WIP: debug rebase in place vpa failure#2672
Open
haircommander wants to merge 2964 commits into
Open
Conversation
KEP-5491: DRA: List Types for Attributes [Alpha]
The fast-delete pod status tests currently require the intentionally failing "fail" container to report exit code 1. In CI, some runtimes occasionally report exit code 2 with reason=Error even though the tested invariant still holds: the container failed and the blocked workload container never started. The latest dims/test-k8s failure on master showed exactly that state: the pod remained Failed, Initialized=False, the blocked container reported started=false, and only the failing init container drifted from exit 1 to exit 2. This matches kubernetes/kubernetes issue 135713 and the related pending-container history in PR 131605. Accept exit code 2 in this verifier so the test continues to assert the behavior it is meant to cover instead of a lower-layer exit-code detail. Fixes issue 135713 Tested: - hack/verify-gofmt.sh - hack/verify-test-code.sh - hack/verify-typecheck.sh ./test/e2e/node/... - go test ./test/e2e/node -run TestNonExistent -count=1 Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Replace plain bool with sync/atomic.Bool for the useStreaming field in remoteRuntimeService and remoteImageService to eliminate a data race when multiple goroutines concurrently read/write the field during Unimplemented fallback. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
…logquery-lock-defualt [FeatureGate] Promote NodeLogQuery to GA in v1.36 and lock default to `true`
…-flake Set WithSerial on HPA tests that conflict api registration
…able-tolerance-e2e-deterministic-cpu-load fix: [sig-autoscaling] flaky HPAConfigurableTolerance e2e should scale up but should not scale down
…-pod-status-exit-2 test/e2e/node: tolerate exit code 2 in pod status flake
gRPC defaults to the DNS resolver for bare targets passed to NewClient. For CRI socket endpoints, GetAddressAndDialer returns a socket path plus a custom dialer, but handing the bare path to grpc.NewClient still lets gRPC resolve the target first. That breaks unix socket clients with errors like "name resolver error: produced zero addresses" before the custom dialer ever sees the raw path. Use the passthrough resolver for socket-style addresses so the runtime and image clients hand the original endpoint directly to the custom dialer. Add a regression test for unix sockets, Windows named pipes, and TCP addresses. Precedent: https://github.com/etcd-io/etcd/blob/v3.3.27/clientv3/client.go#L266-L270 https://github.com/grpc/grpc-go/blob/v1.72.2/dialoptions.go#L448-L451 Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
…nt-unix-socket-dialing cri-client: use passthrough resolver for socket endpoints
KEP-5729: DRA: ResourceClaim Support for Workloads
…v1alpha2 Add workload aware preemption
…g-fixes [InPlacePodLevelResourcesVerticalScaling] Plr ippr kubelet bug fixes
[InPlacePodLevelResourcesVerticalScaling] Ippr flaky test
[PodLevelResources] Graduate InPlacePodLevelResourcesVerticalScaling feature to beta
cri-client: use atomic.Bool for useStreaming to fix data race
Fix restartable init container startup race
Fix user namespace test cleanup race
This reverts commit 4a69899.
