From 24bab4c20fe670ee913e59710ddb1f0c811a3f17 Mon Sep 17 00:00:00 2001 From: Michael Taufen Date: Thu, 13 Jul 2017 16:15:05 -0700 Subject: [PATCH] move KubeletConfiguration out of componentconfig API group --- cmd/kubelet/BUILD | 2 +- cmd/kubelet/app/BUILD | 6 +- cmd/kubelet/app/auth.go | 12 +- cmd/kubelet/app/options/BUILD | 7 +- cmd/kubelet/app/options/options.go | 22 +- cmd/kubelet/app/server.go | 35 +- cmd/kubelet/app/server_test.go | 6 +- cmd/kubelet/kubelet.go | 4 +- hack/.golint_failures | 2 + pkg/apis/componentconfig/BUILD | 1 - pkg/apis/componentconfig/register.go | 1 - pkg/apis/componentconfig/types.go | 442 -------------- pkg/apis/componentconfig/v1alpha1/BUILD | 3 - pkg/apis/componentconfig/v1alpha1/defaults.go | 230 ------- pkg/apis/componentconfig/v1alpha1/register.go | 1 - pkg/apis/componentconfig/v1alpha1/types.go | 381 ------------ .../v1alpha1/zz_generated.conversion.go | 522 ---------------- .../v1alpha1/zz_generated.deepcopy.go | 488 --------------- .../v1alpha1/zz_generated.defaults.go | 5 - pkg/apis/componentconfig/validation/BUILD | 4 - .../componentconfig/validation/validation.go | 39 -- .../componentconfig/zz_generated.deepcopy.go | 236 -------- pkg/generated/openapi/BUILD | 1 + pkg/kubelet/BUILD | 6 +- pkg/kubelet/apis/BUILD | 1 + pkg/kubelet/apis/kubeletconfig/BUILD | 44 ++ pkg/kubelet/apis/kubeletconfig/OWNERS | 4 + pkg/kubelet/apis/kubeletconfig/doc.go | 19 + pkg/kubelet/apis/kubeletconfig/install/BUILD | 35 ++ .../apis/kubeletconfig/install/install.go | 49 ++ pkg/kubelet/apis/kubeletconfig/register.go | 51 ++ pkg/kubelet/apis/kubeletconfig/types.go | 463 +++++++++++++++ pkg/kubelet/apis/kubeletconfig/v1alpha1/BUILD | 48 ++ .../apis/kubeletconfig/v1alpha1/defaults.go | 279 +++++++++ .../apis/kubeletconfig/v1alpha1/doc.go | 22 + .../apis/kubeletconfig/v1alpha1/register.go | 50 ++ .../apis/kubeletconfig/v1alpha1/types.go | 420 +++++++++++++ .../v1alpha1/zz_generated.conversion.go | 562 ++++++++++++++++++ .../v1alpha1/zz_generated.deepcopy.go | 528 ++++++++++++++++ .../v1alpha1/zz_generated.defaults.go | 37 ++ .../apis/kubeletconfig/validation/BUILD | 31 + .../kubeletconfig/validation/validation.go | 56 ++ .../kubeletconfig/zz_generated.deepcopy.go | 276 +++++++++ pkg/kubelet/certificate/BUILD | 2 +- pkg/kubelet/certificate/kubelet.go | 4 +- pkg/kubelet/cm/BUILD | 4 +- pkg/kubelet/cm/cgroup_manager_test.go | 4 +- pkg/kubelet/cm/container_manager.go | 4 +- pkg/kubelet/dockershim/BUILD | 2 +- pkg/kubelet/dockershim/docker_service.go | 4 +- pkg/kubelet/kubelet.go | 26 +- pkg/kubelet/kubelet_network.go | 16 +- pkg/kubelet/kubelet_test.go | 4 +- pkg/kubelet/kubeletconfig/BUILD | 4 +- pkg/kubelet/kubeletconfig/checkpoint/BUILD | 6 +- .../kubeletconfig/checkpoint/checkpoint.go | 4 +- .../kubeletconfig/checkpoint/configmap.go | 4 +- .../checkpoint/configmap_test.go | 18 +- pkg/kubelet/kubeletconfig/configfiles/BUILD | 2 +- .../kubeletconfig/configfiles/configfiles.go | 6 +- pkg/kubelet/kubeletconfig/controller.go | 14 +- pkg/kubelet/kubeletconfig/rollback.go | 8 +- pkg/kubelet/kubeletconfig/startups/BUILD | 2 +- .../kubeletconfig/startups/startups.go | 2 +- pkg/kubelet/kubeletconfig/util/codec/BUILD | 6 +- pkg/kubelet/kubeletconfig/util/codec/codec.go | 22 +- pkg/kubelet/network/BUILD | 2 +- pkg/kubelet/network/cni/BUILD | 4 +- pkg/kubelet/network/cni/cni.go | 4 +- pkg/kubelet/network/cni/cni_test.go | 4 +- pkg/kubelet/network/kubenet/BUILD | 4 +- pkg/kubelet/network/kubenet/kubenet_linux.go | 10 +- .../network/kubenet/kubenet_linux_test.go | 4 +- .../network/kubenet/kubenet_unsupported.go | 4 +- pkg/kubelet/network/plugins.go | 8 +- pkg/kubelet/network/testing/BUILD | 4 +- .../network/testing/mock_network_plugin.go | 4 +- pkg/kubelet/network/testing/plugins_test.go | 6 +- pkg/kubelet/runonce_test.go | 4 +- pkg/kubemark/BUILD | 4 +- pkg/kubemark/hollow_kubelet.go | 12 +- test/e2e/framework/BUILD | 2 +- test/e2e/framework/test_context.go | 4 +- test/e2e_node/BUILD | 6 +- test/e2e_node/allocatable_eviction_test.go | 6 +- test/e2e_node/critical_pod_test.go | 4 +- test/e2e_node/gpus.go | 6 +- test/e2e_node/inode_eviction_test.go | 4 +- ...local_storage_allocatable_eviction_test.go | 6 +- .../local_storage_isolation_eviction_test.go | 4 +- test/e2e_node/memory_eviction_test.go | 4 +- test/e2e_node/node_container_manager_test.go | 12 +- test/e2e_node/util.go | 32 +- .../etcd/etcd_storage_path_test.go | 5 +- 94 files changed, 3201 insertions(+), 2571 deletions(-) create mode 100644 pkg/kubelet/apis/kubeletconfig/BUILD create mode 100644 pkg/kubelet/apis/kubeletconfig/OWNERS create mode 100644 pkg/kubelet/apis/kubeletconfig/doc.go create mode 100644 pkg/kubelet/apis/kubeletconfig/install/BUILD create mode 100644 pkg/kubelet/apis/kubeletconfig/install/install.go create mode 100644 pkg/kubelet/apis/kubeletconfig/register.go create mode 100644 pkg/kubelet/apis/kubeletconfig/types.go create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/BUILD create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/defaults.go create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/doc.go create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/register.go create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/types.go create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.conversion.go create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.deepcopy.go create mode 100644 pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.defaults.go create mode 100644 pkg/kubelet/apis/kubeletconfig/validation/BUILD create mode 100644 pkg/kubelet/apis/kubeletconfig/validation/validation.go create mode 100644 pkg/kubelet/apis/kubeletconfig/zz_generated.deepcopy.go diff --git a/cmd/kubelet/BUILD b/cmd/kubelet/BUILD index c3b673cace8..06f11afb87f 100644 --- a/cmd/kubelet/BUILD +++ b/cmd/kubelet/BUILD @@ -19,9 +19,9 @@ go_library( deps = [ "//cmd/kubelet/app:go_default_library", "//cmd/kubelet/app/options:go_default_library", - "//pkg/apis/componentconfig:go_default_library", "//pkg/client/metrics/prometheus:go_default_library", "//pkg/features:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/kubeletconfig:go_default_library", "//pkg/version/prometheus:go_default_library", "//pkg/version/verflag:go_default_library", diff --git a/cmd/kubelet/app/BUILD b/cmd/kubelet/app/BUILD index 2dd32666b89..71dd2850fe7 100644 --- a/cmd/kubelet/app/BUILD +++ b/cmd/kubelet/app/BUILD @@ -10,7 +10,7 @@ go_test( name = "go_default_test", srcs = ["server_test.go"], library = ":go_default_library", - deps = ["//pkg/apis/componentconfig:go_default_library"], + deps = ["//pkg/kubelet/apis/kubeletconfig:go_default_library"], ) go_library( @@ -29,8 +29,6 @@ go_library( deps = [ "//cmd/kubelet/app/options:go_default_library", "//pkg/api:go_default_library", - "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/v1alpha1:go_default_library", "//pkg/capabilities:go_default_library", "//pkg/client/chaosclient:go_default_library", "//pkg/cloudprovider:go_default_library", @@ -42,6 +40,8 @@ go_library( "//pkg/credentialprovider/rancher:go_default_library", "//pkg/features:go_default_library", "//pkg/kubelet:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", "//pkg/kubelet/cadvisor:go_default_library", "//pkg/kubelet/certificate:go_default_library", "//pkg/kubelet/certificate/bootstrap:go_default_library", diff --git a/cmd/kubelet/app/auth.go b/cmd/kubelet/app/auth.go index ab0a47ec034..6d70f810b59 100644 --- a/cmd/kubelet/app/auth.go +++ b/cmd/kubelet/app/auth.go @@ -30,12 +30,12 @@ import ( authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1beta1" authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1beta1" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/pkg/kubelet/server" ) // BuildAuth creates an authenticator, an authorizer, and a matching authorizer attributes getter compatible with the kubelet's needs -func BuildAuth(nodeName types.NodeName, client clientset.Interface, config componentconfig.KubeletConfiguration) (server.AuthInterface, error) { +func BuildAuth(nodeName types.NodeName, client clientset.Interface, config kubeletconfig.KubeletConfiguration) (server.AuthInterface, error) { // Get clients, if provided var ( tokenClient authenticationclient.TokenReviewInterface @@ -62,7 +62,7 @@ func BuildAuth(nodeName types.NodeName, client clientset.Interface, config compo } // BuildAuthn creates an authenticator compatible with the kubelet's needs -func BuildAuthn(client authenticationclient.TokenReviewInterface, authn componentconfig.KubeletAuthentication) (authenticator.Request, error) { +func BuildAuthn(client authenticationclient.TokenReviewInterface, authn kubeletconfig.KubeletAuthentication) (authenticator.Request, error) { authenticatorConfig := authenticatorfactory.DelegatingAuthenticatorConfig{ Anonymous: authn.Anonymous.Enabled, CacheTTL: authn.Webhook.CacheTTL.Duration, @@ -81,12 +81,12 @@ func BuildAuthn(client authenticationclient.TokenReviewInterface, authn componen } // BuildAuthz creates an authorizer compatible with the kubelet's needs -func BuildAuthz(client authorizationclient.SubjectAccessReviewInterface, authz componentconfig.KubeletAuthorization) (authorizer.Authorizer, error) { +func BuildAuthz(client authorizationclient.SubjectAccessReviewInterface, authz kubeletconfig.KubeletAuthorization) (authorizer.Authorizer, error) { switch authz.Mode { - case componentconfig.KubeletAuthorizationModeAlwaysAllow: + case kubeletconfig.KubeletAuthorizationModeAlwaysAllow: return authorizerfactory.NewAlwaysAllowAuthorizer(), nil - case componentconfig.KubeletAuthorizationModeWebhook: + case kubeletconfig.KubeletAuthorizationModeWebhook: if client == nil { return nil, errors.New("no client provided, cannot use webhook authorization") } diff --git a/cmd/kubelet/app/options/BUILD b/cmd/kubelet/app/options/BUILD index 11c4da90b0a..2cb6e59bdb6 100644 --- a/cmd/kubelet/app/options/BUILD +++ b/cmd/kubelet/app/options/BUILD @@ -14,10 +14,11 @@ go_library( deps = [ "//pkg/api:go_default_library", "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/install:go_default_library", - "//pkg/apis/componentconfig/v1alpha1:go_default_library", - "//pkg/apis/componentconfig/validation:go_default_library", "//pkg/features:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/install:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/validation:go_default_library", "//pkg/util/taints:go_default_library", "//vendor/github.com/spf13/pflag:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go index f5e428a5296..118d9c620a5 100644 --- a/cmd/kubelet/app/options/options.go +++ b/cmd/kubelet/app/options/options.go @@ -27,10 +27,12 @@ import ( utilflag "k8s.io/apiserver/pkg/util/flag" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/componentconfig" - _ "k8s.io/kubernetes/pkg/apis/componentconfig/install" // Need to make sure the componentconfig api is installed so defaulting funcs work - "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" - componentconfigvalidation "k8s.io/kubernetes/pkg/apis/componentconfig/validation" "k8s.io/kubernetes/pkg/features" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + kubeletconfigvalidation "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/validation" + // Need to make sure the kubeletconfig api is installed so defaulting funcs work + _ "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/install" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" utiltaints "k8s.io/kubernetes/pkg/util/taints" "github.com/spf13/pflag" @@ -139,10 +141,10 @@ func ValidateKubeletFlags(f *KubeletFlags) error { } // NewKubeletConfiguration will create a new KubeletConfiguration with default values -func NewKubeletConfiguration() (*componentconfig.KubeletConfiguration, error) { +func NewKubeletConfiguration() (*kubeletconfig.KubeletConfiguration, error) { versioned := &v1alpha1.KubeletConfiguration{} api.Scheme.Default(versioned) - config := &componentconfig.KubeletConfiguration{} + config := &kubeletconfig.KubeletConfiguration{} if err := api.Scheme.Convert(versioned, config, nil); err != nil { return nil, err } @@ -153,7 +155,7 @@ func NewKubeletConfiguration() (*componentconfig.KubeletConfiguration, error) { // a kubelet. These can either be set via command line or directly. type KubeletServer struct { KubeletFlags - componentconfig.KubeletConfiguration + kubeletconfig.KubeletConfiguration } // NewKubeletServer will create a new KubeletServer with default values. @@ -170,8 +172,8 @@ func NewKubeletServer() (*KubeletServer, error) { // validateKubeletServer validates configuration of KubeletServer and returns an error if the input configuration is invalid func ValidateKubeletServer(s *KubeletServer) error { - // please add any KubeletConfiguration validation to the componentconfigvalidation.ValidateKubeletConfiguration function - if err := componentconfigvalidation.ValidateKubeletConfiguration(&s.KubeletConfiguration); err != nil { + // please add any KubeletConfiguration validation to the kubeletconfigvalidation.ValidateKubeletConfiguration function + if err := kubeletconfigvalidation.ValidateKubeletConfiguration(&s.KubeletConfiguration); err != nil { return err } if err := ValidateKubeletFlags(&s.KubeletFlags); err != nil { @@ -225,8 +227,8 @@ func (f *KubeletFlags) AddFlags(fs *pflag.FlagSet) { fs.Var(&f.InitConfigDir, "init-config-dir", "The Kubelet will look in this directory for the init configuration. The path may be absolute or relative; relative paths start at the Kubelet's current working directory. Omit this argument to use the built-in default configuration values. Presently, you must also enable the DynamicKubeletConfig feature gate to pass this flag.") } -// AddKubeletConfigFlags adds flags for a specific componentconfig.KubeletConfiguration to the specified FlagSet -func AddKubeletConfigFlags(fs *pflag.FlagSet, c *componentconfig.KubeletConfiguration) { +// AddKubeletConfigFlags adds flags for a specific kubeletconfig.KubeletConfiguration to the specified FlagSet +func AddKubeletConfigFlags(fs *pflag.FlagSet, c *kubeletconfig.KubeletConfiguration) { fs.BoolVar(&c.FailSwapOn, "fail-swap-on", true, "Makes the Kubelet fail to start if swap is enabled on the node. ") fs.BoolVar(&c.FailSwapOn, "experimental-fail-swap-on", true, "DEPRECATED: please use --fail-swap-on instead.") fs.MarkDeprecated("experimental-fail-swap-on", "This flag is deprecated and will be removed in future releases. please use --fail-swap-on instead.") diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index e5d17e23c6c..69a2a5d8c1f 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -53,14 +53,14 @@ import ( certutil "k8s.io/client-go/util/cert" "k8s.io/kubernetes/cmd/kubelet/app/options" "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/componentconfig" - componentconfigv1alpha1 "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" "k8s.io/kubernetes/pkg/capabilities" "k8s.io/kubernetes/pkg/client/chaosclient" "k8s.io/kubernetes/pkg/cloudprovider" "k8s.io/kubernetes/pkg/credentialprovider" "k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/kubelet" + kubeletconfiginternal "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + kubeletconfigv1alpha1 "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" "k8s.io/kubernetes/pkg/kubelet/cadvisor" "k8s.io/kubernetes/pkg/kubelet/certificate" "k8s.io/kubernetes/pkg/kubelet/certificate/bootstrap" @@ -188,14 +188,14 @@ func checkPermissions() error { return nil } -func setConfigz(cz *configz.Config, kc *componentconfig.KubeletConfiguration) { - tmp := componentconfigv1alpha1.KubeletConfiguration{} +func setConfigz(cz *configz.Config, kc *kubeletconfiginternal.KubeletConfiguration) { + tmp := kubeletconfigv1alpha1.KubeletConfiguration{} api.Scheme.Convert(kc, &tmp, nil) cz.Set(tmp) } -func initConfigz(kc *componentconfig.KubeletConfiguration) (*configz.Config, error) { - cz, err := configz.New("componentconfig") +func initConfigz(kc *kubeletconfiginternal.KubeletConfiguration) (*configz.Config, error) { + cz, err := configz.New("kubeletconfig") if err == nil { setConfigz(cz, kc) } else { @@ -205,7 +205,7 @@ func initConfigz(kc *componentconfig.KubeletConfiguration) (*configz.Config, err } // makeEventRecorder sets up kubeDeps.Recorder if its nil. Its a no-op otherwise. -func makeEventRecorder(s *componentconfig.KubeletConfiguration, kubeDeps *kubelet.Dependencies, nodeName types.NodeName) { +func makeEventRecorder(s *kubeletconfiginternal.KubeletConfiguration, kubeDeps *kubelet.Dependencies, nodeName types.NodeName) { if kubeDeps.Recorder != nil { return } @@ -273,7 +273,7 @@ func run(s *options.KubeletServer, kubeDeps *kubelet.Dependencies) (err error) { } if kubeDeps.Cloud == nil { - if !cloudprovider.IsExternal(s.CloudProvider) && s.CloudProvider != componentconfigv1alpha1.AutoDetectCloudProvider { + if !cloudprovider.IsExternal(s.CloudProvider) && s.CloudProvider != kubeletconfigv1alpha1.AutoDetectCloudProvider { cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile) if err != nil { return err @@ -501,7 +501,7 @@ func getNodeName(cloud cloudprovider.Interface, hostname string) (types.NodeName // InitializeTLS checks for a configured TLSCertFile and TLSPrivateKeyFile: if unspecified a new self-signed // certificate and key file are generated. Returns a configured server.TLSOptions object. -func InitializeTLS(kf *options.KubeletFlags, kc *componentconfig.KubeletConfiguration) (*server.TLSOptions, error) { +func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletConfiguration) (*server.TLSOptions, error) { if !utilfeature.DefaultFeatureGate.Enabled(features.RotateKubeletServerCertificate) && kc.TLSCertFile == "" && kc.TLSPrivateKeyFile == "" { kc.TLSCertFile = path.Join(kf.CertDirectory, "kubelet.crt") kc.TLSPrivateKeyFile = path.Join(kf.CertDirectory, "kubelet.key") @@ -608,7 +608,7 @@ func addChaosToClientConfig(s *options.KubeletServer, config *restclient.Config) // 2 Kubelet binary // 3 Standalone 'kubernetes' binary // Eventually, #2 will be replaced with instances of #3 -func RunKubelet(kubeFlags *options.KubeletFlags, kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *kubelet.Dependencies, runOnce bool) error { +func RunKubelet(kubeFlags *options.KubeletFlags, kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *kubelet.Dependencies, runOnce bool) error { hostname := nodeutil.GetHostname(kubeFlags.HostnameOverride) // Query the cloud provider for our node name, default to hostname if kcfg.Cloud == nil nodeName, err := getNodeName(kubeDeps.Cloud, hostname) @@ -619,7 +619,7 @@ func RunKubelet(kubeFlags *options.KubeletFlags, kubeCfg *componentconfig.Kubele makeEventRecorder(kubeCfg, kubeDeps, nodeName) // TODO(mtaufen): I moved the validation of these fields here, from UnsecuredKubeletConfig, - // so that I could remove the associated fields from KubeletConfig. I would + // so that I could remove the associated fields from KubeletConfiginternal. I would // prefer this to be done as part of an independent validation step on the // KubeletConfiguration. But as far as I can tell, we don't have an explicit // place for validation of the KubeletConfiguration yet. @@ -683,7 +683,7 @@ func RunKubelet(kubeFlags *options.KubeletFlags, kubeCfg *componentconfig.Kubele return nil } -func startKubelet(k kubelet.Bootstrap, podCfg *config.PodConfig, kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *kubelet.Dependencies) { +func startKubelet(k kubelet.Bootstrap, podCfg *config.PodConfig, kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *kubelet.Dependencies) { // start the kubelet go wait.Until(func() { k.Run(podCfg.Updates()) }, 0, wait.NeverStop) @@ -700,7 +700,7 @@ func startKubelet(k kubelet.Bootstrap, podCfg *config.PodConfig, kubeCfg *compon } } -func CreateAndInitKubelet(kubeCfg *componentconfig.KubeletConfiguration, +func CreateAndInitKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *kubelet.Dependencies, crOptions *options.ContainerRuntimeOptions, hostnameOverride, @@ -709,7 +709,6 @@ func CreateAndInitKubelet(kubeCfg *componentconfig.KubeletConfiguration, cloudProvider, certDirectory, rootDirectory string) (k kubelet.Bootstrap, err error) { - // TODO: block until all sources have delivered at least one update to the channel, or break the sync loop // up into "per source" synchronizations @@ -727,7 +726,7 @@ func CreateAndInitKubelet(kubeCfg *componentconfig.KubeletConfiguration, // parseResourceList parses the given configuration map into an API // ResourceList or returns an error. -func parseResourceList(m componentconfig.ConfigurationMap) (v1.ResourceList, error) { +func parseResourceList(m kubeletconfiginternal.ConfigurationMap) (v1.ResourceList, error) { if len(m) == 0 { return nil, nil } @@ -758,7 +757,7 @@ func parseResourceList(m componentconfig.ConfigurationMap) (v1.ResourceList, err // BootstrapKubeletConfigController constructs and bootstrap a configuration controller func BootstrapKubeletConfigController(flags *options.KubeletFlags, - defaultConfig *componentconfig.KubeletConfiguration) (*componentconfig.KubeletConfiguration, *kubeletconfig.Controller, error) { + defaultConfig *kubeletconfiginternal.KubeletConfiguration) (*kubeletconfiginternal.KubeletConfiguration, *kubeletconfig.Controller, error) { var err error // Alpha Dynamic Configuration Implementation; this section only loads config from disk, it does not contact the API server // compute absolute paths based on current working dir @@ -788,7 +787,7 @@ func BootstrapKubeletConfigController(flags *options.KubeletFlags, // RunDockershim only starts the dockershim in current process. This is only used for cri validate testing purpose // TODO(random-liu): Move this to a separate binary. -func RunDockershim(c *componentconfig.KubeletConfiguration, r *options.ContainerRuntimeOptions) error { +func RunDockershim(c *kubeletconfiginternal.KubeletConfiguration, r *options.ContainerRuntimeOptions) error { // Create docker client. dockerClient := libdocker.ConnectToDockerOrDie(r.DockerEndpoint, c.RuntimeRequestTimeout.Duration, r.ImagePullProgressDeadline.Duration) @@ -800,7 +799,7 @@ func RunDockershim(c *componentconfig.KubeletConfiguration, r *options.Container } nh := &kubelet.NoOpLegacyHost{} pluginSettings := dockershim.NetworkPluginSettings{ - HairpinMode: componentconfig.HairpinMode(c.HairpinMode), + HairpinMode: kubeletconfiginternal.HairpinMode(c.HairpinMode), NonMasqueradeCIDR: c.NonMasqueradeCIDR, PluginName: r.NetworkPluginName, PluginConfDir: r.CNIConfDir, diff --git a/cmd/kubelet/app/server_test.go b/cmd/kubelet/app/server_test.go index 0a5cbe4150c..bb4e15728bd 100644 --- a/cmd/kubelet/app/server_test.go +++ b/cmd/kubelet/app/server_test.go @@ -19,7 +19,7 @@ package app import ( "testing" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" ) func TestValueOfAllocatableResources(t *testing.T) { @@ -50,8 +50,8 @@ func TestValueOfAllocatableResources(t *testing.T) { } for _, test := range testCases { - kubeReservedCM := make(componentconfig.ConfigurationMap) - systemReservedCM := make(componentconfig.ConfigurationMap) + kubeReservedCM := make(kubeletconfig.ConfigurationMap) + systemReservedCM := make(kubeletconfig.ConfigurationMap) kubeReservedCM.Set(test.kubeReserved) systemReservedCM.Set(test.systemReserved) diff --git a/cmd/kubelet/kubelet.go b/cmd/kubelet/kubelet.go index a55f9c68e22..d26d213e5eb 100644 --- a/cmd/kubelet/kubelet.go +++ b/cmd/kubelet/kubelet.go @@ -31,9 +31,9 @@ import ( "k8s.io/apiserver/pkg/util/logs" "k8s.io/kubernetes/cmd/kubelet/app" "k8s.io/kubernetes/cmd/kubelet/app/options" - "k8s.io/kubernetes/pkg/apis/componentconfig" _ "k8s.io/kubernetes/pkg/client/metrics/prometheus" // for client metric registration "k8s.io/kubernetes/pkg/features" + kubeletconfiginternal "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/pkg/kubelet/kubeletconfig" _ "k8s.io/kubernetes/pkg/version/prometheus" // for version metric registration "k8s.io/kubernetes/pkg/version/verflag" @@ -76,7 +76,7 @@ func main() { die(err) } // if dynamic kubelet config is enabled, bootstrap the kubelet config controller - var kubeletConfig *componentconfig.KubeletConfiguration + var kubeletConfig *kubeletconfiginternal.KubeletConfiguration var kubeletConfigController *kubeletconfig.Controller if utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) { var err error diff --git a/hack/.golint_failures b/hack/.golint_failures index 98d3f4a71d2..d6e06a7d239 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -233,6 +233,8 @@ pkg/kubelet pkg/kubelet/apis pkg/kubelet/apis/cri/testing pkg/kubelet/apis/cri/v1alpha1/runtime +pkg/kubelet/apis/kubeletconfig +pkg/kubelet/apis/kubeletconfig/v1alpha1 pkg/kubelet/cadvisor pkg/kubelet/cadvisor/testing pkg/kubelet/certificate diff --git a/pkg/apis/componentconfig/BUILD b/pkg/apis/componentconfig/BUILD index bdce94c2c1a..87287710ede 100644 --- a/pkg/apis/componentconfig/BUILD +++ b/pkg/apis/componentconfig/BUILD @@ -16,7 +16,6 @@ go_library( "zz_generated.deepcopy.go", ], deps = [ - "//pkg/api:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library", diff --git a/pkg/apis/componentconfig/register.go b/pkg/apis/componentconfig/register.go index 8599f522e85..53675741352 100644 --- a/pkg/apis/componentconfig/register.go +++ b/pkg/apis/componentconfig/register.go @@ -47,7 +47,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &KubeProxyConfiguration{}, &KubeSchedulerConfiguration{}, - &KubeletConfiguration{}, ) return nil } diff --git a/pkg/apis/componentconfig/types.go b/pkg/apis/componentconfig/types.go index 4e4d5e1c1e6..bd99e466313 100644 --- a/pkg/apis/componentconfig/types.go +++ b/pkg/apis/componentconfig/types.go @@ -17,12 +17,7 @@ limitations under the License. package componentconfig import ( - "fmt" - "sort" - "strings" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/kubernetes/pkg/api" ) // ClientConnectionConfiguration contains details for constructing a client. @@ -150,413 +145,6 @@ const ( ProxyModeIPTables ProxyMode = "iptables" ) -// HairpinMode denotes how the kubelet should configure networking to handle -// hairpin packets. -type HairpinMode string - -// Enum settings for different ways to handle hairpin packets. -const ( - // Set the hairpin flag on the veth of containers in the respective - // container runtime. - HairpinVeth = "hairpin-veth" - // Make the container bridge promiscuous. This will force it to accept - // hairpin packets, even if the flag isn't set on ports of the bridge. - PromiscuousBridge = "promiscuous-bridge" - // Neither of the above. If the kubelet is started in this hairpin mode - // and kube-proxy is running in iptables mode, hairpin packets will be - // dropped by the container bridge. - HairpinNone = "none" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// A configuration field should go in KubeletFlags instead of KubeletConfiguration if any of these are true: -// - its value will never, or cannot safely be changed during the lifetime of a node -// - its value cannot be safely shared between nodes at the same time (e.g. a hostname) -// KubeletConfiguration is intended to be shared between nodes -// In general, please try to avoid adding flags or configuration fields, -// we already have a confusingly large amount of them. -// TODO: curate the ordering and structure of this config object -type KubeletConfiguration struct { - metav1.TypeMeta - - // Only used for dynamic configuration. - // The length of the trial period for this configuration. If the Kubelet records CrashLoopThreshold or - // more startups during this period, the current configuration will be marked bad and the - // Kubelet will roll-back to the last-known-good. Default 10 minutes. - ConfigTrialDuration metav1.Duration - // Only used for dynamic configuration. - // If this number of Kubelet "crashes" during ConfigTrialDuration meets this threshold, - // the configuration fails the trial and the Kubelet rolls back to its last-known-good config. - // Crash-loops are detected by counting Kubelet startups, so one startup is implicitly added - // to this threshold to always allow a single restart per config change. - // Default 10, mimimum allowed is 0, maximum allowed is 10. - CrashLoopThreshold int32 - // podManifestPath is the path to the directory containing pod manifests to - // run, or the path to a single manifest file - PodManifestPath string - // syncFrequency is the max period between synchronizing running - // containers and config - SyncFrequency metav1.Duration - // fileCheckFrequency is the duration between checking config files for - // new data - FileCheckFrequency metav1.Duration - // httpCheckFrequency is the duration between checking http for new data - HTTPCheckFrequency metav1.Duration - // manifestURL is the URL for accessing the container manifest - ManifestURL string - // manifestURLHeader is the HTTP header to use when accessing the manifest - // URL, with the key separated from the value with a ':', as in 'key:value' - ManifestURLHeader string - // enableServer enables the Kubelet's server - EnableServer bool - // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 - // for all interfaces) - Address string - // port is the port for the Kubelet to serve on. - Port int32 - // readOnlyPort is the read-only port for the Kubelet to serve on with - // no authentication/authorization (set to 0 to disable) - ReadOnlyPort int32 - // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, - // if any, concatenated after server cert). If tlsCertFile and - // tlsPrivateKeyFile are not provided, a self-signed certificate - // and key are generated for the public address and saved to the directory - // passed to certDir. - TLSCertFile string - // tlsPrivateKeyFile is the ile containing x509 private key matching - // tlsCertFile. - TLSPrivateKeyFile string - // authentication specifies how requests to the Kubelet's server are authenticated - Authentication KubeletAuthentication - // authorization specifies how requests to the Kubelet's server are authorized - Authorization KubeletAuthorization - // seccompProfileRoot is the directory path for seccomp profiles. - SeccompProfileRoot string - // allowPrivileged enables containers to request privileged mode. - // Defaults to false. - AllowPrivileged bool - // hostNetworkSources is a comma-separated list of sources from which the - // Kubelet allows pods to use of host network. Defaults to "*". Valid - // options are "file", "http", "api", and "*" (all sources). - HostNetworkSources []string - // hostPIDSources is a comma-separated list of sources from which the - // Kubelet allows pods to use the host pid namespace. Defaults to "*". - HostPIDSources []string - // hostIPCSources is a comma-separated list of sources from which the - // Kubelet allows pods to use the host ipc namespace. Defaults to "*". - HostIPCSources []string - // registryPullQPS is the limit of registry pulls per second. If 0, - // unlimited. Set to 0 for no limit. Defaults to 5.0. - RegistryPullQPS int32 - // registryBurst is the maximum size of a bursty pulls, temporarily allows - // pulls to burst to this number, while still not exceeding registryQps. - // Only used if registryQPS > 0. - RegistryBurst int32 - // eventRecordQPS is the maximum event creations per second. If 0, there - // is no limit enforced. - EventRecordQPS int32 - // eventBurst is the maximum size of a bursty event records, temporarily - // allows event records to burst to this number, while still not exceeding - // event-qps. Only used if eventQps > 0 - EventBurst int32 - // enableDebuggingHandlers enables server endpoints for log collection - // and local running of containers and commands - EnableDebuggingHandlers bool - // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. - EnableContentionProfiling bool - // minimumGCAge is the minimum age for a finished container before it is - // garbage collected. - MinimumGCAge metav1.Duration - // maxPerPodContainerCount is the maximum number of old instances to - // retain per container. Each container takes up some disk space. - MaxPerPodContainerCount int32 - // maxContainerCount is the maximum number of old instances of containers - // to retain globally. Each container takes up some disk space. - MaxContainerCount int32 - // cAdvisorPort is the port of the localhost cAdvisor endpoint - CAdvisorPort int32 - // healthzPort is the port of the localhost healthz endpoint - HealthzPort int32 - // healthzBindAddress is the IP address for the healthz server to serve - // on. - HealthzBindAddress string - // oomScoreAdj is The oom-score-adj value for kubelet process. Values - // must be within the range [-1000, 1000]. - OOMScoreAdj int32 - // registerNode enables automatic registration with the apiserver. - RegisterNode bool - // clusterDomain is the DNS domain for this cluster. If set, kubelet will - // configure all containers to search this domain in addition to the - // host's search domains. - ClusterDomain string - // masterServiceNamespace is The namespace from which the kubernetes - // master services should be injected into pods. - MasterServiceNamespace string - // clusterDNS is a list of IP address for a cluster DNS server. If set, - // kubelet will configure all containers to use this for DNS resolution - // instead of the host's DNS servers - ClusterDNS []string - // streamingConnectionIdleTimeout is the maximum time a streaming connection - // can be idle before the connection is automatically closed. - StreamingConnectionIdleTimeout metav1.Duration - // nodeStatusUpdateFrequency is the frequency that kubelet posts node - // status to master. Note: be cautious when changing the constant, it - // must work with nodeMonitorGracePeriod in nodecontroller. - NodeStatusUpdateFrequency metav1.Duration - // imageMinimumGCAge is the minimum age for an unused image before it is - // garbage collected. - ImageMinimumGCAge metav1.Duration - // imageGCHighThresholdPercent is the percent of disk usage after which - // image garbage collection is always run. - ImageGCHighThresholdPercent int32 - // imageGCLowThresholdPercent is the percent of disk usage before which - // image garbage collection is never run. Lowest disk usage to garbage - // collect to. - ImageGCLowThresholdPercent int32 - // How frequently to calculate and cache volume disk usage for all pods - VolumeStatsAggPeriod metav1.Duration - // volumePluginDir is the full path of the directory in which to search - // for additional third party volume plugins - VolumePluginDir string - // KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. - // +optional - KubeletCgroups string - // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes - // And all Burstable and BestEffort pods are brought up under their - // specific top level QoS cgroup. - // +optional - CgroupsPerQOS bool - // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) - // +optional - CgroupDriver string - // Cgroups that container runtime is expected to be isolated in. - // +optional - RuntimeCgroups string - // SystemCgroups is absolute name of cgroups in which to place - // all non-kernel processes that are not already in a container. Empty - // for no container. Rolling back the flag requires a reboot. - // +optional - SystemCgroups string - // CgroupRoot is the root cgroup to use for pods. - // If CgroupsPerQOS is enabled, this is the root of the QoS cgroup hierarchy. - // +optional - CgroupRoot string - // containerRuntime is the container runtime to use. - ContainerRuntime string - // remoteRuntimeEndpoint is the endpoint of remote runtime service - RemoteRuntimeEndpoint string - // remoteImageEndpoint is the endpoint of remote image service - RemoteImageEndpoint string - // runtimeRequestTimeout is the timeout for all runtime requests except long running - // requests - pull, logs, exec and attach. - // +optional - RuntimeRequestTimeout metav1.Duration - // experimentalMounterPath is the path of mounter binary. Leave empty to use the default mount path - ExperimentalMounterPath string - // lockFilePath is the path that kubelet will use to as a lock file. - // It uses this file as a lock to synchronize with other kubelet processes - // that may be running. - LockFilePath string - // ExitOnLockContention is a flag that signifies to the kubelet that it is running - // in "bootstrap" mode. This requires that 'LockFilePath' has been set. - // This will cause the kubelet to listen to inotify events on the lock file, - // releasing it and exiting when another process tries to open that