Changes to accommodate client-go changes and kube vendor update

to v1.18.0 Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2025-06-13 10:33:35 +00:00 · 2020-04-14 12:34:33 +05:30
parent 4c96ad3c85
commit 34fc1d847e
1083 changed files with 50505 additions and 155846 deletions
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/apis/config/types.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/apis/config/types.go
@ -335,8 +335,15 @@ type KubeletConfiguration struct {
 	// This provide a "static" CPU list rather than the "dynamic" list by system-reserved and kube-reserved.
 	// This option overwrites CPUs provided by system-reserved and kube-reserved.
 	ReservedSystemCPUs string
+	// The previous version for which you want to show hidden metrics.
+	// Only the previous minor version is meaningful, other values will not be allowed.
+	// The format is <major>.<minor>, e.g.: '1.16'.
+	// The purpose of this format is make sure you have the opportunity to notice if the next release hides additional metrics,
+	// rather than being surprised when they are permanently removed in the release after that.
+	ShowHiddenMetricsForVersion string
 }

+// KubeletAuthorizationMode denotes the authorization mode for the kubelet
 type KubeletAuthorizationMode string

 const (
@ -346,6 +353,7 @@ const (
 	KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook"
 )

+// KubeletAuthorization holds the state related to the authorization in the kublet.
 type KubeletAuthorization struct {
 	// mode is the authorization mode to apply to requests to the kubelet server.
 	// Valid values are AlwaysAllow and Webhook.
@ -356,6 +364,8 @@ type KubeletAuthorization struct {
 	Webhook KubeletWebhookAuthorization
 }

+// KubeletWebhookAuthorization holds the state related to the Webhook
+// Authorization in the Kubelet.
 type KubeletWebhookAuthorization struct {
 	// cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer.
 	CacheAuthorizedTTL metav1.Duration
@ -363,6 +373,7 @@ type KubeletWebhookAuthorization struct {
 	CacheUnauthorizedTTL metav1.Duration
 }

+// KubeletAuthentication holds the Kubetlet Authentication setttings.
 type KubeletAuthentication struct {
 	// x509 contains settings related to x509 client certificate authentication
 	X509 KubeletX509Authentication
@ -372,6 +383,7 @@ type KubeletAuthentication struct {
 	Anonymous KubeletAnonymousAuthentication
 }

+// KubeletX509Authentication contains settings related to x509 client certificate authentication
 type KubeletX509Authentication struct {
 	// clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate
 	// signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName,
@ -379,6 +391,7 @@ type KubeletX509Authentication struct {
 	ClientCAFile string
 }

+// KubeletWebhookAuthentication contains settings related to webhook authentication
 type KubeletWebhookAuthentication struct {
 	// enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API
 	Enabled bool
@ -386,6 +399,7 @@ type KubeletWebhookAuthentication struct {
 	CacheTTL metav1.Duration
 }

+// KubeletAnonymousAuthentication enables anonymous requests to the kubetlet server.
 type KubeletAnonymousAuthentication struct {
 	// enabled allows anonymous requests to the kubelet server.
 	// Requests that are not rejected by another authentication method are treated as anonymous requests.
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/container/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/container/BUILD
@ -25,7 +25,6 @@ go_library(
        "//pkg/util/hash:go_default_library",
        "//pkg/volume:go_default_library",
        "//staging/src/k8s.io/api/core/v1:go_default_library",
-        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/container/helpers.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/container/helpers.go
@ -25,7 +25,6 @@ import (
 	"k8s.io/klog"

 	v1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
@ -62,6 +61,10 @@ type RuntimeHelper interface {
 // ShouldContainerBeRestarted checks whether a container needs to be restarted.
 // TODO(yifan): Think about how to refactor this.
 func ShouldContainerBeRestarted(container *v1.Container, pod *v1.Pod, podStatus *PodStatus) bool {
+	// Once a pod has been marked deleted, it should not be restarted
+	if pod.DeletionTimestamp != nil {
+		return false
+	}
 	// Get latest container status.
 	status := podStatus.FindContainerStatusByName(container.Name)
 	// If the container was never started before, we should start it.
@ -210,12 +213,6 @@ func (irecorder *innerEventRecorder) Eventf(object runtime.Object, eventtype, re

 }

-func (irecorder *innerEventRecorder) PastEventf(object runtime.Object, timestamp metav1.Time, eventtype, reason, messageFmt string, args ...interface{}) {
-	if ref, ok := irecorder.shouldRecordEvent(object); ok {
-		irecorder.recorder.PastEventf(ref, timestamp, eventtype, reason, messageFmt, args...)
-	}
-}
-
 func (irecorder *innerEventRecorder) AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{}) {
 	if ref, ok := irecorder.shouldRecordEvent(object); ok {
 		irecorder.recorder.AnnotatedEventf(ref, annotations, eventtype, reason, messageFmt, args...)
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/metrics/metrics.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/metrics/metrics.go
@ -34,15 +34,6 @@ const (
 	// DockerOperationsTimeoutKey is the key for the operation timeout metrics.
 	DockerOperationsTimeoutKey = "docker_operations_timeout_total"