Co-authored-by: Omar Sayed <omarsayed@google.com>
…rces is set to false
…e when claims.email is used in username expression Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
…acheGC is enabled Squash into UPSTREAM: <carry>: create termination events
…s the gc integration test issue
Could squash into UPSTREAM: <carry>: emit event when readyz goes true
Squash into: UPSTREAM: <carry>: add management support to kubelet
kuberc subcommand is not yet registered in oc. Tests will be re-enabled after oc is bumped to 1.36 To be squashed with the commit UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs before 1.36 rebase bump merges Signed-off-by: jubittajohn <jujohn@redhat.com>
… driver when not enabled The upstream csi-hostpath-plugin.yaml manifest now includes a csi-snapshot-metadata sidecar container and volume (added in k/k#130918). Upstream PR k/k#137057 added conditional stripping of these when CapSnapshotMetadata is not enabled, but only for the upstream hostpathCSIDriver. The OpenShift-specific groupSnapshotHostpathCSIDriver was never updated, causing the driver pod to fail with "secret csi-snapshot-metadata-server-certs not found" and all csi-hostpath-groupsnapshot tests to fail in techpreview jobs. Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: Sai Ramesh Vanka <svanka@redhat.com>
instead, check whether the pod is allocated, and return that when we return allocated pods Signed-off-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: Peter Hunt <pehunt@redhat.com>
openshift-ci-robot
added
the
backports/unvalidated-commits
openshift-ci
Bot
added
the
do-not-merge/work-in-progress
Member
Author
|
/test e2e-aws-ovn-techpreview-serial-1of2 |
WalkthroughThis PR advances Kubernetes toolchain versions (Go 1.25.7→1.26.2), migrates scheduling.k8s.io from v1alpha1 to v1alpha2 with new PodGroup resources, expands API discovery for admissionregistration and resource APIs, and broadly introduces ShardInfo schema and CEL-based shardSelector parameters for alpha sharded list filtering across numerous API groups (admissionregistration, autoscaling, batch, certificates, coordination, discovery, events, flowcontrol, and networking). ChangesBuild Toolchain and Developer Workflow
Team Ownership and Governance
Kubernetes API Surface and Discovery Updates
🎯 4 (Complex) | ⏱️ ~75 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: haircommander The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
api/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.json (1)
273-282:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftRequired-field swap in v1beta1 introduces a breaking API contract.
At Line 281, making
stubPKCS10Requestrequired inio.k8s.api.certificates.v1beta1.PodCertificateRequestSpecmeans existing clients that still send only deprecatedpkixPublicKey+proofOfPossessionwill fail schema validation. For av1beta1API, this is a high-risk compatibility break unless explicitly intended and coordinated.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@api/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.json` around lines 273 - 282, The OpenAPI spec change made "stubPKCS10Request" required in io.k8s.api.certificates.v1beta1.PodCertificateRequestSpec, which breaks clients still using the deprecated pkixPublicKey + proofOfPossession fields; revert that change by removing "stubPKCS10Request" from the "required" array in the PodCertificateRequestSpec definition so it remains optional, ensure the spec still documents pkixPublicKey and proofOfPossession as supported (deprecated) fields, and run schema validation to confirm both input forms are accepted by the v1beta1 schema.
🧹 Nitpick comments (1)
.gitignore (1)
110-113: ⚡ Quick winAvoid repo-level ignore for
AGENTS.md.Line 113 can unintentionally hide a future canonical
AGENTS.mdfromgit status. Keep the local override ignore, but prefer not ignoring the shared filename in-repo.♻️ Proposed change
# Local agent override file AGENTS.override.md -# TODO: remove once there is a merged AGENTS.md -AGENTS.md🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.gitignore around lines 110 - 113, The .gitignore currently ignores both AGENTS.override.md and AGENTS.md which hides a shared repo file; remove or comment out the AGENTS.md entry but keep AGENTS.override.md so local overrides remain ignored. Edit the .gitignore to delete the "AGENTS.md" line (or prefix it with #) while leaving "AGENTS.override.md" intact, ensuring future canonical AGENTS.md appears in git status; reference the entries "AGENTS.override.md" and "AGENTS.md" when making the change.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.go-version:
- Line 1: The .go-version file was bumped to 1.26.2 but many go.mod files (e.g.,
the root go.mod and module files under staging/src/k8s.io/*/go.mod) still state
"go 1.26.0", causing a toolchain mismatch; pick one resolution and make it
consistent across the repo: either revert .go-version back to 1.26.0, or update
every go.mod (root go.mod and all staging module go.mod files) to "go 1.26.2" so
the Go directive matches .go-version—ensure you update all occurrences rather
than only root or a subset.
In `@api/openapi-spec/README.md`:
- Around line 59-60: The README wording has a typo: change the extension name
`x-kubernetes-list-maps-keys` to the correct `x-kubernetes-list-map-keys` in the
sentence that begins "Operations and Definitions may have
`x-kubernetes-list-maps-keys`..." so all references to that extension (in this
paragraph) use `x-kubernetes-list-map-keys`; ensure the surrounding explanatory
sentence that mentions `x-kubernetes-list-type = map` remains unchanged.