file. - ExitOnLockContention bool - // How should the kubelet configure the container bridge for hairpin packets. - // Setting this flag allows endpoints in a Service to loadbalance back to - // themselves if they should try to access their own Service. Values: - // "promiscuous-bridge": make the container bridge promiscuous. - // "hairpin-veth": set the hairpin flag on container veth interfaces. - // "none": do nothing. - // Generally, one must set --hairpin-mode=veth-flag to achieve hairpin NAT, - // because promiscous-bridge assumes the existence of a container bridge named cbr0. - HairpinMode string - // maxPods is the number of pods that can run on this Kubelet. - MaxPods int32 - // The CIDR to use for pod IP addresses, only used in standalone mode. - // In cluster mode, this is obtained from the master. - PodCIDR string - // ResolverConfig is the resolver configuration file used as the basis - // for the container DNS resolution configuration."), [] - ResolverConfig string - // cpuCFSQuota is Enable CPU CFS quota enforcement for containers that - // specify CPU limits - CPUCFSQuota bool - // containerized should be set to true if kubelet is running in a container. - Containerized bool - // maxOpenFiles is Number of files that can be opened by Kubelet process. - MaxOpenFiles int64 - // registerSchedulable tells the kubelet to register the node as - // schedulable. Won't have any effect if register-node is false. - // DEPRECATED: use registerWithTaints instead - RegisterSchedulable bool - // registerWithTaints are an array of taints to add to a node object when - // the kubelet registers itself. This only takes effect when registerNode - // is true and upon the initial registration of the node. - RegisterWithTaints []api.Taint - // contentType is contentType of requests sent to apiserver. - ContentType string - // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver - KubeAPIQPS int32 - // kubeAPIBurst is the burst to allow while talking with kubernetes - // apiserver - KubeAPIBurst int32 - // serializeImagePulls when enabled, tells the Kubelet to pull images one - // at a time. We recommend *not* changing the default value on nodes that - // run docker daemon with version < 1.9 or an Aufs storage backend. - // Issue #10959 has more details. - SerializeImagePulls bool - // nodeLabels to add when registering the node in the cluster. - NodeLabels map[string]string - // nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade. - NonMasqueradeCIDR string - // enable gathering custom metrics. - EnableCustomMetrics bool - // Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. - // +optional - EvictionHard string - // Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. - // +optional - EvictionSoft string - // Comma-delimeted list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. - // +optional - EvictionSoftGracePeriod string - // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. - // +optional - EvictionPressureTransitionPeriod metav1.Duration - // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. - // +optional - EvictionMaxPodGracePeriod int32 - // Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. - // +optional - EvictionMinimumReclaim string - // If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. - // +optional - ExperimentalKernelMemcgNotification bool - // Maximum number of pods per core. Cannot exceed MaxPods - PodsPerCore int32 - // enableControllerAttachDetach enables the Attach/Detach controller to - // manage attachment/detachment of volumes scheduled to this node, and - // disables kubelet from executing any attach/detach operations - EnableControllerAttachDetach bool - // A set of ResourceName=Percentage (e.g. memory=50%) pairs that describe - // how pod resource requests are reserved at the QoS level. - // Currently only memory is supported. [default=none]" - ExperimentalQOSReserved ConfigurationMap - // Default behaviour for kernel tuning - ProtectKernelDefaults bool - // If true, Kubelet ensures a set of iptables rules are present on host. - // These rules will serve as utility for various components, e.g. kube-proxy. - // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. - MakeIPTablesUtilChains bool - // iptablesMasqueradeBit is the bit of the iptables fwmark space to use for SNAT - // Values must be within the range [0, 31]. - // Warning: Please match the value of corresponding parameter in kube-proxy - // TODO: clean up IPTablesMasqueradeBit in kube-proxy - IPTablesMasqueradeBit int32 - // iptablesDropBit is the bit of the iptables fwmark space to use for dropping packets. Kubelet will ensure iptables mark and drop rules. - // Values must be within the range [0, 31]. Must be different from IPTablesMasqueradeBit - IPTablesDropBit int32 - // Whitelist of unsafe sysctls or sysctl patterns (ending in *). - // +optional - AllowedUnsafeSysctls []string - // featureGates is a string of comma-separated key=value pairs that describe feature - // gates for alpha/experimental features. - FeatureGates string - // Tells the Kubelet to fail to start if swap is enabled on the node. - FailSwapOn bool - // This flag, if set, enables a check prior to mount operations to verify that the required components - // (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled - // and fails the mount operation fails. - ExperimentalCheckNodeCapabilitiesBeforeMount bool - // This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node. - // This can be useful for debugging volume related issues. - KeepTerminatedPodVolumes bool - - /* following flags are meant for Node Allocatable */ - - // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs - // that describe resources reserved for non-kubernetes components. - // Currently only cpu and memory are supported. [default=none] - // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. - SystemReserved ConfigurationMap - // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs - // that describe resources reserved for kubernetes system components. - // Currently only cpu and memory are supported. [default=none] - // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. - KubeReserved ConfigurationMap - // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - SystemReservedCgroup string - // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - KubeReservedCgroup string - // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. - // This flag accepts a list of options. Acceptable options are `pods`, `system-reserved` & `kube-reserved`. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - EnforceNodeAllocatable []string - // This flag, if set, will avoid including `EvictionHard` limits while computing Node Allocatable. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - ExperimentalNodeAllocatableIgnoreEvictionThreshold bool -} - -type KubeletAuthorizationMode string - -const ( - // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests - KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" - // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization - KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" -) - -type KubeletAuthorization struct { - // mode is the authorization mode to apply to requests to the kubelet server. - // Valid values are AlwaysAllow and Webhook. - // Webhook mode uses the SubjectAccessReview API to determine authorization. - Mode KubeletAuthorizationMode - - // webhook contains settings related to Webhook authorization. - Webhook KubeletWebhookAuthorization -} - -type KubeletWebhookAuthorization struct { - // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. - CacheAuthorizedTTL metav1.Duration - // cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer. - CacheUnauthorizedTTL metav1.Duration -} - -type KubeletAuthentication struct { - // x509 contains settings related to x509 client certificate authentication - X509 KubeletX509Authentication - // webhook contains settings related to webhook bearer token authentication - Webhook KubeletWebhookAuthentication - // anonymous contains settings related to anonymous authentication - Anonymous KubeletAnonymousAuthentication -} - -type KubeletX509Authentication struct { - // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate - // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, - // and groups corresponding to the Organization in the client certificate. - ClientCAFile string -} - -type KubeletWebhookAuthentication struct { - // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API - Enabled bool - // cacheTTL enables caching of authentication results - CacheTTL metav1.Duration -} - -type KubeletAnonymousAuthentication struct { - // enabled allows anonymous requests to the kubelet server. - // Requests that are not rejected by another authentication method are treated as anonymous requests. - // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. - Enabled bool -} - // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type KubeSchedulerConfiguration struct { @@ -908,36 +496,6 @@ type PersistentVolumeRecyclerConfiguration struct { IncrementTimeoutHostPath int32 } -type ConfigurationMap map[string]string - -func (m *ConfigurationMap) String() string { - pairs := []string{} - for k, v := range *m { - pairs = append(pairs, fmt.Sprintf("%s=%s", k, v)) - } - sort.Strings(pairs) - return strings.Join(pairs, ",") -} - -func (m *ConfigurationMap) Set(value string) error { - for _, s := range strings.Split(value, ",") { - if len(s) == 0 { - continue - } - arr := strings.SplitN(s, "=", 2) - if len(arr) == 2 { - (*m)[strings.TrimSpace(arr[0])] = strings.TrimSpace(arr[1]) - } else { - (*m)[strings.TrimSpace(arr[0])] = "" - } - } - return nil -} - -func (*ConfigurationMap) Type() string { - return "mapStringString" -} - const ( // "kube-system" is the default scheduler lock object namespace SchedulerDefaultLockObjectNamespace string = "kube-system" diff --git a/pkg/apis/componentconfig/v1alpha1/BUILD b/pkg/apis/componentconfig/v1alpha1/BUILD index c85b0bf075c..dc8a497ed35 100644 --- a/pkg/apis/componentconfig/v1alpha1/BUILD +++ b/pkg/apis/componentconfig/v1alpha1/BUILD @@ -22,10 +22,7 @@ go_library( "//pkg/apis/componentconfig:go_default_library", "//pkg/kubelet/apis:go_default_library", "//pkg/kubelet/qos:go_default_library", - "//pkg/kubelet/types:go_default_library", "//pkg/master/ports:go_default_library", - "//pkg/util/pointer:go_default_library", - "//vendor/k8s.io/api/core/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", diff --git a/pkg/apis/componentconfig/v1alpha1/defaults.go b/pkg/apis/componentconfig/v1alpha1/defaults.go index bb501e17a2a..921ab959e19 100644 --- a/pkg/apis/componentconfig/v1alpha1/defaults.go +++ b/pkg/apis/componentconfig/v1alpha1/defaults.go @@ -18,8 +18,6 @@ package v1alpha1 import ( "fmt" - "path/filepath" - "runtime" "strings" "time" @@ -28,9 +26,7 @@ import ( "k8s.io/kubernetes/pkg/api" kubeletapis "k8s.io/kubernetes/pkg/kubelet/apis" "k8s.io/kubernetes/pkg/kubelet/qos" - kubetypes "k8s.io/kubernetes/pkg/kubelet/types" "k8s.io/kubernetes/pkg/master/ports" - utilpointer "k8s.io/kubernetes/pkg/util/pointer" ) const ( @@ -191,232 +187,6 @@ func SetDefaults_LeaderElectionConfiguration(obj *LeaderElectionConfiguration) { } } -func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration) { - // pointer because the zeroDuration is valid - if you want to skip the trial period - if obj.ConfigTrialDuration == nil { - obj.ConfigTrialDuration = &metav1.Duration{Duration: 10 * time.Minute} - } - if obj.CrashLoopThreshold == nil { - obj.CrashLoopThreshold = utilpointer.Int32Ptr(10) - } - if obj.Authentication.Anonymous.Enabled == nil { - obj.Authentication.Anonymous.Enabled = boolVar(true) - } - if obj.Authentication.Webhook.Enabled == nil { - obj.Authentication.Webhook.Enabled = boolVar(false) - } - if obj.Authentication.Webhook.CacheTTL == zeroDuration { - obj.Authentication.Webhook.CacheTTL = metav1.Duration{Duration: 2 * time.Minute} - } - if obj.Authorization.Mode == "" { - obj.Authorization.Mode = KubeletAuthorizationModeAlwaysAllow - } - if obj.Authorization.Webhook.CacheAuthorizedTTL == zeroDuration { - obj.Authorization.Webhook.CacheAuthorizedTTL = metav1.Duration{Duration: 5 * time.Minute} - } - if obj.Authorization.Webhook.CacheUnauthorizedTTL == zeroDuration { - obj.Authorization.Webhook.CacheUnauthorizedTTL = metav1.Duration{Duration: 30 * time.Second} - } - - if obj.Address == "" { - obj.Address = "0.0.0.0" - } - if obj.CAdvisorPort == nil { - obj.CAdvisorPort = utilpointer.Int32Ptr(4194) - } - if obj.VolumeStatsAggPeriod == zeroDuration { - obj.VolumeStatsAggPeriod = metav1.Duration{Duration: time.Minute} - } - if obj.ContainerRuntime == "" { - obj.ContainerRuntime = "docker" - } - if obj.RuntimeRequestTimeout == zeroDuration { - obj.RuntimeRequestTimeout = metav1.Duration{Duration: 2 * time.Minute} - } - if obj.CPUCFSQuota == nil { - obj.CPUCFSQuota = boolVar(true) - } - if obj.EventBurst == 0 { - obj.EventBurst = 10 - } - if obj.EventRecordQPS == nil { - temp := int32(5) - obj.EventRecordQPS = &temp - } - if obj.EnableControllerAttachDetach == nil { - obj.EnableControllerAttachDetach = boolVar(true) - } - if obj.EnableDebuggingHandlers == nil { - obj.EnableDebuggingHandlers = boolVar(true) - } - if obj.EnableServer == nil { - obj.EnableServer = boolVar(true) - } - if obj.FileCheckFrequency == zeroDuration { - obj.FileCheckFrequency = metav1.Duration{Duration: 20 * time.Second} - } - if obj.HealthzBindAddress == "" { - obj.HealthzBindAddress = "127.0.0.1" - } - if obj.HealthzPort == 0 { - obj.HealthzPort = 10248 - } - if obj.HostNetworkSources == nil { - obj.HostNetworkSources = []string{kubetypes.AllSource} - } - if obj.HostPIDSources == nil { - obj.HostPIDSources = []string{kubetypes.AllSource} - } - if obj.HostIPCSources == nil { - obj.HostIPCSources = []string{kubetypes.AllSource} - } - if obj.HTTPCheckFrequency == zeroDuration { - obj.HTTPCheckFrequency = metav1.Duration{Duration: 20 * time.Second} - } - if obj.ImageMinimumGCAge == zeroDuration { - obj.ImageMinimumGCAge = metav1.Duration{Duration: 2 * time.Minute} - } - if obj.ImageGCHighThresholdPercent == nil { - // default is below docker's default dm.min_free_space of 90% - temp := int32(85) - obj.ImageGCHighThresholdPercent = &temp - } - if obj.ImageGCLowThresholdPercent == nil { - temp := int32(80) - obj.ImageGCLowThresholdPercent = &temp - } - if obj.MasterServiceNamespace == "" { - obj.MasterServiceNamespace = metav1.NamespaceDefault - } - if obj.MaxContainerCount == nil { - temp := int32(-1) - obj.MaxContainerCount = &temp - } - if obj.MaxPerPodContainerCount == 0 { - obj.MaxPerPodContainerCount = 1 - } - if obj.MaxOpenFiles == 0 { - obj.MaxOpenFiles = 1000000 - } - if obj.MaxPods == 0 { - obj.MaxPods = 110 - } - if obj.MinimumGCAge == zeroDuration { - obj.MinimumGCAge = metav1.Duration{Duration: 0} - } - if obj.NonMasqueradeCIDR == "" { - obj.NonMasqueradeCIDR = "10.0.0.0/8" - } - if obj.VolumePluginDir == "" { - obj.VolumePluginDir = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/" - } - if obj.NodeStatusUpdateFrequency == zeroDuration { - obj.NodeStatusUpdateFrequency = metav1.Duration{Duration: 10 * time.Second} - } - if obj.OOMScoreAdj == nil { - temp := int32(qos.KubeletOOMScoreAdj) - obj.OOMScoreAdj = &temp - } - if obj.Port == 0 { - obj.Port = ports.KubeletPort - } - if obj.ReadOnlyPort == 0 { - obj.ReadOnlyPort = ports.KubeletReadOnlyPort - } - if obj.RegisterNode == nil { - obj.RegisterNode = boolVar(true) - } - if obj.RegisterSchedulable == nil { - obj.RegisterSchedulable = boolVar(true) - } - if obj.RegistryBurst == 0 { - obj.RegistryBurst = 10 - } - if obj.RegistryPullQPS == nil { - temp := int32(5) - obj.RegistryPullQPS = &temp - } - if obj.ResolverConfig == "" { - obj.ResolverConfig = kubetypes.ResolvConfDefault - } - if obj.SerializeImagePulls == nil { - obj.SerializeImagePulls = boolVar(true) - } - if obj.SeccompProfileRoot == "" { - obj.SeccompProfileRoot = filepath.Join(DefaultRootDir, "seccomp") - } - if obj.StreamingConnectionIdleTimeout == zeroDuration { - obj.StreamingConnectionIdleTimeout = metav1.Duration{Duration: 4 * time.Hour} - } - if obj.SyncFrequency == zeroDuration { - obj.SyncFrequency = metav1.Duration{Duration: 1 * time.Minute} - } - if obj.ContentType == "" { - obj.ContentType = "application/vnd.kubernetes.protobuf" - } - if obj.KubeAPIQPS == nil { - temp := int32(5) - obj.KubeAPIQPS = &temp - } - if obj.KubeAPIBurst == 0 { - obj.KubeAPIBurst = 10 - } - if string(obj.HairpinMode) == "" { - obj.HairpinMode = PromiscuousBridge - } - if obj.EvictionHard == nil { - temp := "memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%" - obj.EvictionHard = &temp - } - if obj.EvictionPressureTransitionPeriod == zeroDuration { - obj.EvictionPressureTransitionPeriod = metav1.Duration{Duration: 5 * time.Minute} - } - if obj.ExperimentalKernelMemcgNotification == nil { - obj.ExperimentalKernelMemcgNotification = boolVar(false) - } - if obj.SystemReserved == nil { - obj.SystemReserved = make(map[string]string) - } - if obj.KubeReserved == nil { - obj.KubeReserved = make(map[string]string) - } - if obj.ExperimentalQOSReserved == nil { - obj.ExperimentalQOSReserved = make(map[string]string) - } - if obj.MakeIPTablesUtilChains == nil { - obj.MakeIPTablesUtilChains = boolVar(true) - } - if obj.IPTablesMasqueradeBit == nil { - temp := int32(defaultIPTablesMasqueradeBit) - obj.IPTablesMasqueradeBit = &temp - } - if obj.IPTablesDropBit == nil { - temp := int32(defaultIPTablesDropBit) - obj.IPTablesDropBit = &temp - } - if obj.CgroupsPerQOS == nil { - temp := true - obj.CgroupsPerQOS = &temp - } - if obj.CgroupDriver == "" { - obj.CgroupDriver = "cgroupfs" - } - if obj.EnforceNodeAllocatable == nil { - obj.EnforceNodeAllocatable = defaultNodeAllocatableEnforcement - } - if obj.RemoteRuntimeEndpoint == "" { - if runtime.GOOS == "linux" { - obj.RemoteRuntimeEndpoint = "unix:///var/run/dockershim.sock" - } else if runtime.GOOS == "windows" { - obj.RemoteRuntimeEndpoint = "tcp://localhost:3735" - } - } -} - func boolVar(b bool) *bool { return &b } - -var ( - defaultCfg = KubeletConfiguration{} -) diff --git a/pkg/apis/componentconfig/v1alpha1/register.go b/pkg/apis/componentconfig/v1alpha1/register.go index 93a2c5ff2ee..a75096f20fb 100644 --- a/pkg/apis/componentconfig/v1alpha1/register.go +++ b/pkg/apis/componentconfig/v1alpha1/register.go @@ -46,7 +46,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &KubeProxyConfiguration{}, &KubeSchedulerConfiguration{}, - &KubeletConfiguration{}, ) return nil } diff --git a/pkg/apis/componentconfig/v1alpha1/types.go b/pkg/apis/componentconfig/v1alpha1/types.go index 12941dc610d..5b283218b0f 100644 --- a/pkg/apis/componentconfig/v1alpha1/types.go +++ b/pkg/apis/componentconfig/v1alpha1/types.go @@ -17,7 +17,6 @@ limitations under the License. package v1alpha1 import ( - "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -245,386 +244,6 @@ type LeaderElectionConfiguration struct { ResourceLock string `json:"resourceLock"` } -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// A configuration field should go in KubeletFlags instead of KubeletConfiguration if any of these are true: -// - its value will never, or cannot safely be changed during the lifetime of a node -// - its value cannot be safely shared between nodes at the same time (e.g. a hostname) -// KubeletConfiguration is intended to be shared between nodes -// In general, please try to avoid adding flags or configuration fields, -// we already have a confusingly large amount of them. -type KubeletConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // Only used for dynamic configuration. - // The length of the trial period for this configuration. If the Kubelet records CrashLoopThreshold or - // more startups during this period, the current configuration will be marked bad and the - // Kubelet will roll-back to the last-known-good. Default 10 minutes. - ConfigTrialDuration *metav1.Duration `json:"configTrialDuration"` - // Only used for dynamic configuration. - // If this number of Kubelet "crashes" during ConfigTrialDuration meets this threshold, - // the configuration fails the trial and the Kubelet rolls back to its last-known-good config. - // Crash-loops are detected by counting Kubelet startups, so one startup is implicitly added - // to this threshold to always allow a single restart per config change. - // Default 10, mimimum allowed is 0, maximum allowed is 10. - CrashLoopThreshold *int32 `json:"crashLoopThreshold"` - // podManifestPath is the path to the directory containing pod manifests to - // run, or the path to a single manifest file - PodManifestPath string `json:"podManifestPath"` - // syncFrequency is the max period between synchronizing running - // containers and config - SyncFrequency metav1.Duration `json:"syncFrequency"` - // fileCheckFrequency is the duration between checking config files for - // new data - FileCheckFrequency metav1.Duration `json:"fileCheckFrequency"` - // httpCheckFrequency is the duration between checking http for new data - HTTPCheckFrequency metav1.Duration `json:"httpCheckFrequency"` - // manifestURL is the URL for accessing the container manifest - ManifestURL string `json:"manifestURL"` - // manifestURLHeader is the HTTP header to use when accessing the manifest - // URL, with the key separated from the value with a ':', as in 'key:value' - ManifestURLHeader string `json:"manifestURLHeader"` - // enableServer enables the Kubelet's server - EnableServer *bool `json:"enableServer"` - // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 - // for all interfaces) - Address string `json:"address"` - // port is the port for the Kubelet to serve on. - Port int32 `json:"port"` - // readOnlyPort is the read-only port for the Kubelet to serve on with - // no authentication/authorization (set to 0 to disable) - ReadOnlyPort int32 `json:"readOnlyPort"` - // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, - // if any, concatenated after server cert). If tlsCertFile and - // tlsPrivateKeyFile are not provided, a self-signed certificate - // and key are generated for the public address and saved to the directory - // passed to certDir. - TLSCertFile string `json:"tlsCertFile"` - // tlsPrivateKeyFile is the ile containing x509 private key matching - // tlsCertFile. - TLSPrivateKeyFile string `json:"tlsPrivateKeyFile"` - // authentication specifies how requests to the Kubelet's server are authenticated - Authentication KubeletAuthentication `json:"authentication"` - // authorization specifies how requests to the Kubelet's server are authorized - Authorization KubeletAuthorization `json:"authorization"` - // seccompProfileRoot is the directory path for seccomp profiles. - SeccompProfileRoot string `json:"seccompProfileRoot"` - // allowPrivileged enables containers to request privileged mode. - // Defaults to false. - AllowPrivileged *bool `json:"allowPrivileged"` - // hostNetworkSources is a comma-separated list of sources from which the - // Kubelet allows pods to use of host network. Defaults to "*". Valid - // options are "file", "http", "api", and "*" (all sources). - HostNetworkSources []string `json:"hostNetworkSources"` - // hostPIDSources is a comma-separated list of sources from which the - // Kubelet allows pods to use the host pid namespace. Defaults to "*". - HostPIDSources []string `json:"hostPIDSources"` - // hostIPCSources is a comma-separated list of sources from which the - // Kubelet allows pods to use the host ipc namespace. Defaults to "*". - HostIPCSources []string `json:"hostIPCSources"` - // registryPullQPS is the limit of registry pulls per second. If 0, - // unlimited. Set to 0 for no limit. Defaults to 5.0. - RegistryPullQPS *int32 `json:"registryPullQPS"` - // registryBurst is the maximum size of a bursty pulls, temporarily allows - // pulls to burst to this number, while still not exceeding registryQps. - // Only used if registryQPS > 0. - RegistryBurst int32 `json:"registryBurst"` - // eventRecordQPS is the maximum event creations per second. If 0, there - // is no limit enforced. - EventRecordQPS *int32 `json:"eventRecordQPS"` - // eventBurst is the maximum size of a bursty event records, temporarily - // allows event records to burst to this number, while still not exceeding - // event-qps. Only used if eventQps > 0 - EventBurst int32 `json:"eventBurst"` - // enableDebuggingHandlers enables server endpoints for log collection - // and local running of containers and commands - EnableDebuggingHandlers *bool `json:"enableDebuggingHandlers"` - // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. - EnableContentionProfiling bool `json:"enableContentionProfiling"` - // minimumGCAge is the minimum age for a finished container before it is - // garbage collected. - MinimumGCAge metav1.Duration `json:"minimumGCAge"` - // maxPerPodContainerCount is the maximum number of old instances to - // retain per container. Each container takes up some disk space. - MaxPerPodContainerCount int32 `json:"maxPerPodContainerCount"` - // maxContainerCount is the maximum number of old instances of containers - // to retain globally. Each container takes up some disk space. - MaxContainerCount *int32 `json:"maxContainerCount"` - // cAdvisorPort is the port of the localhost cAdvisor endpoint - CAdvisorPort *int32 `json:"cAdvisorPort"` - // healthzPort is the port of the localhost healthz endpoint - HealthzPort int32 `json:"healthzPort"` - // healthzBindAddress is the IP address for the healthz server to serve - // on. - HealthzBindAddress string `json:"healthzBindAddress"` - // oomScoreAdj is The oom-score-adj value for kubelet process. Values - // must be within the range [-1000, 1000]. - OOMScoreAdj *int32 `json:"oomScoreAdj"` - // registerNode enables automatic registration with the apiserver. - RegisterNode *bool `json:"registerNode"` - // clusterDomain is the DNS domain for this cluster. If set, kubelet will - // configure all containers to search this domain in addition to the - // host's search domains. - ClusterDomain string `json:"clusterDomain"` - // masterServiceNamespace is The namespace from which the kubernetes - // master services should be injected into pods. - MasterServiceNamespace string `json:"masterServiceNamespace"` - // clusterDNS is a list of IP address for the cluster DNS server. If set, - // kubelet will configure all containers to use this for DNS resolution - // instead of the host's DNS servers - ClusterDNS []string `json:"clusterDNS"` - // streamingConnectionIdleTimeout is the maximum time a streaming connection - // can be idle before the connection is automatically closed. - StreamingConnectionIdleTimeout metav1.Duration `json:"streamingConnectionIdleTimeout"` - // nodeStatusUpdateFrequency is the frequency that kubelet posts node - // status to master. Note: be cautious when changing the constant, it - // must work with nodeMonitorGracePeriod in nodecontroller. - NodeStatusUpdateFrequency metav1.Duration `json:"nodeStatusUpdateFrequency"` - // imageMinimumGCAge is the minimum age for an unused image before it is - // garbage collected. - ImageMinimumGCAge metav1.Duration `json:"imageMinimumGCAge"` - // imageGCHighThresholdPercent is the percent of disk usage after which - // image garbage collection is always run. The percent is calculated as - // this field value out of 100. - ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent"` - // imageGCLowThresholdPercent is the percent of disk usage before which - // image garbage collection is never run. Lowest disk usage to garbage - // collect to. The percent is calculated as this field value out of 100. - ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent"` - // How frequently to calculate and cache volume disk usage for all pods - VolumeStatsAggPeriod metav1.Duration `json:"volumeStatsAggPeriod"` - // volumePluginDir is the full path of the directory in which to search - // for additional third party volume plugins - VolumePluginDir string `json:"volumePluginDir"` - // kubeletCgroups is the absolute name of cgroups to isolate the kubelet in. - KubeletCgroups string `json:"kubeletCgroups"` - // runtimeCgroups are cgroups that container runtime is expected to be isolated in. - RuntimeCgroups string `json:"runtimeCgroups"` - // systemCgroups is absolute name of cgroups in which to place - // all non-kernel processes that are not already in a container. Empty - // for no container. Rolling back the flag requires a reboot. - SystemCgroups string `json:"systemCgroups"` - // cgroupRoot is the root cgroup to use for pods. This is handled by the - // container runtime on a best effort basis. - CgroupRoot string `json:"cgroupRoot"` - // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes - // And all Burstable and BestEffort pods are brought up under their - // specific top level QoS cgroup. - // +optional - CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"` - // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) - // +optional - CgroupDriver string `json:"cgroupDriver,omitempty"` - // containerRuntime is the container runtime to use. - ContainerRuntime string `json:"containerRuntime"` - // remoteRuntimeEndpoint is the endpoint of remote runtime service - RemoteRuntimeEndpoint string `json:"remoteRuntimeEndpoint"` - // remoteImageEndpoint is the endpoint of remote image service - RemoteImageEndpoint string `json:"remoteImageEndpoint"` - // runtimeRequestTimeout is the timeout for all runtime requests except long running - // requests - pull, logs, exec and attach. - RuntimeRequestTimeout metav1.Duration `json:"runtimeRequestTimeout"` - // experimentalMounterPath is the path to mounter binary. If not set, kubelet will attempt to use mount - // binary that is available via $PATH, - ExperimentalMounterPath string `json:"experimentalMounterPath,omitempty"` - // lockFilePath is the path that kubelet will use to as a lock file. - // It uses this file as a lock to synchronize with other kubelet processes - // that may be running. - LockFilePath *string `json:"lockFilePath"` - // ExitOnLockContention is a flag that signifies to the kubelet that it is running - // in "bootstrap" mode. This requires that 'LockFilePath' has been set. - // This will cause the kubelet to listen to inotify events on the lock file, - // releasing it and exiting when another process tries to open that file. - ExitOnLockContention bool `json:"exitOnLockContention"` - // How should the kubelet configure the container bridge for hairpin packets. - // Setting this flag allows endpoints in a Service to loadbalance back to - // themselves if they should try to access their own Service. Values: - // "promiscuous-bridge": make the container bridge promiscuous. - // "hairpin-veth": set the hairpin flag on container veth interfaces. - // "none": do nothing. - // Generally, one must set --hairpin-mode=veth-flag to achieve hairpin NAT, - // because promiscous-bridge assumes the existence of a container bridge named cbr0. - HairpinMode string `json:"hairpinMode"` - // maxPods is the number of pods that can run on this Kubelet. - MaxPods int32 `json:"maxPods"` - // The CIDR to use for pod IP addresses, only used in standalone mode. - // In cluster mode, this is obtained from the master. - PodCIDR string `json:"podCIDR"` - // ResolverConfig is the resolver configuration file used as the basis - // for the container DNS resolution configuration."), [] - ResolverConfig string `json:"resolvConf"` - // cpuCFSQuota is Enable CPU CFS quota enforcement for containers that - // specify CPU limits - CPUCFSQuota *bool `json:"cpuCFSQuota"` - // containerized should be set to true if kubelet is running in a container. - Containerized *bool `json:"containerized"` - // maxOpenFiles is Number of files that can be opened by Kubelet process. - MaxOpenFiles int64 `json:"maxOpenFiles"` - // registerSchedulable tells the kubelet to register the node as - // schedulable. Won't have any effect if register-node is false. - // DEPRECATED: use registerWithTaints instead - RegisterSchedulable *bool `json:"registerSchedulable"` - // registerWithTaints are an array of taints to add to a node object when - // the kubelet registers itself. This only takes effect when registerNode - // is true and upon the initial registration of the node. - RegisterWithTaints []v1.Taint `json:"registerWithTaints"` - // contentType is contentType of requests sent to apiserver. - ContentType string `json:"contentType"` - // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver - KubeAPIQPS *int32 `json:"kubeAPIQPS"` - // kubeAPIBurst is the burst to allow while talking with kubernetes - // apiserver - KubeAPIBurst int32 `json:"kubeAPIBurst"` - // serializeImagePulls when enabled, tells the Kubelet to pull images one - // at a time. We recommend *not* changing the default value on nodes that - // run docker daemon with version < 1.9 or an Aufs storage backend. - // Issue #10959 has more details. - SerializeImagePulls *bool `json:"serializeImagePulls"` - // nodeLabels to add when registering the node in the cluster. - NodeLabels map[string]string `json:"nodeLabels"` - // nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade. - NonMasqueradeCIDR string `json:"nonMasqueradeCIDR"` - // enable gathering custom metrics. - EnableCustomMetrics bool `json:"enableCustomMetrics"` - // Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. - EvictionHard *string `json:"evictionHard"` - // Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. - EvictionSoft string `json:"evictionSoft"` - // Comma-delimeted list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. - EvictionSoftGracePeriod string `json:"evictionSoftGracePeriod"` - // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. - EvictionPressureTransitionPeriod metav1.Duration `json:"evictionPressureTransitionPeriod"` - // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. - EvictionMaxPodGracePeriod int32 `json:"evictionMaxPodGracePeriod"` - // Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. - EvictionMinimumReclaim string `json:"evictionMinimumReclaim"` - // If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. - ExperimentalKernelMemcgNotification *bool `json:"experimentalKernelMemcgNotification"` - // Maximum number of pods per core. Cannot exceed MaxPods - PodsPerCore int32 `json:"podsPerCore"` - // enableControllerAttachDetach enables the Attach/Detach controller to - // manage attachment/detachment of volumes scheduled to this node, and - // disables kubelet from executing any attach/detach operations - EnableControllerAttachDetach *bool `json:"enableControllerAttachDetach"` - // A set of ResourceName=Percentage (e.g. memory=50%) pairs that describe - // how pod resource requests are reserved at the QoS level. - // Currently only memory is supported. [default=none]" - ExperimentalQOSReserved map[string]string `json:"experimentalQOSReserved"` - // Default behaviour for kernel tuning - ProtectKernelDefaults bool `json:"protectKernelDefaults"` - // If true, Kubelet ensures a set of iptables rules are present on host. - // These rules will serve as utility rules for various components, e.g. KubeProxy. - // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. - MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains"` - // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT - // Values must be within the range [0, 31]. Must be different from other mark bits. - // Warning: Please match the value of corresponding parameter in kube-proxy - // TODO: clean up IPTablesMasqueradeBit in kube-proxy - IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit"` - // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. - // Values must be within the range [0, 31]. Must be different from other mark bits. - IPTablesDropBit *int32 `json:"iptablesDropBit"` - // Whitelist of unsafe sysctls or sysctl patterns (ending in *). Use these at your own risk. - // Resource isolation might be lacking and pod might influence each other on the same node. - // +optional - AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"` - // featureGates is a string of comma-separated key=value pairs that describe feature - // gates for alpha/experimental features. - FeatureGates string `json:"featureGates,omitempty"` - // Tells the Kubelet to fail to start if swap is enabled on the node. - FailSwapOn bool `json:"failSwapOn,omitempty"` - // This flag, if set, enables a check prior to mount operations to verify that the required components - // (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled - // and fails the mount operation fails. - ExperimentalCheckNodeCapabilitiesBeforeMount bool `json:"experimentalCheckNodeCapabilitiesBeforeMount,omitempty"` - // This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node. - // This can be useful for debugging volume related issues. - KeepTerminatedPodVolumes bool `json:"keepTerminatedPodVolumes,omitempty"` - - /* following flags are meant for Node Allocatable */ - - // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs - // that describe resources reserved for non-kubernetes components. - // Currently only cpu and memory are supported. [default=none] - // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. - SystemReserved map[string]string `json:"systemReserved"` - // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs - // that describe resources reserved for kubernetes system components. - // Currently cpu, memory and local storage for root file system are supported. [default=none] - // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. - KubeReserved map[string]string `json:"kubeReserved"` - - // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - SystemReservedCgroup string `json:"systemReservedCgroup,omitempty"` - // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - KubeReservedCgroup string `json:"kubeReservedCgroup,omitempty"` - // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. - // This flag accepts a list of options. Acceptible options are `pods`, `system-reserved` & `kube-reserved`. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - EnforceNodeAllocatable []string `json:"enforceNodeAllocatable"` - // This flag, if set, will avoid including `EvictionHard` limits while computing Node Allocatable. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. - ExperimentalNodeAllocatableIgnoreEvictionThreshold bool `json:"experimentalNodeAllocatableIgnoreEvictionThreshold,omitempty"` -} - -type KubeletAuthorizationMode string - -const ( - // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests - KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" - // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization - KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" -) - -type KubeletAuthorization struct { - // mode is the authorization mode to apply to requests to the kubelet server. - // Valid values are AlwaysAllow and Webhook. - // Webhook mode uses the SubjectAccessReview API to determine authorization. - Mode KubeletAuthorizationMode `json:"mode"` - - // webhook contains settings related to Webhook authorization. - Webhook KubeletWebhookAuthorization `json:"webhook"` -} - -type KubeletWebhookAuthorization struct { - // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. - CacheAuthorizedTTL metav1.Duration `json:"cacheAuthorizedTTL"` - // cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer. - CacheUnauthorizedTTL metav1.Duration `json:"cacheUnauthorizedTTL"` -} - -type KubeletAuthentication struct { - // x509 contains settings related to x509 client certificate authentication - X509 KubeletX509Authentication `json:"x509"` - // webhook contains settings related to webhook bearer token authentication - Webhook KubeletWebhookAuthentication `json:"webhook"` - // anonymous contains settings related to anonymous authentication - Anonymous KubeletAnonymousAuthentication `json:"anonymous"` -} - -type KubeletX509Authentication struct { - // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate - // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, - // and groups corresponding to the Organization in the client certificate. - ClientCAFile string `json:"clientCAFile"` -} - -type KubeletWebhookAuthentication struct { - // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API - Enabled *bool `json:"enabled"` - // cacheTTL enables caching of authentication results - CacheTTL metav1.Duration `json:"cacheTTL"` -} - -type KubeletAnonymousAuthentication struct { - // enabled allows anonymous requests to the kubelet server. - // Requests that are not rejected by another authentication method are treated as anonymous requests. - // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. - Enabled *bool `json:"enabled"` -} - const ( // "kube-system" is the default scheduler lock object namespace SchedulerDefaultLockObjectNamespace string = "kube-system" diff --git a/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go b/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go index c83d572d5ee..ddda24f22bd 100644 --- a/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go @@ -21,11 +21,9 @@ limitations under the License. package v1alpha1 import ( - core_v1 "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" - api "k8s.io/kubernetes/pkg/api" componentconfig "k8s.io/kubernetes/pkg/apis/componentconfig" unsafe "unsafe" ) @@ -48,20 +46,6 @@ func RegisterConversions(scheme *runtime.Scheme) error { Convert_componentconfig_KubeProxyIPTablesConfiguration_To_v1alpha1_KubeProxyIPTablesConfiguration, Convert_v1alpha1_KubeSchedulerConfiguration_To_componentconfig_KubeSchedulerConfiguration, Convert_componentconfig_KubeSchedulerConfiguration_To_v1alpha1_KubeSchedulerConfiguration, - Convert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication, - Convert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication, - Convert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication, - Convert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication, - Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization, - Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization, - Convert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration, - Convert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration, - Convert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication, - Convert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication, - Convert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization, - Convert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization, - Convert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication, - Convert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication, Convert_v1alpha1_LeaderElectionConfiguration_To_componentconfig_LeaderElectionConfiguration, Convert_componentconfig_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration, ) @@ -273,512 +257,6 @@ func Convert_componentconfig_KubeSchedulerConfiguration_To_v1alpha1_KubeSchedule return autoConvert_componentconfig_KubeSchedulerConfiguration_To_v1alpha1_KubeSchedulerConfiguration(in, out, s) } -func autoConvert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, out *componentconfig.KubeletAnonymousAuthentication, s conversion.Scope) error { - if err := v1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication is an autogenerated conversion function. -func Convert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, out *componentconfig.KubeletAnonymousAuthentication, s conversion.Scope) error { - return autoConvert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication(in, out, s) -} - -func autoConvert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in *componentconfig.KubeletAnonymousAuthentication, out *KubeletAnonymousAuthentication, s conversion.Scope) error { - if err := v1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { - return err - } - return nil -} - -// Convert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication is an autogenerated conversion function. -func Convert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in *componentconfig.KubeletAnonymousAuthentication, out *KubeletAnonymousAuthentication, s conversion.Scope) error { - return autoConvert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in, out, s) -} - -func autoConvert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication(in *KubeletAuthentication, out *componentconfig.KubeletAuthentication, s conversion.Scope) error { - if err := Convert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication(&in.X509, &out.X509, s); err != nil { - return err - } - if err := Convert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication(&in.Webhook, &out.Webhook, s); err != nil { - return err - } - if err := Convert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication(&in.Anonymous, &out.Anonymous, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication is an autogenerated conversion function. -func Convert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication(in *KubeletAuthentication, out *componentconfig.KubeletAuthentication, s conversion.Scope) error { - return autoConvert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication(in, out, s) -} - -func autoConvert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in *componentconfig.KubeletAuthentication, out *KubeletAuthentication, s conversion.Scope) error { - if err := Convert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(&in.X509, &out.X509, s); err != nil { - return err - } - if err := Convert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(&in.Webhook, &out.Webhook, s); err != nil { - return err - } - if err := Convert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(&in.Anonymous, &out.Anonymous, s); err != nil { - return err - } - return nil -} - -// Convert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication is an autogenerated conversion function. -func Convert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in *componentconfig.KubeletAuthentication, out *KubeletAuthentication, s conversion.Scope) error { - return autoConvert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in, out, s) -} - -func autoConvert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization(in *KubeletAuthorization, out *componentconfig.KubeletAuthorization, s conversion.Scope) error { - out.Mode = componentconfig.KubeletAuthorizationMode(in.Mode) - if err := Convert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization(&in.Webhook, &out.Webhook, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization is an autogenerated conversion function. -func Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization(in *KubeletAuthorization, out *componentconfig.KubeletAuthorization, s conversion.Scope) error { - return autoConvert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization(in, out, s) -} - -func autoConvert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in *componentconfig.KubeletAuthorization, out *KubeletAuthorization, s conversion.Scope) error { - out.Mode = KubeletAuthorizationMode(in.Mode) - if err := Convert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(&in.Webhook, &out.Webhook, s); err != nil { - return err - } - return nil -} - -// Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization is an autogenerated conversion function. -func Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in *componentconfig.KubeletAuthorization, out *KubeletAuthorization, s conversion.Scope) error { - return autoConvert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in, out, s) -} - -func autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration(in *KubeletConfiguration, out *componentconfig.KubeletConfiguration, s conversion.Scope) error { - if err := v1.Convert_Pointer_v1_Duration_To_v1_Duration(&in.ConfigTrialDuration, &out.ConfigTrialDuration, s); err != nil { - return err - } - if err := v1.Convert_Pointer_int32_To_int32(&in.CrashLoopThreshold, &out.CrashLoopThreshold, s); err != nil { - return err - } - out.PodManifestPath = in.PodManifestPath - out.SyncFrequency = in.SyncFrequency - out.FileCheckFrequency = in.FileCheckFrequency - out.HTTPCheckFrequency = in.HTTPCheckFrequency - out.ManifestURL = in.ManifestURL - out.ManifestURLHeader = in.ManifestURLHeader - if err := v1.Convert_Pointer_bool_To_bool(&in.EnableServer, &out.EnableServer, s); err != nil { - return err - } - out.Address = in.Address - out.Port = in.Port - out.ReadOnlyPort = in.ReadOnlyPort - out.TLSCertFile = in.TLSCertFile - out.TLSPrivateKeyFile = in.TLSPrivateKeyFile - if err := Convert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication(&in.Authentication, &out.Authentication, s); err != nil { - return err - } - if err := Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization(&in.Authorization, &out.Authorization, s); err != nil { - return err - } - out.SeccompProfileRoot = in.SeccompProfileRoot - if err := v1.Convert_Pointer_bool_To_bool(&in.AllowPrivileged, &out.AllowPrivileged, s); err != nil { - return err - } - out.HostNetworkSources = *(*[]string)(unsafe.Pointer(&in.HostNetworkSources)) - out.HostPIDSources = *(*[]string)(unsafe.Pointer(&in.HostPIDSources)) - out.HostIPCSources = *(*[]string)(unsafe.Pointer(&in.HostIPCSources)) - if err := v1.Convert_Pointer_int32_To_int32(&in.RegistryPullQPS, &out.RegistryPullQPS, s); err != nil { - return err - } - out.RegistryBurst = in.RegistryBurst - if err := v1.Convert_Pointer_int32_To_int32(&in.EventRecordQPS, &out.EventRecordQPS, s); err != nil { - return err - } - out.EventBurst = in.EventBurst - if err := v1.Convert_Pointer_bool_To_bool(&in.EnableDebuggingHandlers, &out.EnableDebuggingHandlers, s); err != nil { - return err - } - out.EnableContentionProfiling = in.EnableContentionProfiling - out.MinimumGCAge = in.MinimumGCAge - out.MaxPerPodContainerCount = in.MaxPerPodContainerCount - if err := v1.Convert_Pointer_int32_To_int32(&in.MaxContainerCount, &out.MaxContainerCount, s); err != nil { - return err - } - if err := v1.Convert_Pointer_int32_To_int32(&in.CAdvisorPort, &out.CAdvisorPort, s); err != nil { - return err - } - out.HealthzPort = in.HealthzPort - out.HealthzBindAddress = in.HealthzBindAddress - if err := v1.Convert_Pointer_int32_To_int32(&in.OOMScoreAdj, &out.OOMScoreAdj, s); err != nil { - return err - } - if err := v1.Convert_Pointer_bool_To_bool(&in.RegisterNode, &out.RegisterNode, s); err != nil { - return err - } - out.ClusterDomain = in.ClusterDomain - out.MasterServiceNamespace = in.MasterServiceNamespace - out.ClusterDNS = *(*[]string)(unsafe.Pointer(&in.ClusterDNS)) - out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout - out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency - out.ImageMinimumGCAge = in.ImageMinimumGCAge - if err := v1.Convert_Pointer_int32_To_int32(&in.ImageGCHighThresholdPercent, &out.ImageGCHighThresholdPercent, s); err != nil { - return err - } - if err := v1.Convert_Pointer_int32_To_int32(&in.ImageGCLowThresholdPercent, &out.ImageGCLowThresholdPercent, s); err != nil { - return err - } - out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod - out.VolumePluginDir = in.VolumePluginDir - out.KubeletCgroups = in.KubeletCgroups - out.RuntimeCgroups = in.RuntimeCgroups - out.SystemCgroups = in.SystemCgroups - out.CgroupRoot = in.CgroupRoot - if err := v1.Convert_Pointer_bool_To_bool(&in.CgroupsPerQOS, &out.CgroupsPerQOS, s); err != nil { - return err - } - out.CgroupDriver = in.CgroupDriver - out.ContainerRuntime = in.ContainerRuntime - out.RemoteRuntimeEndpoint = in.RemoteRuntimeEndpoint - out.RemoteImageEndpoint = in.RemoteImageEndpoint - out.RuntimeRequestTimeout = in.RuntimeRequestTimeout - out.ExperimentalMounterPath = in.ExperimentalMounterPath - if err := v1.Convert_Pointer_string_To_string(&in.LockFilePath, &out.LockFilePath, s); err != nil { - return err - } - out.ExitOnLockContention = in.ExitOnLockContention - out.HairpinMode = in.HairpinMode - out.MaxPods = in.MaxPods - out.PodCIDR = in.PodCIDR - out.ResolverConfig = in.ResolverConfig - if err := v1.Convert_Pointer_bool_To_bool(&in.CPUCFSQuota, &out.CPUCFSQuota, s); err != nil { - return err - } - if err := v1.Convert_Pointer_bool_To_bool(&in.Containerized, &out.Containerized, s); err != nil { - return err - } - out.MaxOpenFiles = in.MaxOpenFiles - if err := v1.Convert_Pointer_bool_To_bool(&in.RegisterSchedulable, &out.RegisterSchedulable, s); err != nil { - return err - } - out.RegisterWithTaints = *(*[]api.Taint)(unsafe.Pointer(&in.RegisterWithTaints)) - out.ContentType = in.ContentType - if err := v1.Convert_Pointer_int32_To_int32(&in.KubeAPIQPS, &out.KubeAPIQPS, s); err != nil { - return err - } - out.KubeAPIBurst = in.KubeAPIBurst - if err := v1.Convert_Pointer_bool_To_bool(&in.SerializeImagePulls, &out.SerializeImagePulls, s); err != nil { - return err - } - out.NodeLabels = *(*map[string]string)(unsafe.Pointer(&in.NodeLabels)) - out.NonMasqueradeCIDR = in.NonMasqueradeCIDR - out.EnableCustomMetrics = in.EnableCustomMetrics - if err := v1.Convert_Pointer_string_To_string(&in.EvictionHard, &out.EvictionHard, s); err != nil { - return err - } - out.EvictionSoft = in.EvictionSoft - out.EvictionSoftGracePeriod = in.EvictionSoftGracePeriod - out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod - out.EvictionMaxPodGracePeriod = in.EvictionMaxPodGracePeriod - out.EvictionMinimumReclaim = in.EvictionMinimumReclaim - if err := v1.Convert_Pointer_bool_To_bool(&in.ExperimentalKernelMemcgNotification, &out.ExperimentalKernelMemcgNotification, s); err != nil { - return err - } - out.PodsPerCore = in.PodsPerCore - if err := v1.Convert_Pointer_bool_To_bool(&in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach, s); err != nil { - return err - } - out.ExperimentalQOSReserved = *(*componentconfig.ConfigurationMap)(unsafe.Pointer(&in.ExperimentalQOSReserved)) - out.ProtectKernelDefaults = in.ProtectKernelDefaults - if err := v1.Convert_Pointer_bool_To_bool(&in.MakeIPTablesUtilChains, &out.MakeIPTablesUtilChains, s); err != nil { - return err - } - if err := v1.Convert_Pointer_int32_To_int32(&in.IPTablesMasqueradeBit, &out.IPTablesMasqueradeBit, s); err != nil { - return err - } - if err := v1.Convert_Pointer_int32_To_int32(&in.IPTablesDropBit, &out.IPTablesDropBit, s); err != nil { - return err - } - out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) - out.FeatureGates = in.FeatureGates - out.FailSwapOn = in.FailSwapOn - out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount - out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes - out.SystemReserved = *(*componentconfig.ConfigurationMap)(unsafe.Pointer(&in.SystemReserved)) - out.KubeReserved = *(*componentconfig.ConfigurationMap)(unsafe.Pointer(&in.KubeReserved)) - out.SystemReservedCgroup = in.SystemReservedCgroup - out.KubeReservedCgroup = in.KubeReservedCgroup - out.EnforceNodeAllocatable = *(*[]string)(unsafe.Pointer(&in.EnforceNodeAllocatable)) - out.ExperimentalNodeAllocatableIgnoreEvictionThreshold = in.ExperimentalNodeAllocatableIgnoreEvictionThreshold - return nil -} - -// Convert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration is an autogenerated conversion function. -func Convert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration(in *KubeletConfiguration, out *componentconfig.KubeletConfiguration, s conversion.Scope) error { - return autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration(in, out, s) -} - -func autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in *componentconfig.KubeletConfiguration, out *KubeletConfiguration, s conversion.Scope) error { - if err := v1.Convert_v1_Duration_To_Pointer_v1_Duration(&in.ConfigTrialDuration, &out.ConfigTrialDuration, s); err != nil { - return err - } - if err := v1.Convert_int32_To_Pointer_int32(&in.CrashLoopThreshold, &out.CrashLoopThreshold, s); err != nil { - return err - } - out.PodManifestPath = in.PodManifestPath - out.SyncFrequency = in.SyncFrequency - out.FileCheckFrequency = in.FileCheckFrequency - out.HTTPCheckFrequency = in.HTTPCheckFrequency - out.ManifestURL = in.ManifestURL - out.ManifestURLHeader = in.ManifestURLHeader - if err := v1.Convert_bool_To_Pointer_bool(&in.EnableServer, &out.EnableServer, s); err != nil { - return err - } - out.Address = in.Address - out.Port = in.Port - out.ReadOnlyPort = in.ReadOnlyPort - out.TLSCertFile = in.TLSCertFile - out.TLSPrivateKeyFile = in.TLSPrivateKeyFile - if err := Convert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(&in.Authentication, &out.Authentication, s); err != nil { - return err - } - if err := Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(&in.Authorization, &out.Authorization, s); err != nil { - return err - } - out.SeccompProfileRoot = in.SeccompProfileRoot - if err := v1.Convert_bool_To_Pointer_bool(&in.AllowPrivileged, &out.AllowPrivileged, s); err != nil { - return err - } - if in.HostNetworkSources == nil { - out.HostNetworkSources = make([]string, 0) - } else { - out.HostNetworkSources = *(*[]string)(unsafe.Pointer(&in.HostNetworkSources)) - } - if in.HostPIDSources == nil { - out.HostPIDSources = make([]string, 0) - } else { - out.HostPIDSources = *(*[]string)(unsafe.Pointer(&in.HostPIDSources)) - } - if in.HostIPCSources == nil { - out.HostIPCSources = make([]string, 0) - } else { - out.HostIPCSources = *(*[]string)(unsafe.Pointer(&in.HostIPCSources)) - } - if err := v1.Convert_int32_To_Pointer_int32(&in.RegistryPullQPS, &out.RegistryPullQPS, s); err != nil { - return err - } - out.RegistryBurst = in.RegistryBurst - if err := v1.Convert_int32_To_Pointer_int32(&in.EventRecordQPS, &out.EventRecordQPS, s); err != nil { - return err - } - out.EventBurst = in.EventBurst - if err := v1.Convert_bool_To_Pointer_bool(&in.EnableDebuggingHandlers, &out.EnableDebuggingHandlers, s); err != nil { - return err - } - out.EnableContentionProfiling = in.EnableContentionProfiling - out.MinimumGCAge = in.MinimumGCAge - out.MaxPerPodContainerCount = in.MaxPerPodContainerCount - if err := v1.Convert_int32_To_Pointer_int32(&in.MaxContainerCount, &out.MaxContainerCount, s); err != nil { - return err - } - if err := v1.Convert_int32_To_Pointer_int32(&in.CAdvisorPort, &out.CAdvisorPort, s); err != nil { - return err - } - out.HealthzPort = in.HealthzPort - out.HealthzBindAddress = in.HealthzBindAddress - if err := v1.Convert_int32_To_Pointer_int32(&in.OOMScoreAdj, &out.OOMScoreAdj, s); err != nil { - return err - } - if err := v1.Convert_bool_To_Pointer_bool(&in.RegisterNode, &out.RegisterNode, s); err != nil { - return err - } - out.ClusterDomain = in.ClusterDomain - out.MasterServiceNamespace = in.MasterServiceNamespace - if in.ClusterDNS == nil { - out.ClusterDNS = make([]string, 0) - } else { - out.ClusterDNS = *(*[]string)(unsafe.Pointer(&in.ClusterDNS)) - } - out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout - out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency - out.ImageMinimumGCAge = in.ImageMinimumGCAge - if err := v1.Convert_int32_To_Pointer_int32(&in.ImageGCHighThresholdPercent, &out.ImageGCHighThresholdPercent, s); err != nil { - return err - } - if err := v1.Convert_int32_To_Pointer_int32(&in.ImageGCLowThresholdPercent, &out.ImageGCLowThresholdPercent, s); err != nil { - return err - } - out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod - out.VolumePluginDir = in.VolumePluginDir - out.KubeletCgroups = in.KubeletCgroups - if err := v1.Convert_bool_To_Pointer_bool(&in.CgroupsPerQOS, &out.CgroupsPerQOS, s); err != nil { - return err - } - out.CgroupDriver = in.CgroupDriver - out.RuntimeCgroups = in.RuntimeCgroups - out.SystemCgroups = in.SystemCgroups - out.CgroupRoot = in.CgroupRoot - out.ContainerRuntime = in.ContainerRuntime - out.RemoteRuntimeEndpoint = in.RemoteRuntimeEndpoint - out.RemoteImageEndpoint = in.RemoteImageEndpoint - out.RuntimeRequestTimeout = in.RuntimeRequestTimeout - out.ExperimentalMounterPath = in.ExperimentalMounterPath - if err := v1.Convert_string_To_Pointer_string(&in.LockFilePath, &out.LockFilePath, s); err != nil { - return err - } - out.ExitOnLockContention = in.ExitOnLockContention - out.HairpinMode = in.HairpinMode - out.MaxPods = in.MaxPods - out.PodCIDR = in.PodCIDR - out.ResolverConfig = in.ResolverConfig - if err := v1.Convert_bool_To_Pointer_bool(&in.CPUCFSQuota, &out.CPUCFSQuota, s); err != nil { - return err - } - if err := v1.Convert_bool_To_Pointer_bool(&in.Containerized, &out.Containerized, s); err != nil { - return err - } - out.MaxOpenFiles = in.MaxOpenFiles - if err := v1.Convert_bool_To_Pointer_bool(&in.RegisterSchedulable, &out.RegisterSchedulable, s); err != nil { - return err - } - if in.RegisterWithTaints == nil { - out.RegisterWithTaints = make([]core_v1.Taint, 0) - } else { - out.RegisterWithTaints = *(*[]core_v1.Taint)(unsafe.Pointer(&in.RegisterWithTaints)) - } - out.ContentType = in.ContentType - if err := v1.Convert_int32_To_Pointer_int32(&in.KubeAPIQPS, &out.KubeAPIQPS, s); err != nil { - return err - } - out.KubeAPIBurst = in.KubeAPIBurst - if err := v1.Convert_bool_To_Pointer_bool(&in.SerializeImagePulls, &out.SerializeImagePulls, s); err != nil { - return err - } - out.NodeLabels = *(*map[string]string)(unsafe.Pointer(&in.NodeLabels)) - out.NonMasqueradeCIDR = in.NonMasqueradeCIDR - out.EnableCustomMetrics = in.EnableCustomMetrics - if err := v1.Convert_string_To_Pointer_string(&in.EvictionHard, &out.EvictionHard, s); err != nil { - return err - } - out.EvictionSoft = in.EvictionSoft - out.EvictionSoftGracePeriod = in.EvictionSoftGracePeriod - out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod - out.EvictionMaxPodGracePeriod = in.EvictionMaxPodGracePeriod - out.EvictionMinimumReclaim = in.EvictionMinimumReclaim - if err := v1.Convert_bool_To_Pointer_bool(&in.ExperimentalKernelMemcgNotification, &out.ExperimentalKernelMemcgNotification, s); err != nil { - return err - } - out.PodsPerCore = in.PodsPerCore - if err := v1.Convert_bool_To_Pointer_bool(&in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach, s); err != nil { - return err - } - out.ExperimentalQOSReserved = *(*map[string]string)(unsafe.Pointer(&in.ExperimentalQOSReserved)) - out.ProtectKernelDefaults = in.ProtectKernelDefaults - if err := v1.Convert_bool_To_Pointer_bool(&in.MakeIPTablesUtilChains, &out.MakeIPTablesUtilChains, s); err != nil { - return err - } - if err := v1.Convert_int32_To_Pointer_int32(&in.IPTablesMasqueradeBit, &out.IPTablesMasqueradeBit, s); err != nil { - return err - } - if err := v1.Convert_int32_To_Pointer_int32(&in.IPTablesDropBit, &out.IPTablesDropBit, s); err != nil { - return err - } - out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) - out.FeatureGates = in.FeatureGates - out.FailSwapOn = in.FailSwapOn - out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount - out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes - out.SystemReserved = *(*map[string]string)(unsafe.Pointer(&in.SystemReserved)) - out.KubeReserved = *(*map[string]string)(unsafe.Pointer(&in.KubeReserved)) - out.SystemReservedCgroup = in.SystemReservedCgroup - out.KubeReservedCgroup = in.KubeReservedCgroup - if in.EnforceNodeAllocatable == nil { - out.EnforceNodeAllocatable = make([]string, 0) - } else { - out.EnforceNodeAllocatable = *(*[]string)(unsafe.Pointer(&in.EnforceNodeAllocatable)) - } - out.ExperimentalNodeAllocatableIgnoreEvictionThreshold = in.ExperimentalNodeAllocatableIgnoreEvictionThreshold - return nil -} - -// Convert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration is an autogenerated conversion function. -func Convert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in *componentconfig.KubeletConfiguration, out *KubeletConfiguration, s conversion.Scope) error { - return autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in, out, s) -} - -func autoConvert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, out *componentconfig.KubeletWebhookAuthentication, s conversion.Scope) error { - if err := v1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { - return err - } - out.CacheTTL = in.CacheTTL - return nil -} - -// Convert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication is an autogenerated conversion function. -func Convert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, out *componentconfig.KubeletWebhookAuthentication, s conversion.Scope) error { - return autoConvert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication(in, out, s) -} - -func autoConvert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in *componentconfig.KubeletWebhookAuthentication, out *KubeletWebhookAuthentication, s conversion.Scope) error { - if err := v1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { - return err - } - out.CacheTTL = in.CacheTTL - return nil -} - -// Convert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication is an autogenerated conversion function. -func Convert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in *componentconfig.KubeletWebhookAuthentication, out *KubeletWebhookAuthentication, s conversion.Scope) error { - return autoConvert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in, out, s) -} - -func autoConvert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, out *componentconfig.KubeletWebhookAuthorization, s conversion.Scope) error { - out.CacheAuthorizedTTL = in.CacheAuthorizedTTL - out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL - return nil -} - -// Convert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization is an autogenerated conversion function. -func Convert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, out *componentconfig.KubeletWebhookAuthorization, s conversion.Scope) error { - return autoConvert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization(in, out, s) -} - -func autoConvert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in *componentconfig.KubeletWebhookAuthorization, out *KubeletWebhookAuthorization, s conversion.Scope) error { - out.CacheAuthorizedTTL = in.CacheAuthorizedTTL - out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL - return nil -} - -// Convert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization is an autogenerated conversion function. -func Convert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in *componentconfig.KubeletWebhookAuthorization, out *KubeletWebhookAuthorization, s conversion.Scope) error { - return autoConvert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in, out, s) -} - -func autoConvert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *componentconfig.KubeletX509Authentication, s conversion.Scope) error { - out.ClientCAFile = in.ClientCAFile - return nil -} - -// Convert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication is an autogenerated conversion function. -func Convert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *componentconfig.KubeletX509Authentication, s conversion.Scope) error { - return autoConvert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication(in, out, s) -} - -func autoConvert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in *componentconfig.KubeletX509Authentication, out *KubeletX509Authentication, s conversion.Scope) error { - out.ClientCAFile = in.ClientCAFile - return nil -} - -// Convert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication is an autogenerated conversion function. -func Convert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in *componentconfig.KubeletX509Authentication, out *KubeletX509Authentication, s conversion.Scope) error { - return autoConvert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in, out, s) -} - func autoConvert_v1alpha1_LeaderElectionConfiguration_To_componentconfig_LeaderElectionConfiguration(in *LeaderElectionConfiguration, out *componentconfig.LeaderElectionConfiguration, s conversion.Scope) error { if err := v1.Convert_Pointer_bool_To_bool(&in.LeaderElect, &out.LeaderElect, s); err != nil { return err diff --git a/pkg/apis/componentconfig/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/componentconfig/v1alpha1/zz_generated.deepcopy.go index 37773f758e7..97b9987d61b 100644 --- a/pkg/apis/componentconfig/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/componentconfig/v1alpha1/zz_generated.deepcopy.go @@ -21,8 +21,6 @@ limitations under the License. package v1alpha1 import ( - core_v1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" reflect "reflect" @@ -58,34 +56,6 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error { in.(*KubeSchedulerConfiguration).DeepCopyInto(out.(*KubeSchedulerConfiguration)) return nil }, InType: reflect.TypeOf(&KubeSchedulerConfiguration{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletAnonymousAuthentication).DeepCopyInto(out.(*KubeletAnonymousAuthentication)) - return nil - }, InType: reflect.TypeOf(&KubeletAnonymousAuthentication{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletAuthentication).DeepCopyInto(out.(*KubeletAuthentication)) - return nil - }, InType: reflect.TypeOf(&KubeletAuthentication{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletAuthorization).DeepCopyInto(out.(*KubeletAuthorization)) - return nil - }, InType: reflect.TypeOf(&KubeletAuthorization{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletConfiguration).DeepCopyInto(out.(*KubeletConfiguration)) - return nil - }, InType: reflect.TypeOf(&KubeletConfiguration{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletWebhookAuthentication).DeepCopyInto(out.(*KubeletWebhookAuthentication)) - return nil - }, InType: reflect.TypeOf(&KubeletWebhookAuthentication{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletWebhookAuthorization).DeepCopyInto(out.(*KubeletWebhookAuthorization)) - return nil - }, InType: reflect.TypeOf(&KubeletWebhookAuthorization{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletX509Authentication).DeepCopyInto(out.(*KubeletX509Authentication)) - return nil - }, InType: reflect.TypeOf(&KubeletX509Authentication{})}, conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { in.(*LeaderElectionConfiguration).DeepCopyInto(out.