[TEST] Kube node lease webhook flag #169
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e `ShootMutator` admission plugin (part 3) (gardener#13207) * Fetch the Seed resource in the `ShootMutator` admission plugin * Fix integration tests * Duplicate defaulting of Shoot networks in the `ShootMutator` admission plugin * Clean up defaulting of Shoot networks from the `ShootValidator` admission plugin * Update `ShootMutator` docs * Wait until the caches have been synced * Add nil check for Seed `.spec.networks.shootDefaults.{pods,services}` * Address PR review feedback from acumino
…`v0.22.3`, `sigs.k8s.io/controller-tools` to `v0.19.0` (gardener#13238) * Upgrade k8s.io/* to `v0.34.1` * Run `make tidy` and `make generate` * Upgrade controller-runtime to `v0.22.3` * Upgrade controller-tools to `v0.19.0` * Run `make generate` * Use `ReconciliationTimeout` in controller options instead of custom context handling * Removed seedmanagement/applyconfiguration and settings/applyconfiguration. In the past, the corresponding packages were autogenerated, but since PR#8851 they are no longer updated. It does not look like we actually need them. Hence, removing them seems like the better option compared to re-enabling autogeneration. As a plus, this enables us to get rid of a direct dependency. * Adapt tests to `controller-runtime` changes. `.metadata.creationTimestamp` is no longer necessary to be set. `.preferences` is no longer necessary for kubeconfigs to be set. * Adapt tests for leader election validation changes (`ErrorTypeInvalid` => `ErrorTypeRequired`) * Adapt webhook tests to include new caching options * Adapt test to new validation error messages * Adapt fake client usage with custom resources including structs as pointer. Starting with controller-runtime v0.22.0, the default object tracker does not work with resources which include structs directly as pointer, e.g. *MachineConfiguration in Machine resource. Hence, use the old one instead. The resulting error looked like the following: ``` [38;5;13m• [PANICKED] [0.025 seconds][0m [0mController [38;5;13m[1m#MachineConditionChangedPredicate [BeforeEach] [0m#Create [38;5;243mshould return false when object is not machine[0m [38;5;13m[BeforeEach][0m [38;5;243m/home/prow/go/src/github.com/gardener/gardener/extensions/pkg/controller/worker/controller_test.go:38[0m [38;5;243m[It] /home/prow/go/src/github.com/gardener/gardener/extensions/pkg/controller/worker/controller_test.go:90[0m [38;5;13m[PANICKED] Test Panicked[0m [38;5;13mIn [1m[BeforeEach][0m[38;5;13m at: [1m/usr/local/go/src/reflect/value.go:1261[0m [38;5;243m@ 10/22/25 18:55:14.308[0m [38;5;13mreflect: call of reflect.Value.Field on ptr Value[0m ``` Changing the inclusion from pointer to non-pointer inclusion solves the issue, but just using a different object tracker seems less invasive. * Use utility functions for `TypeMeta` access. The fake client now clears `TypeMeta`. Hence, we need to use utility functions if we need to get the actual group/kind of resource objects. * Adapt tests to fake client clearing `TypeMeta` * Adapt test to fake client panicing on `Raw` structs being set together with `Object`
* Increase client-side rate limits for KCM * Move qps and burst settings to first args block
* Deploy machine CRDs in shoots with managed infrastructure Previously, we only deployed the machine CRDs in `gardenadm bootstrap`. With this, we also deploy it in `gardenadm init` for shoots with managed infrastructure. * Disable high-availability-config webhook in bootstrap cluster Disable the webhook in the kind cluster during `gardenadm bootstrap`, as it is not needed. This also disables the webhook from the virtual garden, where it isn't needed either. * Adapt CRDs unit test