In `@api/openapi-spec/v3/apis__apps__v1_openapi.json`:
- Line 5262: Fix typos and field-name casing in the volume descriptions: update
the "image" description to use the correct field name
spec.containers[*].volumeMounts.subPath (capital P) instead of subpath and
change the stray "fail If" to "fail if"; also correct phrasing like "kubelets
host machine" to "kubelet's host machine" (and apply the same fixes to the
duplicate occurrence referenced as the other location). Edit the JSON values for
the "image" description and the "portworxVolume" text to reflect these exact
string fixes so generated API docs show the proper field names and grammar.
- Around line 3788-3803: The PodSchedulingGroup schema currently allows an empty
object even though its description requires exactly one field; add a required
constraint so podGroupName is mandatory. Edit the
io.k8s.api.core.v1.PodSchedulingGroup object to include "required":
["podGroupName"] alongside its existing properties and x-kubernetes-unions,
ensuring the podGroupName property is enforced by validators and generated
clients.
---
Outside diff comments:
In `@api/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.json`:
- Around line 273-282: The OpenAPI spec change made "stubPKCS10Request" required
in io.k8s.api.certificates.v1beta1.PodCertificateRequestSpec, which breaks
clients still using the deprecated pkixPublicKey + proofOfPossession fields;
revert that change by removing "stubPKCS10Request" from the "required" array in
the PodCertificateRequestSpec definition so it remains optional, ensure the spec
still documents pkixPublicKey and proofOfPossession as supported (deprecated)
fields, and run schema validation to confirm both input forms are accepted by
the v1beta1 schema.
---
Nitpick comments:
In @.gitignore:
- Around line 110-113: The .gitignore currently ignores both AGENTS.override.md
and AGENTS.md which hides a shared repo file; remove or comment out the
AGENTS.md entry but keep AGENTS.override.md so local overrides remain ignored.
Edit the .gitignore to delete the "AGENTS.md" line (or prefix it with #) while
leaving "AGENTS.override.md" intact, ensuring future canonical AGENTS.md appears
in git status; reference the entries "AGENTS.override.md" and "AGENTS.md" when
making the change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 63684a92-cd4a-48e5-b64c-a9dddd13b010
⛔ Files ignored due to path filters (26)
LICENSES/vendor/github.com/armon/circbuf/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/cenkalti/backoff/v4/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/cenkalti/backoff/v5/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/gregjones/httpcache/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/karrick/godirwalk/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/libopenstorage/openstorage/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/mohae/deepcopy/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/mrunalp/fileutils/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/pkg/errors/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/metric/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/sdk/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/trace/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.uber.org/zap/LICENSEis excluded by!**/vendor/**LICENSES/vendor/k8s.io/utils/third_party/forked/golang/LICENSEis excluded by!**/vendor/**LICENSES/vendor/k8s.io/utils/third_party/forked/golang/btree/LICENSEis excluded by!**/vendor/**cmd/kubeadm/app/discovery/token/testdata/ca-cert.pemis excluded by!**/*.pemcmd/kubeadm/app/util/config/testdata/mynode.pemis excluded by!**/*.pemcmd/kubeadm/app/util/pubkeypin/testdata/test-cert.pemis excluded by!**/*.pemcmd/kubeadm/app/util/pubkeypin/testdata/test-cert2.pemis excluded by!**/*.pem
