600f4c756a991ad09cf7c (moby branch)
50c392c9ff API: fix 404 status description on container create
025e3a7898 Update v1.41.yaml
b9cf7b7db5 rootless: fix "x509: certificate signed by unknown authority" on openSUSE Tumbleweed
869b50e10b rootless: disable overlay2 if running with SELinux
44f95c7126 dockerd-rootless.sh: avoid /run/xtables.lock EACCES on SELinux hosts
78bb0f445a Dockerfile: update go-swagger to fix validation on Go1.16
618f6a79ab Run s390x tests on Ubuntu 20.04
872cb16edb update runc binary to v1.0.0 GA
4d42e18c05 vendor: swarmkit to fix deadlock in log broker
89edb68e89 Fix possible overlapping IPs
523f8b397c Jenkinsfile: skip ppc64le and s390x by default on pull requests
a57fc0eb15 Fix setting swaplimit=true without checking
6474dada20 vendor: github.com/moby/buildkit v0.8.3-3-g244e8cde
895eaacdd4 vendor: github.com/moby/buildkit v0.8.3
003e3c0551 pkg/signal: ignore SIGURG on all platforms
95551168ac vendor: github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
d29a55c6c3 vendor: github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8
94c1890d39 builder-next: relax second cache key requirements for schema1
2a0c446866 Use v2 capabilities in layer archives
Bumping docker-cli to version v20.10.7-20-ge9b8231d6a, which comprises the following commits:
8a64739631 Update Dockerfiles to latest syntax, remove "experimental"
260ba1a8a2 vendor: cpuguy83/go-md2man/v2 v2.0.1
f63cb8b97e vendor: github.com/russross/blackfriday/v2 v2.1.0
48e6b44379 Dockerfile: remove custom go build for windows/arm64
644c003606 circleCI: update docker engine to 20.10.6
0d17280a30 Jenkinsfile: update old engine version to 19.03
eedfe50a99 Jenkinsfile: update labels to prevent running on cgroups v2
f3dd1ee6c1 Fix minor wording
c7cf60f657 docs: Fix wrong bridge driver option
0168626037 vendor: github.com/docker/docker-credential-helpers v0.6.4
e3a9a92b14 vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compat
ab733b5564 [20.10] vendor: github.com/docker/docker v20.10.7
746c553574 docs: fix link to command-line reference
2945ba4f7a Ignore SIGURG on Darwin too
032e485e1c ForwardAllSignals: check if channel is closed, and remove warning
88de81ff21 Fix `docker start` blocking on signal handling
706ca7985b Revert "[20.10] Revert "Ignore SIGURG on Linux.""
8264f5be8d docs: dockerd: fix broken link and markdown touch-ups
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Martin Jansa
|
281ac2184b |
uxen-guest-tools: inherit dos2unix to fix do_patch failure
* fixes: ERROR: uxen-guest-tools-4.1.7-r0 do_patch: Command Error: 'quilt --quiltrc /OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/uxen-guest-tools/4.1.7-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output: stdout: Applying patch fix-Makefile-for-OE-kernel-build.patch patching file Makefile Hunk #1 FAILED at 1 (different line endings). Hunk #2 FAILED at 19 (different line endings). 2 out of 2 hunks FAILED -- rejects in file Makefile Patch fix-Makefile-for-OE-kernel-build.patch does not apply (enforce with -f) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Leon Anavi
|
292e63d4fd |
python3-docker-compose: Upgrade 1.29.1 -> 1.29.2
Upgrade to release 1.29.2: - Remove prompt to use docker compose in the up command - Bump py to 1.10.0 in requirements-indirect.txt Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Leon Anavi
|
507adf6688 |
python3-bugsnag: Upgrade 4.0.2 -> 4.1.0
Upgrade to release 4.1.0: - Add support for breadcrumbs. These are short log statements that are attached to error reports to help diagnose what events led to the error. - Apply filtering with params_filters to bytes, not just strings Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Leon Anavi
|
f82d5f11be |
docker: Fix for sysvinit
Fix for rare legacy systems which still use simultaneously both sysvinit and systemd in DISTRO_FEATURES. This fix avoids issues during do_rootfs with postinstall scriptlets of ['docker-ce']. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
e510c748df |
podman: update to v3.2.3
Bumping libpod to version v3.2.3-2-g09e8afe3a, which comprises the following commits:
1e6fd46e9 Bump to v3.2.3
1d7ddf511 Update release notes for v3.2.3
e4c45e759 vendor containers/common@v0.38.16
cb7016224 vendor containers/buildah@v1.21.3
1a8b2a037 Fix race conditions in rootless cni setup
e54a513b9 CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
1469af265 Make rootless-cni setup more robust
6f9d9636a Support uid,gid,mode options for secrets
bed195bf8 vendor containers/common@v0.38.15
75431a455 [CI:DOCS] podman search: clarify that results depend on implementation
37570b7b7 vendor containers/common@v0.38.14
6ecedc161 vendor containers/common@v0.38.13
8a41bf3ee [3.2] vendor containers/common@v0.38.12
2c003d978 Bump README to v3.2.2
bb2cbf0d5 Bump to v3.2.3-dev
d577c44e3 Bump to v3.2.2
9f4afa1ea fix systemcontext to use correct TMPDIR
5dabff27d Scrub podman commands to use report package
647c2024e Fix volumes with uid and gid options
c2dcb3ee2 Vendor in c/common v0.38.11
ba70363f6 Initial release notes for v3.2.2
a9fd54775 Fix restoring of privileged containers
d5f0729b2 Fix handling of podman-remote build --device
90805fa39 Add support for podman remote build -f - .
854c27c0a Fix panic condition in cgroups.getAvailableControllers
b0dc157af Fix permissions on initially created named volumes
f5cdb95ee Fix building static podman-remote
1c04cfe83 add correct slirp ip to /etc/hosts
6c4ee8535 disable tty-size exec checks in system tests
6ba9617be Fix resize race with podman exec -it
eb6d4b0cf Fix documentation of the --format option of podman push
e5c939183 Fix systemd-resolved detection.
613f427a0 Health Check is not handled in the compat LibpodToContainerJSON
949573c5a Do not use inotify for OCICNI
ab5e770c4 getContainerNetworkInfo: lock netNsCtr before sync
b957bff8b [NO TESTS NEEDED] Create /etc/mtab with the correct ownership
6d394f0e4 Create the /etc/mtab file if does not exists
879d66e7d [v3.2] cp: do not allow dir->file copying
6f769bc0e create: support images with invalid platform
19a89db66 vendor containers/common@v0.38.10
e5c070baf logs: k8s-file: restore poll sleep
4d9a9149d logs: k8s-file: fix spurious error logs
dac2d31a2 utils: move message from warning to debug
60752b320 Bump to v3.2.2-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
99058cb9e0 |
containerd: update to v1.5.2 latest
Bumping containerd to version v1.5.2-18-g9be04c276, which comprises the following commits:
78b95dff2 update runc binary to v1.0.0 GA
a2dc682f1 sandbox: send pod UID to CNI plugins as K8S_POD_UID
9d8880816 content/local: inline sys.StatATimeAsTime()
3735a7dfe Fix incorrect UA used for registry authentication
31ecdf77d Fix cleanup context of teardownPodNetwork
b441ec19f Add proper Go version before project checks
d31f5e6b6 fix invalid validation error checking
3fd01c4ea Change Wrapf of non-error to an actual error
cba7b44b6 windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
354f729a4 Prepare release notes for v1.5.2
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
96c47ad0b8 |
oci-images: create backend .inc files
As part of allowing different types of oci images to be created, we split our IMG_cmd into .inc files that can then be specific to the selected type. For the umoci backend: We can take the same options as sloci expects and use umoci to create images. The resulting OCI image is similar, but by using umoci, we set the stage to do multi-tag, or multi-layer images in the future. But for now, we are functionally equivalent to the sloci backend. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Christopher Clark
|
62137a394f |
xen-tools: remove Arm 32-bit compiler flags override
The SECURITY_FLAGS are already passed into the tools build in HOST_CC_ARCH so this separate case override is not needed. Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Christopher Clark
|
c1cdd76a47 |
xtf: fix build with gcc11 SRCREV and specifying linker
Newer XTF revision works around GCC 11.1 issue 99578 and supplying the correct linker to use fixes the build. Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com> Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Christopher Clark
|
3e128c1bcd |
xen, xen-tools: fix build and passing of CFLAGS via Xen vars
Ensure that the Xen build system variables EXTRA_CFLAGS_XEN_CORE and
EXTRA_CFLAGS_XEN_TOOLS are passed into the compile steps.
Update the hypervisor compilation to avoid passing in most compile flags
from the build environment via EXTRA_CFLAGS_XEN_CORE -- prefer the
compiler defaults and the flags set by the Xen build system, so only the
debug prefix flags are provided.
Observeration derived from the prior commit
|
||
|
Christopher Clark
|
4d61693058 |
xen, xen-tools: apply upstream fixes for gcc11 compilation
Apply patches for the tools and hypervisor to Xen 4.15 and the git recipe and uprev Xen 4.14 to latest stable revision. Retire the previous -Wno-vla-parameter workaround. Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
172d5f47d5 |
crun: adjust image-spec repository from master to main
We need to change our branch to avoid parse errors. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
baa8c9cd62 |
lxc: update to 4.0.9
Bumping lxc to a newer 4.0 -stable release. We drop two patches that have been integrated to the upstream repo, but otherwise, things are the same. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
803e7080ce |
skopeo: update to 1.31 release tag/branch
Switching to the release 1.31 branch, and picking up two minor version bump commits. This isn't much different than our previous build from master/main, but it is worth following the release branch for now. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
ae44f7f504 |
skopeo: switch to 'main' branch
Skopeo has migrated from master to main, so we adjust our branch accordingly. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
9eff8e847b |
k3s: bump to 1.21.2
Bumping k3s to version v1.21.2+k3s1-6-g0c2d8376d0, which comprises the following commits:
0c2d8376d0 Changes local storage pods to have 700 permissions (#3537) (#3548)
65e521140a [Backport 1.21] Move cloud-controller-manager into an embedded executor (#3530)
3224f6b56d fix possible race where bootstrap data might not save
5a67e8dc47 Update to v1.21.2 (#3479)
c35761d169 Renamed client-cloud-controller crt and key (#3472)
8651d6af5f Send systemd notifications for both server and agent (#3430) (#3460)
32b02d1baf Send systemd notifications for both server and agent (#3430)
c012e6ec6f Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3454)
eac48f69bc Add kubernetes.default.svc to serving certs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
33fab067b9 |
k8s: update to 1.22-beta
Updating to 1.22-beta. We drop our bindata patch, since the generated
bindata is no longer used.
The following commits are part of this update:
9e87082b85f [Pod Security] Baseline + restricted policy checks for seccomp (#103341)
a7469cf6804 sort and filter exposed Pod IPs
cf6ba6096f9 Move pod-security-admission to an external Attributes interface
6bfaeaf9165 Deprecate azure and gcp in-tree auth plugins
55847256058 Explicitly set LimitedSwap case with fallthrough
0ecc7ba311a Update the logic to pick the best queue in P&F
4c9c761bbb2 instantiates scheduler ComponentConfig after parsing feature gates
74f5ed6b172 This introduces an Impersonate-Uid header to server side code.
