* DRA: support non-pod references in ReservedFor
Signed-off-by: MohammedSaalif <salifud2004@gmail.com>
* Expand reservation validation comment in syncClaim as suggested by mortent
* Address feedback: rename valid to remaining and remove obsolete TODO
---------
Signed-off-by: MohammedSaalif <salifud2004@gmail.com>
5644850607 added support for List+Watch to a fake client-go instance.
However, that support was not quite working yet as seen when analyzing a test
flake:
- List returned early when there were no objects, without adding the
ResourceVersion. The ResourceVersion should have been "0" instead.
- When encountering "" as ResourceVersion, Watch didn't deliver
any objects. That was meant to preserve compatibility with clients
which don't expect objects from a Watch, but the right semantic of
"" is "Start at most recent", which includes delivering existing
objects.
Tests which meddle with the List implementation via a reactor (like
clustertrustbundlepublisher) have to be aware that Watch now may
return objects when given an empty ResourceVersion.
This initially was attempted in 5f083e3b9f
but it caused e2e failing heavily (see
https://github.com/kubernetes/kubernetes/issues/135222 for more details).
The changes proposed in e6641cd290
clarified the naming of the two existing scale methods but they still
leave both of them as is.
This change goes a step further by combining both into a single method
with a parameter `forceUpdate` which is responsible for driving the mode
of execution between lazy update and a forced update.
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
* DRA resource claim controller: configurable number of workers
It might never be necessary to change the default, but it is hard to be sure.
It's better to have the option, just in case.
* generate files
* resourceclaimcontroller: normalize validation error message
* Update cmd/kube-controller-manager/app/options/resourceclaimcontroller.go
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
---------
Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Add unit test with a volume plugin that does not support SELinux. That
simulates a CSi driver whose spec.SELinuxMount is empty or false.
This requires a little refactoring, each unit test now has a flag if it
runs with a volume plugin that supports SELinux.
While the code is nominally owned by SIG Scheduling, in practice I am the one
who knows it best, so I should be a reviewer and should be able to merge simple
changes without additional approvals (will use cautiously!).
* wire now (time) to the availability checks in the StatefulSet controller
- this helps to make the controller reconcilliation consistent
* schedule pod availability checks at the correct time in StatefulSets
* replace "k8s.io/klog/v2/ktesting" with "k8s.io/kubernetes/test/utils/ktesting"
for advanced features (e.g. Eventually)
* add StatefulSetAvailabilityCheck test
Add ownersLock to protect concurrent access to node.owners between
GraphBuilder.processGraphChanges() (writer) and GC worker goroutines
reading in blockingDependents() and unblockOwnerReferences() methods.
Also fix concurrent reads in the HTTP debug handler (/graph endpoint)
for owners, dependents, beingDeleted, deletingDependents, and virtual
fields by using their respective thread-safe accessor methods.
Reset SELinuxChangePolicy of Pods that have no SELinux label set to
Recursive. Kubelet cannot mount with `-o context=<label>`, if the label is
not known.
This fixes the e2e test error revealed by the previous commit - it changed the
e2e test to check for events when no events are expected and it found a
warning about a Pod with no label, but MountOption policy.