There is a check already at the beginning of the reconciliation https://github.com/gardener/gardener/blob/b552e4362f99ab968cc259a245b5ebd48ed6ef8c/pkg/operator/controller/garden/garden/reconciler_reconcile.go\#L99-L105
…ardener#13273) * Rename "Autonomous Shoot" to "Self-Hosted Shoot" * Rename "medium touch" to "managed infrastructure" and "high touch" to "unmanaged infrastructure" * [make generate] * Address PR review feedback
* fix: defaulting strategy and validation for cloudprofiles using one architecture * feat: ensure uniform format for machine images in NamespacedCloudProfile for provider local * feat: implement ensureUniformFormat to synchronize NamespacedCloudProfile with parent CloudProfile * feat: simplify scope of initialMigration to machineCapabilities * adhere to repository standards and other review feedback * feat: simplify scope of initialMigration to machineCapabilities * move restrictToArchitectureCapability function and refine architecture syncing logic * fix: GetArchitecture uses capability definitions * feat: simulate transformation of namespacedcloudprofile format during admission webhook * refactor: move GetCapabilitiesWithAppliedDefaults to types and simplify GetArchitecture handling * feat: clear capability flavors during migration to legacy format * feat: implement simulation of transformation to parent spec format for NamespacedCloudProfile admission pligin * feat: add reference validation for removing machine capabilities in CloudProfile * adhere to review comments * test: update machine image expectations to use ConsistOf matcher
* feat: Allow instantiating v1.34 Kubernetes clients * docs: Update supported Kubernetes versions in docs * docs: align docs with usage * feat: Maintain feature gates for v1.34 ./hack/compare-k8s-feature-gates.sh 1.33 1.34 Feature gates added in 1.34 compared to 1.33: ClearingNominatedNodeNameAfterBinding ContainerRestartRules DRAConsumableCapacity DRADeviceBindingConditions DRAExtendedResource DRASchedulerFilterTimeout DetectCacheInconsistency EnvFiles HostnameOverride InPlacePodVerticalScalingExclusiveMemory KubeletPodResourcesListUseActivePods MatchLabelKeysInPodTopologySpreadSelectorMerge NominatedNodeNameForExpectation PodCertificateRequest PreventStaticPodAPIReferences ProbeHostPodSecurityStandards RelaxedServiceNameValidation SchedulerAsyncAPICalls SizeBasedListCostEstimate StructuredAuthenticationConfigurationEgressSelector TokenRequestServiceAccountUIDValidation Feature gates removed in 1.34 compared to 1.33: DevicePluginCDIDevices ElasticIndexedJob LegacySidecarContainers PodDisruptionConditions StatefulSetStartOrdinal Feature gates locked to default true in 1.34 compared to 1.33: AnonymousAuthConfigurableEndpoints APIServerTracing AuthorizeNodeWithSelectors AuthorizeWithSelectors ConsistentListFromCache JobPodReplacementPolicy KubeletCgroupDriverFromCRI KubeletTracing MultiCIDRServiceAllocator NodeSwap OrderedNamespaceDeletion PodLifecycleSleepAction PodLifecycleSleepActionAllowZero ProbeHostPodSecurityStandards RecoverVolumeExpansionFailure RelaxedDNSSearchValidation RelaxedEnvironmentVariableValidation ResilientWatchCacheInitialization SchedulerQueueingHints SeparateTaintEvictionController StreamingCollectionEncodingToJSON StreamingCollectionEncodingToProtobuf StructuredAuthenticationConfiguration WinDSR WinOverlay Feature gates locked to default false in 1.34 compared to 1.33: * feat: Maintain kube-apiserver admission plugins for 1.34 ./hack/compare-k8s-admission-plugins.sh 1.33 1.34 Admission plugins added in 1.34 compared to 1.33: Admission plugins removed in 1.34 compared to 1.33: * feat: Maintain apigroups for 1.34 ./hack/compare-k8s-api-groups.sh 1.33 1.34 Kubernetes API group versions added in 1.34 compared to 1.33: resource.k8s.io/v1 Kubernetes API GVRs