2220fc61496 PodSecurity: clean up unnecessary passing fixtures
ea54b1b152c PodSecurity: Make check-specific passing fixtures optional
9a5237ca63a Custom plugin config should take precedence over default plugin config
823a0f101ac Don't return in api validation
4b9230ed27f Promote LogarithmicScaleDown to beta
24e19229101 apf: add additional latency into width
20e1c4d7548 exec credential provider: update tests+metadata for v1
04d59ff2df3 test/e2e/network: add Service internalTrafficPolicy test for pod (w/ host network) -> pod (w/ host network)
9977ea371b1 test/e2e/network: add Service internalTrafficPolicy test for pod -> pod (w/ host network)
025c95a778b test/e2e/network: add Service internalTrafficPolicy test pod (w/ host network) -> pod
f6bc5d01402 test/e2e/network: add Service internalTrafficPolicy test pod to pod
28f3f365057 Promote the ServiceInternalTrafficPolicy field to Beta and on by default (#103462)
d0c422fd9c8 Hide long and multiline strings when printing
edbaf9d5d36 test/integration/quota: poll for ResourceQuota used status in TestQuotaLimitService
caf42fde430 test/integration/quota: refactor Service forbidden check into helper function
54bc1babe16 test/integration/quota: update TestQuotaLimitService to explicitly check for Forbidden status when quota limit is exceeded
87cef2ca736 test/integration/quota: deflake TestQuotaLimitService by collapsing test cases and adding a short delay for resource quota to propagate
a85f3e4cce6 Fix(test/integration/util): fix typo on logging message
a2c1b284da2 update url
1002b0d163d apiserver: add callback to get notified of object count
b6b1674f560 Switch to the version instead of the `latest`
194ed1408dd update translations
66dbfbce105 update-translations.sh: add fix translations option (-k)
079d8aeb1e4 fix update-translations.sh
06124c1d1c6 Add backwards compatibility for kubectl debug
f01d251e38c kubeadm: statically default ImagePullPolicy in v1beta3
bb6d5b1f95a memory manager: provide unittests for init containers re-use
960da7895cc memory manager: remove init containers once app container started
b965502c495 memory manager: re-use the memory allocated for init containers
94414bea475 kubeadm: fix godoc formatting for v1beta3
61d88af9e40 Revert "Update runc to 1.0.0"
5ea9460234a Readable error message on the plugin configs of the removed plugins
2069ff9efcd fix compatibiltiy_test failures
1f24a198e76 reduce cpu usage of kube-proxy with iptables mode
29814890f6a fix compatibiltiy test
f1f0183d2bb refactored extenders from scheduler/core to scheduler
570365178a8 merge packages of scheduler/core and scheduler
26f223fa6ed Bump `distroless/base` image to latest version
772344aef22 kubeadm: fix nil pointer in Cfg() feature gate checking
c2a8cd359f1 re-order the imports in kubeadm
c50b3074fe8 Moved VOLUME_MOUNT_GROUP capability check from NodeStageVolume to MountDevice; added log message in SetupAt to indicate FSGroup is delegated to driver
794a925a85f Pass FsGroup to NodeStageVolume
0e315355dfc Pass FsGroup to MountDevice
ae5668edefd Pass FsGroup to NodePublishVolume
65db13a3a5f Combine capability check implementations
99700f7faff feature gate
c24dfe528a0 cluster,hack: Use community infra GCS bucket for retrieving CI builds
1ae9b8f04dc Update kernel components to run as non-root in kubeadm.
83ee392ed42 implement EnqueueExtensions interface in volumebinding
c96c809539f Add integration test for LB node port control
c8bc4202454 Fix the beta release version.
79b6df96fc6 Add tests for LB type service
24592ca9890 Update the related tests
05c6eaf0d16 promote ServiceLBNodePortControl to beta
8972efc65fe change tracing service from kube-apiserver to apiserver
58b91ffca9e adds HasBeenReady signal that fires when the readyz endpoint succeeds
ca108d109d5 readyz signals when the handler succeeds for the first time.
968185e1f7c Warn user for runtime support of debug targeting
6d6d200c3a7 dry-run can work when using an external ca
6c88a62cb4c remove logging from the Signal method
dae08bc3a73 rename terminationSignals to lifecycleSignals
c91496dda04 cluster: enable debug handlers on GCE master nodes
2b84b49ea98 Service REST test: Remove pointless cleanup
ca708fa9ac3 Service REST test: Fix some names
54b6a416fba Service REST test: better IP and port alloc checks
8d49502fcd4 csr: update e2e conformance test with expirationSeconds usage
29b3fa78263 Generated
cd91e59f7c3 csr: add expirationSeconds field to control cert lifetime
0a38b2804d9 add deprecated message for igonre-errors flag, and fix unsafety http link
43b13840db5 Service REST test: remove obscure const
44eb475b101 Service REST test: remove unused return value
d6208606f33 Service REST test: remove pointless scaffolding
48e591eba23 Service REST test: remove obsolete setup param
a3b05033f66 Move endpoints test-helper funcs to a package
012bfaf98d3 Service REST test: remove last use of "inner"
22ed090e734 Service REST test: mostly remove tests of "inner"
7e8882d189f Service REST test: Remove pointless scaffolding
175f4f33873 Move service test-helper funcs to a package
b1fcbab8014 Service REST test: helper funcs for ports, too
5f65ba7d766 Service REST test: Use helper funcs to streamline
d64bb1b29ed Service REST test: always check errors
d3a0332b6cd Service REST test: remove unused fields
292b1444ebf Remove bad test for AllocateLoadBalancerNodePorts
0bb280044ec Fix typo in IP allocator error
5970c4671cc Add an IPFamily() method to ipallocator
89b633d3532 Fix doc comment
13a1804a5f5 podsecurity: add restricted volume type check
622f69bf8d4 kubeadm: update v1beta3's godoc changelog
11d444b00e0 kubeadm: remove versioned copies of the bootstrap token API and utils
14fa296bb38 kubeadm: use the bootstraptoken/v1 API across the code base
5b7bda90c03 kubeadm: introduce apis/bootstraptoken/v1
1cfbb0aa25b remove webhook.go to revert changes to conformance test
ac4bb885be8 hostProcess test fixture data
49d31c45b12 PodSecurity: baseline hostProcess check
80494481135 [PodSecurity] baseline - apparmor Implement the "AppArmor" check from https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
b0ffaa93f5c move tracing instantiation further up, and check for nil
f0ffba75ad5 Add baseline check for procMount type
210c610d662 make sure to split NPD hashes by architecture when upgrading to 0.8.9
db3534dd648 master too main cleanup
e2e1c94f063 use native error instead of github.com/pkg/errors
2cab85a4034 Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl
ba6b4c5a18c PodSecurity: test GA-only cases and alpha/beta fields separately
e87016cf941 PodSecurity: add ability to skip failure cases if relevant features are disabled
b522e95aaeb Prioritizing nodes based on volume capacity: API changes
03b7a699c24 Kubeproxy uses V1 EndpointSlice
ab5b77944ec kubelet/cm: don't set Devices
4e7cf5413d5 vendor: bump runc to 1.0.0 pre
67bc23411b6 [storage] [test] Ensure proper resource creation
5bd3334ad69 [PodSecurity] Add privileged containers baseline check
b790cf388ce Bump SMD to v4.1.2 to pick up #102749 fix
1c39cf23652 Fix incorrect user and group for kube-scheduler when it is running as non-root.
7ad44d04fce Enforce ReadWriteOncePod access mode during scheduling
d57e143277e [PodSecurity] Implement host ports check
9c150b0f22f Error string should not be capitalized or end with punctuation.
584eb5e947f Update local-cluster-up.sh to auto-detect darwin and skip kubelet and kube-proxy
1ac0e018d5b [PodSecurity] Implement sysctls check
4a2aef00d6d adds metrics for authorization webhook
6c86c34457e kube-scheduler: ensure the default config output of --write-to-config is usable
1441a330300 hostPath baseline check for Pod Security Standards
1fa673c15c9 Extent the `NodeResourcesBalancedAllocation` plugin to cover more resources
71cb2d71a87 podsecurity: add baseline hostNamespace check
da4aaf81cdd Error should be checked first, then go to other steps.
c1d5a3a99e1 Update golang.org/x/net to v0.0.0-20210520170846-37e1c6afe023
03f85e9ade8 Update NPD release version and include windows defender config
5c00024c70b kubeadm: fix wrong check for keys/certs during "download-certs"
f0d917a3caa add fuzzer patch to fix tests
39f32d7286a Ensure MemorySwapConfig can't be set without feature flag
d4041cb80f9 Add generated files for swap API changes
d3fd1362ca1 Rename NoSwap to LimitedSwap as workloads may still swap
0deef4610e8 Set MemorySwapLimitInBytes for CRI when NodeSwapEnabled
7342acb0b83 Add validation for KubeletConfig MemorySwap
7d50271d217 Update CRI with memory_swap_limit_in_bytes
bda03b4818d API change: add MemorySwap to KubeletConfiguration
9eeec68d67e Update local-up-cluster.sh swap warning
0dd4ce40adc Add NodeSwapEnabled feature flag
ac41e565822 docs: add documentation on adding files to the embedded data
deb14b995ac Add score plugin for NodeResourcesFit
ebc3fdb2936 Store PVC reference counts in NodeInfo cache
c65b80a6378 [storage] [test] Remove extra zone test
0ab03d3d5bb dependencies: remove go-bindata
bbccf2ecb43 e2e-node: move to embedded test manifests
d98b2dd2d62 generated: remove usage of go-bindata
68b334d02bf test: setup embedded file sources for manifests
ceb42d09389 Update github.com/pkg/errors with go native errors pkg
8e4212c01a7 test/integration: rename package and files name from master to controlplane in test/integration
903d76f558e apiextension: fix typo and test case in conversion integration test
3af6329caf2 e2e-framework: add an EmbeddedFileSource to sources
7546e5d6dc9 vendor: update manifest
43c2e454a05 hack: remove bindata generation logic for translations
eb75b343949 kubectl: use embedded translations instead of generated bindata
5ece28b77a2 kubectl: move translations to i18n package to kubectl staging directory
322c18c147d adds metrics for authentication webhook
b7d732d3d6f Map PV access modes to CSI access modes
8db83c89aab CSI client helpers for NodeGetCapabilities
5f98f6cfa47 Update helper methods to print and parse ReadWriteOncePod access mode
2b98f8edc77 Enforce ReadWriteOncePod access mode during mount
7491d016519 Validate use of the ReadWriteOncePod access mode
48ba5020a28 ReadWriteOncePod PV access mode and feature gate
358d2e0bd1f Export contains access mode helper method
83e3ee780ad Rename access mode contains helper method
dba8ee229ea Add validation options for PersistentVolumeClaims
9ba0eed7c50 Add validation options for PersistentVolumes
477aef192f5 fix loadbalancerclass integration test funcation name
ffdf3f50073 update node-problem-detector npd to v0.8.8
f80f9eeb6d0 Destroy the created runtimeclass resources at the end of the test case.
