profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/dougsland/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Douglas Landgraf dougsland Red Hat Boston https://github.com/thekubeworld Changing the world via open source!

dougsland/cs-video-courses 2

List of Computer Science courses with video lectures.

dougsland/bitcoin-copr 1

bitcoin.spec

dougsland/actions-runner-controller 0

Kubernetes controller for GitHub Actions self-hosted runnners

dougsland/anaconda 0

Graphical system installer

dougsland/ansible-for-devops 0

Ansible for DevOps examples.

dougsland/api 0

Canonical location of the OpenShift API definition.

dougsland/awx 0

AWX Project

dougsland/bash-coding 0

Quick snips for coding bash based on several docs and books, enjoy!

issue closedkubernetes/kubernetes

FR: Safer rollout of admission webhook updates

What would you like to be added:

A mechanism to gradually roll out (and roll back) admission webhook configuration (ValidatingWebhookConfiguration1 andMutatingWebhookConfiguration) updates (or additions). This should apply to the whole admission configuration, including theclientConfig,rules,matchPolicy`, etc.

Some ideas for features that would be nice to have:

  • Control the percent of traffic going to the new/old configuration: this could be a random selection per-request, or keyed off a more stable value such as target object UID (although this wouldn't be guaranteed to be representative of the overall request ratio).
  • Identify canary and critical namespaces and/or resources: canary resources would hit the updated configuration first, and critical resources would hit the updated configuration last.
  • Set rejection and/or error thresholds: if the rejection or error rates hit the threshold, then the rollout would be automatically rolled back.

Why is this needed:

Webhook admission controllers are cluster-scoped resources that (without a namespace selector) apply to the whole cluster. This means that a misconfiguration can easily bring down an entire cluster, especially when failing closed (failurePolicy=Fail).

Note that this is about updates to the admissionregistration.k8s.io/v1 {Validating,Mutating}WebhookConfiguration resources, not updates to the underlying webhook servers.

We should also consider whether there are other cluster-scoped resources that could benefit from a similar mechanism, and whether this could be implemented in a generic way to cover those usecases.

closed time in 3 minutes

tallclair

issue commentkubernetes/kubernetes

FR: Safer rollout of admission webhook updates

We spoke about this at the sig-apimachinery call this week. The outcome is that we're interested in reviewing a KEP if someone can commit effort to delivering and maintaining such a feature, but no one on the sig call was in a position to commit to pushing it through.

Just a reminder that a commitment to review a KEP isn't the same as a commitment to merge it or shepherd it through implementation.

The next step is creating a KEP (if desired), so we'll close this issue.

tallclair

comment created time in 3 minutes

pull request commentopenshift/installer

[release-4.7] bug 1971163: Updating AWS instance types

@openshift-cherrypick-robot: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-crc 6b8ed7812b069f858d7b1412b4e2bfc488fcd11f link /test e2e-crc
ci/prow/e2e-aws-upgrade 6b8ed7812b069f858d7b1412b4e2bfc488fcd11f link /test e2e-aws-upgrade

Full PR test history. Your PR dashboard.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->

openshift-cherrypick-robot

comment created time in 4 minutes

pull request commentkubernetes/kubernetes

Do not register Kubelet In tree credential provider if external provider is enabled

@adisky: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kubernetes-e2e-capz-conformance c5495680b1975e3269bbad8fbbf5f3b3053d98a2 link /test pull-kubernetes-e2e-capz-conformance
pull-kubernetes-e2e-capz-azure-file c5495680b1975e3269bbad8fbbf5f3b3053d98a2 link /test pull-kubernetes-e2e-capz-azure-file
pull-kubernetes-e2e-capz-azure-file-vmss c5495680b1975e3269bbad8fbbf5f3b3053d98a2 link /test pull-kubernetes-e2e-capz-azure-file-vmss
pull-kubernetes-e2e-capz-azure-disk c5495680b1975e3269bbad8fbbf5f3b3053d98a2 link /test pull-kubernetes-e2e-capz-azure-disk
pull-kubernetes-e2e-gce-ubuntu-containerd c5495680b1975e3269bbad8fbbf5f3b3053d98a2 link /test pull-kubernetes-e2e-gce-ubuntu-containerd
pull-kubernetes-e2e-capz-azure-disk-vmss c5495680b1975e3269bbad8fbbf5f3b3053d98a2 link /test pull-kubernetes-e2e-capz-azure-disk-vmss

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->

adisky

comment created time in 7 minutes

issue commentkubernetes/kubernetes

Add priority flag to kube-proxy on Windows hosts

@aravindhp: Reopened this issue.