-	// DeprecatedDockerOperationsKey is the deprecated key for docker operation metrics.
-	DeprecatedDockerOperationsKey = "docker_operations"
-	// DeprecatedDockerOperationsLatencyKey is the deprecated key for the operation latency metrics.
-	DeprecatedDockerOperationsLatencyKey = "docker_operations_latency_microseconds"
-	// DeprecatedDockerOperationsErrorsKey is the deprecated key for the operation error metrics.
-	DeprecatedDockerOperationsErrorsKey = "docker_operations_errors"
-	// DeprecatedDockerOperationsTimeoutKey is the deprecated key for the operation timeout metrics.
-	DeprecatedDockerOperationsTimeoutKey = "docker_operations_timeout"
-
 	// Keep the "kubelet" subsystem for backward compatibility.
 	kubeletSubsystem = "kubelet"
 )
@ -91,49 +82,6 @@ var (
 		},
 		[]string{"operation_type"},
 	)
-
-	// DeprecatedDockerOperationsLatency collects operation latency numbers by operation
-	// type.
-	DeprecatedDockerOperationsLatency = metrics.NewSummaryVec(
-		&metrics.SummaryOpts{
-			Subsystem:      kubeletSubsystem,
-			Name:           DeprecatedDockerOperationsLatencyKey,
-			Help:           "(Deprecated) Latency in microseconds of Docker operations. Broken down by operation type.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedDockerOperations collects operation counts by operation type.
-	DeprecatedDockerOperations = metrics.NewCounterVec(
-		&metrics.CounterOpts{
-			Subsystem:      kubeletSubsystem,
-			Name:           DeprecatedDockerOperationsKey,
-			Help:           "(Deprecated) Cumulative number of Docker operations by operation type.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedDockerOperationsErrors collects operation errors by operation
-	// type.
-	DeprecatedDockerOperationsErrors = metrics.NewCounterVec(
-		&metrics.CounterOpts{
-			Subsystem:      kubeletSubsystem,
-			Name:           DeprecatedDockerOperationsErrorsKey,
-			Help:           "(Deprecated) Cumulative number of Docker operation errors by operation type.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedDockerOperationsTimeout collects operation timeouts by operation type.
-	DeprecatedDockerOperationsTimeout = metrics.NewCounterVec(
-		&metrics.CounterOpts{
-			Subsystem:      kubeletSubsystem,
-			Name:           DeprecatedDockerOperationsTimeoutKey,
-			Help:           "(Deprecated) Cumulative number of Docker operation timeout by operation type.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
 )

 var registerMetrics sync.Once
@ -145,18 +93,9 @@ func Register() {
 		legacyregistry.MustRegister(DockerOperations)
 		legacyregistry.MustRegister(DockerOperationsErrors)
 		legacyregistry.MustRegister(DockerOperationsTimeout)
-		legacyregistry.MustRegister(DeprecatedDockerOperationsLatency)
-		legacyregistry.MustRegister(DeprecatedDockerOperations)
-		legacyregistry.MustRegister(DeprecatedDockerOperationsErrors)
-		legacyregistry.MustRegister(DeprecatedDockerOperationsTimeout)
 	})
 }

-// SinceInMicroseconds gets the time since the specified start in microseconds.
-func SinceInMicroseconds(start time.Time) float64 {
-	return float64(time.Since(start).Nanoseconds() / time.Microsecond.Nanoseconds())
-}
-
 // SinceInSeconds gets the time since the specified start in seconds.
 func SinceInSeconds(start time.Time) float64 {
 	return time.Since(start).Seconds()
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/events/event.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/events/event.go
@ -16,8 +16,8 @@ limitations under the License.

 package events

+// Container event reason list
 const (
-	// Container event reason list
 	CreatedContainer        = "Created"
 	StartedContainer        = "Started"
 	FailedToCreateContainer = "Failed"
@ -26,22 +26,28 @@ const (
 	PreemptContainer        = "Preempting"
 	BackOffStartContainer   = "BackOff"
 	ExceededGracePeriod     = "ExceededGracePeriod"
+)

-	// Pod event reason list
+// Pod event reason list
+const (
 	FailedToKillPod                = "FailedKillPod"
 	FailedToCreatePodContainer     = "FailedCreatePodContainer"
 	FailedToMakePodDataDirectories = "Failed"
 	NetworkNotReady                = "NetworkNotReady"
+)

-	// Image event reason list
+// Image event reason list
+const (
 	PullingImage            = "Pulling"
 	PulledImage             = "Pulled"
 	FailedToPullImage       = "Failed"
 	FailedToInspectImage    = "InspectFailed"
 	ErrImageNeverPullPolicy = "ErrImageNeverPull"
 	BackOffPullImage        = "BackOff"
+)

-	// kubelet event reason list
+// kubelet event reason list
+const (
 	NodeReady                            = "NodeReady"
 	NodeNotReady                         = "NodeNotReady"
 	NodeSchedulable                      = "NodeSchedulable"
@ -66,22 +72,33 @@ const (
 	SandboxChanged                       = "SandboxChanged"
 	FailedCreatePodSandBox               = "FailedCreatePodSandBox"
 	FailedStatusPodSandBox               = "FailedPodSandBoxStatus"
+	FailedMountOnFilesystemMismatch      = "FailedMountOnFilesystemMismatch"
+)

-	// Image manager event reason list
+// Image manager event reason list
+const (
 	InvalidDiskCapacity = "InvalidDiskCapacity"
 	FreeDiskSpaceFailed = "FreeDiskSpaceFailed"
+)