added in 1.34 compared to 1.33: admissionregistration.k8s.io/v1beta1/mutatingadmissionpolicies admissionregistration.k8s.io/v1beta1/mutatingadmissionpolicybindings certificates.k8s.io/v1alpha1/podcertificaterequests resource.k8s.io/v1/deviceclasses resource.k8s.io/v1/resourceclaims resource.k8s.io/v1/resourceclaimtemplates resource.k8s.io/v1/resourceslices storage.k8s.io/v1/volumeattributesclasses Kubernetes API group versions removed in 1.34 compared to 1.33: networking.k8s.io/v1alpha1 Kubernetes API GVRs removed in 1.34 compared to 1.33: networking.k8s.io/v1alpha1/ipaddresses networking.k8s.io/v1alpha1/servicecidrs resource.k8s.io/v1alpha3/deviceclasses resource.k8s.io/v1alpha3/resourceclaims resource.k8s.io/v1alpha3/resourceclaimtemplates resource.k8s.io/v1alpha3/resourceslices * feat: Maintain kubernetes-controller-manager controller mappings kube-controller-manager controllers added in 1.34 compared to 1.33: Added Controllers for API Group [certificates/v1alpha1]: podcertificaterequest-cleaner-controller Added Controllers for API Group [resource/v1]: device-taint-eviction-controller resourceclaim-controller Added Controllers for API Group [storage/v1]: volumeattributesclass-protection-controller kube-controller-manager controllers removed in 1.34 compared to 1.33: Removed Controllers for API Group [resource/v1beta1]: device-taint-eviction-controller resourceclaim-controller Removed Controllers for API Group [storage/v1beta1]: volumeattributesclass-protection-controller * feat: Maintain unneeded controllers for workerless Shoots for Kubernetes 1.34 * chore: Update DaemonSet controller comments * chore: Add Kubernetes v1.34.0 to provider-local cloud profile * chore: Bump kindest/node version to 1.34.0 * chore: Change example Shoot to refer CredentialsBinding * Set `trafficDistribution` to `PreferSameZone` for kubernetes versions `>= 1.34` * Adapt charts to new `trafficDistribution` value * Adapt tests to new `trafficDistribution` value * Update TopologyAwareRouting documentation * Address linting findings * Use `PreferClose` for ETCD's clientService trafficDistribution * --- SEPARATOR --- * Align `node-problem-detector` images Co-authored-by: Ismail Alidzhikov <9372594+ialidzhikov@users.noreply.github.com> * Adapt to new labels for metrics kubernetes/kubernetes#130161 * Enable `discovery.k8s.io/v1` API for workerless `Shoot`s Without it, the `kube-apiserver` does not start, because the `EndpointSlice` informers do not sync. * Fix wording / typo Co-authored-by: Marc Vornetran <marc1404@users.noreply.github.com> --------- Co-authored-by: Ismail Alidzhikov <9372594+ialidzhikov@users.noreply.github.com> Co-authored-by: Marc Vornetran <marc1404@users.noreply.github.com>
…ding` resources (gardener#13258) * Validate an object reference's name and namespace fields against the DNS 1123 convention. * fix: reuse existing validation functions and refactor tests with additional values * add: else block
…lane is fully operational (gardener#13332) * when the overlay gets disabled wait with network deployment until controlplane is ready * don't suppress error
* docs: typo fix in GEP file name * docs: add link to GEP-34
…v1.14.0 (gardener#13319) * Update registry.k8s.io/ingress-nginx/controller-chroot Docker tag to v1.14.0 * chore: Add targetVersion constraints for nginx-ingress-controller image According to: https://github.com/kubernetes/ingress-nginx#supported-versions-table --------- Co-authored-by: Marc Vornetran <marc.vornetran@sap.com>
…ertain deployments (gardener#13338) * Remove ambiguity in CP health reporting when DWD prober scales down * Addressed review comments
…)" (gardener#13344) This reverts commit 0acc41c.
…ontrol plane is fully operational (gardener#13332)" (gardener#13346) This reverts commit 341416d.
* add ServerBlockSupportForNodeLocalDNS feature gate * rename feature gate to CustomDNSServerInNodeLocalDNS * address feedback * address feedback * Address PR review feedback from ialidzhikov (2) --------- Co-authored-by: Ismail Alidzhikov <9372594+ialidzhikov@users.noreply.github.com>
…Config` field from admission validator to the storage layer (gardener#13505) * Move the validation of the Shoot `spec.kubernetes.kubeAPIServer.oidcConfig` field from admission validator to the static API validation * Address PR review feedback
* Fix flake in fluentoperator CRD deployment test * Address review comments * Improve comment regarding skip of empty patches
…ocu (gardener#13540) * Mention forbidden etcd encryption key rotation operations in K8s upgrade to 1.34 guide * Add suggested improvements
* Update prometheus-operator to v0.87.0 * Update Scheme field to new string pointer type (gardener#13526) --------- Co-authored-by: Victor Herrero Otal <victor.herrero.otal@sap.com>
…3487) * Remove `1.29` from supported versions * Adapt container images * Drop version constraints * Adapt kubernetes feature gates * Adapt kubernetes admission plugins * Adapt kubernetes apigroups * Adapt kubernetes controllers * Remove unnecessary comments about old versions from API * Prefactor: Fix incorrect version output in integration test * Adapt node swap behaviour * Bump minimum version to `v1.30` * Adopt to structured authorization and authentication being available per default * Adapt new kubernetes version guide to use current versions * Adapt example `CloudProfile` * Enable `ValidatingAdmissionPolicy` per default * Adapt tests to current versions * Run `make generate` * Address review feedback
* Added deprecation notice * Update docs/usage/shoot-operations/secretbinding-to-credentialsbinding-migration.md Co-authored-by: Dimitar Mirchev <dimityrmirchev@gmail.com> * Update docs/usage/shoot-operations/secretbinding-to-credentialsbinding-migration.md Co-authored-by: Dimitar Mirchev <dimityrmirchev@gmail.com> --------- Co-authored-by: Dimitar Mirchev <dimityrmirchev@gmail.com>
…13446) * Include second rbac-proxy for handling vali logs * Use valihost when creating collector deployer instance * typo * Review changes * Improve todos
Co-authored-by: rfranzke <rafael.franzke@sap.com>
* vali: increase ingestion buffers of vali backend * fluent-bit: increase batch sizes in gardener output plugin * fluent-bit: fetch additional output and valitail metrics and update the FluentBit dashboard. * logging: bump up logging stack to v0.70.0 * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Plamen Kokanov <35485709+plkokanov@users.noreply.github.com> * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Plamen Kokanov <35485709+plkokanov@users.noreply.github.com> * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Plamen Kokanov <35485709+plkokanov@users.noreply.github.com> * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Plamen Kokanov <35485709+plkokanov@users.noreply.github.com> * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Plamen Kokanov <35485709+plkokanov@users.noreply.github.com> * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Plamen Kokanov <35485709+plkokanov@users.noreply.github.com> * fluent-bit/dashboard: address pr review feedback, adding descriptions to the dashboard panels. * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Ismail Alidzhikov <9372594+ialidzhikov@users.noreply.github.com> * Update pkg/component/observability/plutono/dashboards/seed/fluent-bit-dashboard.json Co-authored-by: Ismail Alidzhikov <9372594+ialidzhikov@users.noreply.github.com> * fluent-bit/dashboard: address pr review feedback, setting UTC timezone and having 1h time picker * Address PR review feedback --------- Co-authored-by: Niki Dokovski <nikolai.dokovski@sap.com> Co-authored-by: Niki Dokovski <nickytd@gmail.com> Co-authored-by: Plamen Kokanov <35485709+plkokanov@users.noreply.github.com> Co-authored-by: Ismail Alidzhikov <9372594+ialidzhikov@users.noreply.github.com>
ske-prow
bot
added
do-not-merge/invalid-commit-message
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
ske-prow
bot
added
the
size/XXL
Author
|
/retest |
|
Keywords which can automatically close issues and at(@) or hashtag(#) mentions are not allowed in commit messages. The list of commits with invalid commit messages:
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a test branch to avoid local testing.