📒 Files selected for processing (274)
.ci-operator.yaml.github/PULL_REQUEST_TEMPLATE.md.gitignore.go-versionCHANGELOG/CHANGELOG-1.35.mdCHANGELOG/CHANGELOG-1.36.mdCHANGELOG/README.mdOWNERS_ALIASESapi/api-rules/sample_controller_violation_exceptions.listapi/api-rules/violation_exceptions.listapi/discovery/aggregated_v2.jsonapi/discovery/apis.jsonapi/discovery/apis__admissionregistration.k8s.io__v1.jsonapi/discovery/apis__resource.k8s.io__v1alpha3.jsonapi/discovery/apis__resource.k8s.io__v1beta2.jsonapi/discovery/apis__scheduling.k8s.io.jsonapi/discovery/apis__scheduling.k8s.io__v1alpha1.jsonapi/discovery/apis__scheduling.k8s.io__v1alpha2.jsonapi/discovery/apis__storage.k8s.io__v1.jsonapi/discovery/apis__storage.k8s.io__v1beta1.jsonapi/openapi-spec/README.mdapi/openapi-spec/swagger.jsonapi/openapi-spec/v3/api__v1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__apiregistration.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__apps__v1_openapi.jsonapi/openapi-spec/v3/apis__authentication.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__authorization.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__autoscaling__v1_openapi.jsonapi/openapi-spec/v3/apis__autoscaling__v2_openapi.jsonapi/openapi-spec/v3/apis__batch__v1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1alpha2_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__discovery.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__events.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__flowcontrol.apiserver.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__internal.apiserver.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__networking.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__node.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__policy__v1_openapi.jsonapi/openapi-spec/v3/apis__rbac.authorization.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1alpha3_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1beta2_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1alpha2_openapi.jsonapi/openapi-spec/v3/apis__storage.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__storage.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__storagemigration.k8s.io__v1beta1_openapi.jsonbuild/build-image/cross/VERSIONbuild/common.shbuild/dependencies.yamlbuild/lib/release.shbuild/nsswitch.confbuild/pause/CHANGELOG.mdbuild/pause/Dockerfile.Rhelbuild/pause/Makefilebuild/server-image/Dockerfilebuild/server-image/kube-apiserver/Dockerfilebuild/tools.gocluster/addons/dns/coredns/coredns.yaml.basecluster/addons/dns/coredns/coredns.yaml.incluster/addons/dns/coredns/coredns.yaml.sedcluster/addons/dns/kube-dns/kube-dns.yaml.basecluster/addons/dns/kube-dns/kube-dns.yaml.incluster/addons/dns/kube-dns/kube-dns.yaml.sedcluster/addons/dns/nodelocaldns/nodelocaldns.yamlcluster/addons/kube-proxy/OWNERScluster/addons/kube-proxy/kube-proxy-ds.yamlcluster/addons/kube-proxy/kube-proxy-rbac.yamlcluster/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yamlcluster/gce/addons/konnectivity-agent/konnectivity-agent-ds.yamlcluster/gce/config-common.shcluster/gce/config-default.shcluster/gce/config-test.shcluster/gce/gci/configure-helper.shcluster/gce/gci/configure.shcluster/gce/gci/master.yamlcluster/gce/gci/mounter/mounter.gocluster/gce/gci/node.yamlcluster/gce/manifests/cloud-controller-manager.manifestcluster/gce/manifests/etcd.manifestcluster/gce/manifests/konnectivity-server.yamlcluster/gce/manifests/kube-proxy.manifestcluster/gce/upgrade-aliases.shcluster/gce/util.shcluster/gce/windows/k8s-node-setup.psm1cluster/gce/windows/smoke-test.shcluster/images/etcd/Dockerfilecluster/images/etcd/Dockerfile.windowscluster/images/etcd/Makefilecluster/images/etcd/OWNERScluster/images/etcd/README.mdcluster/images/etcd/cloudbuild.yamlcluster/images/etcd/migrate-if-needed.batcluster/images/etcd/migrate-if-needed.shcluster/images/etcd/migrate/copy_file.gocluster/images/etcd/migrate/data_dir.gocluster/images/etcd/migrate/data_dir_test.gocluster/images/etcd/migrate/integration_test.gocluster/images/etcd/migrate/migrate.gocluster/images/etcd/migrate/migrate_client.gocluster/images/etcd/migrate/migrate_server.gocluster/images/etcd/migrate/migrator.gocluster/images/etcd/migrate/options.gocluster/images/etcd/migrate/options_test.gocluster/images/etcd/migrate/testdata/datadir_with_version/version.txtcluster/images/etcd/migrate/testdata/datadir_without_version/.placeholdercluster/images/etcd/migrate/util_others.gocluster/images/etcd/migrate/utils_windows.gocluster/images/etcd/migrate/versions.gocluster/images/etcd/migrate/versions_test.gocmd/cloud-controller-manager/.import-restrictionscmd/genfeaturegates/genfeaturegates.gocmd/kube-apiserver/OWNERScmd/kube-apiserver/app/aggregator.gocmd/kube-apiserver/app/testing/testserver.gocmd/kube-controller-manager/app/batch.gocmd/kube-controller-manager/app/controller_descriptor.gocmd/kube-controller-manager/app/controllermanager.gocmd/kube-controller-manager/app/controllermanager_test.gocmd/kube-controller-manager/app/core.gocmd/kube-controller-manager/app/options/options.gocmd/kube-controller-manager/app/options/options_test.gocmd/kube-controller-manager/app/options/resourceclaimcontroller.gocmd/kube-controller-manager/app/plugins.gocmd/kube-controller-manager/app/plugins_providers.gocmd/kube-controller-manager/app/plugins_test.gocmd/kube-controller-manager/app/resource.gocmd/kube-controller-manager/app/scheduling.gocmd/kube-controller-manager/app/scheduling_test.gocmd/kube-controller-manager/app/storageversionmigrator.gocmd/kube-controller-manager/app/testing/testserver.gocmd/kube-controller-manager/names/controller_names.gocmd/kube-proxy/app/conntrack.gocmd/kube-proxy/app/init_linux.gocmd/kube-proxy/app/init_other.gocmd/kube-proxy/app/init_windows.gocmd/kube-proxy/app/options.gocmd/kube-proxy/app/server.gocmd/kube-proxy/app/server_linux.gocmd/kube-proxy/app/server_linux_test.gocmd/kube-proxy/app/server_other.gocmd/kube-proxy/app/server_test.gocmd/kube-proxy/app/server_windows.gocmd/kube-scheduler/app/options/options.gocmd/kube-scheduler/app/options/options_test.gocmd/kube-scheduler/app/server.gocmd/kubeadm/app/apis/kubeadm/v1beta3/defaults_unix.gocmd/kubeadm/app/apis/kubeadm/v1beta3/defaults_windows.gocmd/kubeadm/app/apis/kubeadm/v1beta4/defaults_unix.gocmd/kubeadm/app/apis/kubeadm/v1beta4/defaults_windows.gocmd/kubeadm/app/apis/kubeadm/validation/util_unix.gocmd/kubeadm/app/apis/kubeadm/validation/util_windows.gocmd/kubeadm/app/cmd/certs_test.gocmd/kubeadm/app/cmd/config.gocmd/kubeadm/app/cmd/init.gocmd/kubeadm/app/cmd/options/constant.gocmd/kubeadm/app/cmd/phases/init/bootstraptoken.gocmd/kubeadm/app/cmd/phases/init/data.gocmd/kubeadm/app/cmd/phases/init/data_test.gocmd/kubeadm/app/cmd/phases/init/kubeletfinalize.gocmd/kubeadm/app/cmd/phases/init/uploadconfig.gocmd/kubeadm/app/cmd/phases/init/waitcontrolplane.gocmd/kubeadm/app/cmd/phases/join/controlplanejoin.gocmd/kubeadm/app/cmd/phases/join/data.gocmd/kubeadm/app/cmd/phases/join/data_test.gocmd/kubeadm/app/cmd/phases/join/kubelet.gocmd/kubeadm/app/cmd/phases/reset/cleanupnode.gocmd/kubeadm/app/cmd/phases/reset/data.gocmd/kubeadm/app/cmd/phases/reset/data_test.gocmd/kubeadm/app/cmd/phases/reset/removeetcdmember_test.gocmd/kubeadm/app/cmd/phases/reset/testdata/etcd-pod-without-data-volume.yamlcmd/kubeadm/app/cmd/phases/reset/testdata/etcd-pod.yamlcmd/kubeadm/app/cmd/phases/reset/unmount.gocmd/kubeadm/app/cmd/phases/reset/unmount_linux.gocmd/kubeadm/app/cmd/phases/reset/unmount_linux_test.gocmd/kubeadm/app/cmd/phases/upgrade/apply/bootstraptoken.gocmd/kubeadm/app/cmd/phases/upgrade/apply/uploadconfig.gocmd/kubeadm/app/cmd/phases/upgrade/data.gocmd/kubeadm/app/cmd/phases/upgrade/data_test.gocmd/kubeadm/app/cmd/phases/upgrade/postupgrade.gocmd/kubeadm/app/cmd/reset.gocmd/kubeadm/app/cmd/testdata/token-config.yamlcmd/kubeadm/app/cmd/token_test.gocmd/kubeadm/app/cmd/upgrade/common_test.gocmd/kubeadm/app/cmd/upgrade/plan.gocmd/kubeadm/app/cmd/upgrade/testdata/config-token.yamlcmd/kubeadm/app/cmd/util_other_test.gocmd/kubeadm/app/cmd/util_windows_test.gocmd/kubeadm/app/componentconfigs/kubelet_unix.gocmd/kubeadm/app/componentconfigs/kubelet_unix_test.gocmd/kubeadm/app/componentconfigs/kubelet_windows.gocmd/kubeadm/app/componentconfigs/kubelet_windows_test.gocmd/kubeadm/app/constants/constants.gocmd/kubeadm/app/constants/constants_test.gocmd/kubeadm/app/constants/constants_unix.gocmd/kubeadm/app/constants/constants_windows.gocmd/kubeadm/app/discovery/discovery.gocmd/kubeadm/app/discovery/discovery_test.gocmd/kubeadm/app/discovery/testdata/ca.crtcmd/kubeadm/app/discovery/token/testdata/expected-kubeconfig.yamlcmd/kubeadm/app/discovery/token/token_test.gocmd/kubeadm/app/features/features.gocmd/kubeadm/app/phases/addons/dns/dns_test.gocmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap.gocmd/kubeadm/app/phases/bootstraptoken/node/tlsbootstrap_test.gocmd/kubeadm/app/phases/certs/certlist.gocmd/kubeadm/app/phases/controlplane/manifests_test.gocmd/kubeadm/app/phases/controlplane/volumes.gocmd/kubeadm/app/phases/controlplane/volumes_test.gocmd/kubeadm/app/phases/copycerts/testutil_umask.gocmd/kubeadm/app/phases/copycerts/testutil_umask_noop.gocmd/kubeadm/app/phases/etcd/local.gocmd/kubeadm/app/phases/etcd/local_test.gocmd/kubeadm/app/phases/kubeconfig/kubeconfig.gocmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.gocmd/kubeadm/app/phases/upgrade/health.gocmd/kubeadm/app/preflight/checks.gocmd/kubeadm/app/preflight/checks_darwin.gocmd/kubeadm/app/preflight/checks_linux.gocmd/kubeadm/app/preflight/checks_other.gocmd/kubeadm/app/preflight/checks_unix.gocmd/kubeadm/app/preflight/checks_windows.gocmd/kubeadm/app/util/apiclient/wait.gocmd/kubeadm/app/util/chroot_unix.gocmd/kubeadm/app/util/chroot_windows.gocmd/kubeadm/app/util/config/cluster.gocmd/kubeadm/app/util/config/cluster_test.gocmd/kubeadm/app/util/config/common.gocmd/kubeadm/app/util/config/common_test.gocmd/kubeadm/app/util/config/initconfiguration.gocmd/kubeadm/app/util/config/initconfiguration_test.gocmd/kubeadm/app/util/config/testdata/kubelet-with-embedded-cert.