ab4918b6bc0 remove redundant clause in string_slice_flag
f59523ab4c8 Update dns-horizontal-autoscaler to use the wqmulti-arch image
c21f9cb59d2 Fix grammar
6f9011a4ae4 PodSecurity: vendor: generated files
b8bdcf64419 PodSecurity: update dependencies
724fbfbb69b PodSecurity: test: generate fixture data
93c6f8969a8 PodSecurity: check: addCapabilities
3733e209c91 PodSecurity: check: allowPrivilegeEscalation
a8206ef58be PodSecurity: check: runAsNonRoot
12ea930aae3 PodSecurity: check: selinux
42dc070b476 PodSecurity: kube-apiserver integration test
f39bddd7677 PodSecurity: kube-apiserver: admission wiring
65a42a483cd PodSecurity: pkg/features: feature gate
02a61877576 PodSecurity: admission: admission library
29f5ebf1fe8 PodSecurity: test: framework
1436d35779f PodSecurity: policy: registry
5183ea0bf03 PodSecurity: metrics: stub interface
a3ba921b168 PodSecurity: admission/api: configuration API
9ce17c87738 PodSecurity: api: runtime API
79d400c4416 add tracing to the apiserver's client-go requests
48dfa2a5542 generate scheduler merge patches on the pod status instead of the full pod
def93317b48 Kubelet Credential Provider
30a6812aa13 promote client.authentication.k8s.io to v1
889dcb5b54d e2e: node: fix npd test failures bumping image
669fb501368 upgrade staticcheck to v0.2.0 and update the static failure packages
39a373b162f correct example command of kubeadm help
a8d4cfac933 Allow delete with grace period 1s even if metadata period is negative
45ce2dfacc8 Treat negative as 1s in delete path
40593fa4d36 spec.terminationGracePeriodSeconds allow it to be set to 1s if it was previously negative
1b73a0040a4 Promote Stateful Status e2e test to Conformance
405e9a5172a Promote Deployment Status e2e test to Conformance
d3ad1d77f36 Promote Statefulset list and deleteCollection e2e test to Conformance
266ffa85266 bug fix in sctp test
4add8ed9106 kubectl command headers as default in beta
aeccadda4ff Update setcap image to buster-v2.0.3
1721be087d0 nodeport tests: node addresses must match the service IP family
0a8a9188c98 Update debian-iptables image to buster-v1.6.5
42f9333e7fa Update debian-base image to buster-v1.8.0
70124846fa4 control plane typo in node role path
21fd224ebdb Updated to use konnectivity client v0.0.21, and implemented placeholder context
2eb50ee2fd5 fix comment on dual-stack integration test
80171465b35 Renamed variable containing master to control plane
fa7b5d86e63 remove duplicate validation on services
20f84b12a16 Optimize scheduler res scorer on non-requested extended res
0cdd8c1c109 Removing ServiceAppProtocol feature gate
913c449a42f add unit test to verify graceful termination behavior
a84c1b71005 apiserver: NonBlockingRun should return a listener stopped channel
d85619030e3 apiserver: refactor graceful termination logic
79550ed40c6 Add distributed tracing to the apiserver using OpenTelemetry
916dbc335c9 nodeport tests: node addresses must match the service IP family
02a3caba9c4 refactor default IP family cluster detection
9accb994dff tests: Wait for the network connectivity first
16b7d473f23 Narrow the scope of the json/register test case usage checking
179e48c4bec Add missing comments in APF API types
fe161579e20 Add integration test to promote serviceloadbalancerclass feature to beta.
ecc53182475 Remove MPL-licensed dep from lruexpirecache
1e250610b20 Fix panic in pkg/volume/csi tests
7f893f6bd62 Split documentation according to both mechanisms available for migration
b6a317aeafc add a function that returns default scheduler configuration
5feff280e1a remove fakefs to drop spf13/afero dependency
af825b43577 Remove default JSON logging format registration from component-base/logs package
d3dfe124dac Update mounter interface in volume manager
4233056f804 Move HPA v2beta2 deprecation to 1.23.
538e7777c39 kubeadm:remove deprecated flags CSROnly and CSRDir
8f08db9164b Change log level to Debug
7cf30d56906 fix/remove-errors-pkg
89a4d4b0717 kubelet: modify the function of getCgroupSubsystemsV2 to use libcontainer API
23ce7977b75 Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default
cf07d42337b removes unused libraries
7e891e5d6cf csr: correctly handle backdating of short lived certs
70a524659aa kubeadm: add {Init|Join}Configuration.Patches.Directory to v1beta3
a4402122b4f kubeadm: add the --patches flag and deprecate --experimental-patches
70c0fdda0c6 Add lilic as Instrumentation reviewer
b259686b367 tests for statefulset PersistentVolumeClaimDeletePolicy api change
43f8f58895d add containers starttime metrics for metrics/resource endpoint
0762f492c5b Add config checking for inflight limits
e4e735cd1cf statefulset PersistentVolumeClaimDeletePolicy api change
0feba0c4eec Add StatefulSetAutoDeletePVC feature gate
5d461adb3b8 Apply suggestions from code review
93365919b50 Fix staticcheck failures
674802147c8 update to remove github.com/pkg/errors
730c21d386a Drop etcd tests dependency
01760927b82 Simplify running embedded etcd server in tests
cf9510751d5 StatefulSet minReadySeconds e2e
47615c20207 e2e: node: remove obsolete AlphaFeature tag
e7a240395e9 uses native errors instead of github.com/pkg/errors
12dcd2f84d4 Remove usage of github.com/pkg/errors
8b7003aff4c Add SeccompDefault feature
4b140218747 update github.com/pkg/errors to go native errors pkg in staging
3b36e6bcea4 kubeadm: fix image pull policy integration
b4dddbafa2f CHANGELOG: Update directory for v1.22.0-beta.0 release
c5498744c9e Making a run test.
cd318aec0ba Disable deprecated volume limits test when migration enabled and replace with CSI-specific test
6583b05f07b replace more powershell commands with /bin/sh in volume/fixtures.go
7aa8a497df0 replaced usage of powershell commands with linux commands
f0d7e9c9d1d undo windows compatibility changes because the linux commands work
9a146bc3e99 Remove [LinuxOnly] string from ginkgo tests
54070a66284 Enable another test in windows, use a /bin/sh command instead of a PS one
ee34cd640ac enable gcpdcsi multivolume tests with windows nodes
58a83ecbdb3 integeration tests
2c6bba29360 fix auto upgraded preferDualStack services (in cluster upgrade)
d4767ed5ebe memory manager: move to beta
b6c75bee15e Remove balanced attached node volumes
63a23f1ed7a Transitive dependency: high CVE fix
681905706d4 e2e node: provide tests for memory manager pod resources metrics
03830db82de Implement all necessary methods to provide memory manager data under pod resources metrics
24023f9fcc7 Extend pod resource API response to return the memory manager information
0f922b200f3 Simplify the formula used in the RequestedToCapacityRatio plugin
3daef0a5343 Allows manual restart of dbus to work in Ubuntu.
ec93b3b0be4 Stop using github.com/pkg/errors
0dd1624ec8e update cri-api v1
25f479c2ac7 fix'--log-file only works if --logtostderr=false'
d95f677dd86 Fix OWNERS
249db7ceb39 wait for endpoints to be available
44360b315ca GCE Windows: Upgrade to flb-exporter v0.17.0 which reduces log spam.
459fe7d08ad add support of imagePullPolicy to kubeadm
8231a3e9210 CSIServiceAccountToken ga
e2061cfcd81 Expose envvar CSI_PROXY_VERSION
518844fd25f use GA topology labels for vsphere
1e949fa9280 updating github.com/pkg/errors with native errors pkg
4d11c3cd8cb deflake TestClientReceivedGOAWAY test
6cb448c10e2 Specify etcdctl version for livenessProbe
676958c2bd0 Fix NodeAuthenticator tests in dual stack
b22d0b13cc4 Fix verify staticcheck flake in cluster/images/etcd
ea419eaf339 Add shu-mutou to dashboard approvers
6203d4fc6af apf: calculation of dR/dt should use seats in use
6d3fd8353c3 don't panic if nodeIPs are not found
1f9d448283a Use errors.Errorf instead of errors.Wrapf when the err is nil
afea48d23f0 test/e2e/network: remove dependency to google.com for in-cluster networking tests
292f2a67bd6 Update logging example with caller
e37d6d6c6dc Simplify zap logger initialization
a2a8080169a Fix: typo with hack/update-codegen.sh
fc38aeed6f8 Fix: typo on ExtractHoge
b9d5d5536ed Add log sanitization klog integration tests
cff40a7bcc1 Add info about source code location in JSON logging
e371b27e6cb Fix frameworkImpl.extenders being not set
875f1ffe2bc chore: clean up the tests that have external dependencies
72a53288a5b Remove gcepd unmanaged zone test.
35e9d97f3e0 update Azure/go-ansiterm to v0.0.0-20210617225240-d185dfc1b5a1
8942cba24d4 log if we're running with -race
68d8bcb64fb remove redundant bits from test-dockerized.sh
4ee729ce5f2 disable race detector in test-cmd.sh
55d2868e9d8 don't redundantly set KUBE_RACE in test-integration.sh
3c44b86ad65 enable race detector by default in make test
6c0463bd2b6 fix: properly wrap errors when reading response body in the client
3930629e130 Track generalization for width
676f0450ed3 Add APF metrics about R(t)
e72effbf12e Remove omitempty from PathType
774d228637d remove the path if it exists before writing pki data.
5d15ed02b56 Extract columnPrinter interface for printing the values behind additional columns
1c2ba3162db update internal modules
e977740ae63 Rename master to apiserver in test/integration
9571b1f8844 update vendor
4eab19ae7d9 Clean up the master term in test/integration comments
54fde5d119f Make logged verbs match metric-reported verbs
762eeb0988c Use the hostprocess feature flag and assign a user
ff716cef508 apf: take seats into account when dispatching request
47171077bf3 CHANGELOG: Update directory for v1.21.2 release
0ccf53dd200 CHANGELOG: Update directory for v1.20.8 release
780872223f2 CHANGELOG: Update directory for v1.19.12 release
6ae7b551143 update internal modules
97031da5e29 Correct comment block from openapi_v2.NewDocument to openapi_v2.ParseDocument
c691386fef7 Update github.com/googleapis/gnostic to v0.5.5 and updating transitive dependencies go-cmp, protobuf,, to adapt the latest gnostic release which cosists of [Update protos for Go protoc plugin compatibility]
edd0cd79eb0 Updating non-vendor specific code to support/use AWS-SDK-GO v1.38.49
1b27430b506 Updating AWS-SDK-Go to version 1.38.49
c673e166383 Fix ServerGroupsAndResources docs typo
1a4b0ee09bb remove excess error handling
45d18acbcc1 add info for possible failed listAndWatch grpc call
c789898f793 when new manager failed should return err
da35add03f7 Rename master to apiserver in test/integration
eed37fa47d3 fix: cleanup outdated routes
5a0756c5f4f Update etcd in kubeadm to run as non-root.
9e694a45f94 test/e2e/network: mark tests in test/e2e/network/netpol/network_legacy.go with NetworkPolicyLegacy
3c59e742f3b Create List, Patch & DeleteCollection StatefulSet Test
63d12371021 Fix Node Resources plugins score when there are pods with no requests
584503d2ed3 Speed up unit tests in -race detection mode
d41249f7803 CHANGELOG: Update directory for v1.18.20 release
d5da73032f7 Add unit test for DSWP with uncertain volume
f795b02f4f8 Refactor dswp unit tests
2fcb5e9cf79 Add PodRemovedFromVolume
ca934b8f5cb Add GetPossiblyMountedVolumesForPod to let kubelet know all volumes were unmounted
f4b41c0a171 Fix UnmountDevice error cases
54ad7e40f1a Add e2e test for NodeUnstage error cases
a47afdded0e cmd/kubelet: replace KEP link with the documentation one as it is available now
0bfd1cb7c71 Update gomock to 1.4.4, removing a few extra dependencies.
