234 commits

Author	SHA1	Message	Date
Itamar Holder	2c15d3b8e1	Add field wiping and validation logic ... Signed-off-by: Itamar Holder <iholder@redhat.com>	2025-11-18 14:14:41 +02:00
ndixita	84776abaff	Modifying validation logic and pod strategy for PodResize to accommodate for Pod Level Resources resize	2025-11-11 18:15:22 +00:00
ndixita	69c1fd72aa	API changes for Pod Level IPPR related PodStatus fields	2025-11-11 18:15:17 +00:00
Kubernetes Prow Robot	462ee14a36	Merge pull request #134345 from yuanwang04/restart-pod ... Implement RestartAllContainers	2025-11-11 07:18:56 -08:00
Heba	aceb89debc	KEP-5471: Extend tolerations operators (#134665) ... * Add numeric operations to tolerations Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * code review feedback Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * add default feature gate Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * Add integration tests Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * Add toleration value validation Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * Add validate options for new operators Signed-off-by: helayoty <heelayot@microsoft.com> * Remove log Signed-off-by: helayoty <heelayot@microsoft.com> * Update feature gate check Signed-off-by: helayoty <heelayot@microsoft.com> * emove IsValidNumericString func Signed-off-by: helayoty <heelayot@microsoft.com> * Implement IsDecimalInteger Signed-off-by: helayoty <heelayot@microsoft.com> * code review feedback Signed-off-by: helayoty <heelayot@microsoft.com> * Add logs to v1/toleration Signed-off-by: Heba Elayoty <heelayot@microsoft.com> Signed-off-by: helayoty <heelayot@microsoft.com> * Update integration tests and address code review feedback Signed-off-by: helayoty <heelayot@microsoft.com> * Add feature gate to the scheduler framework Signed-off-by: helayoty <heelayot@microsoft.com> * Remove extra test Signed-off-by: helayoty <heelayot@microsoft.com> * Fix integration test Signed-off-by: helayoty <heelayot@microsoft.com> * pass feature gate via TolerationsTolerateTaint Signed-off-by: helayoty <heelayot@microsoft.com> --------- Signed-off-by: Heba Elayoty <heelayot@microsoft.com> Signed-off-by: helayoty <heelayot@microsoft.com>	2025-11-10 12:42:54 -08:00
Yuan Wang	aac951d902	Add dependency for NodeDeclaredFeatures	2025-11-10 09:41:02 +00:00
Yuan Wang	97c3f575b9	Refactor validation	2025-11-10 09:41:02 +00:00
Yuan Wang	83c5cd5526	Implement restartPod action	2025-11-10 09:41:02 +00:00
Kubernetes Prow Robot	171d2dacd2	Merge pull request #134893 from HirazawaUi/kep-5607 ... KEP-5607: Allow hostNetwork pods to use user namespace	2025-11-06 12:43:15 -08:00
HirazawaUi	e986000e6a	KEP-5607: Allow hostNetwork pods to use user namespaces	2025-11-06 22:45:36 +08:00
Maciej Skoczeń	9677ac4c0b	api: Add WorkloadReference to Pod spec	2025-11-06 09:36:42 +00:00
yliao	34a64db2c7	extended resource backed by DRA: implementation	2025-07-29 18:55:21 +00:00
Rodrigo Campos	5f7e611f73	validation: Return error if hostUsers=false && volumeDevices ... Now if a pod tries to use user namespaces (hostUsers: false) and a volume device, it will see this error: $ kubectl apply -f pod.yaml ... * spec.ephemeralContainers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false * spec.initContainers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false * spec.containers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false Note that if a pod is already created with volumeDevices and userns, then we allow modifications to that object. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>	2025-07-28 16:54:08 +02:00
Yuan Wang	af595a44ae	Add container restart rules to API	2025-07-24 16:49:52 +00:00
HirazawaUi	c35e4ad2b2	add codes for drop disabled pod fields	2025-07-23 22:57:12 +08:00
Bing Hongtao	6f3b6b91f0	KEP-3721: Support for env files (#132626) ... * Add FileKeyRef field and struct to the Pod API * Add the implementation code in the kubelet. * Add validation code * Add basic functionality e2e tests * add codes for drop disabled pod fields * update go.mod	2025-07-22 13:40:42 -07:00
Taahir Ahmed	4624cb9bb9	Pod Certificates: Basic implementation ... * Define feature gate * Define and serve PodCertificateRequest * Implement Kubelet projected volume source * kube-controller-manager GCs PodCertificateRequests * Add agnhost subcommand that implements a toy signer for testing Change-Id: Id7ed030d449806410a4fa28aab0f2ce4e01d3b10	2025-07-21 21:49:57 +00:00
Tim Allclair	5f829195e6	Only warn when AppArmor annotation doesn't match pod field	2025-07-17 14:46:47 -07:00
Tim Allclair	3ecb3d230f	Remove unused appArmor*InUse functions	2025-07-17 14:07:35 -07:00
sreeram-venkitesh	5390f75360	Added podutil.HasAPIObjectReference to deny admission for static pods referencing API objects	2025-06-25 23:59:26 +05:30
Keita Mochizuki	a3097010fa	Change the implementation design of matchLabelKeys in PodTopologySpread to be aligned with PodAffinity (#129874) ... * Change the implementation design of matchLabelKeys in PodTopologySpread to be aligned with PodAffinity * fix1	2025-05-07 13:01:15 -07:00