<details>

In response to this:

/reopen

This is still required.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. </details>

ravisantoshgudimetla

comment created time in 11 minutes

IssuesEvent

issue commentkubernetes/kubernetes

Add priority flag to kube-proxy on Windows hosts

/reopen

This is still required.

ravisantoshgudimetla

comment created time in 11 minutes

Pull request review commentkubernetes/kubernetes

fix bug where string slice flag is not assigned

 func (s *StringSlice) String() string { }  func (s *StringSlice) Set(val string) error {-	if s.value == nil || !s.changed {-		v := make([]string, 0)-		s.value = &v+	if s.value == nil {+		return fmt.Errorf("no target (nil pointer to []string)")+	}+	if *s.value == nil || !s.changed {+		*s.value = make([]string, 0)

append already does this if the first arg is nil, so I don't think you need the first clause in the if at least

vazmin

comment created time in 18 minutes

Pull request review commentkubernetes/kubernetes

fix bug where string slice flag is not assigned

 func (s *StringSlice) String() string { }  func (s *StringSlice) Set(val string) error {-	if s.value == nil || !s.changed {-		v := make([]string, 0)-		s.value = &v+	if s.value == nil {+		return fmt.Errorf("no target (nil pointer to []string)")

IMO it's better to make the NewStringSlice detect this (and e.g. panic)? This is really a coding error, not a runtime error, you want to detect it as soon as possible. It'd be best if you could make it not compile, but I don't see a good way to do that.

vazmin

comment created time in 19 minutes

pull request commentkubernetes/kubernetes

Update gnostic to the latest version

@mcbenjemaa: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kubernetes-dependencies 6ae7b551143c06da863131da619bb8a2ee6f0b0c link /test pull-kubernetes-dependencies

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->

mcbenjemaa

comment created time in 19 minutes

pull request commentkubernetes/kubernetes

Fix ServerGroupsAndResources docs typo

/assign @deads2k

ahmed-mez

comment created time in 20 minutes

pull request commentkubernetes/kubernetes

add ut for aduit/context.go

@liggitt, can you review it too? :-)

njuptlzf

comment created time in 20 minutes

pull request commentkubernetes/kubernetes

Update aws-sdk-go to 1.38.49

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: <a href="https://github.com/kubernetes/kubernetes/pull/102415#issuecomment-856828254" title="LGTM">dims</a>, <a href="https://github.com/kubernetes/kubernetes/pull/102415#" title="Author self-approved">hyakuhei</a> To complete the pull request process, please ask for approval from liggitt after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

<details open> Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":["liggitt"]} -->

hyakuhei

comment created time in 21 minutes

Pull request review commentkubernetes/kubernetes

apf: take seats into account when dispatching request

 func (qs *queueSet) selectQueueLocked() *queue { 			} 		} 	}+

no, q2 has request with w=1 but I forgot to mention concurrency limit = 1

With width=1 everything works correctly. Because virtualStart will be increasing after every request so it doesn't matter.

This is the current behavior

Current where? The current code behavior is already that we increase virtualStart by G*Seats() - see link I pasted above: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go#L640

with your proposal, while there is a currently executing request with much higher width, smaller requests waiting in the said queue won't be picked up since its virtualStart is higher because we included W and these requests waiting have a chance to timeout as well.

Which is exactly what I want. We need to be fair across queue - not fair across requests. This has to be adressed by changing how we choose to which queue we add a request - see: https://github.com/kubernetes/kubernetes/pull/102875/files#r653296345

with my proposal we are equally fair to all requests, W matters in only seat allocation. it's practically no change from how we select from queue today.

But that's not what we want. Imagine two queues:

  • q1 we have a number of short 'get object X' requests (width=1)
  • q2 we have a number of large 'get all pods" requests (e.g. width=10)

What we really want is we want to provide equal capacity across these queue. So if the request is e.g. 10x more expensive we want to proceed 10x less requests from that queue.