7fcdbbef06d Switch to github.com/coreos/go-systemd/v22 and drop older package
265ef1741f9 Move scheduler plugin set and configuration defaulting to component config
057422504ab Run volume cloning tests in the same topology segment
abf65843227 update string_slice_flag add nil judgment
cf2a3c32309 Kube proxy for windows userspace, remove dns Mangling, vendor updates
b98824c55d9 Update Azure Go SDK to v55.0.0
480093bd1f4 test/e2e/network: mark network_tiers.go tests with GCE tag
f298a658aed e2e metrics: remove redundant checks around metrics tests
a4c7e91b591 e2e metrics: skip tests when metrics grabbing is disabled
1d3420ca72f e2e metrics: check whether debug handlers are available
5e9076da93c e2e: grab controller and scheduler metrics via port forwarding
3e0269ce6e1 Move common code to ensureTopologyRequirements
4ee38f33d21 update etcd makefile to build v3.5.0 image
6448181d95c Update to etcd v3.5.0 client
207f9e8b714 switch go-flow-levee to tagged version
84112d36900 refactor cmd/kubeadm/app/preflight/checks_test.go()
5ca47deb0aa Promote DaemonSet Status e2e test to Conformance
f7d02f4d25a Promote ReplicaSet Status e2e test to Conformance
503f5e1b528 Quiet grpc info logs in apiserver
dd5f67d23c0 Kube proxy for windows userspace, remove dns Mangling
8fb909291fb Skip migrated metrics for Windows CSI tests
f02948e7766 Use container-storage-interface spec v1.5.0
6ba7b3d26b3 allow enabling Leader Migration without config flag.
bade96ed78f implement wildcard component.
eadfe46e036 Do not throw error when we can't get canonical path
14085c50d3c bump KUBE_TIMEOUT to 180s
2f7456076e0 apf: always include seats in virtual time
9469756b6cb Ensure kubelet statuses can handle loss of container runtime state
211485c23d3 last-applied-config annotation no longer mirrored to endpoint slices
ceb1dbd2f1f statefulsets: MinReadySeconds implementation
01bb0f86b02 update comments and owners file for pkg/util/removeall
f1de598233e Improve terminated pod message when node is shutting down
f9343f837dc Use LoggingConfig within LogOptions
5cfc39ef5e9 Update protobuf,grpc,etcd dependencies
bc86d12dd9c Update generated files for endPort promotion to Beta
a26c392de17 Fix etcd egress dialer addr parsing
19db126d76e Exercise egress configuration in local-up-cluster
f283deee6b6 Quiet embedded etcd logs
068e4c55a8a Eliminate parallel and unnecessary embedded etcd instances
52b629efbc8 Drop use of deprecated clientv3.SetLogger
2979c3325e3 Switch to go.etcd.io/etcd/client/v3
ff2c6142459 Switch to non-deprecated timestamppb.Now()
1134456c89c Fix CSI mock driver to get marshaleable grpc error
77ab4bdbbcc Drop etcd v2 support from test util
5f1983d8710 Drop etcd v2 support from etcd migration image
1e1a60e310d publishing: Use go1.15.13 for 1.20 and 1.19 release branches
9f18ddf03ce Promote endPort field in netpolicies to beta
e427d2f22a7 test/cmd: kubectl and exec plugins don't fight for stdin
60246f69cc0 kubectl: don't fight for stdin with exec plugins
cd83d89ac94 exec credential provider: InteractiveMode support
ca254e978b5 feature: add unified on cri to support cgroup v2
be48f1d272d Add test cases to the addAllocatableThresholds function in pkg/kubelet/eviction/helpers.go
8fe00a7e484 Start deprecation of --record flag
5ea3dd531c7 Update certs.go
83ee5da75e9 Fix:slow memory leak may be in kubelet podworkers.isWorking
74feb075948 kubeadm: CoreDNS permissions for endpointslices
188193e1c0b kubeadm: upgrade coredns 1.8.4 and corefile-migration to v1.0.12
a3e464490a5 Fix some typos and omissions in kubeadm APIs
ff0f83b4b2d skipping more tests in case when ExecProbeTimeout set to false
4b36a5cbe95 Switch to github.com/robfig/cron/v3
f042b4968d3 Fix broken KEP link for issue #101008
c329202ee8e update comments to reflect wildcard component.
44cb4a63f61 Allow write on events to edit role
7560f33e27d kube-scheduler: stop using insecure serving bits
59b4b124df0 Update kubeadm control-plane to run as non-root.
de2f9f17093 Remove error wrap from logs
2e06066bab8 Migrate kube-proxy to use v1 Event API
8748f3105bb Update corefile-migration to v1.0.12.
60ab908119f Fix - Winterm issue on Windows 8.1 in kubectl exec
9f7d61c520f Upgrade ANP components to v0.0.20.
106f416873c Upgraded konnectivity-client to v0.0.20
9109d928cd0 test(proxy::config): deflake TestInitialSync
44b396ae0e6 owners: update puerco/cpanato and clean up old members
c13c3ebc793 Remove deprecated scheduler CLI flags hard-pod-affinity-symmetric-weight and scheduler-name
c710f99ef73 apf: add a gauge for the number of seats currently in use
9d514b2de42 Konnectivity: tune flags for larger clusters (5k nodes).
36eaa11d50b cleanup usage of NewPodNominator
fd972934e49 client-go: reduce log level of reflector again
369416b7636 cm: handle nil cpumanager avoiding segfault
29aa4c0ee81 Check content of volumes in snapshot/clone multivolume tests
89284a1ba7f run_remote: improve error reporting
654ec0866a9 kubeadm: use a suggested example in v1beta2/3 docs
9255f2ccf38 Fix kubelet cpuset typo
68f139548b3 Remove unused parameters from TestConcurrentAccessToRelatedVolumes
77c04d22844 Increase KUBE_TIMEOUT default to a passing default
110c39ef60c unroll extenders
dae335c1150 Fix test failure in some envs.
90df026709d JSON log format registration for kube-controller-manager
170c93bf05e JSON log format registration for kube-apiserver
52f5ba3a58d Remove SchedulerAlgorithmSource from scheduler's internal CC API
a5825d68365 JSON log format registration for kube-scheduler
e6bf19bcf69 Update CreateInitStaticPodManifestFiles, CreateStaticPodFiles and CreateLocalEtcdStaticPodManifestFile to take into account if the command was run as dry-run.
183bc3cece7 Allow scheduler maintainers to approve changes in the internal apis pkg
46f3e4dfdd4 Define in-tree scheduler plugin names in separate pkg to break a cyclic depednecy when moving plugin defaulting to CC
a84b91f08c1 fix net-tiers e2e test
6d7c83f2cd1 the last upperbound of kms latency metric is too small
9b72eb1929a apf: add plumbing to estimate width" of a request
12447bc8038 Upgrade etcd server version to 3.5.0-rc.0
c98306a09e9 test: adjust summary test for cgroup v2
c0c9f1f318c Ignore first SIGINT in node-e2e tests
bd80603c9e5 JSON log format registration for kubelet
386036d23d0 Add k8s.io/component-base/logs/json/register to vendor
dc5626cc183 Upgrade debian-base to buster v1.7.1
897f8012fdd kubeadm:Run preflight checks for diff to check that the manifests already exist
484eb018222 kubelet: do not call RemoveAll on volumes directory for orphaned pods
528baa09f6d e2e storage: disable health-monitor controller in hostpath deployment
1932536ebe3 CHANGELOG: Update directory for v1.22.0-alpha.3 release
a94aa0ea9a3 Update version of go-flow-levee for verify-govet-levee check.
de7e56bf374 apiserver: close handler chain right after shutdown delay duration
652e056e61f Add dims as approver in build/ directory
3968ee532d9 CSI e2e: stop leaking pvs in CSI mock snapshot test
1524526991c [go1.16] Update to go1.16.5
1eb8060dd61 Add test for CSI mounter
0fcd3c951c5 test/integration: Rename master to controlplane or apiserver
257b494478a test/integration: Rename masterConfig to instanceConfig
ac5535c9491 test/integration: Rename MasterConfigOptions to ControlPlaneConfigOptions
3ac8d8c9cee endpointslicemirroring controller mirror address status
8d0936b7436 Check empty zone after the validation of providers
aea2e33175b gendocs: using bytes.NewReader(nil)/ioutil.Discard instead of os input/output to generate command
c065d7c7b3b Fix NPE for CSI mounter
f22b07d8b42 add e2e test for immutable label selector in netpol
ff164f90130 feat: remove ephemeral-storage etcd requirement
bb6151906f1 Add utils to set file/directory owners and permissions.
