From 213ed03c00066d75bc1bfefde2c9d0d53ed15a48 Mon Sep 17 00:00:00 2001 From: SataQiu Date: Mon, 24 Jul 2023 22:46:14 +0800 Subject: [PATCH] remove deprecated kube-apiserver identity lease garbage collector --- pkg/controlplane/instance.go | 18 ------ .../controlplane/apiserver_identity_test.go | 60 ------------------- 2 files changed, 78 deletions(-) diff --git a/pkg/controlplane/instance.go b/pkg/controlplane/instance.go index 09ddccd9195..e3d491118c5 100644 --- a/pkg/controlplane/instance.go +++ b/pkg/controlplane/instance.go @@ -128,8 +128,6 @@ const ( IdentityLeaseComponentLabelKey = "apiserver.kubernetes.io/identity" // KubeAPIServer defines variable used internally when referring to kube-apiserver component KubeAPIServer = "kube-apiserver" - // DeprecatedKubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases - DeprecatedKubeAPIServerIdentityLeaseLabelSelector = "k8s.io/component=kube-apiserver" // KubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases KubeAPIServerIdentityLeaseLabelSelector = IdentityLeaseComponentLabelKey + "=" + KubeAPIServer // repairLoopInterval defines the interval used to run the Services ClusterIP and NodePort repair loops @@ -606,22 +604,6 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget) go controller.Run(ctx) return nil }) - // Labels for apiserver idenitiy leases switched from k8s.io/component=kube-apiserver to apiserver.kubernetes.io/identity=kube-apiserver. - // For compatibility, garbage collect leases with both labels for at least 1 release - // TODO: remove in Kubernetes 1.28 - m.GenericAPIServer.AddPostStartHookOrDie("start-deprecated-kube-apiserver-identity-lease-garbage-collector", func(hookContext genericapiserver.PostStartHookContext) error { - kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) - if err != nil { - return err - } - go apiserverleasegc.NewAPIServerLeaseGC( - kubeClient, - IdentityLeaseGCPeriod, - metav1.NamespaceSystem, - DeprecatedKubeAPIServerIdentityLeaseLabelSelector, - ).Run(hookContext.StopCh) - return nil - }) // TODO: move this into generic apiserver and make the lease identity value configurable m.GenericAPIServer.AddPostStartHookOrDie("start-kube-apiserver-identity-lease-garbage-collector", func(hookContext genericapiserver.PostStartHookContext) error { kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) diff --git a/test/integration/controlplane/apiserver_identity_test.go b/test/integration/controlplane/apiserver_identity_test.go index 8c3c32396d1..a49db488de8 100644 --- a/test/integration/controlplane/apiserver_identity_test.go +++ b/test/integration/controlplane/apiserver_identity_test.go @@ -154,48 +154,6 @@ func TestLeaseGarbageCollection(t *testing.T) { testLeaseNotGarbageCollected(t, kubeclient, expiredNonKubeSystemLease)) } -func TestLeaseGarbageCollectionWithDeprecatedLabels(t *testing.T) { - oldIdentityLeaseDurationSeconds := controlplane.IdentityLeaseDurationSeconds - oldIdentityLeaseGCPeriod := controlplane.IdentityLeaseGCPeriod - oldIdentityLeaseRenewIntervalPeriod := controlplane.IdentityLeaseRenewIntervalPeriod - defer func() { - // reset the default values for leases after this test - controlplane.IdentityLeaseDurationSeconds = oldIdentityLeaseDurationSeconds - controlplane.IdentityLeaseGCPeriod = oldIdentityLeaseGCPeriod - controlplane.IdentityLeaseRenewIntervalPeriod = oldIdentityLeaseRenewIntervalPeriod - }() - - // Shorten lease parameters so GC behavior can be exercised in integration tests - controlplane.IdentityLeaseDurationSeconds = 1 - controlplane.IdentityLeaseGCPeriod = time.Second - controlplane.IdentityLeaseRenewIntervalPeriod = time.Second - - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.APIServerIdentity, true)() - result := kubeapiservertesting.StartTestServerOrDie(t, nil, nil, framework.SharedEtcd()) - defer result.TearDownFn() - - kubeclient, err := kubernetes.NewForConfig(result.ClientConfig) - if err != nil { - t.Fatalf("Unexpected error: %v", err) - } - expiredLease := newTestLeaseWithDeprecatedLabels(time.Now().Add(-2*time.Hour), metav1.NamespaceSystem) - t.Run("expired apiserver lease should be garbage collected", - testLeaseGarbageCollected(t, kubeclient, expiredLease)) - - freshLease := newTestLeaseWithDeprecatedLabels(time.Now().Add(-2*time.Minute), metav1.NamespaceSystem) - t.Run("fresh apiserver lease should not be garbage collected", - testLeaseNotGarbageCollected(t, kubeclient, freshLease)) - - expiredLease.Labels = nil - t.Run("expired non-identity lease should not be garbage collected", - testLeaseNotGarbageCollected(t, kubeclient, expiredLease)) - - // identity leases (with k8s.io/component label) created in user namespaces should not be GC'ed - expiredNonKubeSystemLease := newTestLeaseWithDeprecatedLabels(time.Now().Add(-2*time.Hour), metav1.NamespaceDefault) - t.Run("expired non-system identity lease should not be garbage collected", - testLeaseNotGarbageCollected(t, kubeclient, expiredNonKubeSystemLease)) -} - func testLeaseGarbageCollected(t *testing.T, client kubernetes.Interface, lease *coordinationv1.Lease) func(t *testing.T) { return func(t *testing.T) { ns := lease.Namespace @@ -259,21 +217,3 @@ func newTestLease(acquireTime time.Time, namespace string) *coordinationv1.Lease }, } } - -func newTestLeaseWithDeprecatedLabels(acquireTime time.Time, namespace string) *coordinationv1.Lease { - return &coordinationv1.Lease{ - ObjectMeta: metav1.ObjectMeta{ - Name: testLeaseName, - Namespace: namespace, - Labels: map[string]string{ - "k8s.io/component": "kube-apiserver", - }, - }, - Spec: coordinationv1.LeaseSpec{ - HolderIdentity: pointer.StringPtr(testLeaseName), - LeaseDurationSeconds: pointer.Int32(3600), - AcquireTime: &metav1.MicroTime{Time: acquireTime}, - RenewTime: &metav1.MicroTime{Time: acquireTime}, - }, - } -}