github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 10:51:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #90320 from neolit123/1.19-kubeadm-dont-use-sleep-on-upgrade

Browse Source 
kubeadm: do not use /bin/sleep during upgrade pre-pull
This commit is contained in:
Kubernetes Prow Robot 2020-04-23 12:32:21 -07:00 committed by GitHub
commit 0acf2f0983
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
cmd/kubeadm/app/phases/upgrade/prepull.go
View File

@ -68,7 +68,8 @@ func (d *DaemonSetPrepuller) CreateFunc(component string) error {
} else { } else {
image = images.GetKubernetesImage(component, d.cfg) image = images.GetKubernetesImage(component, d.cfg)
} }
ds := buildPrePullDaemonSet(component, image) pauseImage := images.GetPauseImage(d.cfg)
ds := buildPrePullDaemonSet(component, image, pauseImage)
// Create the DaemonSet in the API Server // Create the DaemonSet in the API Server
if err := apiclient.CreateOrUpdateDaemonSet(d.client, ds); err != nil { if err := apiclient.CreateOrUpdateDaemonSet(d.client, ds); err != nil {
@ -155,8 +156,7 @@ func addPrepullPrefix(component string) string {
} }
// buildPrePullDaemonSet builds the DaemonSet that ensures the control plane image is available // buildPrePullDaemonSet builds the DaemonSet that ensures the control plane image is available
func buildPrePullDaemonSet(component, image string) *apps.DaemonSet { func buildPrePullDaemonSet(component, image, pauseImage string) *apps.DaemonSet {
var gracePeriodSecs int64
return &apps.DaemonSet{ return &apps.DaemonSet{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: addPrepullPrefix(component), Name: addPrepullPrefix(component),
@ -175,18 +175,32 @@ func buildPrePullDaemonSet(component, image string) *apps.DaemonSet {
}, },
}, },
Spec: v1.PodSpec{ Spec: v1.PodSpec{
Containers: []v1.Container{ // Use an init container to prepull the target component image.
// Once the prepull completes, the "component --version" command is executed
// to get an exit code of 0.
// After the init container completes a regular container with "pause"
// will start to get this Pod in Running state with a blocking container process.
// Note that DaemonSet Pods can only use RestartPolicy of Always, so there has
// to be a blocking process to achieve the Running state.
InitContainers: []v1.Container{
{ {
Name: component, Name: component,
Image: image, Image: image,
Command: []string{"/bin/sleep", "3600"}, Command: []string{component, "--version"},
},
},
Containers: []v1.Container{
{
Name: "pause",
Image: pauseImage,
Command: []string{"/pause"},
}, },
}, },
NodeSelector: map[string]string{ NodeSelector: map[string]string{
constants.LabelNodeRoleMaster: "", constants.LabelNodeRoleMaster: "",
}, },
Tolerations: []v1.Toleration{constants.ControlPlaneToleration}, Tolerations: []v1.Toleration{constants.ControlPlaneToleration},
TerminationGracePeriodSeconds: &gracePeriodSecs, TerminationGracePeriodSeconds: utilpointer.Int64Ptr(0),
// Explicitly add a PodSecurityContext to allow these Pods to run as non-root. // Explicitly add a PodSecurityContext to allow these Pods to run as non-root.
// This prevents restrictive PSPs from blocking the Pod creation. // This prevents restrictive PSPs from blocking the Pod creation.
SecurityContext: &v1.PodSecurityContext{ SecurityContext: &v1.PodSecurityContext{