95c8b02096b Add explicit capability for online volume expansion
28511e82ad9 Add e2e test for a volume + its clone used on the same node
7a63dff88bb Update konnectivity default
3c8e56bef95 scheduler: graduate CC to v1beta2, deprecate plugins
2067b69b922 storage e2e: extend timeouts for subpath restart tests
3a830aacb0e Trivial: fixed typo in logs requrested --> requested
64946cd50d6 fix flake integration rotation via informer
7ced405de5a Create a new modele component-base/logs/json/register for optional json register
92b52a4fb56 populate last successful time to cronjob status
77bb053102c Use native zsh completion
7b0fbb72929 add audit log test cases for cross-group subresource
46aa6045e4c Add tests for completion utility functions
1babceac650 Revert "Add Go tests for custom completions"
9625872d1e4 Join common functions for completion
9d03185d3c1 Update staging/src/k8s.io/kubectl/pkg/cmd/config/config.go
c0b3a698fa1 Add Go tests for custom completions
879cdc5fa9e Move all completion bash code to Go code
663b13e8149 refactor: implement custom completions for some flags using Go
c5d70e9db1e Fix staticcheck in cluster & k8s.io/{apimachinery,apiserver}
aa9321f534b Add example showing impact on log output
8e85a2b0c23 sched: fix a bug that a preemptor pod exists as a phantom
c15fd76ee90 e2e storage: enable health-check controller in hostpath deployment
88174fc3f2c Add klog integration tests
c9414c2bbaf fix bug where string slice flag is not assigned
2e167a1399b Disable zap sampling and cleanup config
a9a2346e194 Cleanup json logging benchmarks
d8e91ab7275 Fix test order in /pkg/probe/http/http_test.go
1010e6a9d98 proxier/ipvs: fix test cases where ready endpoints were not used
cc2e9394be3 kubelet: Fix test order in verifyContainerStatuses
91e5d98b572 Fix audit unit test file location
4ebc0c94a4e Remove legacy metrics client from podautoscaler
3175dbd8554 Update owners for structured logging library
f5739a15d1b The test was not very useful and required elevated access
8eb7e81bc94 proxy/ipvs: add unit test Test_HealthCheckNodePortWhenTerminating for ensuring health check node port fails when all local endpoints are terminating
ed4fe073755 proxy/iptables: add unit test Test_HealthCheckNodePortWhenTerminating for ensuring health check node port fails when all local endpoints are terminating
14cc201b58b proxy: add test case in TestGetLocalEndpointIPs for when all endpoints are terminating
3e459997c83 proxy/ipvs: add a unit tests for when the ProxyTerminatingEndpoint feature gate is disabled
68ebd16a2ca proxier/iptables: refactor terminating endpoints unit tests with test table and test for feature gate
f92265f6543 proxier/ipvs: check feature gate ProxyTerminatingEndpoints
8c514cb2329 proxier/iptables: check feature gate ProxyTerminatingEndpoints
25e2c92733c add feature gate ProxyTerminatingEndpoints
cf9ccf5a8e2 proxier/ipvs: unit tests should specify Service ports
d82d851d89a proxier/iptables: include Service port in unit tests
4c8b190372a proxier/iptables: reuse the same variable for endpointchains for better memory consumption
55881093d8a proxier/ipvs: add ipvs unit tests for falling back to terminating endpoints
9d4e24aa32d proxier/ipvs: fall back to ready terminating if no ready endpoint exists
b54c0568d8c proxier/iptables: add unit tests for falling back to terminating endpoints
732635fd4b2 proxier/iptables: fallback to terminating endpoints if there are no ready endpoints
be92fc83e2e proxier: simplify toplogy FilterLocalEndpoint function
e797a5a1989 client-go: fix flake in test TestRequestWatchWithRetry
892d4fabb84 Revert "Merge pull request #102581 from liggitt/revert-watch-retry"
fbf2d2df268 only delete forwardingrule and address when net tier annotation is specified
d9f82f7eba4 Drop viper stuff in test/
558bdd18aa2 Update cronjob integration test to batch/v1
6871b2b3c73 Rename masterConfig to controlPlaneConfig
812a04539cc remove redundant code
45179bb989a update debian-iptables to v1.6.2
c26c423b1ca storage e2e: disable health check containers
82be7aad262 Update etcd makefile to build v3.5.0-rc.0 image
ceaf9b9d16a add ut for preventing dropping null from arrays
ca279bbcc18 Fix race in attachdetach tests
6e0650e3e13 upgrade gopkg.in/evanphx/json-patch to v4.11.0
e35af41a123 Revert "client-go: add retry logic for Watch and Stream"
58833d652d5 Support subresource match
38d3ae1a060 api: update API compatibility tests to remove topologyKeys from Service
e9c7fa49d95 core/v1: add unit tests to ensure deprecated protobuf field numbers are not re-used
d96af5f2761 kube-proxy: remove ServiceTopology implementation
f119b8df5f2 apis: update generated code after removing Service topologyKeys
4d38d21880a apis: remove Service topologyKeys
8c376426f3e features: remove alpha ServiceTopology feature gate
0b8dc56408f fix volume failing test
a2a4b50bc15 fixed deadlock
ae603a38bc2 remove -ssh-user from cluster scripts for GCE
f94391789f1 Add doc.go for client-go apply support
5bf7bb52fe4 Remove -k from toCurl output
ba708e5fc9e graduate SuspendJob to beta
8aba8e2a2cd remove the ssh tunneler implementation from kube-apiserver
6449416a3d7 Add scalability label to kubemark OWNERS
84590fe27cd remove --ssh- options, deprecated 13 releases, that only work on GCE
ab45d5e4963 part of master to controlplane in test/integration SetMaster -> SetAPIServer
51717256f97 fix(timezone): the timezone is standardized to UTC
1331c76aa3d Added field-selector option for kubectl top pod
08ad7114d3f make lint-dependencies happy!
29def9ff6ab Updating to prometheus/common v0.26.0
77b5ad2fb02 Part of master to controlplane in test/integration(1.22)
2c9f02c3290 Add test
506fabc9ab9 Close the used modules file
b87ad95fec3 Close the used file
918246d7a16 update error info with the new limit in #98753
387154f1a9a Part3: master to controlplane in test/integration Rename RunAMaster to RunAControlPlane
f6d015be7a0 kubeadm: add utilities to manage users and groups
dfd67c7d79e Add unit test coverage for init container phases
47a7fcb17b4 GCE Windows: Only create NPD kubeconfig when the file path is defined.
b8edcd3bb33 add loadbalancer name to ESIPP tests so regex pick them
8e2eeffa792 PokeHTTP default timeout to avoid hanging connections
21073e3b347 loadbalancer outer poll loops should have a longer timeout that inner loop
27e20e226eb e2e lb use same variable for endpoint path
bd2d63dd57e Fix closing of decorated watcher channel on timeout
8847a250267 apf: fix flake in test
5d4c1162b94 hotfix(staging_apiserver_pkg_httplog): restore depth to log calls
53af0027420 storage e2e: capture driver pod changes, including all events
9eea445bcce Update test cases for 'RESTARTS' column in 'kubectl get pods'
ec4182d0032 Add last restart time to 'RESTARTS' column to 'kubectl get pods' output
ce08fd59767 Add test cases to the LoadClientConfig function
211e9747224 Clarify and split up the "not actually SCTP" SCTP NetworkPolicy test
4b0d0d6fc7d Fix spurious Feature tags on some NetworkPolicy tests
c3a9c7da160 Promote CronJobControllerV2 flag to GA
1619e8eb953 Clean apply's prune and kube addons with batch/v1 CronJob
1bf8edfdd44 remove GAed feature gates group: LegacyNodeRoleBehavior/ServiceNodeExclusion/NodeDisruptionExclusion
8054b0f808d Fix watch rejections in P&F filter
15c4d579f08 Use objGV instead of gvk.GroupVersion
eac1d23825b nit: Update comment to match headers change.
b049e1b9ab4 Cleanup redundant failure reason in InterPodAffinity plugin
95ac461a290 serviceOwnsFrontendIP shouldn't report error when the public IP doesn't match
58d7bf67d46 Simplify objGV construction
b9b01a0f901 Simplify objGV construction
19c72a6cd05 Simplify objGV construction
0ae6a7bac6b Simplify objGV construction
86d68effc21 clean code
355be993906 Default GCE testing to using konnectivity
673352dbd25 Cleanup Framework interface
97ba90cbfb4 use subpath for coredns only for default repository
9880ceceb94 Add KEP links to sig-net feature gates
9d2135f703f reuse fake topology manager
8b3162d67b2 clean code
f3f59d420a6 remove LinuxOnly tags for subset of dual-stack tests
39d45fcceff Add user and group name constants for kubeadm rootless control-plane.
3cb4f3e1bf0 GCE Windows: Upgrade to fluent-bit 1.7.7, 1.7.6 had a major regression.
8d9dd7b6eae Avoid warning on seccomp field usage
f2ca9c17946 Fix regression for timed-out stream cleanups
452e2eaf1ba Fix RollingUpdateDaemonSet godoc regarding rounding
e3841e91c81 fix watch_cache_capacity metrics
5b0bafabf6b vendor: upgrade cadvisor to 0.39.2
4567a431010 Return UnschedulableAndUnresolvable when looking up volume-related resources returns NotFound error
e105611d3a7 Azure auth forwarding adal refresh error to tokenSource, fixes error when token refresh fails.
d9d51541a87 Address watch panics in P&F handler and extend testing.
582b492cc09 Pre-allocated memory
341f6e42673 Refactor logs options
607d3819498 client-go: add retry logic for Watch and Stream
f9249061737 Bump golang.org/x/text to v0.3.6
6a374b50f92 Add tests to logs
eb114115fdb Improve func ToSelectableFields performance for event
1431eab36d3 Remove Godeps
329f7d55d13 Fix auditing failed of request: encoding failed
ade167e53af Delete AvailableResources judgment for GA features
c7111515c5b Enable protocol-buffers by default
3c899f9b54d sched: fix Dump's doc comment
24a1f9d817c kubeadm: use "SkipPhases" from configuration for "init" and "join"
ac161866aa7 kubeadm: add SkipPhases in {Init|Join}Configuration for v1beta3
39d74049615 Uniform output string.
47c8c48e2cf Remove Redundant alias
2787e8c18ce Kill container runtime with SIGKILL
1b6cf83cf40 Error message should not be capitalized.
d3f92af74f1 Part of master to controlplane in test/integration NewMasterConfig -> NewControlPlaneConfig
cd3709232f8 Fix VolumeAttachment garbage collection for migrated PVs
02bade46443 Fix a grammar error in doc
c9fe8ddf68d bump calico to v3.19.1
816a069d543 Add a test for verifying compute basepath.
36cdb72eb6f (scheduler e2e) Create balanced pods in parallel
3813ed1ef71 fix prometheus-to-sd image for fluentbit
12fe4dee2b0 Update setcap to buster-v2.0.1 and add setcap to dependencies.yaml
f9a04f3bc4a Move error reporting to volume plugins
0ed0714f8c0 Simplify kube-cross dependency handling
39d9e98a6f9 Build non-static binaries with PIE buildmode
ac17d03e76c Remove set errexit from etcd manifest
ae4db677f41 Update kube-cross to v1.16.4-2
c694b9f7619 CronJob: switch storage version to batch/v1 in 1.22
781c65a40c2 fix: skip pods with empty ip
580b557592c Log spelling formatting and a redundant conversion
5c2841c8cd4 Forbid the use of --config and --cri-socket at the same time
6738380a80c cleanup tempDir after fsstore_test.go
d9681d72669 AllowExpandedDNSConfig if haveSameExpandedDNSConfig(newPod, oldPod)
6317ce63c6a Add feature gate ExpandedDNSConfig
819059f641d kubelet: Validate the length of the DNS search path
a95842095ec Retry reading /proc/mounts indifinetly in FC and iSCSI volume reconstruction
82cfe9f14f8 ConsistentRead tries 10 times
1d16f934b94 Bump k8s.io/utils
64e8396e300 Retry detaching FibreChannel volume few times
faae926d15d Changes headers to IETF standard
d7a67a3b8e5 change log line to print actual pod uid instead of address of the pod uid
876174125bc upgrade klog to v2.9.0
27044f48552 depracate ValidateProxyRedirects as it is with StreamingProxyRedirects
363b78fe883 Promote cronjob to batch/v1: kubectl sparse_test prune
90e215dfd29 add api e2e test for port ranges of netpolices
9cfbf062256 cleanup PodPreset testdata
0cc217647ca Implement support for watch initialization in P&F
507710b50f8 Update CNI plugins v0.9.1
4acb6a865c9 storage e2e: use csi-driver-host-path v1.7.2 in single pod
d98a83bb01b kubeadm:return error info normally
80a5b004451 Removing utils/mount dependencies from vendor
2769e99dba2 remove scheduler deprecated algorithm-provider flag and clean up algorithmprovider pkg
e89d2a77795 Promote Daemonset list and deleteCollection e2e test to Conformance
5e4c59ba991 Promote Replicaset list and deleteCollection e2e test to Conformance
e43e9696cc6 Fixed sort-by not sorting Resources as expected
8651fcb25a7 Implement a windows Netpol NewModel
4c95bc8830b testdata: StatefulSet
f3ab9550180 validation: Handle presence of api introduced
d11cc95376c feature: Add minReadySeconds featuregate
5464b649812 generated: Changes for api introduced
49af8358522 api: Introduce minReadySeconds,AvailableReplicas in Statefulset
df4c34e771c Update pd csi driver images to use v1 images (CSINode, CSIDriver, etc)
17551f291d0 Return UnschedulableAndUnresolvable instead of Error when failing to lookup pvc or storageclass in VolumeZone plugin
f871475a5e5 Grant PSP permissions to all serviceaccounts in e2e, not just default
80fa50e0d74 Update etcd image revision
33fe4bb0764 Update debian-base to buster-v1.7.0
3bcc15e19dd Update debian-iptables to buster-v1.6.1
6c0976814ca use ownerReference to build default spreading contraints in the scheduler
2e771b8e745 Make a public ValidateAnnotationsSize
8e5a9824425 kubeadm: remove the cgroup driver detection code for Docker
a013c6a2db5 Adding IPV6 (Dual Stack) support to handle IPV6 pod cidrs
93f79103e54 kubeadm: add "+optional" to fields with "omitempty" in v1beta3
2c79f52de90 Local PV e2e: fix leaked local volumes
38c56883f1c e2e: hugepages: delete test pod after the test
e862421c2bc Update etcd makefile to build v3.5.0-beta.3 image
383ce85649c [scheduler] avoid comparing function pointers in unit tests
c9ec4862872 Part of master to controlplane in test/integration Rename NewIntegrationTestMasterConfig to NewIntegrationTestControlPlaneConfig
1b6895c11fb Fix: remove framework.ScoreExtensions interface check
5908cd0d90d simplify returning boolean expression in /pkg/volume
9e257ec194f Optimization logging format for pkg/kubelet
55ff9630179 Make validation totalAnnotationSizeLimitB public.