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-invalid-context.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-invalid-user.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-linked-cert.yamlcmd/kubeadm/app/util/config/testdata/kubelet-without-cert.yamlcmd/kubeadm/app/util/config/upgradeconfiguration.gocmd/kubeadm/app/util/copy_unix.gocmd/kubeadm/app/util/copy_windows.gocmd/kubeadm/app/util/etcd/etcd.gocmd/kubeadm/app/util/etcd/etcd_test.gocmd/kubeadm/app/util/initsystem/initsystem_unix.gocmd/kubeadm/app/util/initsystem/initsystem_windows.gocmd/kubeadm/app/util/kubeconfig/kubeconfig.gocmd/kubeadm/app/util/kubeconfig/kubeconfig_test.gocmd/kubeadm/app/util/kubeconfig/testdata/user1.yamlcmd/kubeadm/app/util/kubeconfig/testdata/user2.yamlcmd/kubeadm/app/util/marshal_test.gocmd/kubeadm/app/util/pubkeypin/pubkeypin_test.gocmd/kubeadm/app/util/runtime/fake_impl.gocmd/kubeadm/app/util/runtime/impl.gocmd/kubeadm/app/util/runtime/runtime.gocmd/kubeadm/app/util/runtime/runtime_unix.gocmd/kubeadm/app/util/runtime/runtime_windows.gocmd/kubeadm/app/util/staticpod/testdata/invalid-with-default-fields.yamlcmd/kubeadm/app/util/staticpod/testdata/valid-pod-different-order.yamlcmd/kubeadm/app/util/staticpod/testdata/valid-pod.yamlcmd/kubeadm/app/util/staticpod/testdata/valid-pod2.yamlcmd/kubeadm/app/util/staticpod/utils.gocmd/kubeadm/app/util/staticpod/utils_linux.gocmd/kubeadm/app/util/staticpod/utils_linux_test.gocmd/kubeadm/app/util/staticpod/utils_others.go
💤 Files with no reviewable changes (1)
- api/discovery/apis__scheduling.k8s.io__v1alpha1.json
| @@ -1 +1 @@ | |||
| 1.25.7 | |||
| 1.26.2 | |||
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Go/toolchain version pins =="
fd -HI 'go.mod|\.go-version|\.ci-operator\.yaml|Dockerfile|Containerfile|Makefile' \
| xargs -r rg -n --no-heading -e '(^go [0-9]+\.[0-9]+)|(^toolchain go[0-9]+\.[0-9]+(\.[0-9]+)?)|(1\.26\.2)|(golang-1\.26)'Repository: openshift/kubernetes
Length of output: 3492
Align Go version across all go.mod files to match .go-version.
The .go-version change to 1.26.2 creates an inconsistency with all go.mod files pinned to 1.26.0 (including the root go.mod and 30+ modules in staging/src/k8s.io/*/go.mod). This split will cause local builds to use Go 1.26.2 while go.mod directives enforce 1.26.0, leading to build inconsistency and potential issues. Either update all go.mod files to go 1.26.2 or revert .go-version to 1.26.0.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.go-version at line 1, The .go-version file was bumped to 1.26.2 but many
go.mod files (e.g., the root go.mod and module files under
staging/src/k8s.io/*/go.mod) still state "go 1.26.0", causing a toolchain
mismatch; pick one resolution and make it consistent across the repo: either
revert .go-version back to 1.26.0, or update every go.mod (root go.mod and all
staging module go.mod files) to "go 1.26.2" so the Go directive matches
.go-version—ensure you update all occurrences rather than only root or a subset.
Comment on lines
+59
to
+60
| Operations and Definitions may have `x-kubernetes-list-maps-keys` if they | ||
| are associated with a [kubernetes resource](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources). `x-kubernetes-list-type` = `map` specifies field names inside each list element to serve as unique keys for the list-as-map. |
There was a problem hiding this comment.
Fix extension name typo in docs.
Line 59 says x-kubernetes-list-maps-keys, but the valid key is x-kubernetes-list-map-keys.
