mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-28 22:17:14 +00:00
Graduate EndpointSlice feature gate to GA
This commit is contained in:
Swetha Repakula
parent
1925d94b18
commit
108fd44f7c
@ -55,12 +55,10 @@ func validateClusterIPFlags(options *ServerRunOptions) []error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Secondary IP validation
|
// Secondary IP validation
|
||||||
// while api-server dualstack bits does not have dependency on EndPointSlice, its
|
// ControllerManager needs DualStack feature flags
|
||||||
// a good idea to have validation consistent across all components (ControllerManager
|
|
||||||
// needs EndPointSlice + DualStack feature flags).
|
|
||||||
secondaryServiceClusterIPRangeUsed := (options.SecondaryServiceClusterIPRange.IP != nil)
|
secondaryServiceClusterIPRangeUsed := (options.SecondaryServiceClusterIPRange.IP != nil)
|
||||||
if secondaryServiceClusterIPRangeUsed && (!utilfeature.DefaultFeatureGate.Enabled(features.IPv6DualStack) || !utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice)) {
|
if secondaryServiceClusterIPRangeUsed && !utilfeature.DefaultFeatureGate.Enabled(features.IPv6DualStack) {
|
||||||
errs = append(errs, fmt.Errorf("secondary service cluster-ip range(--service-cluster-ip-range[1]) can only be used if %v and %v feature is enabled", string(features.IPv6DualStack), string(features.EndpointSlice)))
|
errs = append(errs, fmt.Errorf("secondary service cluster-ip range(--service-cluster-ip-range[1]) can only be used if %v feature is enabled", string(features.IPv6DualStack)))
|
||||||
}
|
}
|
||||||
|
|
||||||
// note: While the cluster might be dualstack (i.e. pods with multiple IPs), the user may choose
|
// note: While the cluster might be dualstack (i.e. pods with multiple IPs), the user may choose
|
||||||
|
|||||||
@ -52,12 +52,11 @@ func makeOptionsWithCIDRs(serviceCIDR string, secondaryServiceCIDR string) *Serv
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestClusterSerivceIPRange(t *testing.T) {
|
func TestClusterServiceIPRange(t *testing.T) {
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
name string
|
name string
|
||||||
options *ServerRunOptions
|
options *ServerRunOptions
|
||||||
enableDualStack bool
|
enableDualStack bool
|
||||||
enableEndpointSlice bool
|
|
||||||
expectErrors bool
|
expectErrors bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
@ -71,7 +70,6 @@ func TestClusterSerivceIPRange(t *testing.T) {
|
|||||||
expectErrors: true,
|
expectErrors: true,
|
||||||
options: makeOptionsWithCIDRs("", "10.0.0.0/16"),
|
options: makeOptionsWithCIDRs("", "10.0.0.0/16"),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "only secondary service cidr, dual stack gate off",
|
name: "only secondary service cidr, dual stack gate off",
|
||||||
@ -84,14 +82,12 @@ func TestClusterSerivceIPRange(t *testing.T) {
|
|||||||
expectErrors: true,
|
expectErrors: true,
|
||||||
options: makeOptionsWithCIDRs("10.0.0.0/16", "11.0.0.0/16"),
|
options: makeOptionsWithCIDRs("10.0.0.0/16", "11.0.0.0/16"),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "primary and secondary are provided but not dual stack v6-v6",
|
name: "primary and secondary are provided but not dual stack v6-v6",
|
||||||
expectErrors: true,
|
expectErrors: true,
|
||||||
options: makeOptionsWithCIDRs("2000::/108", "3000::/108"),
|
options: makeOptionsWithCIDRs("2000::/108", "3000::/108"),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "valid dual stack with gate disabled",
|
name: "valid dual stack with gate disabled",
|
||||||
@ -104,30 +100,20 @@ func TestClusterSerivceIPRange(t *testing.T) {
|
|||||||
expectErrors: true,
|
expectErrors: true,
|
||||||
options: makeOptionsWithCIDRs("10.0.0.0/8", ""),
|
options: makeOptionsWithCIDRs("10.0.0.0/8", ""),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "dual-stack secondary cidr too big",
|
name: "dual-stack secondary cidr too big",
|
||||||
expectErrors: true,
|
expectErrors: true,
|
||||||
options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/64"),
|
options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/64"),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "valid v6-v4 dual stack + gate on + endpointSlice gate is on",
|
name: "valid v6-v4 dual stack + gate on + endpointSlice gate is on",
|
||||||
expectErrors: false,
|
expectErrors: false,
|
||||||
options: makeOptionsWithCIDRs("3000::/108", "10.0.0.0/16"),
|
options: makeOptionsWithCIDRs("3000::/108", "10.0.0.0/16"),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
|
||||||
name: "valid v4-v6 dual stack + gate on + endpointSlice is off",
|
|
||||||
expectErrors: true,
|
|
||||||
options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/108"),
|
|
||||||
enableDualStack: true,
|
|
||||||
enableEndpointSlice: false,
|
|
||||||
},
|
|
||||||
/* success cases */
|
/* success cases */
|
||||||
{
|
{
|
||||||
name: "valid primary",
|
name: "valid primary",
|
||||||
@ -140,21 +126,18 @@ func TestClusterSerivceIPRange(t *testing.T) {
|
|||||||
expectErrors: false,
|
expectErrors: false,
|
||||||
options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/108"),
|
options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/108"),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "valid v6-v4 dual stack + gate on",
|
name: "valid v6-v4 dual stack + gate on",
|
||||||
expectErrors: false,
|
expectErrors: false,
|
||||||
options: makeOptionsWithCIDRs("3000::/108", "10.0.0.0/16"),
|
options: makeOptionsWithCIDRs("3000::/108", "10.0.0.0/16"),
|
||||||
enableDualStack: true,
|
enableDualStack: true,
|
||||||
enableEndpointSlice: true,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tc := range testCases {
|
for _, tc := range testCases {
|
||||||
t.Run(tc.name, func(t *testing.T) {
|
t.Run(tc.name, func(t *testing.T) {
|
||||||
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, tc.enableDualStack)()
|
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.IPv6DualStack, tc.enableDualStack)()
|
||||||
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.EndpointSlice, tc.enableEndpointSlice)()
|
|
||||||
errs := validateClusterIPFlags(tc.options)
|
errs := validateClusterIPFlags(tc.options)
|
||||||
if len(errs) > 0 && !tc.expectErrors {
|
if len(errs) > 0 && !tc.expectErrors {
|
||||||
t.Errorf("expected no errors, errors found %+v", errs)
|
t.Errorf("expected no errors, errors found %+v", errs)
|
||||||
|
|||||||
@ -110,8 +110,8 @@ func startNodeIpamController(ctx ControllerContext) (http.Handler, bool, error)
|
|||||||
return nil, false, err
|
return nil, false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// failure: more than one cidr and dual stack is not enabled and/or endpoint slice is not enabled
|
// failure: more than one cidr and dual stack is not enabled
|
||||||
if len(clusterCIDRs) > 1 && (!utilfeature.DefaultFeatureGate.Enabled(features.IPv6DualStack) || !utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice)) {
|
if len(clusterCIDRs) > 1 && !utilfeature.DefaultFeatureGate.Enabled(features.IPv6DualStack) {
|
||||||
return nil, false, fmt.Errorf("len of ClusterCIDRs==%v and dualstack or EndpointSlice feature is not enabled", len(clusterCIDRs))
|
return nil, false, fmt.Errorf("len of ClusterCIDRs==%v and dualstack or EndpointSlice feature is not enabled", len(clusterCIDRs))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -23,25 +23,11 @@ package app
|
|||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
discoveryv1 "k8s.io/api/discovery/v1"
|
|
||||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
|
||||||
"k8s.io/klog/v2"
|
|
||||||
endpointslicecontroller "k8s.io/kubernetes/pkg/controller/endpointslice"
|
endpointslicecontroller "k8s.io/kubernetes/pkg/controller/endpointslice"
|
||||||
endpointslicemirroringcontroller "k8s.io/kubernetes/pkg/controller/endpointslicemirroring"
|
endpointslicemirroringcontroller "k8s.io/kubernetes/pkg/controller/endpointslicemirroring"
|
||||||
"k8s.io/kubernetes/pkg/features"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func startEndpointSliceController(ctx ControllerContext) (http.Handler, bool, error) {
|
func startEndpointSliceController(ctx ControllerContext) (http.Handler, bool, error) {
|
||||||
if !utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) {
|
|
||||||
klog.V(2).Infof("Not starting endpointslice-controller since EndpointSlice feature gate is disabled")
|
|
||||||
return nil, false, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if !ctx.AvailableResources[discoveryv1.SchemeGroupVersion.WithResource("endpointslices")] {
|
|
||||||
klog.Warningf("Not starting endpointslice-controller since discovery.k8s.io/v1 resources are not available")
|
|
||||||
return nil, false, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
go endpointslicecontroller.NewController(
|
go endpointslicecontroller.NewController(
|
||||||
ctx.InformerFactory.Core().V1().Pods(),
|
ctx.InformerFactory.Core().V1().Pods(),
|
||||||
ctx.InformerFactory.Core().V1().Services(),
|
ctx.InformerFactory.Core().V1().Services(),
|
||||||
@ -55,16 +41,6 @@ func startEndpointSliceController(ctx ControllerContext) (http.Handler, bool, er
|
|||||||
}
|
}
|
||||||
|
|
||||||
func startEndpointSliceMirroringController(ctx ControllerContext) (http.Handler, bool, error) {
|
func startEndpointSliceMirroringController(ctx ControllerContext) (http.Handler, bool, error) {
|
||||||
if !utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) {
|
|
||||||
klog.V(2).Infof("Not starting endpointslicemirroring-controller since EndpointSlice feature gate is disabled")
|
|
||||||
return nil, false, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if !ctx.AvailableResources[discoveryv1.SchemeGroupVersion.WithResource("endpointslices")] {
|
|
||||||
klog.Warningf("Not starting endpointslicemirroring-controller since discovery.k8s.io/v1 resources are not available")
|
|
||||||
return nil, false, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
go endpointslicemirroringcontroller.NewController(
|
go endpointslicemirroringcontroller.NewController(
|
||||||
ctx.InformerFactory.Core().V1().Endpoints(),
|
ctx.InformerFactory.Core().V1().Endpoints(),
|
||||||
ctx.InformerFactory.Discovery().V1().EndpointSlices(),
|
ctx.InformerFactory.Discovery().V1().EndpointSlices(),
|
||||||
|
|||||||
@ -91,7 +91,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust"
|
"k8s.io/kubernetes/pkg/controlplane/controller/clusterauthenticationtrust"
|
||||||
"k8s.io/kubernetes/pkg/controlplane/reconcilers"
|
"k8s.io/kubernetes/pkg/controlplane/reconcilers"
|
||||||
"k8s.io/kubernetes/pkg/controlplane/tunneler"
|
"k8s.io/kubernetes/pkg/controlplane/tunneler"
|
||||||
"k8s.io/kubernetes/pkg/features"
|
|
||||||
kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
|
kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
|
||||||
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
|
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
|
||||||
"k8s.io/kubernetes/pkg/routes"
|
"k8s.io/kubernetes/pkg/routes"
|
||||||
@ -250,10 +249,7 @@ type Instance struct {
|
|||||||
|
|
||||||
func (c *Config) createMasterCountReconciler() reconcilers.EndpointReconciler {
|
func (c *Config) createMasterCountReconciler() reconcilers.EndpointReconciler {
|
||||||
endpointClient := corev1client.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
endpointClient := corev1client.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
||||||
var endpointSliceClient discoveryclient.EndpointSlicesGetter
|
endpointSliceClient := discoveryclient.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) {
|
|
||||||
endpointSliceClient = discoveryclient.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
|
||||||
}
|
|
||||||
endpointsAdapter := reconcilers.NewEndpointsAdapter(endpointClient, endpointSliceClient)
|
endpointsAdapter := reconcilers.NewEndpointsAdapter(endpointClient, endpointSliceClient)
|
||||||
|
|
||||||
return reconcilers.NewMasterCountEndpointReconciler(c.ExtraConfig.MasterCount, endpointsAdapter)
|
return reconcilers.NewMasterCountEndpointReconciler(c.ExtraConfig.MasterCount, endpointsAdapter)
|
||||||
@ -265,10 +261,7 @@ func (c *Config) createNoneReconciler() reconcilers.EndpointReconciler {
|
|||||||
|
|
||||||
func (c *Config) createLeaseReconciler() reconcilers.EndpointReconciler {
|
func (c *Config) createLeaseReconciler() reconcilers.EndpointReconciler {
|
||||||
endpointClient := corev1client.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
endpointClient := corev1client.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
||||||
var endpointSliceClient discoveryclient.EndpointSlicesGetter
|
endpointSliceClient := discoveryclient.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) {
|
|
||||||
endpointSliceClient = discoveryclient.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig)
|
|
||||||
}
|
|
||||||
endpointsAdapter := reconcilers.NewEndpointsAdapter(endpointClient, endpointSliceClient)
|
endpointsAdapter := reconcilers.NewEndpointsAdapter(endpointClient, endpointSliceClient)
|
||||||
|
|
||||||
ttl := c.ExtraConfig.MasterEndpointReconcileTTL
|
ttl := c.ExtraConfig.MasterEndpointReconcileTTL
|
||||||
|
|||||||
@ -777,7 +777,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
|
|||||||
NonPreemptingPriority: {Default: true, PreRelease: featuregate.Beta},
|
NonPreemptingPriority: {Default: true, PreRelease: featuregate.Beta},
|
||||||
PodOverhead: {Default: true, PreRelease: featuregate.Beta},
|
PodOverhead: {Default: true, PreRelease: featuregate.Beta},
|
||||||
IPv6DualStack: {Default: true, PreRelease: featuregate.Beta},
|
IPv6DualStack: {Default: true, PreRelease: featuregate.Beta},
|
||||||
EndpointSlice: {Default: true, PreRelease: featuregate.Beta},
|
EndpointSlice: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.25
|
||||||
EndpointSliceProxying: {Default: true, PreRelease: featuregate.Beta},
|
EndpointSliceProxying: {Default: true, PreRelease: featuregate.Beta},
|
||||||
EndpointSliceTerminatingCondition: {Default: false, PreRelease: featuregate.Alpha},
|
EndpointSliceTerminatingCondition: {Default: false, PreRelease: featuregate.Alpha},
|
||||||
EndpointSliceNodeName: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, //remove in 1.25
|
EndpointSliceNodeName: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, //remove in 1.25
|
||||||
|
|||||||
@ -76,14 +76,6 @@ func Validate(config *kubeproxyconfig.KubeProxyConfiguration) field.ErrorList {
|
|||||||
allErrs = append(allErrs, validateHostPort(config.MetricsBindAddress, newPath.Child("MetricsBindAddress"))...)
|
allErrs = append(allErrs, validateHostPort(config.MetricsBindAddress, newPath.Child("MetricsBindAddress"))...)
|
||||||
|
|
||||||
dualStackEnabled := effectiveFeatures.Enabled(kubefeatures.IPv6DualStack)
|
dualStackEnabled := effectiveFeatures.Enabled(kubefeatures.IPv6DualStack)
|
||||||
endpointSliceEnabled := effectiveFeatures.Enabled(kubefeatures.EndpointSlice)
|
|
||||||
|
|
||||||
// dual stack has strong dependency on endpoint slice since
|
|
||||||
// endpoint slice controller is the only capabable of producing
|
|
||||||
// slices for *all* clusterIPs
|
|
||||||
if dualStackEnabled && !endpointSliceEnabled {
|
|
||||||
allErrs = append(allErrs, field.Invalid(newPath.Child("FeatureGates"), config.FeatureGates, "EndpointSlice feature flag must be turned on when turning on DualStack"))
|
|
||||||
}
|
|
||||||
|
|
||||||
if config.ClusterCIDR != "" {
|
if config.ClusterCIDR != "" {
|
||||||
cidrs := strings.Split(config.ClusterCIDR, ",")
|
cidrs := strings.Split(config.ClusterCIDR, ",")
|
||||||
|
|||||||
@ -122,7 +122,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
|
|||||||
BindAddress: "10.10.12.11",
|
BindAddress: "10.10.12.11",
|
||||||
HealthzBindAddress: "0.0.0.0:12345",
|
HealthzBindAddress: "0.0.0.0:12345",
|
||||||
MetricsBindAddress: "127.0.0.1:10249",
|
MetricsBindAddress: "127.0.0.1:10249",
|
||||||
FeatureGates: map[string]bool{"IPv6DualStack": true, "EndpointSlice": true},
|
FeatureGates: map[string]bool{"IPv6DualStack": true},
|
||||||
ClusterCIDR: "192.168.59.0/24",
|
ClusterCIDR: "192.168.59.0/24",
|
||||||
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
||||||
@ -285,7 +285,7 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
|
|||||||
HealthzBindAddress: "0.0.0.0:12345",
|
HealthzBindAddress: "0.0.0.0:12345",
|
||||||
MetricsBindAddress: "127.0.0.1:10249",
|
MetricsBindAddress: "127.0.0.1:10249",
|
||||||
// DualStack ClusterCIDR without feature flag enabled
|
// DualStack ClusterCIDR without feature flag enabled
|
||||||
FeatureGates: map[string]bool{"IPv6DualStack": false, "EndpointSlice": false},
|
FeatureGates: map[string]bool{"IPv6DualStack": false},
|
||||||
ClusterCIDR: "192.168.59.0/24,fd00:192:168::/64",
|
ClusterCIDR: "192.168.59.0/24,fd00:192:168::/64",
|
||||||
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
||||||
@ -303,36 +303,12 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
expectedErrs: field.ErrorList{field.Invalid(newPath.Child("ClusterCIDR"), "192.168.59.0/24,fd00:192:168::/64", "only one CIDR allowed (e.g. 10.100.0.0/16 or fde4:8dba:82e1::/48)")},
|
expectedErrs: field.ErrorList{field.Invalid(newPath.Child("ClusterCIDR"), "192.168.59.0/24,fd00:192:168::/64", "only one CIDR allowed (e.g. 10.100.0.0/16 or fde4:8dba:82e1::/48)")},
|
||||||
},
|
},
|
||||||
"DualStack feature-enabled but EndpointSlice feature disabled": {
|
|
||||||
config: kubeproxyconfig.KubeProxyConfiguration{
|
|
||||||
BindAddress: "10.10.12.11",
|
|
||||||
HealthzBindAddress: "0.0.0.0:12345",
|
|
||||||
MetricsBindAddress: "127.0.0.1:10249",
|
|
||||||
// DualStack ClusterCIDR with feature flag enabled but EndpointSlice is not enabled
|
|
||||||
FeatureGates: map[string]bool{"IPv6DualStack": true, "EndpointSlice": false},
|
|
||||||
ClusterCIDR: "192.168.59.0/24,fd00:192:168::/64",
|
|
||||||
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
|
||||||
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
|
||||||
IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
|
|
||||||
MasqueradeAll: true,
|
|
||||||
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
|
|
||||||
},
|
|
||||||
Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
|
|
||||||
MaxPerCore: pointer.Int32Ptr(1),
|
|
||||||
Min: pointer.Int32Ptr(1),
|
|
||||||
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
expectedErrs: field.ErrorList{field.Invalid(newPath.Child("FeatureGates"), map[string]bool{"EndpointSlice": false, "IPv6DualStack": true}, "EndpointSlice feature flag must be turned on when turning on DualStack")},
|
|
||||||
},
|
|
||||||
"Invalid number of ClusterCIDRs": {
|
"Invalid number of ClusterCIDRs": {
|
||||||
config: kubeproxyconfig.KubeProxyConfiguration{
|
config: kubeproxyconfig.KubeProxyConfiguration{
|
||||||
BindAddress: "10.10.12.11",
|
BindAddress: "10.10.12.11",
|
||||||
HealthzBindAddress: "0.0.0.0:12345",
|
HealthzBindAddress: "0.0.0.0:12345",
|
||||||
MetricsBindAddress: "127.0.0.1:10249",
|
MetricsBindAddress: "127.0.0.1:10249",
|
||||||
FeatureGates: map[string]bool{"IPv6DualStack": true, "EndpointSlice": true},
|
FeatureGates: map[string]bool{"IPv6DualStack": true},
|
||||||
ClusterCIDR: "192.168.59.0/24,fd00:192:168::/64,10.0.0.0/16",
|
ClusterCIDR: "192.168.59.0/24,fd00:192:168::/64,10.0.0.0/16",
|
||||||
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
|||||||
@ -149,7 +149,6 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
|
|||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) {
|
|
||||||
addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{
|
addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "endpointslice-controller"},
|
ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "endpointslice-controller"},
|
||||||
Rules: []rbacv1.PolicyRule{
|
Rules: []rbacv1.PolicyRule{
|
||||||
@ -177,7 +176,6 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
|
|||||||
eventsRule(),
|
eventsRule(),
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
|
||||||
|
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.ExpandPersistentVolumes) {
|
if utilfeature.DefaultFeatureGate.Enabled(features.ExpandPersistentVolumes) {
|
||||||
addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{
|
addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{
|
||||||
|
|||||||
@ -512,9 +512,7 @@ func ClusterRoles() []rbacv1.ClusterRole {
|
|||||||
|
|
||||||
eventsRule(),
|
eventsRule(),
|
||||||
}
|
}
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) {
|
|
||||||
nodeProxierRules = append(nodeProxierRules, rbacv1helpers.NewRule("list", "watch").Groups(discoveryGroup).Resources("endpointslices").RuleOrDie())
|
nodeProxierRules = append(nodeProxierRules, rbacv1helpers.NewRule("list", "watch").Groups(discoveryGroup).Resources("endpointslices").RuleOrDie())
|
||||||
}
|
|
||||||
roles = append(roles, rbacv1.ClusterRole{
|
roles = append(roles, rbacv1.ClusterRole{
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: "system:node-proxier"},
|
ObjectMeta: metav1.ObjectMeta{Name: "system:node-proxier"},
|
||||||
Rules: nodeProxierRules,
|
Rules: nodeProxierRules,
|
||||||
|
|||||||
@ -23,7 +23,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
discovery "k8s.io/api/discovery/v1beta1"
|
discovery "k8s.io/api/discovery/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/util/wait"
|
"k8s.io/apimachinery/pkg/util/wait"
|
||||||
"k8s.io/client-go/informers"
|
"k8s.io/client-go/informers"
|
||||||
@ -60,14 +60,14 @@ func TestEndpointSliceMirroring(t *testing.T) {
|
|||||||
informers.Core().V1().Pods(),
|
informers.Core().V1().Pods(),
|
||||||
informers.Core().V1().Services(),
|
informers.Core().V1().Services(),
|
||||||
informers.Core().V1().Nodes(),
|
informers.Core().V1().Nodes(),
|
||||||
informers.Discovery().V1beta1().EndpointSlices(),
|
informers.Discovery().V1().EndpointSlices(),
|
||||||
int32(100),
|
int32(100),
|
||||||
client,
|
client,
|
||||||
1*time.Second)
|
1*time.Second)
|
||||||
|
|
||||||
epsmController := endpointslicemirroring.NewController(
|
epsmController := endpointslicemirroring.NewController(
|
||||||
informers.Core().V1().Endpoints(),
|
informers.Core().V1().Endpoints(),
|
||||||
informers.Discovery().V1beta1().EndpointSlices(),
|
informers.Discovery().V1().EndpointSlices(),
|
||||||
informers.Core().V1().Services(),
|
informers.Core().V1().Services(),
|
||||||
int32(100),
|
int32(100),
|
||||||
client,
|
client,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user