69019a03d3a Add netpol tests for windows
2d361d43063 e2e: Flag questionable durations in container status on termination
f9cb68a2b13 Fix EndpointSliceCache::getEndpointsMap for different endpoints with same IP
f1aee7e0496 kubelet/cm: GetResourceStats -> MemoryUsage
517feed45b5 Add: interface check
202a0120937 Add restart unit test
b344d4d4422 api link is missing
20c02357cad Add hint to fake topology manager.
c299b8fc9a0 kubelet/cm: rm propagateControllers
fadf3e15316 Graduate prefer nominated node to beta
e8f69398c35 simplify return boolean value expression in cmd/kube-controller-manager/app/certificates.go
c24b87b1336 Fixed a possible nil pointer dereference caused by variable `plug`
c201a78dff9 Remove etcd connection apiserver preflight check
3c1576ae573 Create e2e Deployment status lifecycle test
bcfa3604a28 Create e2e test for Statefulset Status endpoints
990d0949c4e Add test, after restart dbus, should be able to gracefully shutdown
9c59e6c85fa After dbus restarts, make GracefulNodeShutdown work again
ae90e6b9a1f Retain the test coverage of TestObserveWebhookRejection.
fb23e449ab6 Add attr to the argument list of ObserveWebhookRejection, and remove operation, as it is included in attr.
f40b10e3aa0 Prevent data race condition in vsphere unit tests
f9ee64007ee apf: always create missing bootstrap configuration object(s)
32c14da9025 fix(metrics-proxy): wait for enough component pods to show up first
6c63ef147cc extract same code of es and esm to pkg
72fe1b722ce Make the service account error more apparent
88b31814f4a BoundServiceAccountTokenVolume ga
619fff10eac handle Unmarshal error
074f25523b2 scheduler_perf: correct error handling
55be51a2dbe Issue [2683](https://github.com/kubernetes/org/issues/2683) was closed with PR [2690](https://github.com/kubernetes/org/pull/2690O) sSimran should now be part of kubernetes ORG
330fee13506 remove the RunAsGroup feature-gate
5ea01629066 e2e: deflake test by not relying on events
3916c009551 fix manual trigger of readinessProbe on startupProbe success
fa1a4100c6c Remove CSIMigrationVSphereComplete flag
baa88b26cdc Remove feature gate to GA the setHostnameAsFQDN feature
60377ba1a37 graduate IngressClassNamespacedParams to beta
2eb90f9b809 Default StreamingProxyRedirects to disabled
afe28c6fc83 kubelet_pods.go: clean makeEnvironmentVariables
1df3a735d3b go-to-protobuf: small fixes to improve debuggability
2335547a9cf cleanup: delete tempDir after flexvloume_test is executed
650666406e1 update kubelet_running_pods metrics comments: pods that have a running pod sandbox
a3b2e35d700 Making a run test.
125fb04dbf2 Relax node_id length limit to 256
2dbdfd0902e Extend the max of admission latency buckets to 10s.
e7db88b0b65 Add a namespace label to admission metrics.
3bad31b531e Add allowAutoIOPSPerGBIncrease to translated AWS EBS StorageClasses
4272ac92a76 Document the NodeAddressType values
b9d9cc38b52 fix: inaccurate miss schedule times of cronjob v2.
78323910db5 Fix typo: Use uniform format of structured klog
8725c960149 Fix csi_client_test.go metrics nil pointer dereference
79126376f02 Add test for counting inodes correct with hardlinks
d45ba645a8f Get inodes and disk usage via pure go
6e54f067e9d Support dynamically set log level for kube-proxy
1d764952dad Fix incorrect test code in pkg/volume/csi/csi_attacher_test.go file
64fca6bda7d doc: remove the description `socat` is required
80b4277bff4 Optimize the structured Logging migration.
0eb40b3ded6 e2e: reduce pods used in shared local pv test
dea89e549fc Fix use nil err
086cdfb3601 Use docker buildx for the build-image.
2d3073c5917 Tweak kubelet config comments for consistency and readability
fdcbb54febd Improve kubelet config type documentation
bc3e7b5dca3 nit: use %v for error as it is already quoted
04f091790ee e2e: TM: wait for SRIOV devices in pod scope tests
8e7b5ff480b staging/src/k8s.io/apiserver/pkg/registry:migrate logs to structured logs
3ec63238c53 fix kubectl alpha debug node does not work on tainted nodes
88fbd370407 Fix the url 'version's comparation of github.com/Azure/go-autorest/' lost
1995f28c64a Simply modify the Kubectl logs information
385b7d7ff07 fix --event-qps and --event-burst
620c23473fb fix Spelling error for klog
00da68dbc25 Adding restart kubelet flag on e2e test
07002e41bbe Update Calico to use a non-conflicting route table range
ad156aff59e ignore "vmdk not found" vsphere errors during unmount (assume success)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
/
|
||
|
hongxu
|
c1bd680e12 |
skopeo: fix native skopeo failed if no libdevmapper.so.1.02 on host
If host does not install libdevmapper.so.1.02, run native skopeo failed: ... $ tmp-glibc/sysroots/x86_64/usr/sbin/skopeo -h |tmp-glibc/sysroots/x86_64/usr/sbin/skopeo.real: error while loading shared libraries: libdevmapper.so.1.02: cannot open shared object file: No such file or directory ... Create wrapper to set LD_LIBRARY_PATH which using native libdevmapper.so.1.02 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
hongxu
|
6459b6544b |
Revert "nagios-nsca: blacklist recipe due to unsupported libmcrypt"
The libmcrypt build issue has been fixed by oe
This reverts commit
|
||
|
Martin Jansa
|
92f976404b |
podman-compose: remove pypi inherit to fix do_fetch
* now when pypi uses SRC_URI_prepend since: https://git.openembedded.org/openembedded-core/commit/?id=8f17b8bce85efb0e9a7e15d0b98a5cf7b6bd9750 both entries end in SRC_URI (because of delayed nature of prepend): https://files.pythonhosted.org/packages/source/p/podman-compose/podman-compose-0.1.5.tar.gz git://github.com/containers/podman-compose.git causing: ERROR: podman-compose-0.1.5-r0 do_fetch: No checksum specified for '/OE/build/oe-core/downloads/podman-compose-0.1.5.tar.gz', please add at least one to the recipe: SRC_URI[sha256sum] = "fb229362f188980ea3fbdee2a25d0a2dd6a0b886d925d5213e22e09f1062ebe9" ERROR: podman-compose-0.1.5-r0 do_fetch: Fetcher failure for URL: 'https://files.pythonhosted.org/packages/source/p/podman-compose/podman-compose-0.1.5.tar.gz'. Missing SRC_URI checksum ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/podman-compose/0.1.5-r0/temp/log.do_fetch.55855 drop pypi inherit to restore the previous SRC_URI with just the git:// entry. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
b8f2edd39a |
crun: add seccomp distro features check
Since seccomp depends on libseccomp, and seccomp is only available when the distro feature is enabled, we add the same dependency and distro feature check to this recipe. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
fd4b46ce22 |
cri-o: add seccomp distro features check
Since seccomp depends on libseccomp, and seccomp is only available when the distro feature is enabled, we add the same dependency and distro feature check to this recipe. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Diego Sueiro
|
66994bf37e |
packagegroup-container: Include podman if seccomp is in DISTRO_FEATURES
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Diego Sueiro
|
4a86cfb8d9 |
slirp4netns: Add seccomp as REQUIRED_DISTRO_FEATURES
The libseccomp package is only available if seccomp is in DISTRO_FEATURES. Signed-off-by: Diego Sueiro <diego.sueiro@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Diego Sueiro
|
dd3bc51e3f |
podman: Add seccomp as REQUIRED_DISTRO_FEATURES
The libseccomp package is only available if seccomp is in DISTRO_FEATURES. Signed-off-by: Diego Sueiro <diego.sueiro@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Ross Burton
|
e0bf8958bb |
dev86: don't require dev86-native to build dev86
Instead of installing binaries and patching the makefiles to run external commands, simply build ifdef using BUILD_CC instead of CC. This patch is now upstreamable, the recipe is less complicated, and nativesdk works. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Ross Burton
|
449cfdef60 |
dev86: work on all hosts, other cleanups
Remove COMPATIBLE_HOST, whilst this is an x86 assembler there's nothing to stop you building it on or for arm64 and assembling x86 code. Override INEXE so that binaries are not stripped and remove INSANE_SKIP. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Martin Jansa
|
5c1388998d |
conmon: add dependency on libseccomp and seccomp to REQUIRED_DISTRO_FEATURES
* added with to v2.0.29 commit: 106cad5 seccomp: add support for seccomp notify * fixes: | src/seccomp_notify.c:9:10: fatal error: seccomp.h: No such file or directory | 9 | #include <seccomp.h> | | ^~~~~~~~~~~ Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Xu, Yanfei
|
bbf7ddbe02 |
skopeo: add native and nativesdk support
1.Add native and nativesdk support. 2.Replace "multipath-tools" with "libdevmapper" and "lvm2". Because the really direct DEPENDS package is "libdevmapper" and "lvm2". Log of do_comopile as below: -----------------[cut here]--------------------- DEBUG: Executing shell function do_compile NOTE: make -j 40 BUILDTAGS= bin/skopeo CGO_CFLAGS="-I/...../usr/include" CGO_LDFLAGS="-L/...../usr/lib -lgpgme -lgpg-error -lassuan" GO111MODULE=on go build -mod=vendor "-buildmode=pie" -ldflags '-X main.gitCommit=8efffce8befc2de87670ba75d6c86ada61e869fd ' -gcflags "" -tags "" -o bin/skopeo ./cmd/skopeo Package devmapper was not found in the pkg-config search path. Perhaps you should add the directory containing `devmapper.pc' to the PKG_CONFIG_PATH environment variable No package 'devmapper' found pkg-config: exit status 1 make: *** [Makefile:134: bin/skopeo] Error 2 Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Xu, Yanfei
|
daac3b630f |
umoci: add nativesdk to BBCLASSEXTEND
add nativesdk to BBCLASSEXTEND Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
7a59023229 |
conmon: update to v2.0.29
Bumping conmon to version v2.0.1-250-g1ef2468, which comprises the following commits:
1ef2468 Fix docs links due to branch rename
24c73c2 seccomp: fix for unsupported versions
fc7830d bump to v2.0.30-dev
7e6de66 bump to v2.0.29
b033cb5 Reset OOM score back to 0 for container runtime
106cad5 seccomp: add support for seccomp notify
77dfb4b .cirrus.yml: raise the timeout to 60m
87330dc call functions registered with atexit on SIGTERM
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
950b24b2d5 |
conmon: add branch specification to SRC_URI
The upstream project switched from master to main, so we add an explicit branch specification to avoid fetch errors (as the deafult of master no longer works). Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
299c418144 |
crun: update to latest
Bumping crun to version 0.20.1-7-g7ef74c9, which comprises the following commits:
b07c389 criu: fix error check
09401bb linux: fix unitialized variable
b222968 cgroup: fix a memory leak
1182975 cgroup: honor memory swappiness set to 0
38271d1 NEWS: tag 0.20.1
923447b container: ignore resetting keyring SELinux label
b26493f Dockerfile: install required python3-jinja2 package
0d42f11 NEWS: tag 0.20
9042ac5 seccomp: drop SECCOMP_FILTER_FLAG_LOG by default
0f4156f cgroup: Refactor libcrun-cgroup-destory to support picking subsystems dynamically and clean custom controllers.