Tim Allclair	5928fc0e60	Add ContainerIter utility for ranging over pod containers	2025-04-11 13:36:37 -07:00
Sreeram	0380f2c41c	Validation	2025-03-25 01:58:04 +05:30
Tim Allclair	aba588cd14	Deprecate IPPVSAllocatedStatus: always set allocatedResources with InPlacePodVerticalScaling	2025-03-19 16:00:02 -07:00
Natasha Sarkar	a15520fbea	Move pod resize status to pod conditions	2025-03-17 22:01:05 +00:00
Kubernetes Prow Robot	07d66d9c26	Merge pull request #130574 from natasha41575/drop_proposed_resize_status ... [FG:InPlacePodVerticalScaling] Drop `Proposed` resize status	2025-03-11 09:49:46 -07:00
Natasha Sarkar	8a20e90839	[FG:InPlacePodVerticalScaling] Drop 'Proposed' resize status	2025-03-10 20:46:02 +00:00
Natasha Sarkar	12d34624ba	add observedGeneration to pod's dropDisabledStatusFields	2025-03-06 20:14:32 +00:00
Alex Petrov	f63359efb0	fix(pod/util): typos in getting pod validation options ... Before, containers with the PostStart sleep lifecycle hook would cause null pointer panics due to a typo in the field name being checked. This commit fixes that. The check also needs to be done on the oldPodSpec, rather than the podSpec, so that existing workloads which use the zero value continue functioning in the same way.	2025-02-27 19:25:14 -05:00
vivzbansal	cfa0349159	Update validation code	2025-01-28 00:55:55 +00:00
vivzbansal	c479f007d8	Update field to use feature gate	2025-01-27 19:46:55 +00:00
vivzbansal	6c5cf68722	Resolved latest review comments	2025-01-27 19:46:33 +00:00
vivzbansal	1cf4587277	Fix build error	2025-01-27 19:42:14 +00:00
vivzbansal	d1fac494f4	resolve merge conflicts	2025-01-27 19:42:13 +00:00
Davanum Srinivas	4e05bc20db	Linter to ensure go-cmp/cmp is used ONLY in tests ... Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2025-01-24 20:49:14 -05:00
AxeZhan	ae11c7deb1	DisallowInvalidLabelValueInNodeSelector	2024-12-12 15:06:14 +08:00
vivzbansal	95591abd02	Add AllowSidecarResizePolicy to relax resize policy validation check of sidecar containers	2024-11-12 05:08:51 +00:00
Kubernetes Prow Robot	c25f5eefe4	Merge pull request #128407 from ndixita/pod-level-resources ... [PodLevelResources] Pod Level Resources Feature Alpha	2024-11-08 07:10:50 +00:00
ndixita	8a8dc27b4e	Adding the logic to validate pod-level resources as following: ... 1. The effective container requests cannot be greater than pod-level requests 2. Inidividual container limits cannot be greater than pod-level limits 3. Only CPU & Memory are supported at pod-level 4. Inplace container resources updates are not supported if pod-level resources are set Note: effective container requests cannot be greater than pod-level limits is supported by transitivity. Effective container requests <= pod-level requests && pod-level requests <= pod-level limits; Therefore effective container requests <= pod-level limits Signed-off-by: ndixita <ndixita@google.com>	2024-11-08 03:00:54 +00:00
ndixita	d7f488b5e3	API changes for Pod Level Resources ... 1. Add Resources struct to PodSpec struct in both external and internal API packages 2. Adding feature gate and logic for dropping disabled fields for Pod Level Resources KEP: enhancements/keps/sig-node/2837-pod-level-resource-spec	2024-11-08 02:45:04 +00:00
vivzbansal	cf8ee421f1	Updated the comment of IsRestartableInitContainer(...)	2024-11-07 22:14:22 +00:00
vivzbansal	763e810fb5	refactor code to add sidecar container support in IPPR	2024-11-07 21:20:48 +00:00
Lan Liang	6e5a3cde50	Remove PodHostIPs feature gates. ... Signed-off-by: Lan Liang <gcslyp@gmail.com>	2024-11-06 23:10:36 -08:00
Kubernetes Prow Robot	f81a68f488	Merge pull request #128377 from tallclair/allocated-status-2 ... [FG:InPlacePodVerticalScaling] Implement AllocatedResources status changes for Beta	2024-11-05 23:21:49 +00:00
Tim Allclair	99dcf07e21	If ResourceRequirements changed, always mark a proposed resize	2024-11-01 14:10:12 -07:00
Tim Allclair	0f0e27d226	Move container status AllocatedResources behind a separate feature gate	2024-11-01 14:02:58 -07:00
Jan Safranek	6ca7b959e4	Add SELinuxChangePolicy validation	2024-11-01 12:46:34 +01:00
Kubernetes Prow Robot	b337f048db	Merge pull request #127094 from sreeram-venkitesh/4818-allow-zero-for-prestop-hook ... KEP-4818: Relaxed validation for allowing zero in PreStop hook sleep action	2024-10-31 20:25:26 +00:00
zhifei92	5c01709387	Fix the apiserver panic caused by adding a container when updating a pod ... add unit test refactor: Merge the test cases into TestMarkPodProposedForResize. chore: Add the comment and fix the test names	2024-10-29 10:52:46 +08:00
Sreeram Venkitesh	f1f9e7b398	Clean kube_features.go ... Added tests, info about new feature gate in error message, fixes from review Added basic e2e test Added unit tests Ran hack/update-featuregates.sh Tolerate updates to existing resources after disabling feature gate Added feature gate to versioned_kube_features.go Fixed existing tests Use PodValidationOptions for validation instead of using feature gate directly Relaxed validation for allowing zero in prestop hook sleep action	2024-10-18 22:04:42 +05:30