📝 Proposed fix
-Operations and Definitions may have `x-kubernetes-list-maps-keys` if they
+Operations and Definitions may have `x-kubernetes-list-map-keys` if they📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| Operations and Definitions may have `x-kubernetes-list-maps-keys` if they | |
| are associated with a [kubernetes resource](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources). `x-kubernetes-list-type` = `map` specifies field names inside each list element to serve as unique keys for the list-as-map. | |
| Operations and Definitions may have `x-kubernetes-list-map-keys` if they | |
| are associated with a [kubernetes resource](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources). `x-kubernetes-list-type` = `map` specifies field names inside each list element to serve as unique keys for the list-as-map. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/README.md` around lines 59 - 60, The README wording has a
typo: change the extension name `x-kubernetes-list-maps-keys` to the correct
`x-kubernetes-list-map-keys` in the sentence that begins "Operations and
Definitions may have `x-kubernetes-list-maps-keys`..." so all references to that
extension (in this paragraph) use `x-kubernetes-list-map-keys`; ensure the
surrounding explanatory sentence that mentions `x-kubernetes-list-type = map`
remains unchanged.
Comment on lines
+3788
to
+3803
| "io.k8s.api.core.v1.PodSchedulingGroup": { | ||
| "description": "PodSchedulingGroup identifies the runtime scheduling group instance that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics. Exactly one field must be specified.", | ||
| "properties": { | ||
| "podGroupName": { | ||
| "description": "PodGroupName specifies the name of the standalone PodGroup object that represents the runtime instance of this group. Must be a DNS subdomain.", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "type": "object", | ||
| "x-kubernetes-unions": [ | ||
| { | ||
| "fields-to-discriminateBy": { | ||
| "podGroupName": "PodGroupName" | ||
| } | ||
| } | ||
| ] |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
python - <<'PY'
import json
from pathlib import Path
doc = json.loads(Path("api/openapi-spec/v3/apis__apps__v1_openapi.json").read_text())
schema = doc["components"]["schemas"]["io.k8s.api.core.v1.PodSchedulingGroup"]
print("properties:", list(schema.get("properties", {}).keys()))
print("required:", schema.get("required", []))
print("empty object allowed by plain schema:", "podGroupName" not in schema.get("required", []))
PYRepository: openshift/kubernetes
Length of output: 149
Add required constraint to PodSchedulingGroup schema.
The description states "Exactly one field must be specified", but the schema does not enforce this: podGroupName is missing from the required array, allowing invalid empty objects {} to pass validation. This creates a contract mismatch that weakens validation for generated clients and schema validators.
Fix
"io.k8s.api.core.v1.PodSchedulingGroup": {
"description": "PodSchedulingGroup identifies the runtime scheduling group instance that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics. Exactly one field must be specified.",
"properties": {
"podGroupName": {
"description": "PodGroupName specifies the name of the standalone PodGroup object that represents the runtime instance of this group. Must be a DNS subdomain.",
"type": "string"
}
},
+ "required": [
+ "podGroupName"
+ ],
"type": "object",
"x-kubernetes-unions": [🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__apps__v1_openapi.json` around lines 3788 - 3803,
The PodSchedulingGroup schema currently allows an empty object even though its
description requires exactly one field; add a required constraint so
podGroupName is mandatory. Edit the io.k8s.api.core.v1.PodSchedulingGroup object
to include "required": ["podGroupName"] alongside its existing properties and
x-kubernetes-unions, ensuring the podGroupName property is enforced by
validators and generated clients.
| } | ||
| ], | ||
| "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." | ||
| "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." |
There was a problem hiding this comment.
Clean up the new volume description typos.
These strings feed generated API docs. The image description uses subpath instead of the actual subPath field name and has a stray fail If, and the portworxVolume text says kubelets host machine.
Also applies to: 5307-5307
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__apps__v1_openapi.json` at line 5262, Fix typos and
field-name casing in the volume descriptions: update the "image" description to
use the correct field name spec.containers[*].volumeMounts.subPath (capital P)
instead of subpath and change the stray "fail If" to "fail if"; also correct
phrasing like "kubelets host machine" to "kubelet's host machine" (and apply the
same fixes to the duplicate occurrence referenced as the other location). Edit
the JSON values for the "image" description and the "portworxVolume" text to
reflect these exact string fixes so generated API docs show the proper field
names and grammar.
Member
Author
|
/retest |
|
@haircommander: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
openshift-ci
Bot
added
the
needs-rebase
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
1 similar comment
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR is related to:
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
Summary by CodeRabbit
New Features
Updates
Deprecations
Chores