d6be344 cgroup: ignore devices errors in a userns
6e187fb cgroup: do not join empty controller
badb23d seccomp: report correct action in error message
5201956 container: apply SELinux label to keyring
4b664e9 linux: attempt to open existing dev file first
dd1c419 libocispec: sync from upstream
5f74e2a Makefile.am: make sure libocispec uses main branch
f0c76e1 utils: close_range fallbacks to close on EPERM
1596ab1 Update crun manual with recently added flags
1d84d62 Fix type for LinuxDeviceCgroup.linux.resources.devices.allow in default Spec
62d251d container: call prestart hooks before rootfs is RO
48bc33d Exec: Add --process-label and --apparmor to allow modifying selinux_label and apparmor_profile
0e53e87 Exec: Add --no-new-privs to and adhere if noNewPriviledges is false in basespec config
2de8b43 Fix SIGSEGV for rootless container caused by case when def->linux is defined but def->linux->cgroups_path is NULL
54e77c2 Add support for spec --bundle
ae11886 cgroup: fix regression in mode detection
194b72d kill: fix race condition with pidfd_open
2910d9b cgroup: add custom annotation run.oci.delegate-cgroup
407eef9 cgroup: drop argument from function
0485de6 cgroup: report error if the cgroup path was set
bf5020a cgroup: improve error message
a131715 cgroup: fix recursive cleanup
6e95060 cgroup: kill procs in cgroup on EBUSY
0274d6f tests: disable go modules
1272eaf tests: skip podman create --pull
04f1a6a container: read the error from the init process
29afcd6 Update README.md
9863a8e Update README.md
55f5ed5 utils: use /proc/self/fd to open unix socket
fa40930 contrib: fix warning from the rust compiler
1535fed NEWS: tag 0.19.1
227e0be spec: add cgroup ns if on cgroup v2
3fbe777 libcrun: add const to spec_file
eb34661 libcrun: annotate cgroup_mode < 0 checks
92bcc81 tests: add fuzzing tests
af3509d cgroup: support array of strings
9effaeb On exec, honor additional_gids from the process spec, not the container definition
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
6adc4f64d5 |
crun: switch to main as specified branch
The upstream project has moved from master to main, so we adjust our recipe accordingly. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
aa2c70a3ad |
cni: inhibit go.mod build for main cni
The cni plugins already have mod=vendor, but we also need to ensure that the main CNI build is not using go module based builds. To avoid inconsistent vendoring messages, we switch all plugins to no module builds as well. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
0f59d98670 |
podman: update to 3.2.1
Bumping libpod to version v3.2.1-2-gab4d0cf90, which comprises the following commits:
60752b320 Bump to v3.2.2-dev
152952fe6 Bump to v3.2.1
c5d9c0a6f Updated release notes for v3.2.1
4f56f7f13 Fix network connect race with docker-compose
e42d727a9 Revert "Ensure minimum API version is set correctly in tests"
f69789155 Fall back to string for dockerfile parameter
5a158563c remote events: fix --stream=false
38fbd2cb9 [CI:DOCS] fix incorrect network remove api doc
26eae3bf8 remote: always send resize before the container starts
c751544fa remote events: support labels
c28f442b2 remote pull: cancel pull when connection is closed
2993bdf1e Fix network prune api docs
8ba0c92e6 Improve systemd-resolved detection
c3f6ef63a logs: k8s-file: fix race
f1e7a0747 Fix image prune --filter cmd behavior
5ddd76edd Several shell completion fixes
2afb5eeab podman-remote build should handle -f option properly
6beae86f0 System tests: deal with crun 0.20.1
80362b34c Fix build tags for pkg/machine...
c85b6b3fe Fix pre-checkpointing
b61701acb container: ignore named hierarchies
e0dcffa8d [v3.2] vendor containers/common@v0.38.9
d46deca8c rootless: fix fast join userns path
f2b3da502 [v3.2] vendor containers/common@v0.38.7
78430ee1d [v3.2] vendor containers/common@v0.38.6
b6ef7cf21 Correct qemu options for Intel macs
9647d8844 Ensure minimum API version is set correctly in tests
72455ece4 Bump to v3.2.1-dev
0281ef262 Bump to v3.2.0
cff73766f Fix network create macvlan with subnet option
8688f54ea Final release notes updates for v3.2.0
f62c6bf6e add ipv6 nameservers only when the container has ipv6 enabled
4b8ca6303 Use request context instead of background
ce5c3b554 [v.3.2] events: support disjunctive filters
dd83f5c0c System tests: add :Z to volume mounts
32927f5d6 generate systemd: make mounts portable
abb57e5cf vendor containers/storage@v1.31.3
1e4563182 vendor containers/common@v0.38.5
fbf8b78a3 Bump to v3.2.0-dev
684729482 Bump to v3.2.0-RC3
f49023031 Update release notes for v3.2.0-RC3
ee5dd0603 Fix race on podman start --all
6c9de9382 Fix race condition in running ls container in a pod
69bae4774 docs: --cert-dir: point to containers-certs.d(5)
934f36df5 Handle hard links in different directories
5eecc2761 Improve OCI Runtime error
ba884865c Handle hard links in remote builds
c53638e9f Podman info add support for status of cgroup controllers
ac8b7ddd8 Drop container does not exist on removal to debugf
18e917cdc Downgrade API service routing table logging
efa15b96c add libimage events
a9108ab25 docs: generate systemd: XDG_RUNTIME_DIR
bb589bec2 Fix problem copying files when container is in host pid namespace
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
60c4c54984 |
runc-docker: update to rc95
Synchronize the 'runc-docker' with the opencontainers variant. This
allows the common patch to be used once again, and we refresh our docker
specific patch to the new content.
Bumping runc to version v1.0.0-rc95-28-gbfcbc947, which comprises the following commits:
37767c05 ci: lint: show all errors in PRs
07ca0be0 *: clean up remaining golangci-lint failures
00119c85 integration: add repeated "runc update" test
d0f2c25f cgroup2: devices: replace all existing filters when attaching
98a3c0e4 cgroup2: devices: switch to emulator for cgroupv1 parity
dcc1cf7c devices: add emulator.Rules shorthand
54904516 libcontainer: fix integration failure in "make test"
c7c70ce8 *: clean t.Skip messages
a95237f8 libctr/cg/systemd: export rangeToBits
df0206a6 errcheck: utils
0c65f833 errcheck: signals
3b31e3ea errcheck: tty
b45fbd43 errcheck: libcontainer
463ee5e1 errcheck: libcontainer/nsenter
7e7ff872 errcheck: libcontainer/configs
a8995053 errcheck: libcontainer/integration
b93666eb libct/cg/fs2: setFreezer: wait until frozen
1069e4e9 libct/cg/fs2: optimize setFreezer more
5d193188 libct/cg/fs2: optimize setFreezer
8a7a374f VERSION: back to development
b9ee9c63 VERSION: release v1.0.0-rc95
0ca91f44 rootfs: add mount destination validation
c61f6062 libcontainer: honor seccomp defaultErrnoRet
d519da5e Dockerfile, Vagrantfile.centos7, .github: bats 1.3.0
bdad2859 Dockerfile, Vagrantfile.centos7: use go 1.16
f96530f2 EMERITUS: recognise previous maintainers
c73a6626 VERSION: back to development
2c7861bc VERSION: release v1.0.0-rc94
12e9cac9 Vagrantfile.fedora: set Delegate=yes
ac70a9a1 tests/int: run rootless_cgroup tests for v2+systemd
601cf582 tests/int/cgroups: don't check for hugetlb
40b97919 tests/int: enable/use requires cgroups_<ctrl>
44fcbfd6 tests/int/helpers: generalize require cgroups_freezer
353f2ad1 tests/int/update.bats: don't set cpuset in setup
4f8ccc5f libct/cg/sd/v2: call initPath from Path
0ed1f802 tests/int/helpers: rm old code
af2e03c5 ci/gha: bump shellcheck 0.7.1 -> 0.7.2
2d1bb91d ci/gha: bump shfmt 3.2.0 -> 3.2.4
a7feb423 libct/int: add TestFdLeaksSystemd
c7f847ed libct/cg/sd: use global dbus connection
99c5c504 libct/cg/sd: introduce and use getManagerProperty
0fabed76 libct/int/checkpoint_test: use kill(0) for pid check
7eb1405b libct/int/checkpoint_test: use waitProcess helper
72d7a824 libct/int/checkpoint_test: use t.Helper
bcca7968 libct/int: simplify/fix showing errors
524abc59 freezer: add delay after freeze
e1d842cf libct/intelrdt: fix unit test
541fc19e Makefile: allow overriding go command by environment
06a9ea36 script/release.sh: add -a to force rebuild
91b01682 Update golang.org/x/sys to add linux/ppc support
ee4612bc CI: enable Go 1.13 again
e2dd9220 go.mod: demote to Go 1.13
45f49e8f libcontainer: avoid using t.Cleanup
1a659bc6 Revert "Makefile: rm go 1.13 workaround"
abf12ce0 libc/cg: improve Manager docs
3f659467 libct/cg: make Set accept configs.Resources
af0710a0 libct/cg/sd/v2: fix Set argument
850b2c47 libct/cg/fscommon.OpenFile: speed up ro case
71a8aee8 cgroups/systemd: replace deprecated dbus functions
47ef9a10 libct/cg/sd: retry on dbus disconnect
6122bc8b Privatize NewUserSystemDbus
15fee989 libct/cg/sd: add renew dbus connection
bacfc2c2 libct/cg/sd: add isDbusError
cdbed6f0 libct/cg/sd: add dbus manager
9efd8466 libct/cg/fscommon.OpenFile: reverse checks order
0bee5e0b libct/cg/fs: add GetStats benchmark
7e7eb1c3 CI: update Fedora to 34
d3cee12a cloned_binary: switch from #error to #warning for SYS_memfd_create
23e3794d checkpoint: validate parent path
fcd7fe85 libct/cg/fs/freezer: make sure to thaw on failure
0216716c tests/int: add a case for cgroupv2 mount
5ffcc568 tests/int: use bfq test with rootless
ff692f28 Fix cgroup2 mount for rootless case
3826db19 libct/rootfs/mountCgroupV2: minor refactor
1e476578 libct/rootfs: introduce and use mountConfig
deb8a8dd libct/newInitConfig: nit
2192670a libct/configs/validate: validate mounts
1f1e91b1 libct/specconv: check mount destination is absolute
73f22e7f libcontainer/cgroups/systemd: replace use of deprecated dbus.New()
aa622723 tiny fix iterative checkpoint test case
ee3b563d Add cfs throttle stats to cgroup v2
6faed0e4 libct/int: use ok(t, err)
af3c5699 libct/int: remove unused code
7b802a7d libct/int: better test container names
9f3d7534 logging: enable file/line info if --debug is set
ef9922c2 libct/cg: don't return OOMKillCount error when rootless
5cdd9022 libct/cg/fs[2]: fix comments about m.rootless
31dd1e49 tests/int: add rootless + host pidns test case
a2050ea4 runc run: fix start for rootless + host pidns