So to summarize - we want to be fair across queues. What you're proposing doesn't provide that guarantee - wide requests to some extent will be starving small short requests, which is not what we want. What I'm proposing provide the fairness across queues.

tkashem

comment created time in 25 minutes

Pull request review commentkubernetes/kubernetes

add ut for aduit/context.go

+/*+Copyright 2021 The Kubernetes Authors.++Licensed under the Apache License, Version 2.0 (the "License");+you may not use this file except in compliance with the License.+You may obtain a copy of the License at++    http://www.apache.org/licenses/LICENSE-2.0++Unless required by applicable law or agreed to in writing, software+distributed under the License is distributed on an "AS IS" BASIS,+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+See the License for the specific language governing permissions and+limitations under the License.+*/++package audit++import (+	"context"+	"github.com/stretchr/testify/assert"+	"k8s.io/apiserver/pkg/apis/audit"+	"k8s.io/apiserver/pkg/endpoints/request"+	"testing"

Thanks, I refer to system-3rd-kube, which seems to be more common. Done.

njuptlzf

comment created time in 27 minutes

pull request commentkubernetes/kubernetes

fix: get rootfs earlier to avoid race conditions

/test pull-kubernetes-e2e-capz-ha-control-plane

jackfrancis

comment created time in 27 minutes

pull request commentkubernetes/kubernetes

test/e2e/network: mark tests in test/e2e/network/netpol/network_legacy.go with NetworkPolicyLegacy

@andrewsykim: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kubernetes-e2e-gci-gce-ingress 9e694a45f949dcf8552890000e4dec506a8c744c link /test pull-kubernetes-e2e-gci-gce-ingress

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->

andrewsykim

comment created time in 30 minutes

pull request commentkubernetes/kubernetes

Copy of Jordan's stability code for testing

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: <a href="https://github.com/kubernetes/kubernetes/pull/102957#" title="Author self-approved">jdnurme</a> To complete the pull request process, please assign sttts after the PR has been reviewed. You can assign the PR to them by writing /assign @sttts in a comment when ready.

The full list of commands accepted by this bot can be found here.

<details open> Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":["sttts"]} -->

jdnurme

comment created time in 34 minutes

pull request commentkubernetes/kubernetes

Copy of Jordan's stability code for testing

Hi @jdnurme. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. </details>

jdnurme

comment created time in 34 minutes

pull request commentkubernetes/kubernetes

Copy of Jordan's stability code for testing

@jdnurme: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. </details>

jdnurme

comment created time in 34 minutes

pull request commentkubernetes/kubernetes

Copy of Jordan's stability code for testing

Welcome @jdnurme! <br><br>It looks like this is your first PR to <a href='https://github.com/kubernetes/kubernetes'>kubernetes/kubernetes</a> 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval. <br><br>You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation. <br><br>You can also check if kubernetes/kubernetes has its own contribution guidelines. <br><br>You may want to refer to our testing guide if you run into trouble with your tests not passing. <br><br>If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs! <br><br>Thank you, and welcome to Kubernetes. :smiley:

jdnurme

comment created time in 34 minutes

pull request commentkubernetes/kubernetes

Copy of Jordan's stability code for testing

@jdnurme: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. </details>

jdnurme

comment created time in 34 minutes

PR opened kubernetes/kubernetes

Copy of Jordan's stability code for testing

<!-- Thanks for sending a pull request! Here are some tips for you:

  1. If this is your first time, please read our contributor guidelines: https://git.k8s.io/community/contributors/guide/first-contribution.md#your-first-contribution and developer guide https://git.k8s.io/community/contributors/devel/development.md#development-guide
  2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request. For reference on required PR/issue labels, read here: https://git.k8s.io/community/contributors/devel/sig-release/release.md#issuepr-kind-label
  3. Ensure you have added or ran the appropriate tests for your PR: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md
  4. If you want faster PR reviews, read how: https://git.k8s.io/community/contributors/guide/pull-requests.md#best-practices-for-faster-reviews
  5. If the PR is unfinished, see how to mark it: https://git.k8s.io/community/contributors/guide/pull-requests.md#marking-unfinished-pull-requests -->

What type of PR is this?

<!-- Add one of the following kinds: /kind bug /kind cleanup /kind documentation /kind feature /kind design

Optionally add one or more of the following kinds if applicable: /kind api-change /kind deprecation /kind failing-test /kind flake /kind regression -->

What this PR does / why we need it:

Which issue(s) this PR fixes:

<!-- Automatically closes linked issue when PR is merged. Usage: Fixes #<issue number>, or Fixes (paste link of issue). If PR is about failing-tests or flakes, please post the related issues/tests in a comment and do not use Fixes --> Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

<!-- If no, just write "NONE" in the release-note block below. If yes, a release note is required: Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".

For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md -->


Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

<!-- This section can be blank if this pull request does not require a release note.

When adding links which point to resources within git repositories, like KEPs or supporting documentation, please reference a specific commit and avoid linking directly to the master branch. This ensures that links reference a specific point in time, rather than a document that may change over time.

See here for guidance on getting permanent links to files: https://help.github.com/en/articles/getting-permanent-links-to-files

Please use the following format for linking documentation:

-->


+32 -26

0 comment

3 changed files

pr created time in 34 minutes

Pull request review commentkubernetes/kubernetes

apf: take seats into account when dispatching request

 func (qs *queueSet) selectQueueLocked() *queue { 			} 		} 	}+

You mean q2 has request with w=2, right?

no, q2 has request with w=1 but I forgot to mention concurrency limit = 1

That translates to exactly the same what I'm proposing

I was referring to:

  • A: when we dequeue: queue.virtualStart += G
  • B: when request finishes: queue.virtualStart -= G-S
  • C: when we pick: finish time queue.virtualStart + G

This is the current behavior, what you are suggesting is for C we don't use W, but otherwise use it for A and B. with your proposal, while there is a currently executing request with much higher width, smaller requests waiting in the said queue won't be picked up since its virtualStart is higher because we included W and these requests waiting have a chance to timeout as well. with my proposal we are equally fair to all requests, W matters in only seat allocation. it's practically no change from how we select from queue today.

we can start with what you are proposing, we can tweak later if need be. @MikeSpreitzer unless you have any other concerns i want to go ahead and make the changes

tkashem

comment created time in 37 minutes

issue commentkubernetes/kubernetes

CredentialProvider fails to read environment variable passed into the CredentialProviderConfig file

@jicowan So I replicated your setup on my local machine with slight change, instead of using AWS Cognito for generating credentials via credential_provider I am calling a binary written by me which logs env vars to a specific path and prints out credentials in the format as prescribed by AWS.

Below was my initial config file

[default]
region = us-east-1

[profile cognito]
credential_process = /usr/bin/static-cred-provider

After I ran local cluster with this setup I noticed couple of log lines like below:

I0617 20:53:09.755229   14141 plugin.go:362] Error execing credential provider plugin, stderr: E0617 20:53:09.754846   15906 main.go:156] Error running credential provider plugin: ProcessProviderExecutionError: error in credential_process
caused by: exec: "sh": executable file not found in $PATH

I did some basic validation of perms + I even moved the binary to couple of well know locations but nothing worked

Finally I modified my env vars section of my deployment spec like below and it worked

    # Env defines additional environment variables to expose to the process. These
    # are unioned with the host's environment, as well as variables client-go uses
    # to pass argument to the plugin.
    # +optional
    env:
    - name: AWS_PROFILE
      value: "cognito"
    - name: AWS_CONFIG_FILE
      value: "/root/.aws/config"
    - name: AWS_SDK_LOAD_CONFIG
      value: "1"
    - name: PATH
      value: "$PATH:/usr/local/bin:/usr/bin"

The logs which I had put in my custom credential provider printed following env vars validating the fact that, env vars are being passed

AWS_CONFIG_FILE=/root/.aws/config
AWS_SDK_LOAD_CONFIG=1
PATH=$PATH:/usr/local/bin:/usr/bin
AWS_PROFILE=cognito
PWD=/mnt/87c32d9c-5d4e-4bb8-8bc6-8d9239585657/go/src/k8s.io/kubernetes

In your logs do you see a log line something like above? If not then could you pass full contents of kubelet.log from start up until you create a Pod?

jicowan

comment created time in 37 minutes

pull request commentkubernetes/kubernetes

[WIP] Fix services deletion with finalizers

@aojea: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kubernetes-verify fbaca1f9c08ad3ddb4af79c83dde2acba1eb2219 link /test pull-kubernetes-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->

aojea

comment created time in 39 minutes

pull request commentopenshift/installer

[release-4.7] bug 1971163: Updating AWS instance types

/retest

Please review the full test history for this PR and help us cut down flakes.

openshift-cherrypick-robot

comment created time in 40 minutes

pull request commentkubernetes/kubernetes

Mark volume as uncertain after Unmount* fails

/retest /lgtm

jsafrane

comment created time in 44 minutes