-	// Probe event reason list
+// Probe event reason list
+const (
 	ContainerUnhealthy    = "Unhealthy"
 	ContainerProbeWarning = "ProbeWarning"
+)

-	// Pod worker event reason list
+// Pod worker event reason list
+const (
 	FailedSync = "FailedSync"
+)

-	// Config event reason list
+// Config event reason list
+const (
 	FailedValidation = "FailedValidation"
+)

-	// Lifecycle hooks
+// Lifecycle hooks
+const (
 	FailedPostStartHook = "FailedPostStartHook"
 	FailedPreStopHook   = "FailedPreStopHook"
 )
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/BUILD
@ -21,7 +21,11 @@ go_library(
        "//pkg/kubelet/container:go_default_library",
        "//pkg/kubelet/types:go_default_library",
        "//pkg/kubelet/util/format:go_default_library",
-        "//pkg/scheduler/algorithm/predicates:go_default_library",
+        "//pkg/scheduler/framework/plugins/helper:go_default_library",
+        "//pkg/scheduler/framework/plugins/nodeaffinity:go_default_library",
+        "//pkg/scheduler/framework/plugins/nodename:go_default_library",
+        "//pkg/scheduler/framework/plugins/nodeports:go_default_library",
+        "//pkg/scheduler/framework/plugins/noderesources:go_default_library",
        "//pkg/scheduler/nodeinfo:go_default_library",
        "//pkg/security/apparmor:go_default_library",
        "//staging/src/k8s.io/api/core/v1:go_default_library",
@ -40,11 +44,15 @@ go_test(
    ],
    embed = [":go_default_library"],
    deps = [
+        "//pkg/apis/core/v1/helper:go_default_library",
        "//pkg/kubelet/container:go_default_library",
        "//pkg/kubelet/util/format:go_default_library",
+        "//pkg/scheduler/framework/plugins/nodename:go_default_library",
+        "//pkg/scheduler/framework/plugins/nodeports:go_default_library",
        "//pkg/scheduler/nodeinfo:go_default_library",
        "//staging/src/k8s.io/api/core/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
    ],
 )
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/admission_failure_handler_stub.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/admission_failure_handler_stub.go
@ -18,7 +18,6 @@ package lifecycle

 import (
 	"k8s.io/api/core/v1"
-	"k8s.io/kubernetes/pkg/scheduler/algorithm/predicates"
 )

 // AdmissionFailureHandlerStub is an AdmissionFailureHandler that does not perform any handling of admission failure.
@ -31,6 +30,6 @@ func NewAdmissionFailureHandlerStub() *AdmissionFailureHandlerStub {
 	return &AdmissionFailureHandlerStub{}
 }

-func (n *AdmissionFailureHandlerStub) HandleAdmissionFailure(admitPod *v1.Pod, failureReasons []predicates.PredicateFailureReason) (bool, []predicates.PredicateFailureReason, error) {
-	return false, failureReasons, nil
+func (n *AdmissionFailureHandlerStub) HandleAdmissionFailure(admitPod *v1.Pod, failureReasons []PredicateFailureReason) ([]PredicateFailureReason, error) {
+	return failureReasons, nil
 }
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/handlers.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/handlers.go
@ -38,7 +38,7 @@ const (
 )

 type HandlerRunner struct {
-	httpGetter       kubetypes.HttpGetter
+	httpGetter       kubetypes.HTTPGetter
 	commandRunner    kubecontainer.ContainerCommandRunner
 	containerManager podStatusProvider
 }
@ -47,7 +47,7 @@ type podStatusProvider interface {
 	GetPodStatus(uid types.UID, name, namespace string) (*kubecontainer.PodStatus, error)
 }

-func NewHandlerRunner(httpGetter kubetypes.HttpGetter, commandRunner kubecontainer.ContainerCommandRunner, containerManager podStatusProvider) kubecontainer.HandlerRunner {
+func NewHandlerRunner(httpGetter kubetypes.HTTPGetter, commandRunner kubecontainer.ContainerCommandRunner, containerManager podStatusProvider) kubecontainer.HandlerRunner {
 	return &HandlerRunner{
 		httpGetter:       httpGetter,
 		commandRunner:    commandRunner,
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/predicate.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/lifecycle/predicate.go
@ -20,11 +20,15 @@ import (
 	"fmt"

 	"k8s.io/klog"
+	pluginhelper "k8s.io/kubernetes/pkg/scheduler/framework/plugins/helper"
+	"k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodeaffinity"
+	"k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodename"
+	"k8s.io/kubernetes/pkg/scheduler/framework/plugins/nodeports"
+	"k8s.io/kubernetes/pkg/scheduler/framework/plugins/noderesources"

 	"k8s.io/api/core/v1"
 	v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
 	"k8s.io/kubernetes/pkg/kubelet/util/format"
-	"k8s.io/kubernetes/pkg/scheduler/algorithm/predicates"
 	schedulernodeinfo "k8s.io/kubernetes/pkg/scheduler/nodeinfo"
 )

@ -35,7 +39,7 @@ type pluginResourceUpdateFuncType func(*schedulernodeinfo.NodeInfo, *PodAdmitAtt
 // AdmissionFailureHandler is an interface which defines how to deal with a failure to admit a pod.
 // This allows for the graceful handling of pod admission failure.
 type AdmissionFailureHandler interface {
-	HandleAdmissionFailure(admitPod *v1.Pod, failureReasons []predicates.PredicateFailureReason) (bool, []predicates.PredicateFailureReason, error)
+	HandleAdmissionFailure(admitPod *v1.Pod, failureReasons []PredicateFailureReason) ([]PredicateFailureReason, error)
 }

 type predicateAdmitHandler struct {
@ -89,7 +93,8 @@ func (w *predicateAdmitHandler) Admit(attrs *PodAdmitAttributes) PodAdmitResult
 	// the Resource Class API in the future.
 	podWithoutMissingExtendedResources := removeMissingExtendedResources(admitPod, nodeInfo)

-	fit, reasons, err := predicates.GeneralPredicates(podWithoutMissingExtendedResources, nil, nodeInfo)
+	reasons, err := GeneralPredicates(podWithoutMissingExtendedResources, nodeInfo)
+	fit := len(reasons) == 0 && err == nil
 	if err != nil {
 		message := fmt.Sprintf("GeneralPredicates failed due to %v, which is unexpected.", err)
 		klog.Warningf("Failed to admit pod %v - %s", format.Pod(admitPod), message)
@ -100,7 +105,8 @@ func (w *predicateAdmitHandler) Admit(attrs *PodAdmitAttributes) PodAdmitResult
 		}
 	}
 	if !fit {
-		fit, reasons, err = w.admissionFailureHandler.HandleAdmissionFailure(admitPod, reasons)
+		reasons, err = w.admissionFailureHandler.HandleAdmissionFailure(admitPod, reasons)
+		fit = len(reasons) == 0 && err == nil
 		if err != nil {
 			message := fmt.Sprintf("Unexpected error while attempting to recover from admission failure: %v", err)
 			klog.Warningf("Failed to admit pod %v - %s", format.Pod(admitPod), message)
@ -126,18 +132,14 @@ func (w *predicateAdmitHandler) Admit(attrs *PodAdmitAttributes) PodAdmitResult
 		// If there are failed predicates, we only return the first one as a reason.
 		r := reasons[0]
 		switch re := r.(type) {
-		case *predicates.PredicateFailureError:
+		case *PredicateFailureError:
 			reason = re.PredicateName
 			message = re.Error()
 			klog.V(2).Infof("Predicate failed on Pod: %v, for reason: %v", format.Pod(admitPod), message)
-		case *predicates.InsufficientResourceError:
+		case *InsufficientResourceError:
 			reason = fmt.Sprintf("OutOf%s", re.ResourceName)
 			message = re.Error()
 			klog.V(2).Infof("Predicate failed on Pod: %v, for reason: %v", format.Pod(admitPod), message)
-		case *predicates.FailureReason:
-			reason = re.GetReason()
-			message = fmt.Sprintf("Failure: %s", re.GetReason())
-			klog.V(2).Infof("Predicate failed on Pod: %v, for reason: %v", format.Pod(admitPod), message)
 		default:
 			reason = "UnexpectedPredicateFailureType"
 			message = fmt.Sprintf("GeneralPredicates failed due to %v, which is unexpected.", r)
@ -172,3 +174,76 @@ func removeMissingExtendedResources(pod *v1.Pod, nodeInfo *schedulernodeinfo.Nod
 	}
 	return podCopy
 }
+
+// InsufficientResourceError is an error type that indicates what kind of resource limit is
+// hit and caused the unfitting failure.
+type InsufficientResourceError struct {
+	ResourceName v1.ResourceName
+	Requested    int64
+	Used         int64
+	Capacity     int64
+}
+
+func (e *InsufficientResourceError) Error() string {
+	return fmt.Sprintf("Node didn't have enough resource: %s, requested: %d, used: %d, capacity: %d",
+		e.ResourceName, e.Requested, e.Used, e.Capacity)
+}
+
+// PredicateFailureReason interface represents the failure reason of a predicate.
+type PredicateFailureReason interface {
+	GetReason() string
+}
+
+// GetReason returns the reason of the InsufficientResourceError.
+func (e *InsufficientResourceError) GetReason() string {
+	return fmt.Sprintf("Insufficient %v", e.ResourceName)
+}
+
+// GetInsufficientAmount returns the amount of the insufficient resource of the error.
+func (e *InsufficientResourceError) GetInsufficientAmount() int64 {
+	return e.Requested - (e.Capacity - e.Used)
+}
+
+// PredicateFailureError describes a failure error of predicate.
+type PredicateFailureError struct {
+	PredicateName string
+	PredicateDesc string
+}
+
+func (e *PredicateFailureError) Error() string {
+	return fmt.Sprintf("Predicate %s failed", e.PredicateName)
+}
+
+// GetReason returns the reason of the PredicateFailureError.
+func (e *PredicateFailureError) GetReason() string {
+	return e.PredicateDesc
+}
+
+// GeneralPredicates checks a group of predicates that the kubelet cares about.
+func GeneralPredicates(pod *v1.Pod, nodeInfo *schedulernodeinfo.NodeInfo) ([]PredicateFailureReason, error) {
+	if nodeInfo.Node() == nil {
+		return nil, fmt.Errorf("node not found")
+	}
+
+	var reasons []PredicateFailureReason
+	for _, r := range noderesources.Fits(pod, nodeInfo, nil) {
+		reasons = append(reasons, &InsufficientResourceError{
+			ResourceName: r.ResourceName,
+			Requested:    r.Requested,
+			Used:         r.Used,
+			Capacity:     r.Capacity,
+		})
+	}
+
+	if !pluginhelper.PodMatchesNodeSelectorAndAffinityTerms(pod, nodeInfo.Node()) {
+		reasons = append(reasons, &PredicateFailureError{nodeaffinity.Name, nodeaffinity.ErrReason})
+	}
+	if !nodename.Fits(pod, nodeInfo) {
+		reasons = append(reasons, &PredicateFailureError{nodename.Name, nodename.ErrReason})
+	}
+	if !nodeports.Fits(pod, nodeInfo) {
+		reasons = append(reasons, &PredicateFailureError{nodeports.Name, nodeports.ErrReason})
+	}
+
+	return reasons, nil
+}
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/metrics/metrics.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/metrics/metrics.go
@ -34,44 +34,33 @@ import (

 // This const block defines the metric names for the kubelet metrics.
 const (
-	KubeletSubsystem                     = "kubelet"
-	NodeNameKey                          = "node_name"
-	NodeLabelKey                         = "node"
-	PodWorkerDurationKey                 = "pod_worker_duration_seconds"
-	PodStartDurationKey                  = "pod_start_duration_seconds"
-	CgroupManagerOperationsKey           = "cgroup_manager_duration_seconds"
-	PodWorkerStartDurationKey            = "pod_worker_start_duration_seconds"
-	PLEGRelistDurationKey                = "pleg_relist_duration_seconds"
-	PLEGDiscardEventsKey                 = "pleg_discard_events"
-	PLEGRelistIntervalKey                = "pleg_relist_interval_seconds"
-	EvictionsKey                         = "evictions"
-	EvictionStatsAgeKey                  = "eviction_stats_age_seconds"
-	PreemptionsKey                       = "preemptions"
-	DeprecatedPodWorkerLatencyKey        = "pod_worker_latency_microseconds"
-	DeprecatedPodStartLatencyKey         = "pod_start_latency_microseconds"
-	DeprecatedCgroupManagerOperationsKey = "cgroup_manager_latency_microseconds"
-	DeprecatedPodWorkerStartLatencyKey   = "pod_worker_start_latency_microseconds"
-	DeprecatedPLEGRelistLatencyKey       = "pleg_relist_latency_microseconds"
-	DeprecatedPLEGRelistIntervalKey      = "pleg_relist_interval_microseconds"
-	DeprecatedEvictionStatsAgeKey        = "eviction_stats_age_microseconds"
-	VolumeStatsCapacityBytesKey          = "volume_stats_capacity_bytes"
-	VolumeStatsAvailableBytesKey         = "volume_stats_available_bytes"
-	VolumeStatsUsedBytesKey              = "volume_stats_used_bytes"
-	VolumeStatsInodesKey                 = "volume_stats_inodes"
-	VolumeStatsInodesFreeKey             = "volume_stats_inodes_free"
-	VolumeStatsInodesUsedKey             = "volume_stats_inodes_used"
+	KubeletSubsystem             = "kubelet"
+	NodeNameKey                  = "node_name"
+	NodeLabelKey                 = "node"
+	PodWorkerDurationKey         = "pod_worker_duration_seconds"
+	PodStartDurationKey          = "pod_start_duration_seconds"
+	CgroupManagerOperationsKey   = "cgroup_manager_duration_seconds"
+	PodWorkerStartDurationKey    = "pod_worker_start_duration_seconds"
+	PLEGRelistDurationKey        = "pleg_relist_duration_seconds"
+	PLEGDiscardEventsKey         = "pleg_discard_events"
+	PLEGRelistIntervalKey        = "pleg_relist_interval_seconds"
+	PLEGLastSeenKey              = "pleg_last_seen_seconds"
+	EvictionsKey                 = "evictions"
+	EvictionStatsAgeKey          = "eviction_stats_age_seconds"
+	PreemptionsKey               = "preemptions"
+	VolumeStatsCapacityBytesKey  = "volume_stats_capacity_bytes"
+	VolumeStatsAvailableBytesKey = "volume_stats_available_bytes"
+	VolumeStatsUsedBytesKey      = "volume_stats_used_bytes"
+	VolumeStatsInodesKey         = "volume_stats_inodes"
+	VolumeStatsInodesFreeKey     = "volume_stats_inodes_free"
+	VolumeStatsInodesUsedKey     = "volume_stats_inodes_used"
 	// Metrics keys of remote runtime operations
-	RuntimeOperationsKey                  = "runtime_operations_total"
-	RuntimeOperationsDurationKey          = "runtime_operations_duration_seconds"
-	RuntimeOperationsErrorsKey            = "runtime_operations_errors_total"
-	DeprecatedRuntimeOperationsKey        = "runtime_operations"
-	DeprecatedRuntimeOperationsLatencyKey = "runtime_operations_latency_microseconds"
-	DeprecatedRuntimeOperationsErrorsKey  = "runtime_operations_errors"
+	RuntimeOperationsKey         = "runtime_operations_total"
+	RuntimeOperationsDurationKey = "runtime_operations_duration_seconds"
+	RuntimeOperationsErrorsKey   = "runtime_operations_errors_total"
 	// Metrics keys of device plugin operations
-	DevicePluginRegistrationCountKey           = "device_plugin_registration_total"
-	DevicePluginAllocationDurationKey          = "device_plugin_alloc_duration_seconds"
-	DeprecatedDevicePluginRegistrationCountKey = "device_plugin_registration_count"
-	DeprecatedDevicePluginAllocationLatencyKey = "device_plugin_alloc_latency_microseconds"
+	DevicePluginRegistrationCountKey  = "device_plugin_registration_total"
+	DevicePluginAllocationDurationKey = "device_plugin_alloc_duration_seconds"

 	// Metric keys for node config
 	AssignedConfigKey             = "node_config_assigned"
@ -165,17 +154,16 @@ var (
 			StabilityLevel: metrics.ALPHA,
 		},
 	)
-	// PLEGDiscardEvents is a Histogram that tracks the duration (in seconds) it takes for discarding events in the Kubelet's
-	// Pod Lifecycle Event Generator (PLEG).
-	PLEGDiscardEvents = metrics.NewCounterVec(
+	// PLEGDiscardEvents is a Counter that tracks the number of discarding events in the Kubelet's Pod Lifecycle Event Generator (PLEG).
+	PLEGDiscardEvents = metrics.NewCounter(
 		&metrics.CounterOpts{
 			Subsystem:      KubeletSubsystem,
 			Name:           PLEGDiscardEventsKey,
 			Help:           "The number of discard events in PLEG.",
 			StabilityLevel: metrics.ALPHA,
 		},
-		[]string{},
 	)
+
 	// PLEGRelistInterval is a Histogram that tracks the intervals (in seconds) between relisting in the Kubelet's
 	// Pod Lifecycle Event Generator (PLEG).
 	PLEGRelistInterval = metrics.NewHistogram(
@ -187,6 +175,16 @@ var (
 			StabilityLevel: metrics.ALPHA,
 		},
 	)
+	// PLEGLastSeen is a Gauge giving the Unix timestamp when the Kubelet's
+	// Pod Lifecycle Event Generator (PLEG) was last seen active.
+	PLEGLastSeen = metrics.NewGauge(
+		&metrics.GaugeOpts{
+			Subsystem:      KubeletSubsystem,
+			Name:           PLEGLastSeenKey,
+			Help:           "Timestamp in seconds when PLEG was last seen active.",
+			StabilityLevel: metrics.ALPHA,
+		},
+	)
 	// RuntimeOperations is a Counter that tracks the cumulative number of remote runtime operations.
 	// Broken down by operation type.
 	RuntimeOperations = metrics.NewCounterVec(
@ -279,134 +277,6 @@ var (
 		},
 		[]string{"resource_name"},
 	)
-	// DeprecatedPodWorkerLatency is a Summary that tracks the latency (in microseconds) to sync a single pod.
-	// Broken down by operation type. This metric is deprecated.
-	DeprecatedPodWorkerLatency = metrics.NewSummaryVec(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedPodWorkerLatencyKey,
-			Help:           "(Deprecated) Latency in microseconds to sync a single pod. Broken down by operation type: create, update, or sync",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedPodStartLatency is a Summary that tracks the latency (in microseconds) for a single pod to go from pending to running.
-	// This metric is deprecated.
-	DeprecatedPodStartLatency = metrics.NewSummary(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedPodStartLatencyKey,
-			Help:           "(Deprecated) Latency in microseconds for a single pod to go from pending to running.",
-			StabilityLevel: metrics.ALPHA,
-		},
-	)
-	// DeprecatedCgroupManagerLatency is a Summary that tracks the latency (in microseconds) for cgroup manager operations to complete.
-	// Broken down by operation type. This metric is deprecated.
-	DeprecatedCgroupManagerLatency = metrics.NewSummaryVec(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedCgroupManagerOperationsKey,
-			Help:           "(Deprecated) Latency in microseconds for cgroup manager operations. Broken down by method.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedPodWorkerStartLatency is a Summary that tracks the latency (in microseconds) from seeing a pod to starting a worker.
-	// This metric is deprecated.
-	DeprecatedPodWorkerStartLatency = metrics.NewSummary(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedPodWorkerStartLatencyKey,
-			Help:           "(Deprecated) Latency in microseconds from seeing a pod to starting a worker.",
-			StabilityLevel: metrics.ALPHA,
-		},
-	)
-	// DeprecatedPLEGRelistLatency is a Summary that tracks the latency (in microseconds) for relisting pods in PLEG.
-	// This metric is deprecated.
-	DeprecatedPLEGRelistLatency = metrics.NewSummary(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedPLEGRelistLatencyKey,
-			Help:           "(Deprecated) Latency in microseconds for relisting pods in PLEG.",
-			StabilityLevel: metrics.ALPHA,
-		},
-	)
-	// DeprecatedPLEGRelistInterval is a Summary that tracks the interval (in microseconds) between relistings in PLEG.
-	// This metric is deprecated.
-	DeprecatedPLEGRelistInterval = metrics.NewSummary(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedPLEGRelistIntervalKey,
-			Help:           "(Deprecated) Interval in microseconds between relisting in PLEG.",
-			StabilityLevel: metrics.ALPHA,
-		},
-	)
-	// DeprecatedRuntimeOperations is a Counter that tracks the cumulative number of remote runtime operations.
-	// Broken down by operation type. This metric is deprecated.
-	DeprecatedRuntimeOperations = metrics.NewCounterVec(
-		&metrics.CounterOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedRuntimeOperationsKey,
-			Help:           "(Deprecated) Cumulative number of runtime operations by operation type.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedRuntimeOperationsLatency is a Summary that tracks the latency (in microseconds) of remote runtime operations
-	// to complete. Broken down by operation type. This metric is deprecated.
-	DeprecatedRuntimeOperationsLatency = metrics.NewSummaryVec(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedRuntimeOperationsLatencyKey,
-			Help:           "(Deprecated) Latency in microseconds of runtime operations. Broken down by operation type.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedRuntimeOperationsErrors is a Counter that tracks the cumulative number of remote runtime operation errors.
-	// Broken down by operation type. This metric is deprecated.
-	DeprecatedRuntimeOperationsErrors = metrics.NewCounterVec(
-		&metrics.CounterOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedRuntimeOperationsErrorsKey,
-			Help:           "(Deprecated) Cumulative number of runtime operation errors by operation type.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"operation_type"},
-	)
-	// DeprecatedEvictionStatsAge is a Summary that tracks the time (in microseconds) between when stats are collected and when a pod
-	// is evicted based on those stats. Broken down by eviction signal. This metric is deprecated.
-	DeprecatedEvictionStatsAge = metrics.NewSummaryVec(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedEvictionStatsAgeKey,
-			Help:           "(Deprecated) Time between when stats are collected, and when pod is evicted based on those stats by eviction signal",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"eviction_signal"},
-	)
-	// DeprecatedDevicePluginRegistrationCount is a Counter that tracks the cumulative number of device plugin registrations.
-	// Broken down by resource name. This metric is deprecated.
-	DeprecatedDevicePluginRegistrationCount = metrics.NewCounterVec(
-		&metrics.CounterOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedDevicePluginRegistrationCountKey,
-			Help:           "(Deprecated) Cumulative number of device plugin registrations. Broken down by resource name.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"resource_name"},
-	)
-	// DeprecatedDevicePluginAllocationLatency is a Summary that tracks the latncy (in microseconds) for serving device plugin allocation requests.
-	// Broken down by resource name. This metric is deprecated.
-	DeprecatedDevicePluginAllocationLatency = metrics.NewSummaryVec(
-		&metrics.SummaryOpts{
-			Subsystem:      KubeletSubsystem,
-			Name:           DeprecatedDevicePluginAllocationLatencyKey,
-			Help:           "(Deprecated) Latency in microseconds to serve a device plugin Allocation request. Broken down by resource name.",
-			StabilityLevel: metrics.ALPHA,
-		},
-		[]string{"resource_name"},
-	)