2f1a3ed3 Fix vendored dependencies
d15c7bb0 go.mod: github.com/cilium/ebpf v0.5.0
f28a8cc2 ebpf: replace deprecated prog.Attach/prog.Detach
928ef7af libct/nsenter: add json msg escaping
52390d68 Ignore kernel memory settings
b7c315ad vendor: bump containerd/console to 1.0.2
b6cdb8ae fix a typo
64bb59f5 nsenter: improve debug logging
6ce2d63a libct/init_linux: retry chdir to fix EPERM
c5029c00 tests: fix hello-world tarball name in testdata for arm64
289a3045 go.mod: github.com/moby/sys/mountinfo v0.4.1
4316df8b libcontainer/system: move userns utilities to separate package
e7fd383b libcontainer/system: un-export UIDMapInUserNS()
249356a1 libcontainer/system: remove unused GetParentNSeuid()
dc52ed25 libcontainer/user: remove outdated MAINTAINERS file
72ecf59c libcontainer/user: fix windows compile error
2515b0c2 libct/user: rm windows code
0596f6e1 libcontainer/devices/device_windows.go: rm
b1deba8c libcontainer/configs/config_windows_test.go: rm
f1586dbd libcontainer/configs/validate: make Validate() less DRY
4126b807 libcontainer/configs: add missing type for hooknames
48125179 go.mod: github.com/cilium/ebpf v0.4.0
44611630 docs/systemd: add
27bb1bd5 libct/specconv/CreateCgroupConfig: don't set c.Parent default
d748280a make release: build/include libseccomp
aa6da82c script/release.sh: fix shellcheck warnings
3eb46d89 ci: make static built binary available
f0dec0b4 libct/specconv/CreateCgroupConfig: nit
36fe3cc2 tests/int/cpt: fix lazy-pages flakiness
2dd62b3d libct/checkCriuFeatures: rm excessive debug
0e089002 tests/int/checkpoint: close lazy_r fd
b09030a5 tests/int/checkpoint: close fds in check_pipes
e63df1e6 tests/int: really randomize cgroup/unit names
6e4c5b6e tests/int/cgroups: don't use BUSYBOX_BUNDLE
adf733fa vendor: update go-systemd and godbus
f09a3e1b tests/int: don't set/use CGROUP_XXX variables
4ecff8d9 start: don't kill runc init too early
b1184302 libct/configs/validator: add some cgroup support
0f8d2b6b libct/cg/fs2.Stat: don't look for available controllers
85416b87 libct/cg/fs2.statPids: fall back directly
10f9a982 libct/cg/fs2/getPidsWithoutController: optimize
6121f8b6 libct/cg/fs2.Stat: always call statCpu
9455395b libct/cg/fs2/memory.Stat: add usage for root cgroup
a9c47fe7 libct/cg/fs[2]/getMemoryData[V2]: optimize
b99ca25a libct/cg/fs2/memory: fix swap reporting
79a8647b libct/int: add TestFdLeaks
b3be2b0b libct: close execFifo after start
08b52797 Make test specific to disassembleFilter function
7b3e0bcf Ensure the scratch pipe is read during ExportBPF
62f1f0e4 tests/int/checkpoint: check all logs for errors
346cb359 Revert "tests/checkpoint: show full log lazy pages cpt"
c9b3787b script/check-config.sh: add SELinux and AppArmor
5fb831a0 capabilities: WARN, not ERROR, for unknown / unavailable capabilities
e49d5da2 go.mod: OCI runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
2726146b runc --debug: more tests
201d60c5 runc run/start/exec: fix init log forwarding race
c06f999b libct/logs/test: refactor
688ea99e runc init: fix double call to ConfigureLogs
dd6c8d76 main: cast Chmod argument to os.FileMode
69ec21a1 libct/logs.ForwardLogs: use bufio.Scanner
0300299a tests/int/debug.bats: fixups
d38d1f9f libcontainer/logs: use int for Config.LogPipeFd
ac93746c libct/seccomp: rm IsEnabled
9b2f1e6f runc version: don't use seccomp.IsEnabled
c8e0486f Fix oss-fuzz build
d76309f9 script/check-config.sh: add CONFIG_SECCOMP_FILTER
997e8942 capabilities.Caps: use a map for capability-types
41f466d8 nsexec.c: fix formatting for netlink defines
522bd641 Fix checking C code formatting
1948b4ce cloned_binary.c: rm redundant comments
b67deb56 nsexec.c: rm a block
513d89ee capabilities: use BOUNDING/AMBIENT instead of their alias
dd2caace go.mod: runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
a608b7e7 libcontainer/apparmor: use sync.Once for AppArmor detection
d6e89248 Fix build-tags in libcontainer/devices
f585cec7 libct/cg/v2: always enable TasksAccounting
8c7ece1e fs2: fallback to setting io.weight if io.bfq.weight
74299a1c CI: cache ~/.vagrant.d/boxes
97f2e351 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
db025aba libct: criuSwrk: only iterate over CriuOpts if debug is set
051646a3 tests: test nested bind mount restore
705b6cc7 Re-create mountpoints during restore
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
b88e74aca7 |
k3s: update to 1.21 latest
Bumping k3s to version v1.21.1+k3s1-10-geac48f69bc, which comprises the following commits:
eac48f69bc Add kubernetes.default.svc to serving certs
16ae282c7a Fix RBAC cloud-controller-manager name 3308 (#3388) (#3408)
ff54d8c96d Add a path for wireguard's privatekey
1932979f44 Update flannel version
8fd180e0d9 move object channel defer close to goroutine
69795277be add retention default and wire in s3 prune
58649c5e85 add etcd snapshot save subcommand
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
42cc70df20 |
conmon: update to v2.0.28
6b18f7e bump to v2.0.28 dd63dcb Cirrus: Update VM Images 096e2c1 conmon: do not chown /dev/null 3efab3e Add Kubernetes e2e tests as GitHub action 0114f3c move integration to gh actions 186038c run make vendor 31c5a2e add tests running a runtime c53c155 always set container pid file 1955f59 write runtime stderr to journal on error af1f3c4 some small cleanups 6c38b5a Use less resources 355dbf1 conn_sock: fix potential segfault 4587294 ci/gha: bump runc to rc93 92867a7 Add Podman integration test GitHub action 1ec43d9 bump to v2.0.28-dev Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
e15bb2b101 |
README: update IRC to libera.chat
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
d281b8b55c |
libvmi: upadte to 0.14.0
Integrating the following commits: 3f5b0d5 Wire up cpuid events on kvmi (#975) 8cdef96 Clear up event example even more (#974) 548da8d Simplify event-example (#973) cffe055 Clean up on partial init failure (#972) fb2e006 Add snapcraft.yaml (#961) 582fc95 Add vmtrace (IPT) buffer offset to vm_event ABI (#960) 8b88b72 Turn on all debug options for scan-build test (#959) 719d90f Debug print in volatility_ist can segfault, fix (#958) 19379a9 Remove temp file accidentaly added to git (#957) f686145 Nested support (#956) 6d65cc3 Add AC_PROG_CC_C99 to configure.ac (#955) e21df55 Add more files to gitignore (#954) d9e490e Container build test (#953) c68d899 Switch to using Github Actions for CI (#952) 6d07174 Bump version to 0.15.0 (odd-numbered dev version) (#951) 1ae3950 examples: fix reinjection in breakpoint-recoil-example (#945) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
6957b542e3 |
cni/plugins: update to 0.9.1
Update the cni plugins part of the recipe to the 0.9.1 release: c4d4aa7 Remove Bryan Boreham as maintainer af26bab host-local: support ip/prefix in env args and CNI args f72aa98 [sbr]: Use different tableID for every ipCfg Check tableID not in use for every ipCfg 40c225e Small typo improves in README.md 76ef07e Allow multiple routes to be added for the same prefix. Enables ECMP d6bf1ea Update to lastest vendor/github.com/vishvananda/netlink bdaaa20 tuning: always update MAC in CNI result 33a2929 vendor: bump to libcni v1.0-rc1 820fee9 tuning: Add support of altering the allmulticast flag f34c600 [sbr]: Use different tableID for every ipCfg Move default table routes which match the ipCfg config 8f32968 Fix nil-pointer check 028fc2f host-local: support custom IPs allocation through runtime configuration 7da1c84 pkg/ip: introduce a new type `IP` to support formated <ip>[/<prefix>] 2eac102 go.mod: github.com/j-keck/arping v1.0.1 f4d2925 go.mod: github.com/buger/jsonparser v1.1.1 c3d0153 go.mod: github.com/alexflint/go-filemutex v1.1.0 75b64e0 go.mod github.com/Microsoft/hcsshim v0.8.16 bc85637 go.mod: godbus/dbus/v5 v5.0.3, coreos/go-systemd v22.2.0 d2d89dd go.mod: github.com/mattn/go-shellwords v1.0.11 59a6259 go.mod: github.com/sirupsen/logrus v1.8.1 3cc1135 CI: Install linux-modules-extra for VRF module 5b02c2a Fix broken links to online docs in plugin READMEs f275746 gha: update actions/setup-go@v2 b811967 remove redundant startRange in RangeIter due to overlap check on multi ranges 178d7c0 fix(win-bridge): panic while calling HNS api e09a17f portmap: use slashes in sysctl template to support interface names which separated by dots 9b09f16 pkg/ipam: use slash as sysctl separator so interface name can have dot e31cd2c [macvlan] Stop setting proxy-arp on macvlan interface 8e540bf tuning: increase test coverage to 1.0.0 and older spec versions d2e5b5d portmap: increase test coverage to 1.0.0 and older spec versions 8f7fe6d flannel: increase test coverage to 1.0.0 and older spec versions f33eedb firewall: increase test coverage to 1.0.0 and older spec versions da52be3 bandwidth: increase test coverage to 1.0.0 and older spec versions 02cdaaf host-local: increase test coverage to 1.0.0 and older spec versions f534133 static: increase test coverage to 1.0.0 and older spec versions 932653f dhcp: increase test coverage to 1.0.0 and older spec versions dd3f606 dhcp: add -resendmax option to limit lease acquisition time for testcases 4ddc8ba vlan: increase test coverage to 1.0.0 and older spec versions f56545c ptp: increase test coverage to 1.0.0 and older spec versions bbf7189 macvlan: increase test coverage to 1.0.0 and older spec versions 5eae558 loopback: increase test coverage to 1.0.0 and older spec versions 5096b53 ipvlan: increase test coverage to 1.0.0 and older spec versions 34cee8c host-device: increase test coverage to 1.0.0 and older spec versions c3c286c bridge: increase test coverage to 1.0.0 and older spec versions c8f341d bridge: simplify version-based testcase code 8c25db8 testutils: add test utilities for spec version features 7d8c767 plugins: update to spec version 1.0.0 9e2430b vendor: bump CNI to 1.0.0-pre @ 62e54113 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |