The fields become beta, enabled by default. DeviceTaintRule gets
added to the v1beta2 API, but support for it must remain off by default
because that API group is also off by default.
The v1beta1 API is left unchanged. No-one should be using it
anymore (deprecated in 1.33, could be removed now if it wasn't for
reading old objects and version emulation).
To achieve consistent validation, declarative validation must be enabled also
for v1alpha3 (was already enabled for other versions). Otherwise,
TestVersionedValidationByFuzzing fails:
--- FAIL: TestVersionedValidationByFuzzing (0.09s)
--- FAIL: TestVersionedValidationByFuzzing/resource.k8s.io/v1beta2,_Kind=DeviceTaintRule (0.00s)
validation_test.go:109: different error count (0 vs. 1)
resource.k8s.io/v1alpha3: <no errors>
resource.k8s.io/v1beta2: "spec.taint.effect: Unsupported value: \"幤HxÒQP¹¬永唂ȳ垞ş]嘨鶊\": supported values: \"NoExecute\", \"NoSchedule\", \"None\""
...
* Drop WorkloadRef field and introduce SchedulingGroup field in Pod API
* Introduce v1alpha2 Workload and PodGroup APIs, drop v1alpha1 Workload API
Co-authored-by: yongruilin <yongrlin@outlook.com>
* Run hack/update-codegen.sh
* Adjust kube-scheduler code and integration tests to v1alpha2 API
* Drop v1alpha1 scheduling API group and run make update
---------
Co-authored-by: yongruilin <yongrlin@outlook.com>
If /var/lib/kubelet is MS_SHARED mountpoint, all the mountpoints
under /var/lib/kubelet will have duplicate one. When `kubeadm reset -f`
is executed, it will try to umount one path twice. However, they are in
the peer group. Once we umount one path, the duplicate one will be
umounted as well. So, in this case, we should ignore EINVAL error.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Migrate test fixtures to use go:embed for improved readability
and maintainability across kubeadm test files.
Signed-off-by: sivchari <shibuuuu5@gmail.com>
The current Linux implementation checks whether a node supports
IPv6 by testing for the presence of '/proc/net/if_inet6'. However,
that check does not confirm that IPv6 support is actually enabled.
As a result, kube-proxy can incorrectly enable dual‑stack support
on nodes that do not have IPv6 enabled.
The possibility to disable IPv6 support has existed since
Linux kernel v2.6.27.
Update the IPv6 support check to also consider the contents of
'/proc/sys/net/ipv6/conf/all/disable_ipv6'.
Signed-off-by: Tero Kauppinen <tero.kauppinen@est.tech>
Add CA certificate information display when running kubeadm join
with verbosity level 1 (--v=1). This helps users verify the cluster
CA certificate during the join process.
The output includes:
- Subject and Issuer
- Serial number
- NotBefore and NotAfter dates
- Signature and PublicKey algorithms
- Public key hash (SHA256)
Changes:
- Reorganize For() to print CA cert info after auth validation
- Add getCACertFromKubeconfig() helper function
- Add formatCACertInfo() helper function
- Add unit tests for the new helper functions
Signed-off-by: sivchari <shibuuuu5@gmail.com>
FSWatcher.Run() spawned a goroutine with no exit mechanism, causing a
goroutine leak. Add a ctx context.Context parameter to Run() so the
goroutine can exit cleanly when the context is canceled, and
defer-close the underlying fsnotify watcher on exit.
For kube-proxy, the existing ctx from runLoop() is passed directly.
For the flexvolume prober, ctx is stored in flexVolumeProber at
construction time via GetDynamicPluginProber(), representing the
component lifetime (kubelet/controller-manager), which is the
appropriate scope for this long-running watcher.
Replace all imports of k8s.io/apimachinery/pkg/util/dump with
k8s.io/utils/dump across the repo. The apimachinery dump package
now contains deprecated wrapper functions that delegate to
k8s.io/utils/dump for backwards compatibility.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
kubelet: defer the configurations flags (and the related fallback behavior) deprecation removal timeline from 1.36 to 1.37 to align with containerd v1.7 support
