diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go index 8271dc46500..6363949588d 100644 --- a/cmd/kubelet/app/options/options.go +++ b/cmd/kubelet/app/options/options.go @@ -61,9 +61,6 @@ type KubeletFlags struct { // Crash immediately, rather than eating panics. ReallyCrashForTesting bool - // enableServer enables the Kubelet's server - EnableServer bool - // HostnameOverride is the hostname used to identify the kubelet instead // of the actual hostname. HostnameOverride string @@ -71,10 +68,6 @@ type KubeletFlags struct { // If set, kubelet will use this IP address for the node. NodeIP string - // This flag, if set, sets the unique id of the instance that an external provider (i.e. cloudprovider) - // can use to identify a specific node - ProviderID string - // Container-runtime-specific options. config.ContainerRuntimeOptions @@ -190,7 +183,6 @@ func NewKubeletFlags() *KubeletFlags { } return &KubeletFlags{ - EnableServer: true, ContainerRuntimeOptions: *NewContainerRuntimeOptions(), CertDirectory: "/var/lib/kubelet/pki", RootDirectory: defaultRootDir, @@ -345,14 +337,10 @@ func (f *KubeletFlags) AddFlags(mainfs *pflag.FlagSet) { "On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig. "+ "The client certificate and key file will be stored in the directory pointed by --cert-dir.") - fs.BoolVar(&f.EnableServer, "enable-server", f.EnableServer, "Enable the Kubelet's server") - fs.StringVar(&f.HostnameOverride, "hostname-override", f.HostnameOverride, "If non-empty, will use this string as identification instead of the actual hostname. If --cloud-provider is set, the cloud provider determines the name of the node (consult cloud provider documentation to determine if and how the hostname is used).") fs.StringVar(&f.NodeIP, "node-ip", f.NodeIP, "IP address of the node. If set, kubelet will use this IP address for the node. If unset, kubelet will use the node's default IPv4 address, if any, or its default IPv6 address if it has no IPv4 addresses. You can pass '::' to make it prefer the default IPv6 address rather than the default IPv4 address.") - fs.StringVar(&f.ProviderID, "provider-id", f.ProviderID, "Unique identifier for identifying the node in a machine database, i.e cloudprovider") - fs.StringVar(&f.CertDirectory, "cert-dir", f.CertDirectory, "The directory where the TLS certs are located. "+ "If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.") @@ -425,6 +413,8 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig mainfs.AddFlagSet(fs) }() + fs.BoolVar(&c.EnableServer, "enable-server", c.EnableServer, "Enable the Kubelet's server") + fs.BoolVar(&c.FailSwapOn, "fail-swap-on", c.FailSwapOn, "Makes the Kubelet fail to start if swap is enabled on the node. ") fs.StringVar(&c.StaticPodPath, "pod-manifest-path", c.StaticPodPath, "Path to the directory containing static pod files to run, or the path to a single static pod file. Files starting with dots will be ignored.") fs.DurationVar(&c.SyncFrequency.Duration, "sync-frequency", c.SyncFrequency.Duration, "Max period between synchronizing running containers and config") @@ -503,6 +493,8 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig fs.StringVar(&c.KubeletCgroups, "kubelet-cgroups", c.KubeletCgroups, "Optional absolute name of cgroups to create and run the Kubelet in.") fs.StringVar(&c.SystemCgroups, "system-cgroups", c.SystemCgroups, "Optional absolute name of cgroups in which to place all non-kernel processes that are not already inside a cgroup under '/'. Empty for no container. Rolling back the flag requires a reboot.") + fs.StringVar(&c.ProviderID, "provider-id", c.ProviderID, "Unique identifier for identifying the node in a machine database, i.e cloudprovider") + fs.BoolVar(&c.CgroupsPerQOS, "cgroups-per-qos", c.CgroupsPerQOS, "Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created.") fs.StringVar(&c.CgroupDriver, "cgroup-driver", c.CgroupDriver, "Driver that the kubelet uses to manipulate cgroups on the host. Possible values: 'cgroupfs', 'systemd'") fs.StringVar(&c.CgroupRoot, "cgroup-root", c.CgroupRoot, "Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.") diff --git a/pkg/kubelet/apis/config/fuzzer/fuzzer.go b/pkg/kubelet/apis/config/fuzzer/fuzzer.go index ba84d7ecd5d..fdd4a55db13 100644 --- a/pkg/kubelet/apis/config/fuzzer/fuzzer.go +++ b/pkg/kubelet/apis/config/fuzzer/fuzzer.go @@ -37,6 +37,7 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} { // provide non-empty values for fields with defaults, so the defaulter doesn't change values during round-trip func(obj *kubeletconfig.KubeletConfiguration, c fuzz.Continue) { c.FuzzNoCustom(obj) + obj.EnableServer = true obj.Authentication.Anonymous.Enabled = true obj.Authentication.Webhook.Enabled = false obj.Authentication.Webhook.CacheTTL = metav1.Duration{Duration: 2 * time.Minute} diff --git a/pkg/kubelet/apis/config/helpers_test.go b/pkg/kubelet/apis/config/helpers_test.go index 6312cd3e424..eedc5763110 100644 --- a/pkg/kubelet/apis/config/helpers_test.go +++ b/pkg/kubelet/apis/config/helpers_test.go @@ -165,6 +165,7 @@ var ( "EnableContentionProfiling", "EnableControllerAttachDetach", "EnableDebuggingHandlers", + "EnableServer", "EnforceNodeAllocatable[*]", "EventBurst", "EventRecordQPS", @@ -209,6 +210,7 @@ var ( "PodsPerCore", "Port", "ProtectKernelDefaults", + "ProviderID", "ReadOnlyPort", "RegistryBurst", "RegistryPullQPS", diff --git a/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/after/v1beta1.yaml b/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/after/v1beta1.yaml index c201a16df0a..fc71f87656e 100644 --- a/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/after/v1beta1.yaml +++ b/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/after/v1beta1.yaml @@ -24,6 +24,7 @@ cpuManagerPolicy: none cpuManagerReconcilePeriod: 10s enableControllerAttachDetach: true enableDebuggingHandlers: true +enableServer: true enforceNodeAllocatable: - pods eventBurst: 10 diff --git a/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/roundtrip/default/v1beta1.yaml b/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/roundtrip/default/v1beta1.yaml index c201a16df0a..fc71f87656e 100644 --- a/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/roundtrip/default/v1beta1.yaml +++ b/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/roundtrip/default/v1beta1.yaml @@ -24,6 +24,7 @@ cpuManagerPolicy: none cpuManagerReconcilePeriod: 10s enableControllerAttachDetach: true enableDebuggingHandlers: true +enableServer: true enforceNodeAllocatable: - pods eventBurst: 10 diff --git a/pkg/kubelet/apis/config/types.go b/pkg/kubelet/apis/config/types.go index 1fb797d07da..ec8deb81fe2 100644 --- a/pkg/kubelet/apis/config/types.go +++ b/pkg/kubelet/apis/config/types.go @@ -74,6 +74,9 @@ const ( type KubeletConfiguration struct { metav1.TypeMeta + // enableServer enables Kubelet's secured server. + // Note: Kubelet's insecure port is controlled by the readOnlyPort option. + EnableServer bool // staticPodPath is the path to the directory containing local (static) pods to // run, or the path to a single static pod file. StaticPodPath string @@ -100,6 +103,9 @@ type KubeletConfiguration struct { // volumePluginDir is the full path of the directory in which to search // for additional third party volume plugins. VolumePluginDir string + // providerID, if set, sets the unique id of the instance that an external provider (i.e. cloudprovider) + // can use to identify a specific node + ProviderID string // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, // if any, concatenated after server cert). If tlsCertFile and // tlsPrivateKeyFile are not provided, a self-signed certificate diff --git a/pkg/kubelet/apis/config/v1beta1/defaults.go b/pkg/kubelet/apis/config/v1beta1/defaults.go index 9ce9303aa7e..ac8bd0045b6 100644 --- a/pkg/kubelet/apis/config/v1beta1/defaults.go +++ b/pkg/kubelet/apis/config/v1beta1/defaults.go @@ -48,6 +48,9 @@ func addDefaultingFuncs(scheme *kruntime.Scheme) error { } func SetDefaults_KubeletConfiguration(obj *kubeletconfigv1beta1.KubeletConfiguration) { + if obj.EnableServer == nil { + obj.EnableServer = utilpointer.BoolPtr(true) + } if obj.SyncFrequency == zeroDuration { obj.SyncFrequency = metav1.Duration{Duration: 1 * time.Minute} } diff --git a/pkg/kubelet/apis/config/v1beta1/zz_generated.conversion.go b/pkg/kubelet/apis/config/v1beta1/zz_generated.conversion.go index f3cf121cd0e..c1c7c37f79c 100644 --- a/pkg/kubelet/apis/config/v1beta1/zz_generated.conversion.go +++ b/pkg/kubelet/apis/config/v1beta1/zz_generated.conversion.go @@ -207,6 +207,9 @@ func Convert_config_KubeletAuthorization_To_v1beta1_KubeletAuthorization(in *con } func autoConvert_v1beta1_KubeletConfiguration_To_config_KubeletConfiguration(in *v1beta1.KubeletConfiguration, out *config.KubeletConfiguration, s conversion.Scope) error { + if err := v1.Convert_Pointer_bool_To_bool(&in.EnableServer, &out.EnableServer, s); err != nil { + return err + } out.StaticPodPath = in.StaticPodPath out.SyncFrequency = in.SyncFrequency out.FileCheckFrequency = in.FileCheckFrequency @@ -334,6 +337,7 @@ func autoConvert_v1beta1_KubeletConfiguration_To_config_KubeletConfiguration(in out.EnforceNodeAllocatable = *(*[]string)(unsafe.Pointer(&in.EnforceNodeAllocatable)) out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) out.VolumePluginDir = in.VolumePluginDir + out.ProviderID = in.ProviderID return nil } @@ -343,6 +347,9 @@ func Convert_v1beta1_KubeletConfiguration_To_config_KubeletConfiguration(in *v1b } func autoConvert_config_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in *config.KubeletConfiguration, out *v1beta1.KubeletConfiguration, s conversion.Scope) error { + if err := v1.Convert_bool_To_Pointer_bool(&in.EnableServer, &out.EnableServer, s); err != nil { + return err + } out.StaticPodPath = in.StaticPodPath out.SyncFrequency = in.SyncFrequency out.FileCheckFrequency = in.FileCheckFrequency @@ -353,6 +360,7 @@ func autoConvert_config_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in out.Port = in.Port out.ReadOnlyPort = in.ReadOnlyPort out.VolumePluginDir = in.VolumePluginDir + out.ProviderID = in.ProviderID out.TLSCertFile = in.TLSCertFile out.TLSPrivateKeyFile = in.TLSPrivateKeyFile out.TLSCipherSuites = *(*[]string)(unsafe.Pointer(&in.TLSCipherSuites)) diff --git a/pkg/kubemark/hollow_kubelet.go b/pkg/kubemark/hollow_kubelet.go index 6c741b17ae8..efe685e178c 100644 --- a/pkg/kubemark/hollow_kubelet.go +++ b/pkg/kubemark/hollow_kubelet.go @@ -155,7 +155,6 @@ func GetHollowKubeletConfig(opt *HollowKubletOptions) (*options.KubeletFlags, *k // Flags struct f := options.NewKubeletFlags() - f.EnableServer = true f.RootDirectory = testRootDir f.HostnameOverride = opt.NodeName f.MinimumGCAge = metav1.Duration{Duration: 1 * time.Minute} @@ -165,7 +164,6 @@ func GetHollowKubeletConfig(opt *HollowKubletOptions) (*options.KubeletFlags, *k f.ContainerRuntimeOptions.ContainerRuntime = kubetypes.RemoteContainerRuntime f.RegisterNode = true f.RegisterSchedulable = true - f.ProviderID = fmt.Sprintf("kubemark://%v", opt.NodeName) // Config struct c, err := options.NewKubeletConfiguration() @@ -174,6 +172,7 @@ func GetHollowKubeletConfig(opt *HollowKubletOptions) (*options.KubeletFlags, *k } c.StaticPodURL = "" + c.EnableServer = true c.Address = "0.0.0.0" /* bind address */ c.Port = int32(opt.KubeletPort) c.ReadOnlyPort = int32(opt.KubeletReadOnlyPort) @@ -189,6 +188,7 @@ func GetHollowKubeletConfig(opt *HollowKubletOptions) (*options.KubeletFlags, *k c.ClusterDNS = []string{} c.ImageGCHighThresholdPercent = 90 c.ImageGCLowThresholdPercent = 80 + c.ProviderID = fmt.Sprintf("kubemark://%v", opt.NodeName) c.VolumeStatsAggPeriod.Duration = time.Minute c.CgroupRoot = "" c.CPUCFSQuota = true diff --git a/staging/src/k8s.io/kubelet/config/v1beta1/types.go b/staging/src/k8s.io/kubelet/config/v1beta1/types.go index d323d64adfa..a6cf5a2b43a 100644 --- a/staging/src/k8s.io/kubelet/config/v1beta1/types.go +++ b/staging/src/k8s.io/kubelet/config/v1beta1/types.go @@ -74,6 +74,12 @@ const ( type KubeletConfiguration struct { metav1.TypeMeta `json:",inline"` + // enableServer enables Kubelet's secured server. + // Note: Kubelet's insecure port is controlled by the readOnlyPort option. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: true + EnableServer *bool `json:"enableServer,omitempty"` // staticPodPath is the path to the directory containing local (static) pods to // run, or the path to a single static pod file. // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that @@ -767,6 +773,13 @@ type KubeletConfiguration struct { // Default: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/" // +optional VolumePluginDir string `json:"volumePluginDir,omitempty"` + // providerID, if set, sets the unique id of the instance that an external provider (i.e. cloudprovider) + // can use to identify a specific node. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact the ability of the Kubelet to interact with cloud providers. + // Default: "" + // +optional + ProviderID string `json:"providerID,omitempty"` } type KubeletAuthorizationMode string diff --git a/staging/src/k8s.io/kubelet/config/v1beta1/zz_generated.deepcopy.go b/staging/src/k8s.io/kubelet/config/v1beta1/zz_generated.deepcopy.go index c1dc1d5f56f..6a005507e46 100644 --- a/staging/src/k8s.io/kubelet/config/v1beta1/zz_generated.deepcopy.go +++ b/staging/src/k8s.io/kubelet/config/v1beta1/zz_generated.deepcopy.go @@ -86,6 +86,11 @@ func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization { func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) { *out = *in out.TypeMeta = in.TypeMeta + if in.EnableServer != nil { + in, out := &in.EnableServer, &out.EnableServer + *out = new(bool) + **out = **in + } out.SyncFrequency = in.SyncFrequency out.FileCheckFrequency = in.FileCheckFrequency out.HTTPCheckFrequency = in.HTTPCheckFrequency