From 1c2d446648662529282a3bb1528a6dbb50700fdb Mon Sep 17 00:00:00 2001 From: Haowei Cai Date: Sun, 8 Nov 2020 19:06:30 -0800 Subject: [PATCH] require APIServerIdentity to be enabled to run StorageVersionAPI without APIServerIdentity enabled, stale apiserver leases won't be GC'ed and the same for stale storage version entries. In that case the storage migrator won't operate correctly without manual intervention. --- cmd/kube-apiserver/app/aggregator.go | 3 ++- staging/src/k8s.io/apiserver/pkg/endpoints/installer.go | 1 + staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go | 3 ++- staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go | 3 ++- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/cmd/kube-apiserver/app/aggregator.go b/cmd/kube-apiserver/app/aggregator.go index 5e72a59f78a..c539cf235a4 100644 --- a/cmd/kube-apiserver/app/aggregator.go +++ b/cmd/kube-apiserver/app/aggregator.go @@ -68,7 +68,8 @@ func createAggregatorConfig( genericConfig.PostStartHooks = map[string]genericapiserver.PostStartHookConfigEntry{} genericConfig.RESTOptionsGetter = nil - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StorageVersionAPI) { + if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StorageVersionAPI) && + utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerIdentity) { // Add StorageVersionPrecondition handler to aggregator-apiserver. // The handler will block write requests to built-in resources until the // target resources' storage versions are up-to-date. diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/installer.go b/staging/src/k8s.io/apiserver/pkg/endpoints/installer.go index b49a090aa2f..6549771ced8 100644 --- a/staging/src/k8s.io/apiserver/pkg/endpoints/installer.go +++ b/staging/src/k8s.io/apiserver/pkg/endpoints/installer.go @@ -513,6 +513,7 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag var resourceInfo *storageversion.ResourceInfo if utilfeature.DefaultFeatureGate.Enabled(features.StorageVersionAPI) && + utilfeature.DefaultFeatureGate.Enabled(features.APIServerIdentity) && isStorageVersionProvider && storageVersionProvider.StorageVersion() != nil { diff --git a/staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go b/staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go index d0f42684421..d7d60b213de 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go +++ b/staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go @@ -443,7 +443,8 @@ func (s *GenericAPIServer) installAPIResources(apiPrefix string, apiGroupInfo *A resourceInfos = append(resourceInfos, r...) } - if utilfeature.DefaultFeatureGate.Enabled(features.StorageVersionAPI) { + if utilfeature.DefaultFeatureGate.Enabled(features.StorageVersionAPI) && + utilfeature.DefaultFeatureGate.Enabled(features.APIServerIdentity) { // API installation happens before we start listening on the handlers, // therefore it is safe to register ResourceInfos here. The handler will block // write requests until the storage versions of the targeting resources are updated. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go index 30d187ec45d..59baa74c37f 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go @@ -267,7 +267,8 @@ func (c completedConfig) NewWithDelegate(delegationTarget genericapiserver.Deleg return nil }) - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StorageVersionAPI) { + if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StorageVersionAPI) && + utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerIdentity) { // Spawn a goroutine in aggregator apiserver to update storage version for // all built-in resources s.GenericAPIServer.AddPostStartHookOrDie("built-in-resources-storage-version-updater", func(context genericapiserver.PostStartHookContext) error {