 	// Metrics for node config

@ -451,12 +321,12 @@ var (
 		},
 	)
 	// RunPodSandboxDuration is a Histogram that tracks the duration (in seconds) it takes to run Pod Sandbox operations.
-	// Broken down by RuntimeClass.
+	// Broken down by RuntimeClass.Handler.
 	RunPodSandboxDuration = metrics.NewHistogramVec(
 		&metrics.HistogramOpts{
 			Subsystem: KubeletSubsystem,
 			Name:      RunPodSandboxDurationKey,
-			Help:      "Duration in seconds of the run_podsandbox operations. Broken down by RuntimeClass.",
+			Help:      "Duration in seconds of the run_podsandbox operations. Broken down by RuntimeClass.Handler.",
 			// Use DefBuckets for now, will customize the buckets if necessary.
 			Buckets:        metrics.DefBuckets,
 			StabilityLevel: metrics.ALPHA,
@ -464,12 +334,12 @@ var (
 		[]string{"runtime_handler"},
 	)
 	// RunPodSandboxErrors is a Counter that tracks the cumulative number of Pod Sandbox operations errors.
-	// Broken down by RuntimeClass.
+	// Broken down by RuntimeClass.Handler.
 	RunPodSandboxErrors = metrics.NewCounterVec(
 		&metrics.CounterOpts{
 			Subsystem:      KubeletSubsystem,
 			Name:           RunPodSandboxErrorsKey,
-			Help:           "Cumulative number of the run_podsandbox operation errors by RuntimeClass.",
+			Help:           "Cumulative number of the run_podsandbox operation errors by RuntimeClass.Handler.",
 			StabilityLevel: metrics.ALPHA,
 		},
 		[]string{"runtime_handler"},
@ -511,6 +381,7 @@ func Register(containerCache kubecontainer.RuntimeCache, collectors ...metrics.S
 		legacyregistry.MustRegister(PLEGRelistDuration)
 		legacyregistry.MustRegister(PLEGDiscardEvents)
 		legacyregistry.MustRegister(PLEGRelistInterval)
+		legacyregistry.MustRegister(PLEGLastSeen)
 		legacyregistry.MustRegister(RuntimeOperations)
 		legacyregistry.MustRegister(RuntimeOperationsDuration)
 		legacyregistry.MustRegister(RuntimeOperationsErrors)
@ -519,20 +390,10 @@ func Register(containerCache kubecontainer.RuntimeCache, collectors ...metrics.S
 		legacyregistry.MustRegister(Preemptions)
 		legacyregistry.MustRegister(DevicePluginRegistrationCount)
 		legacyregistry.MustRegister(DevicePluginAllocationDuration)
-		legacyregistry.MustRegister(DeprecatedPodWorkerLatency)
-		legacyregistry.MustRegister(DeprecatedPodStartLatency)
-		legacyregistry.MustRegister(DeprecatedCgroupManagerLatency)
-		legacyregistry.MustRegister(DeprecatedPodWorkerStartLatency)
-		legacyregistry.MustRegister(DeprecatedPLEGRelistLatency)
-		legacyregistry.MustRegister(DeprecatedPLEGRelistInterval)
-		legacyregistry.MustRegister(DeprecatedRuntimeOperations)
-		legacyregistry.MustRegister(DeprecatedRuntimeOperationsLatency)
-		legacyregistry.MustRegister(DeprecatedRuntimeOperationsErrors)
-		legacyregistry.MustRegister(DeprecatedEvictionStatsAge)
-		legacyregistry.MustRegister(DeprecatedDevicePluginRegistrationCount)
-		legacyregistry.MustRegister(DeprecatedDevicePluginAllocationLatency)
 		legacyregistry.MustRegister(RunningContainerCount)
 		legacyregistry.MustRegister(RunningPodCount)
+		legacyregistry.MustRegister(RunPodSandboxDuration)
+		legacyregistry.MustRegister(RunPodSandboxErrors)
 		if utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
 			legacyregistry.MustRegister(AssignedConfig)
 			legacyregistry.MustRegister(ActiveConfig)
@ -550,11 +411,6 @@ func GetGather() metrics.Gatherer {
 	return legacyregistry.DefaultGatherer
 }

-// SinceInMicroseconds gets the time since the specified start in microseconds.
-func SinceInMicroseconds(start time.Time) float64 {
-	return float64(time.Since(start).Nanoseconds() / time.Microsecond.Nanoseconds())
-}
-
 // SinceInSeconds gets the time since the specified start in seconds.
 func SinceInSeconds(start time.Time) float64 {
 	return time.Since(start).Seconds()
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/sysctl/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/sysctl/BUILD
@ -10,14 +10,12 @@ go_library(
    name = "go_default_library",
    srcs = [
        "namespace.go",
-        "runtime.go",
        "whitelist.go",
    ],
    importpath = "k8s.io/kubernetes/pkg/kubelet/sysctl",
    deps = [
        "//pkg/apis/core/validation:go_default_library",
        "//pkg/apis/policy/validation:go_default_library",
-        "//pkg/kubelet/container:go_default_library",
        "//pkg/kubelet/lifecycle:go_default_library",
    ],
 )
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/sysctl/runtime.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/sysctl/runtime.go
@ -1,95 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package sysctl
-
-import (
-	"fmt"
-
-	"k8s.io/kubernetes/pkg/kubelet/container"
-	"k8s.io/kubernetes/pkg/kubelet/lifecycle"
-)
-
-const (
-	UnsupportedReason = "SysctlUnsupported"
-	// CRI uses semver-compatible API version, while docker does not
-	// (e.g., 1.24). Append the version with a ".0".
-	dockerMinimumAPIVersion = "1.24.0"
-
-	dockerTypeName = "docker"
-)
-
-// TODO: The admission logic in this file is runtime-dependent. It should be
-// changed to be generic and CRI-compatible.
-
-type runtimeAdmitHandler struct {
-	result lifecycle.PodAdmitResult
-}
-
-var _ lifecycle.PodAdmitHandler = &runtimeAdmitHandler{}
-
-// NewRuntimeAdmitHandler returns a sysctlRuntimeAdmitHandler which checks whether
-// the given runtime support sysctls.
-func NewRuntimeAdmitHandler(runtime container.Runtime) (*runtimeAdmitHandler, error) {
-	switch runtime.Type() {
-	case dockerTypeName:
-		v, err := runtime.APIVersion()
-		if err != nil {
-			return nil, fmt.Errorf("failed to get runtime version: %v", err)
-		}
-
-		// only Docker API version >= 1.24 supports sysctls
-		c, err := v.Compare(dockerMinimumAPIVersion)
-		if err != nil {
-			return nil, fmt.Errorf("failed to compare Docker version for sysctl support: %v", err)
-		}
-		if c >= 0 {
-			return &runtimeAdmitHandler{
-				result: lifecycle.PodAdmitResult{
-					Admit: true,
-				},
-			}, nil
-		}
-		return &runtimeAdmitHandler{
-			result: lifecycle.PodAdmitResult{
-				Admit:   false,
-				Reason:  UnsupportedReason,
-				Message: "Docker API version before 1.24 does not support sysctls",
-			},
-		}, nil
-	default:
-		// Return admit for other runtimes.
-		return &runtimeAdmitHandler{
-			result: lifecycle.PodAdmitResult{
-				Admit: true,
-			},
-		}, nil
-	}
-}
-
-// Admit checks whether the runtime supports sysctls.
-func (w *runtimeAdmitHandler) Admit(attrs *lifecycle.PodAdmitAttributes) lifecycle.PodAdmitResult {
-	if attrs.Pod.Spec.SecurityContext != nil {
-
-		if len(attrs.Pod.Spec.SecurityContext.Sysctls) > 0 {
-			return w.result
-		}
-	}
-
-	return lifecycle.PodAdmitResult{
-		Admit: true,
-	}
-}
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/types/types.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/types/types.go
@ -26,7 +26,9 @@ import (

 // TODO: Reconcile custom types in kubelet/types and this subpackage

-type HttpGetter interface {
+// HTTPGetter is an interface representing the ability to perform HTTP GET requests.
+type HTTPGetter interface {
+	// Get issues a GET to the specified URL.
 	Get(url string) (*http.Response, error)
 }