(*LeaderElectionConfiguration)) return nil @@ -230,464 +200,6 @@ func (in *KubeSchedulerConfiguration) DeepCopyObject() runtime.Object { } } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication. -func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication { - if in == nil { - return nil - } - out := new(KubeletAnonymousAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication) { - *out = *in - out.X509 = in.X509 - in.Webhook.DeepCopyInto(&out.Webhook) - in.Anonymous.DeepCopyInto(&out.Anonymous) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication. -func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication { - if in == nil { - return nil - } - out := new(KubeletAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization) { - *out = *in - out.Webhook = in.Webhook - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization. -func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization { - if in == nil { - return nil - } - out := new(KubeletAuthorization) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.ConfigTrialDuration != nil { - in, out := &in.ConfigTrialDuration, &out.ConfigTrialDuration - if *in == nil { - *out = nil - } else { - *out = new(v1.Duration) - **out = **in - } - } - if in.CrashLoopThreshold != nil { - in, out := &in.CrashLoopThreshold, &out.CrashLoopThreshold - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - out.SyncFrequency = in.SyncFrequency - out.FileCheckFrequency = in.FileCheckFrequency - out.HTTPCheckFrequency = in.HTTPCheckFrequency - if in.EnableServer != nil { - in, out := &in.EnableServer, &out.EnableServer - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - in.Authentication.DeepCopyInto(&out.Authentication) - out.Authorization = in.Authorization - if in.AllowPrivileged != nil { - in, out := &in.AllowPrivileged, &out.AllowPrivileged - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.HostNetworkSources != nil { - in, out := &in.HostNetworkSources, &out.HostNetworkSources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.HostPIDSources != nil { - in, out := &in.HostPIDSources, &out.HostPIDSources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.HostIPCSources != nil { - in, out := &in.HostIPCSources, &out.HostIPCSources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.RegistryPullQPS != nil { - in, out := &in.RegistryPullQPS, &out.RegistryPullQPS - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.EventRecordQPS != nil { - in, out := &in.EventRecordQPS, &out.EventRecordQPS - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.EnableDebuggingHandlers != nil { - in, out := &in.EnableDebuggingHandlers, &out.EnableDebuggingHandlers - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - out.MinimumGCAge = in.MinimumGCAge - if in.MaxContainerCount != nil { - in, out := &in.MaxContainerCount, &out.MaxContainerCount - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.CAdvisorPort != nil { - in, out := &in.CAdvisorPort, &out.CAdvisorPort - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.OOMScoreAdj != nil { - in, out := &in.OOMScoreAdj, &out.OOMScoreAdj - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.RegisterNode != nil { - in, out := &in.RegisterNode, &out.RegisterNode - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.ClusterDNS != nil { - in, out := &in.ClusterDNS, &out.ClusterDNS - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout - out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency - out.ImageMinimumGCAge = in.ImageMinimumGCAge - if in.ImageGCHighThresholdPercent != nil { - in, out := &in.ImageGCHighThresholdPercent, &out.ImageGCHighThresholdPercent - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.ImageGCLowThresholdPercent != nil { - in, out := &in.ImageGCLowThresholdPercent, &out.ImageGCLowThresholdPercent - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod - if in.CgroupsPerQOS != nil { - in, out := &in.CgroupsPerQOS, &out.CgroupsPerQOS - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - out.RuntimeRequestTimeout = in.RuntimeRequestTimeout - if in.LockFilePath != nil { - in, out := &in.LockFilePath, &out.LockFilePath - if *in == nil { - *out = nil - } else { - *out = new(string) - **out = **in - } - } - if in.CPUCFSQuota != nil { - in, out := &in.CPUCFSQuota, &out.CPUCFSQuota - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.Containerized != nil { - in, out := &in.Containerized, &out.Containerized - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.RegisterSchedulable != nil { - in, out := &in.RegisterSchedulable, &out.RegisterSchedulable - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.RegisterWithTaints != nil { - in, out := &in.RegisterWithTaints, &out.RegisterWithTaints - *out = make([]core_v1.Taint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.KubeAPIQPS != nil { - in, out := &in.KubeAPIQPS, &out.KubeAPIQPS - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.SerializeImagePulls != nil { - in, out := &in.SerializeImagePulls, &out.SerializeImagePulls - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.NodeLabels != nil { - in, out := &in.NodeLabels, &out.NodeLabels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.EvictionHard != nil { - in, out := &in.EvictionHard, &out.EvictionHard - if *in == nil { - *out = nil - } else { - *out = new(string) - **out = **in - } - } - out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod - if in.ExperimentalKernelMemcgNotification != nil { - in, out := &in.ExperimentalKernelMemcgNotification, &out.ExperimentalKernelMemcgNotification - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.EnableControllerAttachDetach != nil { - in, out := &in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.ExperimentalQOSReserved != nil { - in, out := &in.ExperimentalQOSReserved, &out.ExperimentalQOSReserved - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.MakeIPTablesUtilChains != nil { - in, out := &in.MakeIPTablesUtilChains, &out.MakeIPTablesUtilChains - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - if in.IPTablesMasqueradeBit != nil { - in, out := &in.IPTablesMasqueradeBit, &out.IPTablesMasqueradeBit - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.IPTablesDropBit != nil { - in, out := &in.IPTablesDropBit, &out.IPTablesDropBit - if *in == nil { - *out = nil - } else { - *out = new(int32) - **out = **in - } - } - if in.AllowedUnsafeSysctls != nil { - in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SystemReserved != nil { - in, out := &in.SystemReserved, &out.SystemReserved - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.KubeReserved != nil { - in, out := &in.KubeReserved, &out.KubeReserved - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.EnforceNodeAllocatable != nil { - in, out := &in.EnforceNodeAllocatable, &out.EnforceNodeAllocatable - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration. -func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration { - if in == nil { - return nil - } - out := new(KubeletConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *KubeletConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } else { - return nil - } -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - if *in == nil { - *out = nil - } else { - *out = new(bool) - **out = **in - } - } - out.CacheTTL = in.CacheTTL - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication. -func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication { - if in == nil { - return nil - } - out := new(KubeletWebhookAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization) { - *out = *in - out.CacheAuthorizedTTL = in.CacheAuthorizedTTL - out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization. -func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization { - if in == nil { - return nil - } - out := new(KubeletWebhookAuthorization) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication. -func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication { - if in == nil { - return nil - } - out := new(KubeletX509Authentication) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LeaderElectionConfiguration) DeepCopyInto(out *LeaderElectionConfiguration) { *out = *in diff --git a/pkg/apis/componentconfig/v1alpha1/zz_generated.defaults.go b/pkg/apis/componentconfig/v1alpha1/zz_generated.defaults.go index 72bebf23b6e..72f514af67d 100644 --- a/pkg/apis/componentconfig/v1alpha1/zz_generated.defaults.go +++ b/pkg/apis/componentconfig/v1alpha1/zz_generated.defaults.go @@ -30,7 +30,6 @@ import ( func RegisterDefaults(scheme *runtime.Scheme) error { scheme.AddTypeDefaultingFunc(&KubeProxyConfiguration{}, func(obj interface{}) { SetObjectDefaults_KubeProxyConfiguration(obj.(*KubeProxyConfiguration)) }) scheme.AddTypeDefaultingFunc(&KubeSchedulerConfiguration{}, func(obj interface{}) { SetObjectDefaults_KubeSchedulerConfiguration(obj.(*KubeSchedulerConfiguration)) }) - scheme.AddTypeDefaultingFunc(&KubeletConfiguration{}, func(obj interface{}) { SetObjectDefaults_KubeletConfiguration(obj.(*KubeletConfiguration)) }) return nil } @@ -42,7 +41,3 @@ func SetObjectDefaults_KubeSchedulerConfiguration(in *KubeSchedulerConfiguration SetDefaults_KubeSchedulerConfiguration(in) SetDefaults_LeaderElectionConfiguration(&in.LeaderElection) } - -func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration) { - SetDefaults_KubeletConfiguration(in) -} diff --git a/pkg/apis/componentconfig/validation/BUILD b/pkg/apis/componentconfig/validation/BUILD index a9c496aca6d..1a78f6d273f 100644 --- a/pkg/apis/componentconfig/validation/BUILD +++ b/pkg/apis/componentconfig/validation/BUILD @@ -8,10 +8,6 @@ load( go_library( name = "go_default_library", srcs = ["validation.go"], - deps = [ - "//pkg/apis/componentconfig:go_default_library", - "//pkg/kubelet/cm:go_default_library", - ], ) filegroup( diff --git a/pkg/apis/componentconfig/validation/validation.go b/pkg/apis/componentconfig/validation/validation.go index 3931672c721..59f1df4414e 100644 --- a/pkg/apis/componentconfig/validation/validation.go +++ b/pkg/apis/componentconfig/validation/validation.go @@ -15,42 +15,3 @@ limitations under the License. */ package validation - -import ( - "fmt" - - "k8s.io/kubernetes/pkg/apis/componentconfig" - containermanager "k8s.io/kubernetes/pkg/kubelet/cm" -) - -// MaxCrashLoopThreshold is the maximum allowed KubeletConfiguraiton.CrashLoopThreshold -const MaxCrashLoopThreshold = 10 - -// ValidateKubeletConfiguration validates `kc` and returns an error if it is invalid -func ValidateKubeletConfiguration(kc *componentconfig.KubeletConfiguration) error { - // restrict crashloop threshold to between 0 and `maxCrashLoopThreshold`, inclusive - // more than `maxStartups=maxCrashLoopThreshold` adds unnecessary bloat to the .startups.json file, - // and negative values would be silly. - if kc.CrashLoopThreshold < 0 || kc.CrashLoopThreshold > MaxCrashLoopThreshold { - return fmt.Errorf("field `CrashLoopThreshold` must be between 0 and %d, inclusive", MaxCrashLoopThreshold) - } - - if !kc.CgroupsPerQOS && len(kc.EnforceNodeAllocatable) > 0 { - return fmt.Errorf("node allocatable enforcement is not supported unless Cgroups Per QOS feature is turned on") - } - if kc.SystemCgroups != "" && kc.CgroupRoot == "" { - return fmt.Errorf("invalid configuration: system container was specified and cgroup root was not specified") - } - for _, val := range kc.EnforceNodeAllocatable { - switch val { - case containermanager.NodeAllocatableEnforcementKey: - case containermanager.SystemReservedEnforcementKey: - case containermanager.KubeReservedEnforcementKey: - continue - default: - return fmt.Errorf("invalid option %q specified for EnforceNodeAllocatable setting. Valid options are %q, %q or %q", - val, containermanager.NodeAllocatableEnforcementKey, containermanager.SystemReservedEnforcementKey, containermanager.KubeReservedEnforcementKey) - } - } - return nil -} diff --git a/pkg/apis/componentconfig/zz_generated.deepcopy.go b/pkg/apis/componentconfig/zz_generated.deepcopy.go index 5537f1a3570..562519e52bd 100644 --- a/pkg/apis/componentconfig/zz_generated.deepcopy.go +++ b/pkg/apis/componentconfig/zz_generated.deepcopy.go @@ -23,7 +23,6 @@ package componentconfig import ( conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" - api "k8s.io/kubernetes/pkg/api" reflect "reflect" ) @@ -69,34 +68,6 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error { in.(*KubeSchedulerConfiguration).DeepCopyInto(out.(*KubeSchedulerConfiguration)) return nil }, InType: reflect.TypeOf(&KubeSchedulerConfiguration{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletAnonymousAuthentication).DeepCopyInto(out.(*KubeletAnonymousAuthentication)) - return nil - }, InType: reflect.TypeOf(&KubeletAnonymousAuthentication{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletAuthentication).DeepCopyInto(out.(*KubeletAuthentication)) - return nil - }, InType: reflect.TypeOf(&KubeletAuthentication{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletAuthorization).DeepCopyInto(out.(*KubeletAuthorization)) - return nil - }, InType: reflect.TypeOf(&KubeletAuthorization{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletConfiguration).DeepCopyInto(out.(*KubeletConfiguration)) - return nil - }, InType: reflect.TypeOf(&KubeletConfiguration{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletWebhookAuthentication).DeepCopyInto(out.(*KubeletWebhookAuthentication)) - return nil - }, InType: reflect.TypeOf(&KubeletWebhookAuthentication{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletWebhookAuthorization).DeepCopyInto(out.(*KubeletWebhookAuthorization)) - return nil - }, InType: reflect.TypeOf(&KubeletWebhookAuthorization{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*KubeletX509Authentication).DeepCopyInto(out.(*KubeletX509Authentication)) - return nil - }, InType: reflect.TypeOf(&KubeletX509Authentication{})}, conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { in.(*LeaderElectionConfiguration).DeepCopyInto(out.(*LeaderElectionConfiguration)) return nil @@ -341,213 +312,6 @@ func (in *KubeSchedulerConfiguration) DeepCopyObject() runtime.Object { } } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication. -func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication { - if in == nil { - return nil - } - out := new(KubeletAnonymousAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication) { - *out = *in - out.X509 = in.X509 - out.Webhook = in.Webhook - out.Anonymous = in.Anonymous - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication. -func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication { - if in == nil { - return nil - } - out := new(KubeletAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization) { - *out = *in - out.Webhook = in.Webhook - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization. -func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization { - if in == nil { - return nil - } - out := new(KubeletAuthorization) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ConfigTrialDuration = in.ConfigTrialDuration - out.SyncFrequency = in.SyncFrequency - out.FileCheckFrequency = in.FileCheckFrequency - out.HTTPCheckFrequency = in.HTTPCheckFrequency - out.Authentication = in.Authentication - out.Authorization = in.Authorization - if in.HostNetworkSources != nil { - in, out := &in.HostNetworkSources, &out.HostNetworkSources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.HostPIDSources != nil { - in, out := &in.HostPIDSources, &out.HostPIDSources - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.HostIPCSources != nil { - in, out := &in.HostIPCSources, &out.HostIPCSources - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.MinimumGCAge = in.MinimumGCAge - if in.ClusterDNS != nil { - in, out := &in.ClusterDNS, &out.ClusterDNS - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout - out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency - out.ImageMinimumGCAge = in.ImageMinimumGCAge - out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod - out.RuntimeRequestTimeout = in.RuntimeRequestTimeout - if in.RegisterWithTaints != nil { - in, out := &in.RegisterWithTaints, &out.RegisterWithTaints - *out = make([]api.Taint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.NodeLabels != nil { - in, out := &in.NodeLabels, &out.NodeLabels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod - if in.ExperimentalQOSReserved != nil { - in, out := &in.ExperimentalQOSReserved, &out.ExperimentalQOSReserved - *out = make(ConfigurationMap, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.AllowedUnsafeSysctls != nil { - in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SystemReserved != nil { - in, out := &in.SystemReserved, &out.SystemReserved - *out = make(ConfigurationMap, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.KubeReserved != nil { - in, out := &in.KubeReserved, &out.KubeReserved - *out = make(ConfigurationMap, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.EnforceNodeAllocatable != nil { - in, out := &in.EnforceNodeAllocatable, &out.EnforceNodeAllocatable - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration. -func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration { - if in == nil { - return nil - } - out := new(KubeletConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *KubeletConfiguration) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } else { - return nil - } -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication) { - *out = *in - out.CacheTTL = in.CacheTTL - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication. -func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication { - if in == nil { - return nil - } - out := new(KubeletWebhookAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization) { - *out = *in - out.CacheAuthorizedTTL = in.CacheAuthorizedTTL - out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization. -func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization { - if in == nil { - return nil - } - out := new(KubeletWebhookAuthorization) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication. -func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication { - if in == nil { - return nil - } - out := new(KubeletX509Authentication) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LeaderElectionConfiguration) DeepCopyInto(out *LeaderElectionConfiguration) { *out = *in diff --git a/pkg/generated/openapi/BUILD b/pkg/generated/openapi/BUILD index 075cc4487ee..030d5bc4b9d 100644 --- a/pkg/generated/openapi/BUILD +++ b/pkg/generated/openapi/BUILD @@ -13,6 +13,7 @@ openapi_library( "pkg/apis/abac/v0", "pkg/apis/abac/v1beta1", "pkg/apis/componentconfig/v1alpha1", + "pkg/kubelet/apis/kubeletconfig/v1alpha1", "pkg/version", ], tags = ["automanaged"], diff --git a/pkg/kubelet/BUILD b/pkg/kubelet/BUILD index 3ceb61a0914..1f0aa84dcee 100644 --- a/pkg/kubelet/BUILD +++ b/pkg/kubelet/BUILD @@ -38,14 +38,14 @@ go_library( "//pkg/api/v1/pod:go_default_library", "//pkg/api/v1/resource:go_default_library", "//pkg/api/v1/validation:go_default_library", - "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/v1alpha1:go_default_library", "//pkg/capabilities:go_default_library", "//pkg/cloudprovider:go_default_library", "//pkg/features:go_default_library", "//pkg/fieldpath:go_default_library", "//pkg/kubelet/apis:go_default_library", "//pkg/kubelet/apis/cri:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", "//pkg/kubelet/cadvisor:go_default_library", "//pkg/kubelet/certificate:go_default_library", "//pkg/kubelet/cm:go_default_library", @@ -169,8 +169,8 @@ go_test( deps = [ "//pkg/api:go_default_library", "//pkg/api/install:go_default_library", - "//pkg/apis/componentconfig:go_default_library", "//pkg/capabilities:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/cadvisor/testing:go_default_library", "//pkg/kubelet/cm:go_default_library", "//pkg/kubelet/config:go_default_library", diff --git a/pkg/kubelet/apis/BUILD b/pkg/kubelet/apis/BUILD index ea268b1a9ea..6f36634e1c1 100644 --- a/pkg/kubelet/apis/BUILD +++ b/pkg/kubelet/apis/BUILD @@ -25,6 +25,7 @@ filegroup( srcs = [ ":package-srcs", "//pkg/kubelet/apis/cri:all-srcs", + "//pkg/kubelet/apis/kubeletconfig:all-srcs", "//pkg/kubelet/apis/stats/v1alpha1:all-srcs", ], tags = ["automanaged"], diff --git a/pkg/kubelet/apis/kubeletconfig/BUILD b/pkg/kubelet/apis/kubeletconfig/BUILD new file mode 100644 index 00000000000..92d82340d23 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/BUILD @@ -0,0 +1,44 @@ +package(default_visibility = ["//visibility:public"]) + +licenses(["notice"]) + +load( + "@io_bazel_rules_go//go:def.bzl", + "go_library", +) + +go_library( + name = "go_default_library", + srcs = [ + "doc.go", + "register.go", + "types.go", + "zz_generated.deepcopy.go", + ], + tags = ["automanaged"], + deps = [ + "//pkg/api:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", + ], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [ + ":package-srcs", + "//pkg/kubelet/apis/kubeletconfig/install:all-srcs", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:all-srcs", + "//pkg/kubelet/apis/kubeletconfig/validation:all-srcs", + ], + tags = ["automanaged"], +) diff --git a/pkg/kubelet/apis/kubeletconfig/OWNERS b/pkg/kubelet/apis/kubeletconfig/OWNERS new file mode 100644 index 00000000000..7eed1121edd --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/OWNERS @@ -0,0 +1,4 @@ +approvers: +- mtaufen +reviewers: +- sig-node-reviewers diff --git a/pkg/kubelet/apis/kubeletconfig/doc.go b/pkg/kubelet/apis/kubeletconfig/doc.go new file mode 100644 index 00000000000..831e600619a --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/doc.go @@ -0,0 +1,19 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package,register + +package kubeletconfig // import "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" diff --git a/pkg/kubelet/apis/kubeletconfig/install/BUILD b/pkg/kubelet/apis/kubeletconfig/install/BUILD new file mode 100644 index 00000000000..111801fa0b6 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/install/BUILD @@ -0,0 +1,35 @@ +package(default_visibility = ["//visibility:public"]) + +licenses(["notice"]) + +load( + "@io_bazel_rules_go//go:def.bzl", + "go_library", +) + +go_library( + name = "go_default_library", + srcs = ["install.go"], + tags = ["automanaged"], + deps = [ + "//pkg/api:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/apimachinery/announced:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", + ], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], +) diff --git a/pkg/kubelet/apis/kubeletconfig/install/install.go b/pkg/kubelet/apis/kubeletconfig/install/install.go new file mode 100644 index 00000000000..731791f9d08 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/install/install.go @@ -0,0 +1,49 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package install installs the experimental API group, making it available as +// an option to all of the API encoding/decoding machinery. +package install + +import ( + "k8s.io/apimachinery/pkg/apimachinery/announced" + "k8s.io/apimachinery/pkg/apimachinery/registered" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" +) + +func init() { + // TODO(mtaufen): probably want to create a kubelet scheme rather than reusing the api scheme, but need to ask lavalamp + Install(api.GroupFactoryRegistry, api.Registry, api.Scheme) +} + +// Install registers the API group and adds types to a scheme +func Install(groupFactoryRegistry announced.APIGroupFactoryRegistry, registry *registered.APIRegistrationManager, scheme *runtime.Scheme) { + if err := announced.NewGroupMetaFactory( + &announced.GroupMetaFactoryArgs{ + GroupName: kubeletconfig.GroupName, + VersionPreferenceOrder: []string{v1alpha1.SchemeGroupVersion.Version}, + AddInternalObjectsToScheme: kubeletconfig.AddToScheme, + }, + announced.VersionToSchemeFunc{ + v1alpha1.SchemeGroupVersion.Version: v1alpha1.AddToScheme, + }, + ).Announce(groupFactoryRegistry).RegisterAndEnable(registry, scheme); err != nil { + panic(err) + } +} diff --git a/pkg/kubelet/apis/kubeletconfig/register.go b/pkg/kubelet/apis/kubeletconfig/register.go new file mode 100644 index 00000000000..57d16d44768 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/register.go @@ -0,0 +1,51 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kubeletconfig + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// GroupName is the group name use in this package +const GroupName = "kubeletconfig" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +func addKnownTypes(scheme *runtime.Scheme) error { + // TODO this will get cleaned up with the scheme types are fixed + scheme.AddKnownTypes(SchemeGroupVersion, + &KubeletConfiguration{}, + ) + return nil +} diff --git a/pkg/kubelet/apis/kubeletconfig/types.go b/pkg/kubelet/apis/kubeletconfig/types.go new file mode 100644 index 00000000000..3845a139e36 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/types.go @@ -0,0 +1,463 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kubeletconfig + +import ( + "fmt" + "sort" + "strings" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/kubernetes/pkg/api" +) + +// HairpinMode denotes how the kubelet should configure networking to handle +// hairpin packets. +type HairpinMode string + +// Enum settings for different ways to handle hairpin packets. +const ( + // Set the hairpin flag on the veth of containers in the respective + // container runtime. + HairpinVeth = "hairpin-veth" + // Make the container bridge promiscuous. This will force it to accept + // hairpin packets, even if the flag isn't set on ports of the bridge. + PromiscuousBridge = "promiscuous-bridge" + // Neither of the above. If the kubelet is started in this hairpin mode + // and kube-proxy is running in iptables mode, hairpin packets will be + // dropped by the container bridge. + HairpinNone = "none" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// A configuration field should go in KubeletFlags instead of KubeletConfiguration if any of these are true: +// - its value will never, or cannot safely be changed during the lifetime of a node +// - its value cannot be safely shared between nodes at the same time (e.g. a hostname) +// KubeletConfiguration is intended to be shared between nodes +// In general, please try to avoid adding flags or configuration fields, +// we already have a confusingly large amount of them. +// TODO: curate the ordering and structure of this config object +type KubeletConfiguration struct { + metav1.TypeMeta + + // Only used for dynamic configuration. + // The length of the trial period for this configuration. If the Kubelet records CrashLoopThreshold or + // more startups during this period, the current configuration will be marked bad and the + // Kubelet will roll-back to the last-known-good. Default 10 minutes. + ConfigTrialDuration metav1.Duration + // Only used for dynamic configuration. + // If this number of Kubelet "crashes" during ConfigTrialDuration meets this threshold, + // the configuration fails the trial and the Kubelet rolls back to its last-known-good config. + // Crash-loops are detected by counting Kubelet startups, so one startup is implicitly added + // to this threshold to always allow a single restart per config change. + // Default 10, mimimum allowed is 0, maximum allowed is 10. + CrashLoopThreshold int32 + // podManifestPath is the path to the directory containing pod manifests to + // run, or the path to a single manifest file + PodManifestPath string + // syncFrequency is the max period between synchronizing running + // containers and config + SyncFrequency metav1.Duration + // fileCheckFrequency is the duration between checking config files for + // new data + FileCheckFrequency metav1.Duration + // httpCheckFrequency is the duration between checking http for new data + HTTPCheckFrequency metav1.Duration + // manifestURL is the URL for accessing the container manifest + ManifestURL string + // manifestURLHeader is the HTTP header to use when accessing the manifest + // URL, with the key separated from the value with a ':', as in 'key:value' + ManifestURLHeader string + // enableServer enables the Kubelet's server + EnableServer bool + // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 + // for all interfaces) + Address string + // port is the port for the Kubelet to serve on. + Port int32 + // readOnlyPort is the read-only port for the Kubelet to serve on with + // no authentication/authorization (set to 0 to disable) + ReadOnlyPort int32 + // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, + // if any, concatenated after server cert). If tlsCertFile and + // tlsPrivateKeyFile are not provided, a self-signed certificate + // and key are generated for the public address and saved to the directory + // passed to certDir. + TLSCertFile string + // tlsPrivateKeyFile is the ile containing x509 private key matching + // tlsCertFile. + TLSPrivateKeyFile string + // authentication specifies how requests to the Kubelet's server are authenticated + Authentication KubeletAuthentication + // authorization specifies how requests to the Kubelet's server are authorized + Authorization KubeletAuthorization + // seccompProfileRoot is the directory path for seccomp profiles. + SeccompProfileRoot string + // allowPrivileged enables containers to request privileged mode. + // Defaults to false. + AllowPrivileged bool + // hostNetworkSources is a comma-separated list of sources from which the + // Kubelet allows pods to use of host network. Defaults to "*". Valid + // options are "file", "http", "api", and "*" (all sources). + HostNetworkSources []string + // hostPIDSources is a comma-separated list of sources from which the + // Kubelet allows pods to use the host pid namespace. Defaults to "*". + HostPIDSources []string + // hostIPCSources is a comma-separated list of sources from which the + // Kubelet allows pods to use the host ipc namespace. Defaults to "*". + HostIPCSources []string + // registryPullQPS is the limit of registry pulls per second. If 0, + // unlimited. Set to 0 for no limit. Defaults to 5.0. + RegistryPullQPS int32 + // registryBurst is the maximum size of a bursty pulls, temporarily allows + // pulls to burst to this number, while still not exceeding registryQps. + // Only used if registryQPS > 0. + RegistryBurst int32 + // eventRecordQPS is the maximum event creations per second. If 0, there + // is no limit enforced. + EventRecordQPS int32 + // eventBurst is the maximum size of a bursty event records, temporarily + // allows event records to burst to this number, while still not exceeding + // event-qps. Only used if eventQps > 0 + EventBurst int32 + // enableDebuggingHandlers enables server endpoints for log collection + // and local running of containers and commands + EnableDebuggingHandlers bool + // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. + EnableContentionProfiling bool + // minimumGCAge is the minimum age for a finished container before it is + // garbage collected. + MinimumGCAge metav1.Duration + // maxPerPodContainerCount is the maximum number of old instances to + // retain per container. Each container takes up some disk space. + MaxPerPodContainerCount int32 + // maxContainerCount is the maximum number of old instances of containers + // to retain globally. Each container takes up some disk space. + MaxContainerCount int32 + // cAdvisorPort is the port of the localhost cAdvisor endpoint + CAdvisorPort int32 + // healthzPort is the port of the localhost healthz endpoint + HealthzPort int32 + // healthzBindAddress is the IP address for the healthz server to serve + // on. + HealthzBindAddress string + // oomScoreAdj is The oom-score-adj value for kubelet process. Values + // must be within the range [-1000, 1000]. + OOMScoreAdj int32 + // registerNode enables automatic registration with the apiserver. + RegisterNode bool + // clusterDomain is the DNS domain for this cluster. If set, kubelet will + // configure all containers to search this domain in addition to the + // host's search domains. + ClusterDomain string + // masterServiceNamespace is The namespace from which the kubernetes + // master services should be injected into pods. + MasterServiceNamespace string + // clusterDNS is a list of IP address for a cluster DNS server. If set, + // kubelet will configure all containers to use this for DNS resolution + // instead of the host's DNS servers + ClusterDNS []string + // streamingConnectionIdleTimeout is the maximum time a streaming connection + // can be idle before the connection is automatically closed. + StreamingConnectionIdleTimeout metav1.Duration + // nodeStatusUpdateFrequency is the frequency that kubelet posts node + // status to master. Note: be cautious when changing the constant, it + // must work with nodeMonitorGracePeriod in nodecontroller. + NodeStatusUpdateFrequency metav1.Duration + // imageMinimumGCAge is the minimum age for an unused image before it is + // garbage collected. + ImageMinimumGCAge metav1.Duration + // imageGCHighThresholdPercent is the percent of disk usage after which + // image garbage collection is always run. + ImageGCHighThresholdPercent int32 + // imageGCLowThresholdPercent is the percent of disk usage before which + // image garbage collection is never run. Lowest disk usage to garbage + // collect to. + ImageGCLowThresholdPercent int32 + // How frequently to calculate and cache volume disk usage for all pods + VolumeStatsAggPeriod metav1.Duration + // volumePluginDir is the full path of the directory in which to search + // for additional third party volume plugins + VolumePluginDir string + // KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. + // +optional + KubeletCgroups string + // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes + // And all Burstable and BestEffort pods are brought up under their + // specific top level QoS cgroup. + // +optional + CgroupsPerQOS bool + // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) + // +optional + CgroupDriver string + // Cgroups that container runtime is expected to be isolated in. + // +optional + RuntimeCgroups string + // SystemCgroups is absolute name of cgroups in which to place + // all non-kernel processes that are not already in a container. Empty + // for no container. Rolling back the flag requires a reboot. + // +optional + SystemCgroups string + // CgroupRoot is the root cgroup to use for pods. + // If CgroupsPerQOS is enabled, this is the root of the QoS cgroup hierarchy. + // +optional + CgroupRoot string + // containerRuntime is the container runtime to use. + ContainerRuntime string + // remoteRuntimeEndpoint is the endpoint of remote runtime service + RemoteRuntimeEndpoint string + // remoteImageEndpoint is the endpoint of remote image service + RemoteImageEndpoint string + // runtimeRequestTimeout is the timeout for all runtime requests except long running + // requests - pull, logs, exec and attach. + // +optional + RuntimeRequestTimeout metav1.Duration + // experimentalMounterPath is the path of mounter binary. Leave empty to use the default mount path + ExperimentalMounterPath string + // lockFilePath is the path that kubelet will use to as a lock file. + // It uses this file as a lock to synchronize with other kubelet processes + // that may be running. + LockFilePath string + // ExitOnLockContention is a flag that signifies to the kubelet that it is running + // in "bootstrap" mode. This requires that 'LockFilePath' has been set. + // This will cause the kubelet to listen to inotify events on the lock file, + // releasing it and exiting when another process tries to open that file. + ExitOnLockContention bool + // How should the kubelet configure the container bridge for hairpin packets. + // Setting this flag allows endpoints in a Service to loadbalance back to + // themselves if they should try to access their own Service. Values: + // "promiscuous-bridge": make the container bridge promiscuous. + // "hairpin-veth": set the hairpin flag on container veth interfaces. + // "none": do nothing. + // Generally, one must set --hairpin-mode=veth-flag to achieve hairpin NAT, + // because promiscous-bridge assumes the existence of a container bridge named cbr0. + HairpinMode string + // maxPods is the number of pods that can run on this Kubelet. + MaxPods int32 + // The CIDR to use for pod IP addresses, only used in standalone mode. + // In cluster mode, this is obtained from the master. + PodCIDR string + // ResolverConfig is the resolver configuration file used as the basis + // for the container DNS resolution configuration."), [] + ResolverConfig string + // cpuCFSQuota is Enable CPU CFS quota enforcement for containers that + // specify CPU limits + CPUCFSQuota bool + // containerized should be set to true if kubelet is running in a container. + Containerized bool + // maxOpenFiles is Number of files that can be opened by Kubelet process. + MaxOpenFiles int64 + // registerSchedulable tells the kubelet to register the node as + // schedulable. Won't have any effect if register-node is false. + // DEPRECATED: use registerWithTaints instead + RegisterSchedulable bool + // registerWithTaints are an array of taints to add to a node object when + // the kubelet registers itself. This only takes effect when registerNode + // is true and upon the initial registration of the node. + RegisterWithTaints []api.Taint + // contentType is contentType of requests sent to apiserver. + ContentType string + // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver + KubeAPIQPS int32 + // kubeAPIBurst is the burst to allow while talking with kubernetes + // apiserver + KubeAPIBurst int32 + // serializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. + SerializeImagePulls bool + // nodeLabels to add when registering the node in the cluster. + NodeLabels map[string]string + // nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade. + NonMasqueradeCIDR string + // enable gathering custom metrics. + EnableCustomMetrics bool + // Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. + // +optional + EvictionHard string + // Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. + // +optional + EvictionSoft string + // Comma-delimeted list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. + // +optional + EvictionSoftGracePeriod string + // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. + // +optional + EvictionPressureTransitionPeriod metav1.Duration + // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. + // +optional + EvictionMaxPodGracePeriod int32 + // Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. + // +optional + EvictionMinimumReclaim string + // If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. + // +optional + ExperimentalKernelMemcgNotification bool + // Maximum number of pods per core. Cannot exceed MaxPods + PodsPerCore int32 + // enableControllerAttachDetach enables the Attach/Detach controller to + // manage attachment/detachment of volumes scheduled to this node, and + // disables kubelet from executing any attach/detach operations + EnableControllerAttachDetach bool + // A set of ResourceName=Percentage (e.g. memory=50%) pairs that describe + // how pod resource requests are reserved at the QoS level. + // Currently only memory is supported. [default=none]" + ExperimentalQOSReserved ConfigurationMap + // Default behaviour for kernel tuning + ProtectKernelDefaults bool + // If true, Kubelet ensures a set of iptables rules are present on host. + // These rules will serve as utility for various components, e.g. kube-proxy. + // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. + MakeIPTablesUtilChains bool + // iptablesMasqueradeBit is the bit of the iptables fwmark space to use for SNAT + // Values must be within the range [0, 31]. + // Warning: Please match the value of corresponding parameter in kube-proxy + // TODO: clean up IPTablesMasqueradeBit in kube-proxy + IPTablesMasqueradeBit int32 + // iptablesDropBit is the bit of the iptables fwmark space to use for dropping packets. Kubelet will ensure iptables mark and drop rules. + // Values must be within the range [0, 31]. Must be different from IPTablesMasqueradeBit + IPTablesDropBit int32 + // Whitelist of unsafe sysctls or sysctl patterns (ending in *). + // +optional + AllowedUnsafeSysctls []string + // featureGates is a string of comma-separated key=value pairs that describe feature + // gates for alpha/experimental features. + FeatureGates string + // Tells the Kubelet to fail to start if swap is enabled on the node. + FailSwapOn bool + // This flag, if set, enables a check prior to mount operations to verify that the required components + // (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled + // and fails the mount operation fails. + ExperimentalCheckNodeCapabilitiesBeforeMount bool + // This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node. + // This can be useful for debugging volume related issues. + KeepTerminatedPodVolumes bool + + /* following flags are meant for Node Allocatable */ + + // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs + // that describe resources reserved for non-kubernetes components. + // Currently only cpu and memory are supported. [default=none] + // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. + SystemReserved ConfigurationMap + // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs + // that describe resources reserved for kubernetes system components. + // Currently only cpu and memory are supported. [default=none] + // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. + KubeReserved ConfigurationMap + // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + SystemReservedCgroup string + // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + KubeReservedCgroup string + // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. + // This flag accepts a list of options. Acceptable options are `pods`, `system-reserved` & `kube-reserved`. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + EnforceNodeAllocatable []string + // This flag, if set, will avoid including `EvictionHard` limits while computing Node Allocatable. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + ExperimentalNodeAllocatableIgnoreEvictionThreshold bool +} + +type KubeletAuthorizationMode string + +const ( + // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests + KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" + // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization + KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" +) + +type KubeletAuthorization struct { + // mode is the authorization mode to apply to requests to the kubelet server. + // Valid values are AlwaysAllow and Webhook. + // Webhook mode uses the SubjectAccessReview API to determine authorization. + Mode KubeletAuthorizationMode + + // webhook contains settings related to Webhook authorization. + Webhook KubeletWebhookAuthorization +} + +type KubeletWebhookAuthorization struct { + // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. + CacheAuthorizedTTL metav1.Duration + // cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer. + CacheUnauthorizedTTL metav1.Duration +} + +type KubeletAuthentication struct { + // x509 contains settings related to x509 client certificate authentication + X509 KubeletX509Authentication + // webhook contains settings related to webhook bearer token authentication + Webhook KubeletWebhookAuthentication + // anonymous contains settings related to anonymous authentication + Anonymous KubeletAnonymousAuthentication +} + +type KubeletX509Authentication struct { + // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate + // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, + // and groups corresponding to the Organization in the client certificate. + ClientCAFile string +} + +type KubeletWebhookAuthentication struct { + // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API + Enabled bool + // cacheTTL enables caching of authentication results + CacheTTL metav1.Duration +} + +type KubeletAnonymousAuthentication struct { + // enabled allows anonymous requests to the kubelet server. + // Requests that are not rejected by another authentication method are treated as anonymous requests. + // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. + Enabled bool +} + +type ConfigurationMap map[string]string + +func (m *ConfigurationMap) String() string { + pairs := []string{} + for k, v := range *m { + pairs = append(pairs, fmt.Sprintf("%s=%s", k, v)) + } + sort.Strings(pairs) + return strings.Join(pairs, ",") +} + +func (m *ConfigurationMap) Set(value string) error { + for _, s := range strings.Split(value, ",") { + if len(s) == 0 { + continue + } + arr := strings.SplitN(s, "=", 2) + if len(arr) == 2 { + (*m)[strings.TrimSpace(arr[0])] = strings.TrimSpace(arr[1]) + } else { + (*m)[strings.TrimSpace(arr[0])] = "" + } + } + return nil +} + +func (*ConfigurationMap) Type() string { + return "mapStringString" +} diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/BUILD b/pkg/kubelet/apis/kubeletconfig/v1alpha1/BUILD new file mode 100644 index 00000000000..0618be7f136 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/BUILD @@ -0,0 +1,48 @@ +package(default_visibility = ["//visibility:public"]) + +licenses(["notice"]) + +load( + "@io_bazel_rules_go//go:def.bzl", + "go_library", +) + +go_library( + name = "go_default_library", + srcs = [ + "defaults.go", + "doc.go", + "register.go", + "types.go", + "zz_generated.conversion.go", + "zz_generated.deepcopy.go", + "zz_generated.defaults.go", + ], + tags = ["automanaged"], + deps = [ + "//pkg/api:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/qos:go_default_library", + "//pkg/kubelet/types:go_default_library", + "//pkg/master/ports:go_default_library", + "//pkg/util/pointer:go_default_library", + "//vendor/k8s.io/api/core/v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", + ], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], +) diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/defaults.go b/pkg/kubelet/apis/kubeletconfig/v1alpha1/defaults.go new file mode 100644 index 00000000000..47d240c2af1 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/defaults.go @@ -0,0 +1,279 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "path/filepath" + "runtime" + "time" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kruntime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/kubernetes/pkg/kubelet/qos" + kubetypes "k8s.io/kubernetes/pkg/kubelet/types" + "k8s.io/kubernetes/pkg/master/ports" + utilpointer "k8s.io/kubernetes/pkg/util/pointer" +) + +const ( + DefaultRootDir = "/var/lib/kubelet" + + AutoDetectCloudProvider = "auto-detect" + + defaultIPTablesMasqueradeBit = 14 + defaultIPTablesDropBit = 15 +) + +var ( + zeroDuration = metav1.Duration{} + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + defaultNodeAllocatableEnforcement = []string{"pods"} +) + +func addDefaultingFuncs(scheme *kruntime.Scheme) error { + return RegisterDefaults(scheme) +} + +func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration) { + // pointer because the zeroDuration is valid - if you want to skip the trial period + if obj.ConfigTrialDuration == nil { + obj.ConfigTrialDuration = &metav1.Duration{Duration: 10 * time.Minute} + } + if obj.CrashLoopThreshold == nil { + obj.CrashLoopThreshold = utilpointer.Int32Ptr(10) + } + if obj.Authentication.Anonymous.Enabled == nil { + obj.Authentication.Anonymous.Enabled = boolVar(true) + } + if obj.Authentication.Webhook.Enabled == nil { + obj.Authentication.Webhook.Enabled = boolVar(false) + } + if obj.Authentication.Webhook.CacheTTL == zeroDuration { + obj.Authentication.Webhook.CacheTTL = metav1.Duration{Duration: 2 * time.Minute} + } + if obj.Authorization.Mode == "" { + obj.Authorization.Mode = KubeletAuthorizationModeAlwaysAllow + } + if obj.Authorization.Webhook.CacheAuthorizedTTL == zeroDuration { + obj.Authorization.Webhook.CacheAuthorizedTTL = metav1.Duration{Duration: 5 * time.Minute} + } + if obj.Authorization.Webhook.CacheUnauthorizedTTL == zeroDuration { + obj.Authorization.Webhook.CacheUnauthorizedTTL = metav1.Duration{Duration: 30 * time.Second} + } + + if obj.Address == "" { + obj.Address = "0.0.0.0" + } + if obj.CAdvisorPort == nil { + obj.CAdvisorPort = utilpointer.Int32Ptr(4194) + } + if obj.VolumeStatsAggPeriod == zeroDuration { + obj.VolumeStatsAggPeriod = metav1.Duration{Duration: time.Minute} + } + if obj.ContainerRuntime == "" { + obj.ContainerRuntime = "docker" + } + if obj.RuntimeRequestTimeout == zeroDuration { + obj.RuntimeRequestTimeout = metav1.Duration{Duration: 2 * time.Minute} + } + if obj.CPUCFSQuota == nil { + obj.CPUCFSQuota = boolVar(true) + } + if obj.EventBurst == 0 { + obj.EventBurst = 10 + } + if obj.EventRecordQPS == nil { + temp := int32(5) + obj.EventRecordQPS = &temp + } + if obj.EnableControllerAttachDetach == nil { + obj.EnableControllerAttachDetach = boolVar(true) + } + if obj.EnableDebuggingHandlers == nil { + obj.EnableDebuggingHandlers = boolVar(true) + } + if obj.EnableServer == nil { + obj.EnableServer = boolVar(true) + } + if obj.FileCheckFrequency == zeroDuration { + obj.FileCheckFrequency = metav1.Duration{Duration: 20 * time.Second} + } + if obj.HealthzBindAddress == "" { + obj.HealthzBindAddress = "127.0.0.1" + } + if obj.HealthzPort == 0 { + obj.HealthzPort = 10248 + } + if obj.HostNetworkSources == nil { + obj.HostNetworkSources = []string{kubetypes.AllSource} + } + if obj.HostPIDSources == nil { + obj.HostPIDSources = []string{kubetypes.AllSource} + } + if obj.HostIPCSources == nil { + obj.HostIPCSources = []string{kubetypes.AllSource} + } + if obj.HTTPCheckFrequency == zeroDuration { + obj.HTTPCheckFrequency = metav1.Duration{Duration: 20 * time.Second} + } + if obj.ImageMinimumGCAge == zeroDuration { + obj.ImageMinimumGCAge = metav1.Duration{Duration: 2 * time.Minute} + } + if obj.ImageGCHighThresholdPercent == nil { + // default is below docker's default dm.min_free_space of 90% + temp := int32(85) + obj.ImageGCHighThresholdPercent = &temp + } + if obj.ImageGCLowThresholdPercent == nil { + temp := int32(80) + obj.ImageGCLowThresholdPercent = &temp + } + if obj.MasterServiceNamespace == "" { + obj.MasterServiceNamespace = metav1.NamespaceDefault + } + if obj.MaxContainerCount == nil { + temp := int32(-1) + obj.MaxContainerCount = &temp + } + if obj.MaxPerPodContainerCount == 0 { + obj.MaxPerPodContainerCount = 1 + } + if obj.MaxOpenFiles == 0 { + obj.MaxOpenFiles = 1000000 + } + if obj.MaxPods == 0 { + obj.MaxPods = 110 + } + if obj.MinimumGCAge == zeroDuration { + obj.MinimumGCAge = metav1.Duration{Duration: 0} + } + if obj.NonMasqueradeCIDR == "" { + obj.NonMasqueradeCIDR = "10.0.0.0/8" + } + if obj.VolumePluginDir == "" { + obj.VolumePluginDir = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/" + } + if obj.NodeStatusUpdateFrequency == zeroDuration { + obj.NodeStatusUpdateFrequency = metav1.Duration{Duration: 10 * time.Second} + } + if obj.OOMScoreAdj == nil { + temp := int32(qos.KubeletOOMScoreAdj) + obj.OOMScoreAdj = &temp + } + if obj.Port == 0 { + obj.Port = ports.KubeletPort + } + if obj.ReadOnlyPort == 0 { + obj.ReadOnlyPort = ports.KubeletReadOnlyPort + } + if obj.RegisterNode == nil { + obj.RegisterNode = boolVar(true) + } + if obj.RegisterSchedulable == nil { + obj.RegisterSchedulable = boolVar(true) + } + if obj.RegistryBurst == 0 { + obj.RegistryBurst = 10 + } + if obj.RegistryPullQPS == nil { + temp := int32(5) + obj.RegistryPullQPS = &temp + } + if obj.ResolverConfig == "" { + obj.ResolverConfig = kubetypes.ResolvConfDefault + } + if obj.SerializeImagePulls == nil { + obj.SerializeImagePulls = boolVar(true) + } + if obj.SeccompProfileRoot == "" { + obj.SeccompProfileRoot = filepath.Join(DefaultRootDir, "seccomp") + } + if obj.StreamingConnectionIdleTimeout == zeroDuration { + obj.StreamingConnectionIdleTimeout = metav1.Duration{Duration: 4 * time.Hour} + } + if obj.SyncFrequency == zeroDuration { + obj.SyncFrequency = metav1.Duration{Duration: 1 * time.Minute} + } + if obj.ContentType == "" { + obj.ContentType = "application/vnd.kubernetes.protobuf" + } + if obj.KubeAPIQPS == nil { + temp := int32(5) + obj.KubeAPIQPS = &temp + } + if obj.KubeAPIBurst == 0 { + obj.KubeAPIBurst = 10 + } + if string(obj.HairpinMode) == "" { + obj.HairpinMode = PromiscuousBridge + } + if obj.EvictionHard == nil { + temp := "memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%" + obj.EvictionHard = &temp + } + if obj.EvictionPressureTransitionPeriod == zeroDuration { + obj.EvictionPressureTransitionPeriod = metav1.Duration{Duration: 5 * time.Minute} + } + if obj.ExperimentalKernelMemcgNotification == nil { + obj.ExperimentalKernelMemcgNotification = boolVar(false) + } + if obj.SystemReserved == nil { + obj.SystemReserved = make(map[string]string) + } + if obj.KubeReserved == nil { + obj.KubeReserved = make(map[string]string) + } + if obj.ExperimentalQOSReserved == nil { + obj.ExperimentalQOSReserved = make(map[string]string) + } + if obj.MakeIPTablesUtilChains == nil { + obj.MakeIPTablesUtilChains = boolVar(true) + } + if obj.IPTablesMasqueradeBit == nil { + temp := int32(defaultIPTablesMasqueradeBit) + obj.IPTablesMasqueradeBit = &temp + } + if obj.IPTablesDropBit == nil { + temp := int32(defaultIPTablesDropBit) + obj.IPTablesDropBit = &temp + } + if obj.CgroupsPerQOS == nil { + temp := true + obj.CgroupsPerQOS = &temp + } + if obj.CgroupDriver == "" { + obj.CgroupDriver = "cgroupfs" + } + if obj.EnforceNodeAllocatable == nil { + obj.EnforceNodeAllocatable = defaultNodeAllocatableEnforcement + } + if obj.RemoteRuntimeEndpoint == "" { + if runtime.GOOS == "linux" { + obj.RemoteRuntimeEndpoint = "unix:///var/run/dockershim.sock" + } else if runtime.GOOS == "windows" { + obj.RemoteRuntimeEndpoint = "tcp://localhost:3735" + } + } +} + +func boolVar(b bool) *bool { + return &b +} + +var ( + defaultCfg = KubeletConfiguration{} +) diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/doc.go b/pkg/kubelet/apis/kubeletconfig/v1alpha1/doc.go new file mode 100644 index 00000000000..dc1a1953629 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package,register +// +k8s:conversion-gen=k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig +// +k8s:openapi-gen=true +// +k8s:defaulter-gen=TypeMeta + +package v1alpha1 // import "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/register.go b/pkg/kubelet/apis/kubeletconfig/v1alpha1/register.go new file mode 100644 index 00000000000..79347d16171 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/register.go @@ -0,0 +1,50 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the group name use in this package +const GroupName = "kubeletconfig" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &KubeletConfiguration{}, + ) + return nil +} diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/types.go b/pkg/kubelet/apis/kubeletconfig/v1alpha1/types.go new file mode 100644 index 00000000000..d2ad06f2801 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/types.go @@ -0,0 +1,420 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// HairpinMode denotes how the kubelet should configure networking to handle +// hairpin packets. +type HairpinMode string + +// Enum settings for different ways to handle hairpin packets. +const ( + // Set the hairpin flag on the veth of containers in the respective + // container runtime. + HairpinVeth = "hairpin-veth" + // Make the container bridge promiscuous. This will force it to accept + // hairpin packets, even if the flag isn't set on ports of the bridge. + PromiscuousBridge = "promiscuous-bridge" + // Neither of the above. If the kubelet is started in this hairpin mode + // and kube-proxy is running in iptables mode, hairpin packets will be + // dropped by the container bridge. + HairpinNone = "none" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// A configuration field should go in KubeletFlags instead of KubeletConfiguration if any of these are true: +// - its value will never, or cannot safely be changed during the lifetime of a node +// - its value cannot be safely shared between nodes at the same time (e.g. a hostname) +// KubeletConfiguration is intended to be shared between nodes +// In general, please try to avoid adding flags or configuration fields, +// we already have a confusingly large amount of them. +type KubeletConfiguration struct { + metav1.TypeMeta `json:",inline"` + + // Only used for dynamic configuration. + // The length of the trial period for this configuration. If the Kubelet records CrashLoopThreshold or + // more startups during this period, the current configuration will be marked bad and the + // Kubelet will roll-back to the last-known-good. Default 10 minutes. + ConfigTrialDuration *metav1.Duration `json:"configTrialDuration"` + // Only used for dynamic configuration. + // If this number of Kubelet "crashes" during ConfigTrialDuration meets this threshold, + // the configuration fails the trial and the Kubelet rolls back to its last-known-good config. + // Crash-loops are detected by counting Kubelet startups, so one startup is implicitly added + // to this threshold to always allow a single restart per config change. + // Default 10, mimimum allowed is 0, maximum allowed is 10. + CrashLoopThreshold *int32 `json:"crashLoopThreshold"` + // podManifestPath is the path to the directory containing pod manifests to + // run, or the path to a single manifest file + PodManifestPath string `json:"podManifestPath"` + // syncFrequency is the max period between synchronizing running + // containers and config + SyncFrequency metav1.Duration `json:"syncFrequency"` + // fileCheckFrequency is the duration between checking config files for + // new data + FileCheckFrequency metav1.Duration `json:"fileCheckFrequency"` + // httpCheckFrequency is the duration between checking http for new data + HTTPCheckFrequency metav1.Duration `json:"httpCheckFrequency"` + // manifestURL is the URL for accessing the container manifest + ManifestURL string `json:"manifestURL"` + // manifestURLHeader is the HTTP header to use when accessing the manifest + // URL, with the key separated from the value with a ':', as in 'key:value' + ManifestURLHeader string `json:"manifestURLHeader"` + // enableServer enables the Kubelet's server + EnableServer *bool `json:"enableServer"` + // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 + // for all interfaces) + Address string `json:"address"` + // port is the port for the Kubelet to serve on. + Port int32 `json:"port"` + // readOnlyPort is the read-only port for the Kubelet to serve on with + // no authentication/authorization (set to 0 to disable) + ReadOnlyPort int32 `json:"readOnlyPort"` + // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, + // if any, concatenated after server cert). If tlsCertFile and + // tlsPrivateKeyFile are not provided, a self-signed certificate + // and key are generated for the public address and saved to the directory + // passed to certDir. + TLSCertFile string `json:"tlsCertFile"` + // tlsPrivateKeyFile is the ile containing x509 private key matching + // tlsCertFile. + TLSPrivateKeyFile string `json:"tlsPrivateKeyFile"` + // authentication specifies how requests to the Kubelet's server are authenticated + Authentication KubeletAuthentication `json:"authentication"` + // authorization specifies how requests to the Kubelet's server are authorized + Authorization KubeletAuthorization `json:"authorization"` + // seccompProfileRoot is the directory path for seccomp profiles. + SeccompProfileRoot string `json:"seccompProfileRoot"` + // allowPrivileged enables containers to request privileged mode. + // Defaults to false. + AllowPrivileged *bool `json:"allowPrivileged"` + // hostNetworkSources is a comma-separated list of sources from which the + // Kubelet allows pods to use of host network. Defaults to "*". Valid + // options are "file", "http", "api", and "*" (all sources). + HostNetworkSources []string `json:"hostNetworkSources"` + // hostPIDSources is a comma-separated list of sources from which the + // Kubelet allows pods to use the host pid namespace. Defaults to "*". + HostPIDSources []string `json:"hostPIDSources"` + // hostIPCSources is a comma-separated list of sources from which the + // Kubelet allows pods to use the host ipc namespace. Defaults to "*". + HostIPCSources []string `json:"hostIPCSources"` + // registryPullQPS is the limit of registry pulls per second. If 0, + // unlimited. Set to 0 for no limit. Defaults to 5.0. + RegistryPullQPS *int32 `json:"registryPullQPS"` + // registryBurst is the maximum size of a bursty pulls, temporarily allows + // pulls to burst to this number, while still not exceeding registryQps. + // Only used if registryQPS > 0. + RegistryBurst int32 `json:"registryBurst"` + // eventRecordQPS is the maximum event creations per second. If 0, there + // is no limit enforced. + EventRecordQPS *int32 `json:"eventRecordQPS"` + // eventBurst is the maximum size of a bursty event records, temporarily + // allows event records to burst to this number, while still not exceeding + // event-qps. Only used if eventQps > 0 + EventBurst int32 `json:"eventBurst"` + // enableDebuggingHandlers enables server endpoints for log collection + // and local running of containers and commands + EnableDebuggingHandlers *bool `json:"enableDebuggingHandlers"` + // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. + EnableContentionProfiling bool `json:"enableContentionProfiling"` + // minimumGCAge is the minimum age for a finished container before it is + // garbage collected. + MinimumGCAge metav1.Duration `json:"minimumGCAge"` + // maxPerPodContainerCount is the maximum number of old instances to + // retain per container. Each container takes up some disk space. + MaxPerPodContainerCount int32 `json:"maxPerPodContainerCount"` + // maxContainerCount is the maximum number of old instances of containers + // to retain globally. Each container takes up some disk space. + MaxContainerCount *int32 `json:"maxContainerCount"` + // cAdvisorPort is the port of the localhost cAdvisor endpoint + CAdvisorPort *int32 `json:"cAdvisorPort"` + // healthzPort is the port of the localhost healthz endpoint + HealthzPort int32 `json:"healthzPort"` + // healthzBindAddress is the IP address for the healthz server to serve + // on. + HealthzBindAddress string `json:"healthzBindAddress"` + // oomScoreAdj is The oom-score-adj value for kubelet process. Values + // must be within the range [-1000, 1000]. + OOMScoreAdj *int32 `json:"oomScoreAdj"` + // registerNode enables automatic registration with the apiserver. + RegisterNode *bool `json:"registerNode"` + // clusterDomain is the DNS domain for this cluster. If set, kubelet will + // configure all containers to search this domain in addition to the + // host's search domains. + ClusterDomain string `json:"clusterDomain"` + // masterServiceNamespace is The namespace from which the kubernetes + // master services should be injected into pods. + MasterServiceNamespace string `json:"masterServiceNamespace"` + // clusterDNS is a list of IP address for the cluster DNS server. If set, + // kubelet will configure all containers to use this for DNS resolution + // instead of the host's DNS servers + ClusterDNS []string `json:"clusterDNS"` + // streamingConnectionIdleTimeout is the maximum time a streaming connection + // can be idle before the connection is automatically closed. + StreamingConnectionIdleTimeout metav1.Duration `json:"streamingConnectionIdleTimeout"` + // nodeStatusUpdateFrequency is the frequency that kubelet posts node + // status to master. Note: be cautious when changing the constant, it + // must work with nodeMonitorGracePeriod in nodecontroller. + NodeStatusUpdateFrequency metav1.Duration `json:"nodeStatusUpdateFrequency"` + // imageMinimumGCAge is the minimum age for an unused image before it is + // garbage collected. + ImageMinimumGCAge metav1.Duration `json:"imageMinimumGCAge"` + // imageGCHighThresholdPercent is the percent of disk usage after which + // image garbage collection is always run. The percent is calculated as + // this field value out of 100. + ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent"` + // imageGCLowThresholdPercent is the percent of disk usage before which + // image garbage collection is never run. Lowest disk usage to garbage + // collect to. The percent is calculated as this field value out of 100. + ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent"` + // How frequently to calculate and cache volume disk usage for all pods + VolumeStatsAggPeriod metav1.Duration `json:"volumeStatsAggPeriod"` + // volumePluginDir is the full path of the directory in which to search + // for additional third party volume plugins + VolumePluginDir string `json:"volumePluginDir"` + // kubeletCgroups is the absolute name of cgroups to isolate the kubelet in. + KubeletCgroups string `json:"kubeletCgroups"` + // runtimeCgroups are cgroups that container runtime is expected to be isolated in. + RuntimeCgroups string `json:"runtimeCgroups"` + // systemCgroups is absolute name of cgroups in which to place + // all non-kernel processes that are not already in a container. Empty + // for no container. Rolling back the flag requires a reboot. + SystemCgroups string `json:"systemCgroups"` + // cgroupRoot is the root cgroup to use for pods. This is handled by the + // container runtime on a best effort basis. + CgroupRoot string `json:"cgroupRoot"` + // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes + // And all Burstable and BestEffort pods are brought up under their + // specific top level QoS cgroup. + // +optional + CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"` + // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) + // +optional + CgroupDriver string `json:"cgroupDriver,omitempty"` + // containerRuntime is the container runtime to use. + ContainerRuntime string `json:"containerRuntime"` + // remoteRuntimeEndpoint is the endpoint of remote runtime service + RemoteRuntimeEndpoint string `json:"remoteRuntimeEndpoint"` + // remoteImageEndpoint is the endpoint of remote image service + RemoteImageEndpoint string `json:"remoteImageEndpoint"` + // runtimeRequestTimeout is the timeout for all runtime requests except long running + // requests - pull, logs, exec and attach. + RuntimeRequestTimeout metav1.Duration `json:"runtimeRequestTimeout"` + // experimentalMounterPath is the path to mounter binary. If not set, kubelet will attempt to use mount + // binary that is available via $PATH, + ExperimentalMounterPath string `json:"experimentalMounterPath,omitempty"` + // lockFilePath is the path that kubelet will use to as a lock file. + // It uses this file as a lock to synchronize with other kubelet processes + // that may be running. + LockFilePath *string `json:"lockFilePath"` + // ExitOnLockContention is a flag that signifies to the kubelet that it is running + // in "bootstrap" mode. This requires that 'LockFilePath' has been set. + // This will cause the kubelet to listen to inotify events on the lock file, + // releasing it and exiting when another process tries to open that file. + ExitOnLockContention bool `json:"exitOnLockContention"` + // How should the kubelet configure the container bridge for hairpin packets. + // Setting this flag allows endpoints in a Service to loadbalance back to + // themselves if they should try to access their own Service. Values: + // "promiscuous-bridge": make the container bridge promiscuous. + // "hairpin-veth": set the hairpin flag on container veth interfaces. + // "none": do nothing. + // Generally, one must set --hairpin-mode=veth-flag to achieve hairpin NAT, + // because promiscous-bridge assumes the existence of a container bridge named cbr0. + HairpinMode string `json:"hairpinMode"` + // maxPods is the number of pods that can run on this Kubelet. + MaxPods int32 `json:"maxPods"` + // The CIDR to use for pod IP addresses, only used in standalone mode. + // In cluster mode, this is obtained from the master. + PodCIDR string `json:"podCIDR"` + // ResolverConfig is the resolver configuration file used as the basis + // for the container DNS resolution configuration."), [] + ResolverConfig string `json:"resolvConf"` + // cpuCFSQuota is Enable CPU CFS quota enforcement for containers that + // specify CPU limits + CPUCFSQuota *bool `json:"cpuCFSQuota"` + // containerized should be set to true if kubelet is running in a container. + Containerized *bool `json:"containerized"` + // maxOpenFiles is Number of files that can be opened by Kubelet process. + MaxOpenFiles int64 `json:"maxOpenFiles"` + // registerSchedulable tells the kubelet to register the node as + // schedulable. Won't have any effect if register-node is false. + // DEPRECATED: use registerWithTaints instead + RegisterSchedulable *bool `json:"registerSchedulable"` + // registerWithTaints are an array of taints to add to a node object when + // the kubelet registers itself. This only takes effect when registerNode + // is true and upon the initial registration of the node. + RegisterWithTaints []v1.Taint `json:"registerWithTaints"` + // contentType is contentType of requests sent to apiserver. + ContentType string `json:"contentType"` + // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver + KubeAPIQPS *int32 `json:"kubeAPIQPS"` + // kubeAPIBurst is the burst to allow while talking with kubernetes + // apiserver + KubeAPIBurst int32 `json:"kubeAPIBurst"` + // serializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. + SerializeImagePulls *bool `json:"serializeImagePulls"` + // nodeLabels to add when registering the node in the cluster. + NodeLabels map[string]string `json:"nodeLabels"` + // nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade. + NonMasqueradeCIDR string `json:"nonMasqueradeCIDR"` + // enable gathering custom metrics. + EnableCustomMetrics bool `json:"enableCustomMetrics"` + // Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. + EvictionHard *string `json:"evictionHard"` + // Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. + EvictionSoft string `json:"evictionSoft"` + // Comma-delimeted list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. + EvictionSoftGracePeriod string `json:"evictionSoftGracePeriod"` + // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. + EvictionPressureTransitionPeriod metav1.Duration `json:"evictionPressureTransitionPeriod"` + // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. + EvictionMaxPodGracePeriod int32 `json:"evictionMaxPodGracePeriod"` + // Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. + EvictionMinimumReclaim string `json:"evictionMinimumReclaim"` + // If enabled, the kubelet will integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. + ExperimentalKernelMemcgNotification *bool `json:"experimentalKernelMemcgNotification"` + // Maximum number of pods per core. Cannot exceed MaxPods + PodsPerCore int32 `json:"podsPerCore"` + // enableControllerAttachDetach enables the Attach/Detach controller to + // manage attachment/detachment of volumes scheduled to this node, and + // disables kubelet from executing any attach/detach operations + EnableControllerAttachDetach *bool `json:"enableControllerAttachDetach"` + // A set of ResourceName=Percentage (e.g. memory=50%) pairs that describe + // how pod resource requests are reserved at the QoS level. + // Currently only memory is supported. [default=none]" + ExperimentalQOSReserved map[string]string `json:"experimentalQOSReserved"` + // Default behaviour for kernel tuning + ProtectKernelDefaults bool `json:"protectKernelDefaults"` + // If true, Kubelet ensures a set of iptables rules are present on host. + // These rules will serve as utility rules for various components, e.g. KubeProxy. + // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. + MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains"` + // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT + // Values must be within the range [0, 31]. Must be different from other mark bits. + // Warning: Please match the value of corresponding parameter in kube-proxy + // TODO: clean up IPTablesMasqueradeBit in kube-proxy + IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit"` + // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. + // Values must be within the range [0, 31]. Must be different from other mark bits. + IPTablesDropBit *int32 `json:"iptablesDropBit"` + // Whitelist of unsafe sysctls or sysctl patterns (ending in *). Use these at your own risk. + // Resource isolation might be lacking and pod might influence each other on the same node. + // +optional + AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"` + // featureGates is a string of comma-separated key=value pairs that describe feature + // gates for alpha/experimental features. + FeatureGates string `json:"featureGates,omitempty"` + // Tells the Kubelet to fail to start if swap is enabled on the node. + FailSwapOn bool `json:"failSwapOn,omitempty"` + // This flag, if set, enables a check prior to mount operations to verify that the required components + // (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled + // and fails the mount operation fails. + ExperimentalCheckNodeCapabilitiesBeforeMount bool `json:"experimentalCheckNodeCapabilitiesBeforeMount,omitempty"` + // This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node. + // This can be useful for debugging volume related issues. + KeepTerminatedPodVolumes bool `json:"keepTerminatedPodVolumes,omitempty"` + + /* following flags are meant for Node Allocatable */ + + // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs + // that describe resources reserved for non-kubernetes components. + // Currently only cpu and memory are supported. [default=none] + // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. + SystemReserved map[string]string `json:"systemReserved"` + // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs + // that describe resources reserved for kubernetes system components. + // Currently cpu, memory and local storage for root file system are supported. [default=none] + // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. + KubeReserved map[string]string `json:"kubeReserved"` + + // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + SystemReservedCgroup string `json:"systemReservedCgroup,omitempty"` + // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + KubeReservedCgroup string `json:"kubeReservedCgroup,omitempty"` + // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. + // This flag accepts a list of options. Acceptible options are `pods`, `system-reserved` & `kube-reserved`. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + EnforceNodeAllocatable []string `json:"enforceNodeAllocatable"` + // This flag, if set, will avoid including `EvictionHard` limits while computing Node Allocatable. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node-allocatable.md) doc for more information. + ExperimentalNodeAllocatableIgnoreEvictionThreshold bool `json:"experimentalNodeAllocatableIgnoreEvictionThreshold,omitempty"` +} + +type KubeletAuthorizationMode string + +const ( + // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests + KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" + // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization + KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" +) + +type KubeletAuthorization struct { + // mode is the authorization mode to apply to requests to the kubelet server. + // Valid values are AlwaysAllow and Webhook. + // Webhook mode uses the SubjectAccessReview API to determine authorization. + Mode KubeletAuthorizationMode `json:"mode"` + + // webhook contains settings related to Webhook authorization. + Webhook KubeletWebhookAuthorization `json:"webhook"` +} + +type KubeletWebhookAuthorization struct { + // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. + CacheAuthorizedTTL metav1.Duration `json:"cacheAuthorizedTTL"` + // cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer. + CacheUnauthorizedTTL metav1.Duration `json:"cacheUnauthorizedTTL"` +} + +type KubeletAuthentication struct { + // x509 contains settings related to x509 client certificate authentication + X509 KubeletX509Authentication `json:"x509"` + // webhook contains settings related to webhook bearer token authentication + Webhook KubeletWebhookAuthentication `json:"webhook"` + // anonymous contains settings related to anonymous authentication + Anonymous KubeletAnonymousAuthentication `json:"anonymous"` +} + +type KubeletX509Authentication struct { + // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate + // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, + // and groups corresponding to the Organization in the client certificate. + ClientCAFile string `json:"clientCAFile"` +} + +type KubeletWebhookAuthentication struct { + // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API + Enabled *bool `json:"enabled"` + // cacheTTL enables caching of authentication results + CacheTTL metav1.Duration `json:"cacheTTL"` +} + +type KubeletAnonymousAuthentication struct { + // enabled allows anonymous requests to the kubelet server. + // Requests that are not rejected by another authentication method are treated as anonymous requests. + // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. + Enabled *bool `json:"enabled"` +} diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.conversion.go b/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000000..c3244579e8e --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,562 @@ +// +build !ignore_autogenerated + +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// This file was autogenerated by conversion-gen. Do not edit it manually! + +package v1alpha1 + +import ( + core_v1 "k8s.io/api/core/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" + api "k8s.io/kubernetes/pkg/api" + kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + unsafe "unsafe" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(scheme *runtime.Scheme) error { + return scheme.AddGeneratedConversionFuncs( + Convert_v1alpha1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication, + Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication, + Convert_v1alpha1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication, + Convert_kubeletconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication, + Convert_v1alpha1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization, + Convert_kubeletconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization, + Convert_v1alpha1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration, + Convert_kubeletconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration, + Convert_v1alpha1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication, + Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication, + Convert_v1alpha1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization, + Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization, + Convert_v1alpha1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication, + Convert_kubeletconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication, + ) +} + +func autoConvert_v1alpha1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, out *kubeletconfig.KubeletAnonymousAuthentication, s conversion.Scope) error { + if err := v1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication is an autogenerated conversion function. +func Convert_v1alpha1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, out *kubeletconfig.KubeletAnonymousAuthentication, s conversion.Scope) error { + return autoConvert_v1alpha1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(in, out, s) +} + +func autoConvert_kubeletconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in *kubeletconfig.KubeletAnonymousAuthentication, out *KubeletAnonymousAuthentication, s conversion.Scope) error { + if err := v1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + return nil +} + +// Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication is an autogenerated conversion function. +func Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in *kubeletconfig.KubeletAnonymousAuthentication, out *KubeletAnonymousAuthentication, s conversion.Scope) error { + return autoConvert_kubeletconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in, out, s) +} + +func autoConvert_v1alpha1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(in *KubeletAuthentication, out *kubeletconfig.KubeletAuthentication, s conversion.Scope) error { + if err := Convert_v1alpha1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(&in.X509, &out.X509, s); err != nil { + return err + } + if err := Convert_v1alpha1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(&in.Webhook, &out.Webhook, s); err != nil { + return err + } + if err := Convert_v1alpha1_KubeletAnonymousAuthentication_To_kubeletconfig_KubeletAnonymousAuthentication(&in.Anonymous, &out.Anonymous, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication is an autogenerated conversion function. +func Convert_v1alpha1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(in *KubeletAuthentication, out *kubeletconfig.KubeletAuthentication, s conversion.Scope) error { + return autoConvert_v1alpha1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(in, out, s) +} + +func autoConvert_kubeletconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in *kubeletconfig.KubeletAuthentication, out *KubeletAuthentication, s conversion.Scope) error { + if err := Convert_kubeletconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(&in.X509, &out.X509, s); err != nil { + return err + } + if err := Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(&in.Webhook, &out.Webhook, s); err != nil { + return err + } + if err := Convert_kubeletconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(&in.Anonymous, &out.Anonymous, s); err != nil { + return err + } + return nil +} + +// Convert_kubeletconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication is an autogenerated conversion function. +func Convert_kubeletconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in *kubeletconfig.KubeletAuthentication, out *KubeletAuthentication, s conversion.Scope) error { + return autoConvert_kubeletconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in, out, s) +} + +func autoConvert_v1alpha1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(in *KubeletAuthorization, out *kubeletconfig.KubeletAuthorization, s conversion.Scope) error { + out.Mode = kubeletconfig.KubeletAuthorizationMode(in.Mode) + if err := Convert_v1alpha1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(&in.Webhook, &out.Webhook, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization is an autogenerated conversion function. +func Convert_v1alpha1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(in *KubeletAuthorization, out *kubeletconfig.KubeletAuthorization, s conversion.Scope) error { + return autoConvert_v1alpha1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(in, out, s) +} + +func autoConvert_kubeletconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in *kubeletconfig.KubeletAuthorization, out *KubeletAuthorization, s conversion.Scope) error { + out.Mode = KubeletAuthorizationMode(in.Mode) + if err := Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(&in.Webhook, &out.Webhook, s); err != nil { + return err + } + return nil +} + +// Convert_kubeletconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization is an autogenerated conversion function. +func Convert_kubeletconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in *kubeletconfig.KubeletAuthorization, out *KubeletAuthorization, s conversion.Scope) error { + return autoConvert_kubeletconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in, out, s) +} + +func autoConvert_v1alpha1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration(in *KubeletConfiguration, out *kubeletconfig.KubeletConfiguration, s conversion.Scope) error { + if err := v1.Convert_Pointer_v1_Duration_To_v1_Duration(&in.ConfigTrialDuration, &out.ConfigTrialDuration, s); err != nil { + return err + } + if err := v1.Convert_Pointer_int32_To_int32(&in.CrashLoopThreshold, &out.CrashLoopThreshold, s); err != nil { + return err + } + out.PodManifestPath = in.PodManifestPath + out.SyncFrequency = in.SyncFrequency + out.FileCheckFrequency = in.FileCheckFrequency + out.HTTPCheckFrequency = in.HTTPCheckFrequency + out.ManifestURL = in.ManifestURL + out.ManifestURLHeader = in.ManifestURLHeader + if err := v1.Convert_Pointer_bool_To_bool(&in.EnableServer, &out.EnableServer, s); err != nil { + return err + } + out.Address = in.Address + out.Port = in.Port + out.ReadOnlyPort = in.ReadOnlyPort + out.TLSCertFile = in.TLSCertFile + out.TLSPrivateKeyFile = in.TLSPrivateKeyFile + if err := Convert_v1alpha1_KubeletAuthentication_To_kubeletconfig_KubeletAuthentication(&in.Authentication, &out.Authentication, s); err != nil { + return err + } + if err := Convert_v1alpha1_KubeletAuthorization_To_kubeletconfig_KubeletAuthorization(&in.Authorization, &out.Authorization, s); err != nil { + return err + } + out.SeccompProfileRoot = in.SeccompProfileRoot + if err := v1.Convert_Pointer_bool_To_bool(&in.AllowPrivileged, &out.AllowPrivileged, s); err != nil { + return err + } + out.HostNetworkSources = *(*[]string)(unsafe.Pointer(&in.HostNetworkSources)) + out.HostPIDSources = *(*[]string)(unsafe.Pointer(&in.HostPIDSources)) + out.HostIPCSources = *(*[]string)(unsafe.Pointer(&in.HostIPCSources)) + if err := v1.Convert_Pointer_int32_To_int32(&in.RegistryPullQPS, &out.RegistryPullQPS, s); err != nil { + return err + } + out.RegistryBurst = in.RegistryBurst + if err := v1.Convert_Pointer_int32_To_int32(&in.EventRecordQPS, &out.EventRecordQPS, s); err != nil { + return err + } + out.EventBurst = in.EventBurst + if err := v1.Convert_Pointer_bool_To_bool(&in.EnableDebuggingHandlers, &out.EnableDebuggingHandlers, s); err != nil { + return err + } + out.EnableContentionProfiling = in.EnableContentionProfiling + out.MinimumGCAge = in.MinimumGCAge + out.MaxPerPodContainerCount = in.MaxPerPodContainerCount + if err := v1.Convert_Pointer_int32_To_int32(&in.MaxContainerCount, &out.MaxContainerCount, s); err != nil { + return err + } + if err := v1.Convert_Pointer_int32_To_int32(&in.CAdvisorPort, &out.CAdvisorPort, s); err != nil { + return err + } + out.HealthzPort = in.HealthzPort + out.HealthzBindAddress = in.HealthzBindAddress + if err := v1.Convert_Pointer_int32_To_int32(&in.OOMScoreAdj, &out.OOMScoreAdj, s); err != nil { + return err + } + if err := v1.Convert_Pointer_bool_To_bool(&in.RegisterNode, &out.RegisterNode, s); err != nil { + return err + } + out.ClusterDomain = in.ClusterDomain + out.MasterServiceNamespace = in.MasterServiceNamespace + out.ClusterDNS = *(*[]string)(unsafe.Pointer(&in.ClusterDNS)) + out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout + out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency + out.ImageMinimumGCAge = in.ImageMinimumGCAge + if err := v1.Convert_Pointer_int32_To_int32(&in.ImageGCHighThresholdPercent, &out.ImageGCHighThresholdPercent, s); err != nil { + return err + } + if err := v1.Convert_Pointer_int32_To_int32(&in.ImageGCLowThresholdPercent, &out.ImageGCLowThresholdPercent, s); err != nil { + return err + } + out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod + out.VolumePluginDir = in.VolumePluginDir + out.KubeletCgroups = in.KubeletCgroups + out.RuntimeCgroups = in.RuntimeCgroups + out.SystemCgroups = in.SystemCgroups + out.CgroupRoot = in.CgroupRoot + if err := v1.Convert_Pointer_bool_To_bool(&in.CgroupsPerQOS, &out.CgroupsPerQOS, s); err != nil { + return err + } + out.CgroupDriver = in.CgroupDriver + out.ContainerRuntime = in.ContainerRuntime + out.RemoteRuntimeEndpoint = in.RemoteRuntimeEndpoint + out.RemoteImageEndpoint = in.RemoteImageEndpoint + out.RuntimeRequestTimeout = in.RuntimeRequestTimeout + out.ExperimentalMounterPath = in.ExperimentalMounterPath + if err := v1.Convert_Pointer_string_To_string(&in.LockFilePath, &out.LockFilePath, s); err != nil { + return err + } + out.ExitOnLockContention = in.ExitOnLockContention + out.HairpinMode = in.HairpinMode + out.MaxPods = in.MaxPods + out.PodCIDR = in.PodCIDR + out.ResolverConfig = in.ResolverConfig + if err := v1.Convert_Pointer_bool_To_bool(&in.CPUCFSQuota, &out.CPUCFSQuota, s); err != nil { + return err + } + if err := v1.Convert_Pointer_bool_To_bool(&in.Containerized, &out.Containerized, s); err != nil { + return err + } + out.MaxOpenFiles = in.MaxOpenFiles + if err := v1.Convert_Pointer_bool_To_bool(&in.RegisterSchedulable, &out.RegisterSchedulable, s); err != nil { + return err + } + out.RegisterWithTaints = *(*[]api.Taint)(unsafe.Pointer(&in.RegisterWithTaints)) + out.ContentType = in.ContentType + if err := v1.Convert_Pointer_int32_To_int32(&in.KubeAPIQPS, &out.KubeAPIQPS, s); err != nil { + return err + } + out.KubeAPIBurst = in.KubeAPIBurst + if err := v1.Convert_Pointer_bool_To_bool(&in.SerializeImagePulls, &out.SerializeImagePulls, s); err != nil { + return err + } + out.NodeLabels = *(*map[string]string)(unsafe.Pointer(&in.NodeLabels)) + out.NonMasqueradeCIDR = in.NonMasqueradeCIDR + out.EnableCustomMetrics = in.EnableCustomMetrics + if err := v1.Convert_Pointer_string_To_string(&in.EvictionHard, &out.EvictionHard, s); err != nil { + return err + } + out.EvictionSoft = in.EvictionSoft + out.EvictionSoftGracePeriod = in.EvictionSoftGracePeriod + out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod + out.EvictionMaxPodGracePeriod = in.EvictionMaxPodGracePeriod + out.EvictionMinimumReclaim = in.EvictionMinimumReclaim + if err := v1.Convert_Pointer_bool_To_bool(&in.ExperimentalKernelMemcgNotification, &out.ExperimentalKernelMemcgNotification, s); err != nil { + return err + } + out.PodsPerCore = in.PodsPerCore + if err := v1.Convert_Pointer_bool_To_bool(&in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach, s); err != nil { + return err + } + out.ExperimentalQOSReserved = *(*kubeletconfig.ConfigurationMap)(unsafe.Pointer(&in.ExperimentalQOSReserved)) + out.ProtectKernelDefaults = in.ProtectKernelDefaults + if err := v1.Convert_Pointer_bool_To_bool(&in.MakeIPTablesUtilChains, &out.MakeIPTablesUtilChains, s); err != nil { + return err + } + if err := v1.Convert_Pointer_int32_To_int32(&in.IPTablesMasqueradeBit, &out.IPTablesMasqueradeBit, s); err != nil { + return err + } + if err := v1.Convert_Pointer_int32_To_int32(&in.IPTablesDropBit, &out.IPTablesDropBit, s); err != nil { + return err + } + out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) + out.FeatureGates = in.FeatureGates + out.FailSwapOn = in.FailSwapOn + out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount + out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes + out.SystemReserved = *(*kubeletconfig.ConfigurationMap)(unsafe.Pointer(&in.SystemReserved)) + out.KubeReserved = *(*kubeletconfig.ConfigurationMap)(unsafe.Pointer(&in.KubeReserved)) + out.SystemReservedCgroup = in.SystemReservedCgroup + out.KubeReservedCgroup = in.KubeReservedCgroup + out.EnforceNodeAllocatable = *(*[]string)(unsafe.Pointer(&in.EnforceNodeAllocatable)) + out.ExperimentalNodeAllocatableIgnoreEvictionThreshold = in.ExperimentalNodeAllocatableIgnoreEvictionThreshold + return nil +} + +// Convert_v1alpha1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration is an autogenerated conversion function. +func Convert_v1alpha1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration(in *KubeletConfiguration, out *kubeletconfig.KubeletConfiguration, s conversion.Scope) error { + return autoConvert_v1alpha1_KubeletConfiguration_To_kubeletconfig_KubeletConfiguration(in, out, s) +} + +func autoConvert_kubeletconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in *kubeletconfig.KubeletConfiguration, out *KubeletConfiguration, s conversion.Scope) error { + if err := v1.Convert_v1_Duration_To_Pointer_v1_Duration(&in.ConfigTrialDuration, &out.ConfigTrialDuration, s); err != nil { + return err + } + if err := v1.Convert_int32_To_Pointer_int32(&in.CrashLoopThreshold, &out.CrashLoopThreshold, s); err != nil { + return err + } + out.PodManifestPath = in.PodManifestPath + out.SyncFrequency = in.SyncFrequency + out.FileCheckFrequency = in.FileCheckFrequency + out.HTTPCheckFrequency = in.HTTPCheckFrequency + out.ManifestURL = in.ManifestURL + out.ManifestURLHeader = in.ManifestURLHeader + if err := v1.Convert_bool_To_Pointer_bool(&in.EnableServer, &out.EnableServer, s); err != nil { + return err + } + out.Address = in.Address + out.Port = in.Port + out.ReadOnlyPort = in.ReadOnlyPort + out.TLSCertFile = in.TLSCertFile + out.TLSPrivateKeyFile = in.TLSPrivateKeyFile + if err := Convert_kubeletconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(&in.Authentication, &out.Authentication, s); err != nil { + return err + } + if err := Convert_kubeletconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(&in.Authorization, &out.Authorization, s); err != nil { + return err + } + out.SeccompProfileRoot = in.SeccompProfileRoot + if err := v1.Convert_bool_To_Pointer_bool(&in.AllowPrivileged, &out.AllowPrivileged, s); err != nil { + return err + } + if in.HostNetworkSources == nil { + out.HostNetworkSources = make([]string, 0) + } else { + out.HostNetworkSources = *(*[]string)(unsafe.Pointer(&in.HostNetworkSources)) + } + if in.HostPIDSources == nil { + out.HostPIDSources = make([]string, 0) + } else { + out.HostPIDSources = *(*[]string)(unsafe.Pointer(&in.HostPIDSources)) + } + if in.HostIPCSources == nil { + out.HostIPCSources = make([]string, 0) + } else { + out.HostIPCSources = *(*[]string)(unsafe.Pointer(&in.HostIPCSources)) + } + if err := v1.Convert_int32_To_Pointer_int32(&in.RegistryPullQPS, &out.RegistryPullQPS, s); err != nil { + return err + } + out.RegistryBurst = in.RegistryBurst + if err := v1.Convert_int32_To_Pointer_int32(&in.EventRecordQPS, &out.EventRecordQPS, s); err != nil { + return err + } + out.EventBurst = in.EventBurst + if err := v1.Convert_bool_To_Pointer_bool(&in.EnableDebuggingHandlers, &out.EnableDebuggingHandlers, s); err != nil { + return err + } + out.EnableContentionProfiling = in.EnableContentionProfiling + out.MinimumGCAge = in.MinimumGCAge + out.MaxPerPodContainerCount = in.MaxPerPodContainerCount + if err := v1.Convert_int32_To_Pointer_int32(&in.MaxContainerCount, &out.MaxContainerCount, s); err != nil { + return err + } + if err := v1.Convert_int32_To_Pointer_int32(&in.CAdvisorPort, &out.CAdvisorPort, s); err != nil { + return err + } + out.HealthzPort = in.HealthzPort + out.HealthzBindAddress = in.HealthzBindAddress + if err := v1.Convert_int32_To_Pointer_int32(&in.OOMScoreAdj, &out.OOMScoreAdj, s); err != nil { + return err + } + if err := v1.Convert_bool_To_Pointer_bool(&in.RegisterNode, &out.RegisterNode, s); err != nil { + return err + } + out.ClusterDomain = in.ClusterDomain + out.MasterServiceNamespace = in.MasterServiceNamespace + if in.ClusterDNS == nil { + out.ClusterDNS = make([]string, 0) + } else { + out.ClusterDNS = *(*[]string)(unsafe.Pointer(&in.ClusterDNS)) + } + out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout + out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency + out.ImageMinimumGCAge = in.ImageMinimumGCAge + if err := v1.Convert_int32_To_Pointer_int32(&in.ImageGCHighThresholdPercent, &out.ImageGCHighThresholdPercent, s); err != nil { + return err + } + if err := v1.Convert_int32_To_Pointer_int32(&in.ImageGCLowThresholdPercent, &out.ImageGCLowThresholdPercent, s); err != nil { + return err + } + out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod + out.VolumePluginDir = in.VolumePluginDir + out.KubeletCgroups = in.KubeletCgroups + if err := v1.Convert_bool_To_Pointer_bool(&in.CgroupsPerQOS, &out.CgroupsPerQOS, s); err != nil { + return err + } + out.CgroupDriver = in.CgroupDriver + out.RuntimeCgroups = in.RuntimeCgroups + out.SystemCgroups = in.SystemCgroups + out.CgroupRoot = in.CgroupRoot + out.ContainerRuntime = in.ContainerRuntime + out.RemoteRuntimeEndpoint = in.RemoteRuntimeEndpoint + out.RemoteImageEndpoint = in.RemoteImageEndpoint + out.RuntimeRequestTimeout = in.RuntimeRequestTimeout + out.ExperimentalMounterPath = in.ExperimentalMounterPath + if err := v1.Convert_string_To_Pointer_string(&in.LockFilePath, &out.LockFilePath, s); err != nil { + return err + } + out.ExitOnLockContention = in.ExitOnLockContention + out.HairpinMode = in.HairpinMode + out.MaxPods = in.MaxPods + out.PodCIDR = in.PodCIDR + out.ResolverConfig = in.ResolverConfig + if err := v1.Convert_bool_To_Pointer_bool(&in.CPUCFSQuota, &out.CPUCFSQuota, s); err != nil { + return err + } + if err := v1.Convert_bool_To_Pointer_bool(&in.Containerized, &out.Containerized, s); err != nil { + return err + } + out.MaxOpenFiles = in.MaxOpenFiles + if err := v1.Convert_bool_To_Pointer_bool(&in.RegisterSchedulable, &out.RegisterSchedulable, s); err != nil { + return err + } + if in.RegisterWithTaints == nil { + out.RegisterWithTaints = make([]core_v1.Taint, 0) + } else { + out.RegisterWithTaints = *(*[]core_v1.Taint)(unsafe.Pointer(&in.RegisterWithTaints)) + } + out.ContentType = in.ContentType + if err := v1.Convert_int32_To_Pointer_int32(&in.KubeAPIQPS, &out.KubeAPIQPS, s); err != nil { + return err + } + out.KubeAPIBurst = in.KubeAPIBurst + if err := v1.Convert_bool_To_Pointer_bool(&in.SerializeImagePulls, &out.SerializeImagePulls, s); err != nil { + return err + } + out.NodeLabels = *(*map[string]string)(unsafe.Pointer(&in.NodeLabels)) + out.NonMasqueradeCIDR = in.NonMasqueradeCIDR + out.EnableCustomMetrics = in.EnableCustomMetrics + if err := v1.Convert_string_To_Pointer_string(&in.EvictionHard, &out.EvictionHard, s); err != nil { + return err + } + out.EvictionSoft = in.EvictionSoft + out.EvictionSoftGracePeriod = in.EvictionSoftGracePeriod + out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod + out.EvictionMaxPodGracePeriod = in.EvictionMaxPodGracePeriod + out.EvictionMinimumReclaim = in.EvictionMinimumReclaim + if err := v1.Convert_bool_To_Pointer_bool(&in.ExperimentalKernelMemcgNotification, &out.ExperimentalKernelMemcgNotification, s); err != nil { + return err + } + out.PodsPerCore = in.PodsPerCore + if err := v1.Convert_bool_To_Pointer_bool(&in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach, s); err != nil { + return err + } + out.ExperimentalQOSReserved = *(*map[string]string)(unsafe.Pointer(&in.ExperimentalQOSReserved)) + out.ProtectKernelDefaults = in.ProtectKernelDefaults + if err := v1.Convert_bool_To_Pointer_bool(&in.MakeIPTablesUtilChains, &out.MakeIPTablesUtilChains, s); err != nil { + return err + } + if err := v1.Convert_int32_To_Pointer_int32(&in.IPTablesMasqueradeBit, &out.IPTablesMasqueradeBit, s); err != nil { + return err + } + if err := v1.Convert_int32_To_Pointer_int32(&in.IPTablesDropBit, &out.IPTablesDropBit, s); err != nil { + return err + } + out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) + out.FeatureGates = in.FeatureGates + out.FailSwapOn = in.FailSwapOn + out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount + out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes + out.SystemReserved = *(*map[string]string)(unsafe.Pointer(&in.SystemReserved)) + out.KubeReserved = *(*map[string]string)(unsafe.Pointer(&in.KubeReserved)) + out.SystemReservedCgroup = in.SystemReservedCgroup + out.KubeReservedCgroup = in.KubeReservedCgroup + if in.EnforceNodeAllocatable == nil { + out.EnforceNodeAllocatable = make([]string, 0) + } else { + out.EnforceNodeAllocatable = *(*[]string)(unsafe.Pointer(&in.EnforceNodeAllocatable)) + } + out.ExperimentalNodeAllocatableIgnoreEvictionThreshold = in.ExperimentalNodeAllocatableIgnoreEvictionThreshold + return nil +} + +// Convert_kubeletconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration is an autogenerated conversion function. +func Convert_kubeletconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in *kubeletconfig.KubeletConfiguration, out *KubeletConfiguration, s conversion.Scope) error { + return autoConvert_kubeletconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in, out, s) +} + +func autoConvert_v1alpha1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, out *kubeletconfig.KubeletWebhookAuthentication, s conversion.Scope) error { + if err := v1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + out.CacheTTL = in.CacheTTL + return nil +} + +// Convert_v1alpha1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication is an autogenerated conversion function. +func Convert_v1alpha1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, out *kubeletconfig.KubeletWebhookAuthentication, s conversion.Scope) error { + return autoConvert_v1alpha1_KubeletWebhookAuthentication_To_kubeletconfig_KubeletWebhookAuthentication(in, out, s) +} + +func autoConvert_kubeletconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in *kubeletconfig.KubeletWebhookAuthentication, out *KubeletWebhookAuthentication, s conversion.Scope) error { + if err := v1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + out.CacheTTL = in.CacheTTL + return nil +} + +// Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication is an autogenerated conversion function. +func Convert_kubeletconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in *kubeletconfig.KubeletWebhookAuthentication, out *KubeletWebhookAuthentication, s conversion.Scope) error { + return autoConvert_kubeletconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in, out, s) +} + +func autoConvert_v1alpha1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, out *kubeletconfig.KubeletWebhookAuthorization, s conversion.Scope) error { + out.CacheAuthorizedTTL = in.CacheAuthorizedTTL + out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL + return nil +} + +// Convert_v1alpha1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization is an autogenerated conversion function. +func Convert_v1alpha1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, out *kubeletconfig.KubeletWebhookAuthorization, s conversion.Scope) error { + return autoConvert_v1alpha1_KubeletWebhookAuthorization_To_kubeletconfig_KubeletWebhookAuthorization(in, out, s) +} + +func autoConvert_kubeletconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in *kubeletconfig.KubeletWebhookAuthorization, out *KubeletWebhookAuthorization, s conversion.Scope) error { + out.CacheAuthorizedTTL = in.CacheAuthorizedTTL + out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL + return nil +} + +// Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization is an autogenerated conversion function. +func Convert_kubeletconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in *kubeletconfig.KubeletWebhookAuthorization, out *KubeletWebhookAuthorization, s conversion.Scope) error { + return autoConvert_kubeletconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in, out, s) +} + +func autoConvert_v1alpha1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *kubeletconfig.KubeletX509Authentication, s conversion.Scope) error { + out.ClientCAFile = in.ClientCAFile + return nil +} + +// Convert_v1alpha1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication is an autogenerated conversion function. +func Convert_v1alpha1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *kubeletconfig.KubeletX509Authentication, s conversion.Scope) error { + return autoConvert_v1alpha1_KubeletX509Authentication_To_kubeletconfig_KubeletX509Authentication(in, out, s) +} + +func autoConvert_kubeletconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in *kubeletconfig.KubeletX509Authentication, out *KubeletX509Authentication, s conversion.Scope) error { + out.ClientCAFile = in.ClientCAFile + return nil +} + +// Convert_kubeletconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication is an autogenerated conversion function. +func Convert_kubeletconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in *kubeletconfig.KubeletX509Authentication, out *KubeletX509Authentication, s conversion.Scope) error { + return autoConvert_kubeletconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in, out, s) +} diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.deepcopy.go b/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..a33c9c2cb05 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,528 @@ +// +build !ignore_autogenerated + +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// This file was autogenerated by deepcopy-gen. Do not edit it manually! + +package v1alpha1 + +import ( + core_v1 "k8s.io/api/core/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" + reflect "reflect" +) + +func init() { + SchemeBuilder.Register(RegisterDeepCopies) +} + +// RegisterDeepCopies adds deep-copy functions to the given scheme. Public +// to allow building arbitrary schemes. +// +// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented. +func RegisterDeepCopies(scheme *runtime.Scheme) error { + return scheme.AddGeneratedDeepCopyFuncs( + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletAnonymousAuthentication).DeepCopyInto(out.(*KubeletAnonymousAuthentication)) + return nil + }, InType: reflect.TypeOf(&KubeletAnonymousAuthentication{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletAuthentication).DeepCopyInto(out.(*KubeletAuthentication)) + return nil + }, InType: reflect.TypeOf(&KubeletAuthentication{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletAuthorization).DeepCopyInto(out.(*KubeletAuthorization)) + return nil + }, InType: reflect.TypeOf(&KubeletAuthorization{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletConfiguration).DeepCopyInto(out.(*KubeletConfiguration)) + return nil + }, InType: reflect.TypeOf(&KubeletConfiguration{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletWebhookAuthentication).DeepCopyInto(out.(*KubeletWebhookAuthentication)) + return nil + }, InType: reflect.TypeOf(&KubeletWebhookAuthentication{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletWebhookAuthorization).DeepCopyInto(out.(*KubeletWebhookAuthorization)) + return nil + }, InType: reflect.TypeOf(&KubeletWebhookAuthorization{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletX509Authentication).DeepCopyInto(out.(*KubeletX509Authentication)) + return nil + }, InType: reflect.TypeOf(&KubeletX509Authentication{})}, + ) +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication. +func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication { + if in == nil { + return nil + } + out := new(KubeletAnonymousAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication) { + *out = *in + out.X509 = in.X509 + in.Webhook.DeepCopyInto(&out.Webhook) + in.Anonymous.DeepCopyInto(&out.Anonymous) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication. +func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication { + if in == nil { + return nil + } + out := new(KubeletAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization) { + *out = *in + out.Webhook = in.Webhook + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization. +func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization { + if in == nil { + return nil + } + out := new(KubeletAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) { + *out = *in + out.TypeMeta = in.TypeMeta + if in.ConfigTrialDuration != nil { + in, out := &in.ConfigTrialDuration, &out.ConfigTrialDuration + if *in == nil { + *out = nil + } else { + *out = new(v1.Duration) + **out = **in + } + } + if in.CrashLoopThreshold != nil { + in, out := &in.CrashLoopThreshold, &out.CrashLoopThreshold + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + out.SyncFrequency = in.SyncFrequency + out.FileCheckFrequency = in.FileCheckFrequency + out.HTTPCheckFrequency = in.HTTPCheckFrequency + if in.EnableServer != nil { + in, out := &in.EnableServer, &out.EnableServer + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + in.Authentication.DeepCopyInto(&out.Authentication) + out.Authorization = in.Authorization + if in.AllowPrivileged != nil { + in, out := &in.AllowPrivileged, &out.AllowPrivileged + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.HostNetworkSources != nil { + in, out := &in.HostNetworkSources, &out.HostNetworkSources + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.HostPIDSources != nil { + in, out := &in.HostPIDSources, &out.HostPIDSources + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.HostIPCSources != nil { + in, out := &in.HostIPCSources, &out.HostIPCSources + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.RegistryPullQPS != nil { + in, out := &in.RegistryPullQPS, &out.RegistryPullQPS + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.EventRecordQPS != nil { + in, out := &in.EventRecordQPS, &out.EventRecordQPS + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.EnableDebuggingHandlers != nil { + in, out := &in.EnableDebuggingHandlers, &out.EnableDebuggingHandlers + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + out.MinimumGCAge = in.MinimumGCAge + if in.MaxContainerCount != nil { + in, out := &in.MaxContainerCount, &out.MaxContainerCount + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.CAdvisorPort != nil { + in, out := &in.CAdvisorPort, &out.CAdvisorPort + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.OOMScoreAdj != nil { + in, out := &in.OOMScoreAdj, &out.OOMScoreAdj + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.RegisterNode != nil { + in, out := &in.RegisterNode, &out.RegisterNode + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.ClusterDNS != nil { + in, out := &in.ClusterDNS, &out.ClusterDNS + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout + out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency + out.ImageMinimumGCAge = in.ImageMinimumGCAge + if in.ImageGCHighThresholdPercent != nil { + in, out := &in.ImageGCHighThresholdPercent, &out.ImageGCHighThresholdPercent + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.ImageGCLowThresholdPercent != nil { + in, out := &in.ImageGCLowThresholdPercent, &out.ImageGCLowThresholdPercent + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod + if in.CgroupsPerQOS != nil { + in, out := &in.CgroupsPerQOS, &out.CgroupsPerQOS + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + out.RuntimeRequestTimeout = in.RuntimeRequestTimeout + if in.LockFilePath != nil { + in, out := &in.LockFilePath, &out.LockFilePath + if *in == nil { + *out = nil + } else { + *out = new(string) + **out = **in + } + } + if in.CPUCFSQuota != nil { + in, out := &in.CPUCFSQuota, &out.CPUCFSQuota + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.Containerized != nil { + in, out := &in.Containerized, &out.Containerized + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.RegisterSchedulable != nil { + in, out := &in.RegisterSchedulable, &out.RegisterSchedulable + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.RegisterWithTaints != nil { + in, out := &in.RegisterWithTaints, &out.RegisterWithTaints + *out = make([]core_v1.Taint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.KubeAPIQPS != nil { + in, out := &in.KubeAPIQPS, &out.KubeAPIQPS + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.SerializeImagePulls != nil { + in, out := &in.SerializeImagePulls, &out.SerializeImagePulls + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.NodeLabels != nil { + in, out := &in.NodeLabels, &out.NodeLabels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.EvictionHard != nil { + in, out := &in.EvictionHard, &out.EvictionHard + if *in == nil { + *out = nil + } else { + *out = new(string) + **out = **in + } + } + out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod + if in.ExperimentalKernelMemcgNotification != nil { + in, out := &in.ExperimentalKernelMemcgNotification, &out.ExperimentalKernelMemcgNotification + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.EnableControllerAttachDetach != nil { + in, out := &in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.ExperimentalQOSReserved != nil { + in, out := &in.ExperimentalQOSReserved, &out.ExperimentalQOSReserved + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.MakeIPTablesUtilChains != nil { + in, out := &in.MakeIPTablesUtilChains, &out.MakeIPTablesUtilChains + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + if in.IPTablesMasqueradeBit != nil { + in, out := &in.IPTablesMasqueradeBit, &out.IPTablesMasqueradeBit + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.IPTablesDropBit != nil { + in, out := &in.IPTablesDropBit, &out.IPTablesDropBit + if *in == nil { + *out = nil + } else { + *out = new(int32) + **out = **in + } + } + if in.AllowedUnsafeSysctls != nil { + in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.SystemReserved != nil { + in, out := &in.SystemReserved, &out.SystemReserved + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.KubeReserved != nil { + in, out := &in.KubeReserved, &out.KubeReserved + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.EnforceNodeAllocatable != nil { + in, out := &in.EnforceNodeAllocatable, &out.EnforceNodeAllocatable + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration. +func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration { + if in == nil { + return nil + } + out := new(KubeletConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeletConfiguration) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } else { + return nil + } +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + if *in == nil { + *out = nil + } else { + *out = new(bool) + **out = **in + } + } + out.CacheTTL = in.CacheTTL + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication. +func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication { + if in == nil { + return nil + } + out := new(KubeletWebhookAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization) { + *out = *in + out.CacheAuthorizedTTL = in.CacheAuthorizedTTL + out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization. +func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization { + if in == nil { + return nil + } + out := new(KubeletWebhookAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication. +func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication { + if in == nil { + return nil + } + out := new(KubeletX509Authentication) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.defaults.go b/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000000..c23f8622ecb --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,37 @@ +// +build !ignore_autogenerated + +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// This file was autogenerated by defaulter-gen. Do not edit it manually! + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + scheme.AddTypeDefaultingFunc(&KubeletConfiguration{}, func(obj interface{}) { SetObjectDefaults_KubeletConfiguration(obj.(*KubeletConfiguration)) }) + return nil +} + +func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration) { + SetDefaults_KubeletConfiguration(in) +} diff --git a/pkg/kubelet/apis/kubeletconfig/validation/BUILD b/pkg/kubelet/apis/kubeletconfig/validation/BUILD new file mode 100644 index 00000000000..86889db91be --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/validation/BUILD @@ -0,0 +1,31 @@ +package(default_visibility = ["//visibility:public"]) + +licenses(["notice"]) + +load( + "@io_bazel_rules_go//go:def.bzl", + "go_library", +) + +go_library( + name = "go_default_library", + srcs = ["validation.go"], + tags = ["automanaged"], + deps = [ + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/cm:go_default_library", + ], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], +) diff --git a/pkg/kubelet/apis/kubeletconfig/validation/validation.go b/pkg/kubelet/apis/kubeletconfig/validation/validation.go new file mode 100644 index 00000000000..2c78b3c24dd --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/validation/validation.go @@ -0,0 +1,56 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package validation + +import ( + "fmt" + + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + containermanager "k8s.io/kubernetes/pkg/kubelet/cm" +) + +// MaxCrashLoopThreshold is the maximum allowed KubeletConfiguraiton.CrashLoopThreshold +const MaxCrashLoopThreshold = 10 + +// ValidateKubeletConfiguration validates `kc` and returns an error if it is invalid +func ValidateKubeletConfiguration(kc *kubeletconfig.KubeletConfiguration) error { + // restrict crashloop threshold to between 0 and `maxCrashLoopThreshold`, inclusive + // more than `maxStartups=maxCrashLoopThreshold` adds unnecessary bloat to the .startups.json file, + // and negative values would be silly. + if kc.CrashLoopThreshold < 0 || kc.CrashLoopThreshold > MaxCrashLoopThreshold { + return fmt.Errorf("field `CrashLoopThreshold` must be between 0 and %d, inclusive", MaxCrashLoopThreshold) + } + + if !kc.CgroupsPerQOS && len(kc.EnforceNodeAllocatable) > 0 { + return fmt.Errorf("node allocatable enforcement is not supported unless Cgroups Per QOS feature is turned on") + } + if kc.SystemCgroups != "" && kc.CgroupRoot == "" { + return fmt.Errorf("invalid configuration: system container was specified and cgroup root was not specified") + } + for _, val := range kc.EnforceNodeAllocatable { + switch val { + case containermanager.NodeAllocatableEnforcementKey: + case containermanager.SystemReservedEnforcementKey: + case containermanager.KubeReservedEnforcementKey: + continue + default: + return fmt.Errorf("invalid option %q specified for EnforceNodeAllocatable setting. Valid options are %q, %q or %q", + val, containermanager.NodeAllocatableEnforcementKey, containermanager.SystemReservedEnforcementKey, containermanager.KubeReservedEnforcementKey) + } + } + return nil +} diff --git a/pkg/kubelet/apis/kubeletconfig/zz_generated.deepcopy.go b/pkg/kubelet/apis/kubeletconfig/zz_generated.deepcopy.go new file mode 100644 index 00000000000..a6f81c152e7 --- /dev/null +++ b/pkg/kubelet/apis/kubeletconfig/zz_generated.deepcopy.go @@ -0,0 +1,276 @@ +// +build !ignore_autogenerated + +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// This file was autogenerated by deepcopy-gen. Do not edit it manually! + +package kubeletconfig + +import ( + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" + api "k8s.io/kubernetes/pkg/api" + reflect "reflect" +) + +func init() { + SchemeBuilder.Register(RegisterDeepCopies) +} + +// RegisterDeepCopies adds deep-copy functions to the given scheme. Public +// to allow building arbitrary schemes. +// +// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented. +func RegisterDeepCopies(scheme *runtime.Scheme) error { + return scheme.AddGeneratedDeepCopyFuncs( + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletAnonymousAuthentication).DeepCopyInto(out.(*KubeletAnonymousAuthentication)) + return nil + }, InType: reflect.TypeOf(&KubeletAnonymousAuthentication{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletAuthentication).DeepCopyInto(out.(*KubeletAuthentication)) + return nil + }, InType: reflect.TypeOf(&KubeletAuthentication{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletAuthorization).DeepCopyInto(out.(*KubeletAuthorization)) + return nil + }, InType: reflect.TypeOf(&KubeletAuthorization{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletConfiguration).DeepCopyInto(out.(*KubeletConfiguration)) + return nil + }, InType: reflect.TypeOf(&KubeletConfiguration{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletWebhookAuthentication).DeepCopyInto(out.(*KubeletWebhookAuthentication)) + return nil + }, InType: reflect.TypeOf(&KubeletWebhookAuthentication{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletWebhookAuthorization).DeepCopyInto(out.(*KubeletWebhookAuthorization)) + return nil + }, InType: reflect.TypeOf(&KubeletWebhookAuthorization{})}, + conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { + in.(*KubeletX509Authentication).DeepCopyInto(out.(*KubeletX509Authentication)) + return nil + }, InType: reflect.TypeOf(&KubeletX509Authentication{})}, + ) +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication. +func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication { + if in == nil { + return nil + } + out := new(KubeletAnonymousAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication) { + *out = *in + out.X509 = in.X509 + out.Webhook = in.Webhook + out.Anonymous = in.Anonymous + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication. +func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication { + if in == nil { + return nil + } + out := new(KubeletAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization) { + *out = *in + out.Webhook = in.Webhook + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization. +func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization { + if in == nil { + return nil + } + out := new(KubeletAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) { + *out = *in + out.TypeMeta = in.TypeMeta + out.ConfigTrialDuration = in.ConfigTrialDuration + out.SyncFrequency = in.SyncFrequency + out.FileCheckFrequency = in.FileCheckFrequency + out.HTTPCheckFrequency = in.HTTPCheckFrequency + out.Authentication = in.Authentication + out.Authorization = in.Authorization + if in.HostNetworkSources != nil { + in, out := &in.HostNetworkSources, &out.HostNetworkSources + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.HostPIDSources != nil { + in, out := &in.HostPIDSources, &out.HostPIDSources + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.HostIPCSources != nil { + in, out := &in.HostIPCSources, &out.HostIPCSources + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.MinimumGCAge = in.MinimumGCAge + if in.ClusterDNS != nil { + in, out := &in.ClusterDNS, &out.ClusterDNS + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout + out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency + out.ImageMinimumGCAge = in.ImageMinimumGCAge + out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod + out.RuntimeRequestTimeout = in.RuntimeRequestTimeout + if in.RegisterWithTaints != nil { + in, out := &in.RegisterWithTaints, &out.RegisterWithTaints + *out = make([]api.Taint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NodeLabels != nil { + in, out := &in.NodeLabels, &out.NodeLabels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod + if in.ExperimentalQOSReserved != nil { + in, out := &in.ExperimentalQOSReserved, &out.ExperimentalQOSReserved + *out = make(ConfigurationMap, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.AllowedUnsafeSysctls != nil { + in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.SystemReserved != nil { + in, out := &in.SystemReserved, &out.SystemReserved + *out = make(ConfigurationMap, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.KubeReserved != nil { + in, out := &in.KubeReserved, &out.KubeReserved + *out = make(ConfigurationMap, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.EnforceNodeAllocatable != nil { + in, out := &in.EnforceNodeAllocatable, &out.EnforceNodeAllocatable + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration. +func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration { + if in == nil { + return nil + } + out := new(KubeletConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeletConfiguration) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } else { + return nil + } +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication) { + *out = *in + out.CacheTTL = in.CacheTTL + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication. +func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication { + if in == nil { + return nil + } + out := new(KubeletWebhookAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization) { + *out = *in + out.CacheAuthorizedTTL = in.CacheAuthorizedTTL + out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization. +func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization { + if in == nil { + return nil + } + out := new(KubeletWebhookAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication. +func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication { + if in == nil { + return nil + } + out := new(KubeletX509Authentication) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/kubelet/certificate/BUILD b/pkg/kubelet/certificate/BUILD index 6def1dd40c1..a9df3be8c7d 100644 --- a/pkg/kubelet/certificate/BUILD +++ b/pkg/kubelet/certificate/BUILD @@ -15,7 +15,7 @@ go_library( "transport.go", ], deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/util/file:go_default_library", "//vendor/github.com/golang/glog:go_default_library", "//vendor/k8s.io/api/certificates/v1beta1:go_default_library", diff --git a/pkg/kubelet/certificate/kubelet.go b/pkg/kubelet/certificate/kubelet.go index 5c85c66f225..b7459868150 100644 --- a/pkg/kubelet/certificate/kubelet.go +++ b/pkg/kubelet/certificate/kubelet.go @@ -26,12 +26,12 @@ import ( "k8s.io/apimachinery/pkg/types" clientset "k8s.io/client-go/kubernetes" clientcertificates "k8s.io/client-go/kubernetes/typed/certificates/v1beta1" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" ) // NewKubeletServerCertificateManager creates a certificate manager for the kubelet when retrieving a server certificate // or returns an error. -func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg *componentconfig.KubeletConfiguration, nodeName types.NodeName, ips []net.IP, hostnames []string, certDirectory string) (Manager, error) { +func NewKubeletServerCertificateManager(kubeClient clientset.Interface, kubeCfg *kubeletconfig.KubeletConfiguration, nodeName types.NodeName, ips []net.IP, hostnames []string, certDirectory string) (Manager, error) { var certSigningRequestClient clientcertificates.CertificateSigningRequestInterface if kubeClient != nil && kubeClient.Certificates() != nil { certSigningRequestClient = kubeClient.Certificates().CertificateSigningRequests() diff --git a/pkg/kubelet/cm/BUILD b/pkg/kubelet/cm/BUILD index 5bce88a5a28..adbb3ae3483 100644 --- a/pkg/kubelet/cm/BUILD +++ b/pkg/kubelet/cm/BUILD @@ -32,7 +32,7 @@ go_library( "//conditions:default": [], }), deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/cadvisor:go_default_library", "//pkg/kubelet/eviction/api:go_default_library", "//pkg/util/mount:go_default_library", @@ -86,7 +86,7 @@ go_test( "//pkg/util/mount:go_default_library", ] + select({ "@io_bazel_rules_go//go/platform:linux_amd64": [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/eviction/api:go_default_library", "//vendor/github.com/stretchr/testify/assert:go_default_library", "//vendor/github.com/stretchr/testify/require:go_default_library", diff --git a/pkg/kubelet/cm/cgroup_manager_test.go b/pkg/kubelet/cm/cgroup_manager_test.go index 1bef61559e7..cad32008866 100644 --- a/pkg/kubelet/cm/cgroup_manager_test.go +++ b/pkg/kubelet/cm/cgroup_manager_test.go @@ -23,7 +23,7 @@ import ( "testing" "k8s.io/api/core/v1" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" ) func Test(t *testing.T) { @@ -66,7 +66,7 @@ func Test(t *testing.T) { }, } for _, test := range tests { - m := componentconfig.ConfigurationMap{} + m := kubeletconfig.ConfigurationMap{} m.Set(test.input) actual, err := ParseQOSReserved(m) if actual != nil && test.expected == nil { diff --git a/pkg/kubelet/cm/container_manager.go b/pkg/kubelet/cm/container_manager.go index 77e5dd187e4..36c4569eb70 100644 --- a/pkg/kubelet/cm/container_manager.go +++ b/pkg/kubelet/cm/container_manager.go @@ -20,7 +20,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" // TODO: Migrate kubelet to either use its own internal objects or client library. "k8s.io/api/core/v1" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" evictionapi "k8s.io/kubernetes/pkg/kubelet/eviction/api" "fmt" @@ -122,7 +122,7 @@ func parsePercentage(v string) (int64, error) { } // ParseQOSReserved parses the --qos-reserve-requests option -func ParseQOSReserved(m componentconfig.ConfigurationMap) (*map[v1.ResourceName]int64, error) { +func ParseQOSReserved(m kubeletconfig.ConfigurationMap) (*map[v1.ResourceName]int64, error) { reservations := make(map[v1.ResourceName]int64) for k, v := range m { switch v1.ResourceName(k) { diff --git a/pkg/kubelet/dockershim/BUILD b/pkg/kubelet/dockershim/BUILD index c420cf9a05e..55c75c2558b 100644 --- a/pkg/kubelet/dockershim/BUILD +++ b/pkg/kubelet/dockershim/BUILD @@ -36,10 +36,10 @@ go_library( "//conditions:default": [], }), deps = [ - "//pkg/apis/componentconfig:go_default_library", "//pkg/credentialprovider:go_default_library", "//pkg/kubelet/apis/cri:go_default_library", "//pkg/kubelet/apis/cri/v1alpha1/runtime:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/cm:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/dockershim/cm:go_default_library", diff --git a/pkg/kubelet/dockershim/docker_service.go b/pkg/kubelet/dockershim/docker_service.go index eabd6ed4cab..a42c7487a33 100644 --- a/pkg/kubelet/dockershim/docker_service.go +++ b/pkg/kubelet/dockershim/docker_service.go @@ -30,9 +30,9 @@ import ( "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/kubernetes/pkg/apis/componentconfig" internalapi "k8s.io/kubernetes/pkg/kubelet/apis/cri" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecm "k8s.io/kubernetes/pkg/kubelet/cm" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/dockershim/cm" @@ -89,7 +89,7 @@ const ( // runtime process. type NetworkPluginSettings struct { // HairpinMode is best described by comments surrounding the kubelet arg - HairpinMode componentconfig.HairpinMode + HairpinMode kubeletconfig.HairpinMode // NonMasqueradeCIDR is the range of ips which should *not* be included // in any MASQUERADE rules applied by the plugin NonMasqueradeCIDR string diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 3dbe3fac1ab..80fd03f26a1 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -55,11 +55,11 @@ import ( "k8s.io/client-go/util/integer" "k8s.io/kubernetes/cmd/kubelet/app/options" "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/componentconfig" - componentconfigv1alpha1 "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" "k8s.io/kubernetes/pkg/cloudprovider" "k8s.io/kubernetes/pkg/features" internalapi "k8s.io/kubernetes/pkg/kubelet/apis/cri" + kubeletconfiginternal "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + kubeletconfigv1alpha1 "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" "k8s.io/kubernetes/pkg/kubelet/cadvisor" "k8s.io/kubernetes/pkg/kubelet/certificate" "k8s.io/kubernetes/pkg/kubelet/cm" @@ -180,7 +180,7 @@ type Option func(*Kubelet) // Bootstrap is a bootstrapping interface for kubelet, targets the initialization protocol type Bootstrap interface { - GetConfiguration() componentconfig.KubeletConfiguration + GetConfiguration() kubeletconfiginternal.KubeletConfiguration BirthCry() StartGarbageCollection() ListenAndServe(address net.IP, port uint, tlsOptions *server.TLSOptions, auth server.AuthInterface, enableDebuggingHandlers, enableContentionProfiling bool) @@ -190,7 +190,7 @@ type Bootstrap interface { } // Builder creates and initializes a Kubelet instance -type Builder func(kubeCfg *componentconfig.KubeletConfiguration, +type Builder func(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *Dependencies, crOptions *options.ContainerRuntimeOptions, hostnameOverride, @@ -249,7 +249,7 @@ type Dependencies struct { // makePodSourceConfig creates a config.PodConfig from the given // KubeletConfiguration or returns an error. -func makePodSourceConfig(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Dependencies, nodeName types.NodeName) (*config.PodConfig, error) { +func makePodSourceConfig(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *Dependencies, nodeName types.NodeName) (*config.PodConfig, error) { manifestURLHeader := make(http.Header) if kubeCfg.ManifestURLHeader != "" { pieces := strings.Split(kubeCfg.ManifestURLHeader, ":") @@ -280,7 +280,7 @@ func makePodSourceConfig(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps return cfg, nil } -func getRuntimeAndImageServices(config *componentconfig.KubeletConfiguration) (internalapi.RuntimeService, internalapi.ImageManagerService, error) { +func getRuntimeAndImageServices(config *kubeletconfiginternal.KubeletConfiguration) (internalapi.RuntimeService, internalapi.ImageManagerService, error) { rs, err := remote.NewRemoteRuntimeService(config.RemoteRuntimeEndpoint, config.RuntimeRequestTimeout.Duration) if err != nil { return nil, nil, err @@ -294,7 +294,7 @@ func getRuntimeAndImageServices(config *componentconfig.KubeletConfiguration) (i // NewMainKubelet instantiates a new Kubelet object along with all the required internal modules. // No initialization of Kubelet and its modules should happen here. -func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, +func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *Dependencies, crOptions *options.ContainerRuntimeOptions, hostnameOverride, @@ -461,7 +461,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, recorder: kubeDeps.Recorder, cadvisor: kubeDeps.CAdvisorInterface, cloud: kubeDeps.Cloud, - autoDetectCloudProvider: (componentconfigv1alpha1.AutoDetectCloudProvider == cloudProvider), + autoDetectCloudProvider: (kubeletconfigv1alpha1.AutoDetectCloudProvider == cloudProvider), externalCloudProvider: cloudprovider.IsExternal(cloudProvider), providerID: providerID, nodeRef: nodeRef, @@ -501,7 +501,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, glog.Infof("Experimental host user namespace defaulting is enabled.") } - hairpinMode, err := effectiveHairpinMode(componentconfig.HairpinMode(kubeCfg.HairpinMode), kubeCfg.ContainerRuntime, crOptions.NetworkPluginName) + hairpinMode, err := effectiveHairpinMode(kubeletconfiginternal.HairpinMode(kubeCfg.HairpinMode), kubeCfg.ContainerRuntime, crOptions.NetworkPluginName) if err != nil { // This is a non-recoverable error. Returning it up the callstack will just // lead to retries of the same failure, so just fail hard. @@ -659,7 +659,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, klet.livenessManager, httpClient, klet.networkPlugin, - hairpinMode == componentconfig.HairpinVeth, + hairpinMode == kubeletconfiginternal.HairpinVeth, utilexec.New(), kubecontainer.RealOS{}, imageBackOff, @@ -843,7 +843,7 @@ type serviceLister interface { // Kubelet is the main kubelet implementation. type Kubelet struct { - kubeletConfiguration componentconfig.KubeletConfiguration + kubeletConfiguration kubeletconfiginternal.KubeletConfiguration hostname string nodeName types.NodeName @@ -2069,7 +2069,7 @@ func (kl *Kubelet) updateCloudProviderFromMachineInfo(node *v1.Node, info *cadvi } // GetConfiguration returns the KubeletConfiguration used to configure the kubelet. -func (kl *Kubelet) GetConfiguration() componentconfig.KubeletConfiguration { +func (kl *Kubelet) GetConfiguration() kubeletconfiginternal.KubeletConfiguration { return kl.kubeletConfiguration } @@ -2118,7 +2118,7 @@ func isSyncPodWorthy(event *pleg.PodLifecycleEvent) bool { } // Gets the streaming server configuration to use with in-process CRI shims. -func getStreamingConfig(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Dependencies) *streaming.Config { +func getStreamingConfig(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *Dependencies) *streaming.Config { config := &streaming.Config{ // Use a relative redirect (no scheme or host). BaseURL: &url.URL{ diff --git a/pkg/kubelet/kubelet_network.go b/pkg/kubelet/kubelet_network.go index ca93d7f4b9f..85fece144d3 100644 --- a/pkg/kubelet/kubelet_network.go +++ b/pkg/kubelet/kubelet_network.go @@ -25,7 +25,7 @@ import ( "github.com/golang/glog" "k8s.io/api/core/v1" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/pkg/kubelet/network" utiliptables "k8s.io/kubernetes/pkg/util/iptables" ) @@ -47,7 +47,7 @@ const ( // effectiveHairpinMode determines the effective hairpin mode given the // configured mode, container runtime, and whether cbr0 should be configured. -func effectiveHairpinMode(hairpinMode componentconfig.HairpinMode, containerRuntime string, networkPlugin string) (componentconfig.HairpinMode, error) { +func effectiveHairpinMode(hairpinMode kubeletconfig.HairpinMode, containerRuntime string, networkPlugin string) (kubeletconfig.HairpinMode, error) { // The hairpin mode setting doesn't matter if: // - We're not using a bridge network. This is hard to check because we might // be using a plugin. @@ -55,20 +55,20 @@ func effectiveHairpinMode(hairpinMode componentconfig.HairpinMode, containerRunt // to set the hairpin flag on the veth's of containers. Currently the // docker runtime is the only one that understands this. // - It's set to "none". - if hairpinMode == componentconfig.PromiscuousBridge || hairpinMode == componentconfig.HairpinVeth { + if hairpinMode == kubeletconfig.PromiscuousBridge || hairpinMode == kubeletconfig.HairpinVeth { // Only on docker. if containerRuntime != "docker" { glog.Warningf("Hairpin mode set to %q but container runtime is %q, ignoring", hairpinMode, containerRuntime) - return componentconfig.HairpinNone, nil + return kubeletconfig.HairpinNone, nil } - if hairpinMode == componentconfig.PromiscuousBridge && networkPlugin != "kubenet" { + if hairpinMode == kubeletconfig.PromiscuousBridge && networkPlugin != "kubenet" { // This is not a valid combination, since promiscuous-bridge only works on kubenet. Users might be using the // default values (from before the hairpin-mode flag existed) and we // should keep the old behavior. - glog.Warningf("Hairpin mode set to %q but kubenet is not enabled, falling back to %q", hairpinMode, componentconfig.HairpinVeth) - return componentconfig.HairpinVeth, nil + glog.Warningf("Hairpin mode set to %q but kubenet is not enabled, falling back to %q", hairpinMode, kubeletconfig.HairpinVeth) + return kubeletconfig.HairpinVeth, nil } - } else if hairpinMode != componentconfig.HairpinNone { + } else if hairpinMode != kubeletconfig.HairpinNone { return "", fmt.Errorf("unknown value: %q", hairpinMode) } return hairpinMode, nil diff --git a/pkg/kubelet/kubelet_test.go b/pkg/kubelet/kubelet_test.go index 5b28a4059f1..657d304f438 100644 --- a/pkg/kubelet/kubelet_test.go +++ b/pkg/kubelet/kubelet_test.go @@ -40,8 +40,8 @@ import ( "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/tools/record" "k8s.io/client-go/util/flowcontrol" - "k8s.io/kubernetes/pkg/apis/componentconfig" "k8s.io/kubernetes/pkg/capabilities" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" cadvisortest "k8s.io/kubernetes/pkg/kubelet/cadvisor/testing" "k8s.io/kubernetes/pkg/kubelet/cm" "k8s.io/kubernetes/pkg/kubelet/config" @@ -159,7 +159,7 @@ func newTestKubeletWithImageList( kubelet.nodeName = types.NodeName(testKubeletHostname) kubelet.runtimeState = newRuntimeState(maxWaitForContainerRuntime) kubelet.runtimeState.setNetworkState(nil) - kubelet.networkPlugin, _ = network.InitNetworkPlugin([]network.NetworkPlugin{}, "", nettest.NewFakeHost(nil), componentconfig.HairpinNone, "", 1440) + kubelet.networkPlugin, _ = network.InitNetworkPlugin([]network.NetworkPlugin{}, "", nettest.NewFakeHost(nil), kubeletconfig.HairpinNone, "", 1440) if tempDir, err := ioutil.TempDir("/tmp", "kubelet_test."); err != nil { t.Fatalf("can't make a temp rootdir: %v", err) } else { diff --git a/pkg/kubelet/kubeletconfig/BUILD b/pkg/kubelet/kubeletconfig/BUILD index b85d49d1627..d9b14812703 100644 --- a/pkg/kubelet/kubeletconfig/BUILD +++ b/pkg/kubelet/kubeletconfig/BUILD @@ -14,8 +14,8 @@ go_library( "watch.go", ], deps = [ - "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/validation:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/validation:go_default_library", "//pkg/kubelet/kubeletconfig/badconfig:go_default_library", "//pkg/kubelet/kubeletconfig/checkpoint:go_default_library", "//pkg/kubelet/kubeletconfig/checkpoint/store:go_default_library", diff --git a/pkg/kubelet/kubeletconfig/checkpoint/BUILD b/pkg/kubelet/kubeletconfig/checkpoint/BUILD index e04e74148f8..8e2844f81c4 100644 --- a/pkg/kubelet/kubeletconfig/checkpoint/BUILD +++ b/pkg/kubelet/kubeletconfig/checkpoint/BUILD @@ -16,8 +16,8 @@ go_test( library = ":go_default_library", deps = [ "//pkg/api:go_default_library", - "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/v1alpha1:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", "//pkg/kubelet/kubeletconfig/util/codec:go_default_library", "//pkg/kubelet/kubeletconfig/util/test:go_default_library", "//vendor/github.com/davecgh/go-spew/spew:go_default_library", @@ -39,7 +39,7 @@ go_library( ], deps = [ "//pkg/api:go_default_library", - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/kubeletconfig/util/codec:go_default_library", "//pkg/kubelet/kubeletconfig/util/log:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", diff --git a/pkg/kubelet/kubeletconfig/checkpoint/checkpoint.go b/pkg/kubelet/kubeletconfig/checkpoint/checkpoint.go index 20a8a853e70..e9a6c29d701 100644 --- a/pkg/kubelet/kubeletconfig/checkpoint/checkpoint.go +++ b/pkg/kubelet/kubeletconfig/checkpoint/checkpoint.go @@ -23,7 +23,7 @@ import ( apiequality "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/runtime" "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" ) // Checkpoint represents a local copy of a config source (payload) object @@ -31,7 +31,7 @@ type Checkpoint interface { // UID returns the UID of the config source object behind the Checkpoint UID() string // Parse parses the checkpoint into the internal KubeletConfiguration type - Parse() (*componentconfig.KubeletConfiguration, error) + Parse() (*kubeletconfig.KubeletConfiguration, error) // Encode returns a []byte representation of the config source object behind the Checkpoint Encode() ([]byte, error) diff --git a/pkg/kubelet/kubeletconfig/checkpoint/configmap.go b/pkg/kubelet/kubeletconfig/checkpoint/configmap.go index ff26005b211..b0a8ecdea98 100644 --- a/pkg/kubelet/kubeletconfig/checkpoint/configmap.go +++ b/pkg/kubelet/kubeletconfig/checkpoint/configmap.go @@ -21,7 +21,7 @@ import ( apiv1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" utilcodec "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/codec" ) @@ -49,7 +49,7 @@ func (c *configMapCheckpoint) UID() string { } // implements Parse for v1/ConfigMap checkpoints -func (c *configMapCheckpoint) Parse() (*componentconfig.KubeletConfiguration, error) { +func (c *configMapCheckpoint) Parse() (*kubeletconfig.KubeletConfiguration, error) { const emptyCfgErr = "config was empty, but some parameters are required" cm := c.configMap diff --git a/pkg/kubelet/kubeletconfig/checkpoint/configmap_test.go b/pkg/kubelet/kubeletconfig/checkpoint/configmap_test.go index 398e7cf992a..07092e4446d 100644 --- a/pkg/kubelet/kubeletconfig/checkpoint/configmap_test.go +++ b/pkg/kubelet/kubeletconfig/checkpoint/configmap_test.go @@ -27,8 +27,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/componentconfig" - ccv1a1 "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + kubeletconfigv1alpha1 "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" utiltest "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/test" ) @@ -83,9 +83,9 @@ func TestConfigMapCheckpointUID(t *testing.T) { func TestConfigMapCheckpointParse(t *testing.T) { // get the built-in default configuration - external := &ccv1a1.KubeletConfiguration{} + external := &kubeletconfigv1alpha1.KubeletConfiguration{} api.Scheme.Default(external) - defaultConfig := &componentconfig.KubeletConfiguration{} + defaultConfig := &kubeletconfig.KubeletConfiguration{} err := api.Scheme.Convert(external, defaultConfig, nil) if err != nil { t.Fatalf("unexpected error: %v", err) @@ -94,7 +94,7 @@ func TestConfigMapCheckpointParse(t *testing.T) { cases := []struct { desc string cm *apiv1.ConfigMap - expect *componentconfig.KubeletConfiguration + expect *kubeletconfig.KubeletConfiguration err string }{ {"empty data", &apiv1.ConfigMap{}, nil, "config was empty"}, @@ -108,19 +108,19 @@ func TestConfigMapCheckpointParse(t *testing.T) { "kubelet": "{*"}}, nil, "failed to decode"}, // invalid object {"missing kind", &apiv1.ConfigMap{Data: map[string]string{ - "kubelet": `{"apiVersion":"componentconfig/v1alpha1"}`}}, nil, "failed to decode"}, + "kubelet": `{"apiVersion":"kubeletconfig/v1alpha1"}`}}, nil, "failed to decode"}, {"missing version", &apiv1.ConfigMap{Data: map[string]string{ "kubelet": `{"kind":"KubeletConfiguration"}`}}, nil, "failed to decode"}, {"unregistered kind", &apiv1.ConfigMap{Data: map[string]string{ - "kubelet": `{"kind":"BogusKind","apiVersion":"componentconfig/v1alpha1"}`}}, nil, "failed to decode"}, + "kubelet": `{"kind":"BogusKind","apiVersion":"kubeletconfig/v1alpha1"}`}}, nil, "failed to decode"}, {"unregistered version", &apiv1.ConfigMap{Data: map[string]string{ "kubelet": `{"kind":"KubeletConfiguration","apiVersion":"bogusversion"}`}}, nil, "failed to decode"}, // empty object with correct kind and version should result in the defaults for that kind and version {"default from yaml", &apiv1.ConfigMap{Data: map[string]string{ "kubelet": `kind: KubeletConfiguration -apiVersion: componentconfig/v1alpha1`}}, defaultConfig, ""}, +apiVersion: kubeletconfig/v1alpha1`}}, defaultConfig, ""}, {"default from json", &apiv1.ConfigMap{Data: map[string]string{ - "kubelet": `{"kind":"KubeletConfiguration","apiVersion":"componentconfig/v1alpha1"}`}}, defaultConfig, ""}, + "kubelet": `{"kind":"KubeletConfiguration","apiVersion":"kubeletconfig/v1alpha1"}`}}, defaultConfig, ""}, } for _, c := range cases { cpt := &configMapCheckpoint{c.cm} diff --git a/pkg/kubelet/kubeletconfig/configfiles/BUILD b/pkg/kubelet/kubeletconfig/configfiles/BUILD index 1c594f31ad9..94a32a7191c 100644 --- a/pkg/kubelet/kubeletconfig/configfiles/BUILD +++ b/pkg/kubelet/kubeletconfig/configfiles/BUILD @@ -9,7 +9,7 @@ go_library( name = "go_default_library", srcs = ["configfiles.go"], deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/kubeletconfig/util/codec:go_default_library", "//pkg/kubelet/kubeletconfig/util/filesystem:go_default_library", ], diff --git a/pkg/kubelet/kubeletconfig/configfiles/configfiles.go b/pkg/kubelet/kubeletconfig/configfiles/configfiles.go index fad56a80f0f..449c5c8112e 100644 --- a/pkg/kubelet/kubeletconfig/configfiles/configfiles.go +++ b/pkg/kubelet/kubeletconfig/configfiles/configfiles.go @@ -20,7 +20,7 @@ import ( "fmt" "path/filepath" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" utilcodec "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/codec" utilfs "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/filesystem" ) @@ -28,7 +28,7 @@ import ( // Loader loads configuration from a storage layer type Loader interface { // Load loads and returns the KubeletConfiguration from the storage layer, or an error if a configuration could not be loaded - Load() (*componentconfig.KubeletConfiguration, error) + Load() (*kubeletconfig.KubeletConfiguration, error) } // fsLoader loads configuration from `configDir` @@ -47,7 +47,7 @@ func NewFSLoader(fs utilfs.Filesystem, configDir string) Loader { } } -func (loader *fsLoader) Load() (*componentconfig.KubeletConfiguration, error) { +func (loader *fsLoader) Load() (*kubeletconfig.KubeletConfiguration, error) { errfmt := fmt.Sprintf("failed to load Kubelet config files from %q, error: ", loader.configDir) + "%v" // require the config be in a file called "kubelet" diff --git a/pkg/kubelet/kubeletconfig/controller.go b/pkg/kubelet/kubeletconfig/controller.go index cc7c36a2587..f6f0c34e6d2 100644 --- a/pkg/kubelet/kubeletconfig/controller.go +++ b/pkg/kubelet/kubeletconfig/controller.go @@ -25,8 +25,8 @@ import ( "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - "k8s.io/kubernetes/pkg/apis/componentconfig" - "k8s.io/kubernetes/pkg/apis/componentconfig/validation" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/validation" "k8s.io/kubernetes/pkg/version" "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/badconfig" @@ -59,10 +59,10 @@ type Controller struct { dynamicConfig bool // defaultConfig is the configuration to use if no initConfig is provided - defaultConfig *componentconfig.KubeletConfiguration + defaultConfig *kubeletconfig.KubeletConfiguration // initConfig is the unmarshaled init config, this will be loaded by the Controller if an initConfigDir is provided - initConfig *componentconfig.KubeletConfiguration + initConfig *kubeletconfig.KubeletConfiguration // initLoader is for loading the Kubelet's init configuration files from disk initLoader configfiles.Loader @@ -90,7 +90,7 @@ type Controller struct { // If the `initConfigDir` is an empty string, skips trying to load the init config. // If the `dynamicConfigDir` is an empty string, skips trying to load checkpoints or download new config, // but will still sync the ConfigOK condition if you call StartSync with a non-nil client. -func NewController(initConfigDir string, dynamicConfigDir string, defaultConfig *componentconfig.KubeletConfiguration) *Controller { +func NewController(initConfigDir string, dynamicConfigDir string, defaultConfig *kubeletconfig.KubeletConfiguration) *Controller { fs := utilfs.DefaultFs{} var initLoader configfiles.Loader @@ -125,7 +125,7 @@ func NewController(initConfigDir string, dynamicConfigDir string, defaultConfig // Bootstrap attempts to return a valid KubeletConfiguration based on the configuration of the Controller, // or returns an error if no valid configuration could be produced. Bootstrap should be called synchronously before StartSync. -func (cc *Controller) Bootstrap() (*componentconfig.KubeletConfiguration, error) { +func (cc *Controller) Bootstrap() (*kubeletconfig.KubeletConfiguration, error) { utillog.Infof("starting controller") // ALWAYS validate the local (default and init) configs. This makes incorrectly provisioned nodes an error. @@ -298,7 +298,7 @@ func (cc *Controller) initialize() error { } // localConfig returns the initConfig if it is loaded, otherwise returns the defaultConfig -func (cc *Controller) localConfig() *componentconfig.KubeletConfiguration { +func (cc *Controller) localConfig() *kubeletconfig.KubeletConfiguration { if cc.initConfig != nil { cc.configOK.Set(status.CurInitMessage, status.CurInitOKReason, apiv1.ConditionTrue) return cc.initConfig diff --git a/pkg/kubelet/kubeletconfig/rollback.go b/pkg/kubelet/kubeletconfig/rollback.go index 2769fa9c493..13e5acea3dc 100644 --- a/pkg/kubelet/kubeletconfig/rollback.go +++ b/pkg/kubelet/kubeletconfig/rollback.go @@ -20,14 +20,14 @@ import ( "fmt" apiv1 "k8s.io/api/core/v1" - "k8s.io/kubernetes/pkg/apis/componentconfig" - "k8s.io/kubernetes/pkg/apis/componentconfig/validation" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/validation" "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/status" utillog "k8s.io/kubernetes/pkg/kubelet/kubeletconfig/util/log" ) // badRollback makes an entry in the bad-config-tracking file for `uid` with `reason`, and returns the result of rolling back to the last-known-good config -func (cc *Controller) badRollback(uid, reason, detail string) (*componentconfig.KubeletConfiguration, error) { +func (cc *Controller) badRollback(uid, reason, detail string) (*kubeletconfig.KubeletConfiguration, error) { utillog.Errorf(fmt.Sprintf("%s, %s", reason, detail)) if err := cc.badConfigTracker.MarkBad(uid, reason); err != nil { return nil, err @@ -37,7 +37,7 @@ func (cc *Controller) badRollback(uid, reason, detail string) (*componentconfig. // lkgRollback returns a valid last-known-good configuration, and updates the `cc.configOK` condition // regarding the `reason` for the rollback, or returns an error if a valid last-known-good could not be produced -func (cc *Controller) lkgRollback(reason string) (*componentconfig.KubeletConfiguration, error) { +func (cc *Controller) lkgRollback(reason string) (*kubeletconfig.KubeletConfiguration, error) { utillog.Infof("rolling back to last-known-good config") lkgUID := "" diff --git a/pkg/kubelet/kubeletconfig/startups/BUILD b/pkg/kubelet/kubeletconfig/startups/BUILD index 4dfd37e775e..0326cad6f91 100644 --- a/pkg/kubelet/kubeletconfig/startups/BUILD +++ b/pkg/kubelet/kubeletconfig/startups/BUILD @@ -13,7 +13,7 @@ go_library( "startups.go", ], deps = [ - "//pkg/apis/componentconfig/validation:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/validation:go_default_library", "//pkg/kubelet/kubeletconfig/util/files:go_default_library", "//pkg/kubelet/kubeletconfig/util/filesystem:go_default_library", "//pkg/kubelet/kubeletconfig/util/log:go_default_library", diff --git a/pkg/kubelet/kubeletconfig/startups/startups.go b/pkg/kubelet/kubeletconfig/startups/startups.go index 10a69a1b700..6b384485d62 100644 --- a/pkg/kubelet/kubeletconfig/startups/startups.go +++ b/pkg/kubelet/kubeletconfig/startups/startups.go @@ -20,7 +20,7 @@ import ( "fmt" "time" - "k8s.io/kubernetes/pkg/apis/componentconfig/validation" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/validation" ) const ( diff --git a/pkg/kubelet/kubeletconfig/util/codec/BUILD b/pkg/kubelet/kubeletconfig/util/codec/BUILD index cf7f42f435f..9a55c12caf4 100644 --- a/pkg/kubelet/kubeletconfig/util/codec/BUILD +++ b/pkg/kubelet/kubeletconfig/util/codec/BUILD @@ -11,9 +11,9 @@ go_library( deps = [ "//pkg/api:go_default_library", "//pkg/api/install:go_default_library", - "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/install:go_default_library", - "//pkg/apis/componentconfig/v1alpha1:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/install:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", ], ) diff --git a/pkg/kubelet/kubeletconfig/util/codec/codec.go b/pkg/kubelet/kubeletconfig/util/codec/codec.go index 3046af89c02..14432dae6e3 100644 --- a/pkg/kubelet/kubeletconfig/util/codec/codec.go +++ b/pkg/kubelet/kubeletconfig/util/codec/codec.go @@ -19,14 +19,15 @@ package codec import ( "fmt" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/api" // ensure the core apis are installed _ "k8s.io/kubernetes/pkg/api/install" - "k8s.io/kubernetes/pkg/apis/componentconfig" - // ensure the componentconfig api group is installed - _ "k8s.io/kubernetes/pkg/apis/componentconfig/install" - ccv1a1 "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" + // ensure the kubeletconfig apis are installed + _ "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/install" + + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + kubeletconfigv1alpha1 "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" ) // TODO(mtaufen): allow an encoder to be injected into checkpoint objects at creation time? (then we could ultimately instantiate only one encoder) @@ -50,15 +51,14 @@ func NewJSONEncoder(groupName string) (runtime.Encoder, error) { } // DecodeKubeletConfiguration decodes an encoded (v1alpha1) KubeletConfiguration object to the internal type -func DecodeKubeletConfiguration(data []byte) (*componentconfig.KubeletConfiguration, error) { - // TODO(mtaufen): when KubeletConfiguration moves out of componentconfig, will the UniversalDecoder still work? +func DecodeKubeletConfiguration(data []byte) (*kubeletconfig.KubeletConfiguration, error) { // decode the object, note we use the external version scheme to decode, because users provide the external version - obj, err := runtime.Decode(api.Codecs.UniversalDecoder(ccv1a1.SchemeGroupVersion), data) + obj, err := runtime.Decode(api.Codecs.UniversalDecoder(kubeletconfigv1alpha1.SchemeGroupVersion), data) if err != nil { return nil, fmt.Errorf("failed to decode, error: %v", err) } - externalKC, ok := obj.(*ccv1a1.KubeletConfiguration) + externalKC, ok := obj.(*kubeletconfigv1alpha1.KubeletConfiguration) if !ok { return nil, fmt.Errorf("failed to cast object to KubeletConfiguration, object: %#v", obj) } @@ -68,7 +68,7 @@ func DecodeKubeletConfiguration(data []byte) (*componentconfig.KubeletConfigurat api.Scheme.Default(externalKC) // convert to internal type - internalKC := &componentconfig.KubeletConfiguration{} + internalKC := &kubeletconfig.KubeletConfiguration{} err = api.Scheme.Convert(externalKC, internalKC, nil) if err != nil { return nil, err diff --git a/pkg/kubelet/network/BUILD b/pkg/kubelet/network/BUILD index 913b48514b4..31e267a2e63 100644 --- a/pkg/kubelet/network/BUILD +++ b/pkg/kubelet/network/BUILD @@ -12,7 +12,7 @@ go_library( "plugins.go", ], deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/network/hostport:go_default_library", "//pkg/util/sysctl:go_default_library", diff --git a/pkg/kubelet/network/cni/BUILD b/pkg/kubelet/network/cni/BUILD index 3d90ab5744e..7a97a8d4336 100644 --- a/pkg/kubelet/network/cni/BUILD +++ b/pkg/kubelet/network/cni/BUILD @@ -10,7 +10,7 @@ go_library( name = "go_default_library", srcs = ["cni.go"], deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/network:go_default_library", "//vendor/github.com/containernetworking/cni/libcni:go_default_library", @@ -31,7 +31,7 @@ go_test( library = ":go_default_library", deps = select({ "@io_bazel_rules_go//go/platform:linux_amd64": [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/container/testing:go_default_library", "//pkg/kubelet/network:go_default_library", diff --git a/pkg/kubelet/network/cni/cni.go b/pkg/kubelet/network/cni/cni.go index 33301f98292..d2b1ed873c7 100644 --- a/pkg/kubelet/network/cni/cni.go +++ b/pkg/kubelet/network/cni/cni.go @@ -26,7 +26,7 @@ import ( "github.com/containernetworking/cni/libcni" cnitypes "github.com/containernetworking/cni/pkg/types" "github.com/golang/glog" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/network" utilexec "k8s.io/utils/exec" @@ -171,7 +171,7 @@ func getLoNetwork(binDir, vendorDirPrefix string) *cniNetwork { return loNetwork } -func (plugin *cniNetworkPlugin) Init(host network.Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { +func (plugin *cniNetworkPlugin) Init(host network.Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { var err error plugin.nsenterPath, err = plugin.execer.LookPath("nsenter") if err != nil { diff --git a/pkg/kubelet/network/cni/cni_test.go b/pkg/kubelet/network/cni/cni_test.go index 8e39009d73f..b34488ed4d3 100644 --- a/pkg/kubelet/network/cni/cni_test.go +++ b/pkg/kubelet/network/cni/cni_test.go @@ -36,7 +36,7 @@ import ( "k8s.io/api/core/v1" clientset "k8s.io/client-go/kubernetes" utiltesting "k8s.io/client-go/util/testing" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" containertest "k8s.io/kubernetes/pkg/kubelet/container/testing" "k8s.io/kubernetes/pkg/kubelet/network" @@ -228,7 +228,7 @@ func TestCNIPlugin(t *testing.T) { } fakeHost := NewFakeHost(nil, pods, ports) - plug, err := network.InitNetworkPlugin(plugins, "cni", fakeHost, componentconfig.HairpinNone, "10.0.0.0/8", network.UseDefaultMTU) + plug, err := network.InitNetworkPlugin(plugins, "cni", fakeHost, kubeletconfig.HairpinNone, "10.0.0.0/8", network.UseDefaultMTU) if err != nil { t.Fatalf("Failed to select the desired plugin: %v", err) } diff --git a/pkg/kubelet/network/kubenet/BUILD b/pkg/kubelet/network/kubenet/BUILD index dc5b90fad6d..9ca069c654f 100644 --- a/pkg/kubelet/network/kubenet/BUILD +++ b/pkg/kubelet/network/kubenet/BUILD @@ -18,7 +18,7 @@ go_library( "//conditions:default": [], }), deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/network:go_default_library", ] + select({ @@ -56,7 +56,7 @@ go_test( library = ":go_default_library", deps = select({ "@io_bazel_rules_go//go/platform:linux_amd64": [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/network:go_default_library", "//pkg/kubelet/network/cni/testing:go_default_library", diff --git a/pkg/kubelet/network/kubenet/kubenet_linux.go b/pkg/kubelet/network/kubenet/kubenet_linux.go index 6d4cac328cf..8f0a9f19e80 100644 --- a/pkg/kubelet/network/kubenet/kubenet_linux.go +++ b/pkg/kubelet/network/kubenet/kubenet_linux.go @@ -38,7 +38,7 @@ import ( utilerrors "k8s.io/apimachinery/pkg/util/errors" utilnet "k8s.io/apimachinery/pkg/util/net" utilsets "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/network" "k8s.io/kubernetes/pkg/kubelet/network/hostport" @@ -89,7 +89,7 @@ type kubenetNetworkPlugin struct { mtu int execer utilexec.Interface nsenterPath string - hairpinMode componentconfig.HairpinMode + hairpinMode kubeletconfig.HairpinMode // kubenet can use either hostportSyncer and hostportManager to implement hostports // Currently, if network host supports legacy features, hostportSyncer will be used, // otherwise, hostportManager will be used. @@ -124,7 +124,7 @@ func NewPlugin(networkPluginDir string) network.NetworkPlugin { } } -func (plugin *kubenetNetworkPlugin) Init(host network.Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { +func (plugin *kubenetNetworkPlugin) Init(host network.Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { plugin.host = host plugin.hairpinMode = hairpinMode plugin.nonMasqueradeCIDR = nonMasqueradeCIDR @@ -257,7 +257,7 @@ func (plugin *kubenetNetworkPlugin) Event(name string, details map[string]interf glog.V(5).Infof("PodCIDR is set to %q", podCIDR) _, cidr, err := net.ParseCIDR(podCIDR) if err == nil { - setHairpin := plugin.hairpinMode == componentconfig.HairpinVeth + setHairpin := plugin.hairpinMode == kubeletconfig.HairpinVeth // Set bridge address to first address in IPNet cidr.IP[len(cidr.IP)-1] += 1 @@ -353,7 +353,7 @@ func (plugin *kubenetNetworkPlugin) setup(namespace string, name string, id kube // Put the container bridge into promiscuous mode to force it to accept hairpin packets. // TODO: Remove this once the kernel bug (#20096) is fixed. // TODO: check and set promiscuous mode with netlink once vishvananda/netlink supports it - if plugin.hairpinMode == componentconfig.PromiscuousBridge { + if plugin.hairpinMode == kubeletconfig.PromiscuousBridge { output, err := plugin.execer.Command("ip", "link", "show", "dev", BridgeName).CombinedOutput() if err != nil || strings.Index(string(output), "PROMISC") < 0 { _, err := plugin.execer.Command("ip", "link", "set", BridgeName, "promisc", "on").CombinedOutput() diff --git a/pkg/kubelet/network/kubenet/kubenet_linux_test.go b/pkg/kubelet/network/kubenet/kubenet_linux_test.go index beff2e8138e..60037286643 100644 --- a/pkg/kubelet/network/kubenet/kubenet_linux_test.go +++ b/pkg/kubelet/network/kubenet/kubenet_linux_test.go @@ -25,7 +25,7 @@ import ( "testing" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/network" "k8s.io/kubernetes/pkg/kubelet/network/cni/testing" @@ -193,7 +193,7 @@ func TestInit_MTU(t *testing.T) { sysctl.Settings["net/bridge/bridge-nf-call-iptables"] = 0 kubenet.sysctl = sysctl - if err := kubenet.Init(nettest.NewFakeHost(nil), componentconfig.HairpinNone, "10.0.0.0/8", 1234); err != nil { + if err := kubenet.Init(nettest.NewFakeHost(nil), kubeletconfig.HairpinNone, "10.0.0.0/8", 1234); err != nil { t.Fatalf("Unexpected error in Init: %v", err) } assert.Equal(t, 1234, kubenet.mtu, "kubenet.mtu should have been set") diff --git a/pkg/kubelet/network/kubenet/kubenet_unsupported.go b/pkg/kubelet/network/kubenet/kubenet_unsupported.go index ea73b00bf13..1cbc7ab7251 100644 --- a/pkg/kubelet/network/kubenet/kubenet_unsupported.go +++ b/pkg/kubelet/network/kubenet/kubenet_unsupported.go @@ -21,7 +21,7 @@ package kubenet import ( "fmt" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/network" ) @@ -34,7 +34,7 @@ func NewPlugin(networkPluginDir string) network.NetworkPlugin { return &kubenetNetworkPlugin{} } -func (plugin *kubenetNetworkPlugin) Init(host network.Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { +func (plugin *kubenetNetworkPlugin) Init(host network.Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { return fmt.Errorf("Kubenet is not supported in this build") } diff --git a/pkg/kubelet/network/plugins.go b/pkg/kubelet/network/plugins.go index ac35756d16e..7fac1f137a1 100644 --- a/pkg/kubelet/network/plugins.go +++ b/pkg/kubelet/network/plugins.go @@ -29,7 +29,7 @@ import ( utilsets "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation" clientset "k8s.io/client-go/kubernetes" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/network/hostport" utilsysctl "k8s.io/kubernetes/pkg/util/sysctl" @@ -47,7 +47,7 @@ const NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR = "pod-cidr" type NetworkPlugin interface { // Init initializes the plugin. This will be called exactly once // before any other methods are called. - Init(host Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error + Init(host Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error // Called on various events like: // NET_PLUGIN_EVENT_POD_CIDR_CHANGE @@ -151,7 +151,7 @@ type PortMappingGetter interface { } // InitNetworkPlugin inits the plugin that matches networkPluginName. Plugins must have unique names. -func InitNetworkPlugin(plugins []NetworkPlugin, networkPluginName string, host Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) (NetworkPlugin, error) { +func InitNetworkPlugin(plugins []NetworkPlugin, networkPluginName string, host Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) (NetworkPlugin, error) { if networkPluginName == "" { // default to the no_op plugin plug := &NoopNetworkPlugin{} @@ -202,7 +202,7 @@ type NoopNetworkPlugin struct { const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables" -func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { +func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { // Set bridge-nf-call-iptables=1 to maintain compatibility with older // kubernetes versions to ensure the iptables-based kube proxy functions // correctly. Other plugins are responsible for setting this correctly diff --git a/pkg/kubelet/network/testing/BUILD b/pkg/kubelet/network/testing/BUILD index cdc4bd5e4bf..9874fcf7197 100644 --- a/pkg/kubelet/network/testing/BUILD +++ b/pkg/kubelet/network/testing/BUILD @@ -13,7 +13,7 @@ go_library( "mock_network_plugin.go", ], deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/container/testing:go_default_library", "//pkg/kubelet/network:go_default_library", @@ -30,7 +30,7 @@ go_test( srcs = ["plugins_test.go"], library = ":go_default_library", deps = [ - "//pkg/apis/componentconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/network:go_default_library", "//vendor/github.com/golang/mock/gomock:go_default_library", diff --git a/pkg/kubelet/network/testing/mock_network_plugin.go b/pkg/kubelet/network/testing/mock_network_plugin.go index 9015c360a39..a13712f2061 100644 --- a/pkg/kubelet/network/testing/mock_network_plugin.go +++ b/pkg/kubelet/network/testing/mock_network_plugin.go @@ -23,7 +23,7 @@ package testing import ( gomock "github.com/golang/mock/gomock" sets "k8s.io/apimachinery/pkg/util/sets" - componentconfig "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" container "k8s.io/kubernetes/pkg/kubelet/container" network "k8s.io/kubernetes/pkg/kubelet/network" ) @@ -82,7 +82,7 @@ func (_mr *_MockNetworkPluginRecorder) GetPodNetworkStatus(arg0, arg1, arg2 inte return _mr.mock.ctrl.RecordCall(_mr.mock, "GetPodNetworkStatus", arg0, arg1, arg2) } -func (_m *MockNetworkPlugin) Init(_param0 network.Host, _param1 componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { +func (_m *MockNetworkPlugin) Init(_param0 network.Host, _param1 kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { ret := _m.ctrl.Call(_m, "Init", _param0, _param1) ret0, _ := ret[0].(error) return ret0 diff --git a/pkg/kubelet/network/testing/plugins_test.go b/pkg/kubelet/network/testing/plugins_test.go index fd12c0ef42d..07ba256a250 100644 --- a/pkg/kubelet/network/testing/plugins_test.go +++ b/pkg/kubelet/network/testing/plugins_test.go @@ -23,7 +23,7 @@ import ( "testing" utilsets "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/network" @@ -32,7 +32,7 @@ import ( func TestSelectDefaultPlugin(t *testing.T) { all_plugins := []network.NetworkPlugin{} - plug, err := network.InitNetworkPlugin(all_plugins, "", NewFakeHost(nil), componentconfig.HairpinNone, "10.0.0.0/8", network.UseDefaultMTU) + plug, err := network.InitNetworkPlugin(all_plugins, "", NewFakeHost(nil), kubeletconfig.HairpinNone, "10.0.0.0/8", network.UseDefaultMTU) if err != nil { t.Fatalf("Unexpected error in selecting default plugin: %v", err) } @@ -113,7 +113,7 @@ func newHookableFakeNetworkPlugin(setupHook hookableFakeNetworkPluginSetupHook) } } -func (p *hookableFakeNetworkPlugin) Init(host network.Host, hairpinMode componentconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { +func (p *hookableFakeNetworkPlugin) Init(host network.Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error { return nil } diff --git a/pkg/kubelet/runonce_test.go b/pkg/kubelet/runonce_test.go index 790fc82e234..7449c271cc3 100644 --- a/pkg/kubelet/runonce_test.go +++ b/pkg/kubelet/runonce_test.go @@ -30,7 +30,7 @@ import ( "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/tools/record" utiltesting "k8s.io/client-go/util/testing" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" cadvisortest "k8s.io/kubernetes/pkg/kubelet/cadvisor/testing" "k8s.io/kubernetes/pkg/kubelet/cm" "k8s.io/kubernetes/pkg/kubelet/configmap" @@ -110,7 +110,7 @@ func TestRunOnce(t *testing.T) { false, /* experimentalCheckNodeCapabilitiesBeforeMount */ false /* keepTerminatedPodVolumes */) - kb.networkPlugin, _ = network.InitNetworkPlugin([]network.NetworkPlugin{}, "", nettest.NewFakeHost(nil), componentconfig.HairpinNone, "", network.UseDefaultMTU) + kb.networkPlugin, _ = network.InitNetworkPlugin([]network.NetworkPlugin{}, "", nettest.NewFakeHost(nil), kubeletconfig.HairpinNone, "", network.UseDefaultMTU) // TODO: Factor out "StatsProvider" from Kubelet so we don't have a cyclic dependency volumeStatsAggPeriod := time.Second * 10 kb.resourceAnalyzer = stats.NewResourceAnalyzer(kb, volumeStatsAggPeriod, kb.containerRuntime) diff --git a/pkg/kubemark/BUILD b/pkg/kubemark/BUILD index 0a1050321af..457927addfe 100644 --- a/pkg/kubemark/BUILD +++ b/pkg/kubemark/BUILD @@ -17,11 +17,11 @@ go_library( "//cmd/kubelet/app:go_default_library", "//cmd/kubelet/app/options:go_default_library", "//pkg/api:go_default_library", - "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/v1alpha1:go_default_library", "//pkg/client/clientset_generated/internalclientset:go_default_library", "//pkg/controller:go_default_library", "//pkg/kubelet:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", "//pkg/kubelet/cadvisor:go_default_library", "//pkg/kubelet/cm:go_default_library", "//pkg/kubelet/container/testing:go_default_library", diff --git a/pkg/kubemark/hollow_kubelet.go b/pkg/kubemark/hollow_kubelet.go index 1ad3809b5a5..b5fa78188c2 100644 --- a/pkg/kubemark/hollow_kubelet.go +++ b/pkg/kubemark/hollow_kubelet.go @@ -23,9 +23,9 @@ import ( kubeletapp "k8s.io/kubernetes/cmd/kubelet/app" "k8s.io/kubernetes/cmd/kubelet/app/options" "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/componentconfig" - "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" "k8s.io/kubernetes/pkg/kubelet" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" "k8s.io/kubernetes/pkg/kubelet/cadvisor" "k8s.io/kubernetes/pkg/kubelet/cm" containertest "k8s.io/kubernetes/pkg/kubelet/container/testing" @@ -43,7 +43,7 @@ import ( type HollowKubelet struct { KubeletFlags *options.KubeletFlags - KubeletConfiguration *componentconfig.KubeletConfiguration + KubeletConfiguration *kubeletconfig.KubeletConfiguration KubeletDeps *kubelet.Dependencies } @@ -102,7 +102,7 @@ func GetHollowKubeletConfig( kubeletPort int, kubeletReadOnlyPort int, maxPods int, - podsPerCore int) (*options.KubeletFlags, *componentconfig.KubeletConfiguration) { + podsPerCore int) (*options.KubeletFlags, *kubeletconfig.KubeletConfiguration) { testRootDir := utils.MakeTempDirOrDie("hollow-kubelet.", "") manifestFilePath := utils.MakeTempDirOrDie("manifest", testRootDir) @@ -121,7 +121,7 @@ func GetHollowKubeletConfig( // are set for fields not overridden in NewHollowKubelet. tmp := &v1alpha1.KubeletConfiguration{} api.Scheme.Default(tmp) - c := &componentconfig.KubeletConfiguration{} + c := &kubeletconfig.KubeletConfiguration{} api.Scheme.Convert(tmp, c, nil) c.ManifestURL = "" @@ -153,7 +153,7 @@ func GetHollowKubeletConfig( // hairpin-veth is used to allow hairpin packets. Note that this deviates from // what the "real" kubelet currently does, because there's no way to // set promiscuous mode on docker0. - c.HairpinMode = componentconfig.HairpinVeth + c.HairpinMode = kubeletconfig.HairpinVeth c.MaxContainerCount = 100 c.MaxOpenFiles = 1024 c.MaxPerPodContainerCount = 2 diff --git a/test/e2e/framework/BUILD b/test/e2e/framework/BUILD index 86c4f8c127f..2469f92a054 100644 --- a/test/e2e/framework/BUILD +++ b/test/e2e/framework/BUILD @@ -46,7 +46,6 @@ go_library( "//pkg/api/v1/node:go_default_library", "//pkg/api/v1/pod:go_default_library", "//pkg/apis/batch:go_default_library", - "//pkg/apis/componentconfig:go_default_library", "//pkg/apis/extensions:go_default_library", "//pkg/client/clientset_generated/internalclientset:go_default_library", "//pkg/client/conditions:go_default_library", @@ -58,6 +57,7 @@ go_library( "//pkg/controller/deployment/util:go_default_library", "//pkg/controller/node:go_default_library", "//pkg/kubectl:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/apis/stats/v1alpha1:go_default_library", "//pkg/kubelet/events:go_default_library", "//pkg/kubelet/metrics:go_default_library", diff --git a/test/e2e/framework/test_context.go b/test/e2e/framework/test_context.go index 7d784055e7b..9476873a927 100644 --- a/test/e2e/framework/test_context.go +++ b/test/e2e/framework/test_context.go @@ -25,8 +25,8 @@ import ( "github.com/onsi/ginkgo/config" "github.com/spf13/viper" "k8s.io/client-go/tools/clientcmd" - "k8s.io/kubernetes/pkg/apis/componentconfig" "k8s.io/kubernetes/pkg/cloudprovider" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/pkg/kubemark" ) @@ -136,7 +136,7 @@ type NodeTestContextType struct { // PrepullImages indicates whether node e2e framework should prepull images. PrepullImages bool // KubeletConfig is the kubelet configuration the test is running against. - KubeletConfig componentconfig.KubeletConfiguration + KubeletConfig kubeletconfig.KubeletConfiguration // ImageDescription is the description of the image on which the test is running. ImageDescription string // SystemSpecName is the name of the system spec (e.g., gke) that's used in diff --git a/test/e2e_node/BUILD b/test/e2e_node/BUILD index 9039dc125e9..9f0d0022aeb 100644 --- a/test/e2e_node/BUILD +++ b/test/e2e_node/BUILD @@ -27,10 +27,10 @@ go_library( deps = [ "//pkg/api:go_default_library", "//pkg/api/v1/pod:go_default_library", - "//pkg/apis/componentconfig:go_default_library", - "//pkg/apis/componentconfig/v1alpha1:go_default_library", "//pkg/kubelet/apis/cri:go_default_library", "//pkg/kubelet/apis/cri/v1alpha1/runtime:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", + "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", "//pkg/kubelet/apis/stats/v1alpha1:go_default_library", "//pkg/kubelet/metrics:go_default_library", "//pkg/kubelet/remote:go_default_library", @@ -113,8 +113,8 @@ go_test( deps = [ "//pkg/api:go_default_library", "//pkg/api/v1/node:go_default_library", - "//pkg/apis/componentconfig:go_default_library", "//pkg/kubelet:go_default_library", + "//pkg/kubelet/apis/kubeletconfig:go_default_library", "//pkg/kubelet/apis/stats/v1alpha1:go_default_library", "//pkg/kubelet/cm:go_default_library", "//pkg/kubelet/container:go_default_library", diff --git a/test/e2e_node/allocatable_eviction_test.go b/test/e2e_node/allocatable_eviction_test.go index ea857be2249..99bbb0adcc7 100644 --- a/test/e2e_node/allocatable_eviction_test.go +++ b/test/e2e_node/allocatable_eviction_test.go @@ -23,7 +23,7 @@ import ( "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" nodeutil "k8s.io/kubernetes/pkg/api/v1/node" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/pkg/kubelet/cm" "k8s.io/kubernetes/test/e2e/framework" @@ -51,13 +51,13 @@ var _ = framework.KubeDescribe("MemoryAllocatableEviction [Slow] [Serial] [Disru testCondition := "Memory Pressure" Context(fmt.Sprintf("when we run containers that should cause %s", testCondition), func() { - tempSetCurrentKubeletConfig(f, func(initialConfig *componentconfig.KubeletConfiguration) { + tempSetCurrentKubeletConfig(f, func(initialConfig *kubeletconfig.KubeletConfiguration) { // Set large system and kube reserved values to trigger allocatable thresholds far before hard eviction thresholds. kubeReserved := getNodeCPUAndMemoryCapacity(f)[v1.ResourceMemory] // The default hard eviction threshold is 250Mb, so Allocatable = Capacity - Reserved - 250Mb // We want Allocatable = 50Mb, so set Reserved = Capacity - Allocatable - 250Mb = Capacity - 300Mb kubeReserved.Sub(resource.MustParse("300Mi")) - initialConfig.KubeReserved = componentconfig.ConfigurationMap(map[string]string{"memory": kubeReserved.String()}) + initialConfig.KubeReserved = kubeletconfig.ConfigurationMap(map[string]string{"memory": kubeReserved.String()}) initialConfig.EnforceNodeAllocatable = []string{cm.NodeAllocatableEnforcementKey} initialConfig.ExperimentalNodeAllocatableIgnoreEvictionThreshold = false initialConfig.CgroupsPerQOS = true diff --git a/test/e2e_node/critical_pod_test.go b/test/e2e_node/critical_pod_test.go index c208362ca1f..5a0edfc9dea 100644 --- a/test/e2e_node/critical_pod_test.go +++ b/test/e2e_node/critical_pod_test.go @@ -23,7 +23,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kubeapi "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubelettypes "k8s.io/kubernetes/pkg/kubelet/types" "k8s.io/kubernetes/test/e2e/framework" @@ -42,7 +42,7 @@ var _ = framework.KubeDescribe("CriticalPod [Serial] [Disruptive]", func() { f := framework.NewDefaultFramework("critical-pod-test") Context("when we need to admit a critical pod", func() { - tempSetCurrentKubeletConfig(f, func(initialConfig *componentconfig.KubeletConfiguration) { + tempSetCurrentKubeletConfig(f, func(initialConfig *kubeletconfig.KubeletConfiguration) { initialConfig.FeatureGates += ", ExperimentalCriticalPodAnnotation=true" }) diff --git a/test/e2e_node/gpus.go b/test/e2e_node/gpus.go index 40b2d545b0d..62da15388ac 100644 --- a/test/e2e_node/gpus.go +++ b/test/e2e_node/gpus.go @@ -25,7 +25,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/scheme" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/test/e2e/framework" . "github.com/onsi/ginkgo" @@ -85,7 +85,7 @@ var _ = framework.KubeDescribe("GPU [Serial]", func() { } By("enabling support for GPUs") - var oldCfg *componentconfig.KubeletConfiguration + var oldCfg *kubeletconfig.KubeletConfiguration defer func() { if oldCfg != nil { framework.ExpectNoError(setKubeletConfiguration(f, oldCfg)) @@ -96,7 +96,7 @@ var _ = framework.KubeDescribe("GPU [Serial]", func() { framework.ExpectNoError(err) clone, err := scheme.Scheme.DeepCopy(oldCfg) framework.ExpectNoError(err) - newCfg := clone.(*componentconfig.KubeletConfiguration) + newCfg := clone.(*kubeletconfig.KubeletConfiguration) if newCfg.FeatureGates != "" { newCfg.FeatureGates = fmt.Sprintf("%s,%s", acceleratorsFeatureGate, newCfg.FeatureGates) } else { diff --git a/test/e2e_node/inode_eviction_test.go b/test/e2e_node/inode_eviction_test.go index 6eaac44af9a..76135f2538f 100644 --- a/test/e2e_node/inode_eviction_test.go +++ b/test/e2e_node/inode_eviction_test.go @@ -24,7 +24,7 @@ import ( "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" nodeutil "k8s.io/kubernetes/pkg/api/v1/node" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" kubeletmetrics "k8s.io/kubernetes/pkg/kubelet/metrics" "k8s.io/kubernetes/test/e2e/framework" @@ -95,7 +95,7 @@ var _ = framework.KubeDescribe("InodeEviction [Slow] [Serial] [Disruptive] [Flak testCondition := "Disk Pressure due to Inodes" Context(fmt.Sprintf("when we run containers that should cause %s", testCondition), func() { - tempSetCurrentKubeletConfig(f, func(initialConfig *componentconfig.KubeletConfiguration) { + tempSetCurrentKubeletConfig(f, func(initialConfig *kubeletconfig.KubeletConfiguration) { initialConfig.EvictionHard = "nodefs.inodesFree<70%" }) // Place the remainder of the test within a context so that the kubelet config is set before and after the test. diff --git a/test/e2e_node/local_storage_allocatable_eviction_test.go b/test/e2e_node/local_storage_allocatable_eviction_test.go index e5360cd20d8..824e1db2a36 100644 --- a/test/e2e_node/local_storage_allocatable_eviction_test.go +++ b/test/e2e_node/local_storage_allocatable_eviction_test.go @@ -23,7 +23,7 @@ import ( "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" nodeutil "k8s.io/kubernetes/pkg/api/v1/node" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/test/e2e/framework" . "github.com/onsi/ginkgo" @@ -92,9 +92,9 @@ var _ = framework.KubeDescribe("LocalStorageAllocatableEviction [Slow] [Serial] }) // Set up --kube-reserved for scratch storage - tempSetCurrentKubeletConfig(f, func(initialConfig *componentconfig.KubeletConfiguration) { + tempSetCurrentKubeletConfig(f, func(initialConfig *kubeletconfig.KubeletConfiguration) { framework.Logf("Set up --kube-reserved for local storage reserved %dMi", diskReserve) - initialConfig.KubeReserved = componentconfig.ConfigurationMap(map[string]string{"storage": fmt.Sprintf("%dMi", diskReserve)}) + initialConfig.KubeReserved = kubeletconfig.ConfigurationMap(map[string]string{"storage": fmt.Sprintf("%dMi", diskReserve)}) }) diff --git a/test/e2e_node/local_storage_isolation_eviction_test.go b/test/e2e_node/local_storage_isolation_eviction_test.go index a1036ca6754..f0932383a6c 100644 --- a/test/e2e_node/local_storage_isolation_eviction_test.go +++ b/test/e2e_node/local_storage_isolation_eviction_test.go @@ -26,7 +26,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilfeature "k8s.io/apiserver/pkg/util/feature" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/test/e2e/framework" ) @@ -188,7 +188,7 @@ var _ = framework.KubeDescribe("LocalStorageCapacityIsolationEviction [Slow] [Se evictionTestTimeout := 10 * time.Minute testCondition := "EmptyDir/ContainerOverlay usage limit violation" Context(fmt.Sprintf("EmptyDirEviction when we run containers that should cause %s", testCondition), func() { - tempSetCurrentKubeletConfig(f, func(initialConfig *componentconfig.KubeletConfiguration) { + tempSetCurrentKubeletConfig(f, func(initialConfig *kubeletconfig.KubeletConfiguration) { initialConfig.FeatureGates += ", LocalStorageCapacityIsolation=true" }) err := utilfeature.DefaultFeatureGate.Set("LocalStorageCapacityIsolation=true") diff --git a/test/e2e_node/memory_eviction_test.go b/test/e2e_node/memory_eviction_test.go index ff6309871c2..0dae58b5792 100644 --- a/test/e2e_node/memory_eviction_test.go +++ b/test/e2e_node/memory_eviction_test.go @@ -26,7 +26,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" nodeutil "k8s.io/kubernetes/pkg/api/v1/node" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/test/e2e/framework" . "github.com/onsi/ginkgo" @@ -54,7 +54,7 @@ var _ = framework.KubeDescribe("MemoryEviction [Slow] [Serial] [Disruptive]", fu logPodEvents(f) }) Context("", func() { - tempSetCurrentKubeletConfig(f, func(c *componentconfig.KubeletConfiguration) { + tempSetCurrentKubeletConfig(f, func(c *kubeletconfig.KubeletConfiguration) { c.EvictionHard = evictionHard }) diff --git a/test/e2e_node/node_container_manager_test.go b/test/e2e_node/node_container_manager_test.go index 17d80c853f0..1232cdaa790 100644 --- a/test/e2e_node/node_container_manager_test.go +++ b/test/e2e_node/node_container_manager_test.go @@ -30,20 +30,20 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/scheme" - "k8s.io/kubernetes/pkg/apis/componentconfig" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" "k8s.io/kubernetes/pkg/kubelet/cm" "k8s.io/kubernetes/test/e2e/framework" . "github.com/onsi/ginkgo" ) -func setDesiredConfiguration(initialConfig *componentconfig.KubeletConfiguration) { +func setDesiredConfiguration(initialConfig *kubeletconfig.KubeletConfiguration) { initialConfig.EnforceNodeAllocatable = []string{"pods", "kube-reserved", "system-reserved"} - initialConfig.SystemReserved = componentconfig.ConfigurationMap{ + initialConfig.SystemReserved = kubeletconfig.ConfigurationMap{ "cpu": "100m", "memory": "100Mi", } - initialConfig.KubeReserved = componentconfig.ConfigurationMap{ + initialConfig.KubeReserved = kubeletconfig.ConfigurationMap{ "cpu": "100m", "memory": "100Mi", } @@ -138,7 +138,7 @@ func destroyTemporaryCgroupsForReservation(cgroupManager cm.CgroupManager) error } func runTest(f *framework.Framework) error { - var oldCfg *componentconfig.KubeletConfiguration + var oldCfg *kubeletconfig.KubeletConfiguration subsystems, err := cm.GetCgroupSubsystems() if err != nil { return err @@ -165,7 +165,7 @@ func runTest(f *framework.Framework) error { if err != nil { return err } - newCfg := clone.(*componentconfig.KubeletConfiguration) + newCfg := clone.(*kubeletconfig.KubeletConfiguration) // Change existing kubelet configuration setDesiredConfiguration(newCfg) // Set the new kubelet configuration. diff --git a/test/e2e_node/util.go b/test/e2e_node/util.go index ea5a5b8b887..0d4f7c21b79 100644 --- a/test/e2e_node/util.go +++ b/test/e2e_node/util.go @@ -35,8 +35,8 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/kubernetes/scheme" "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/componentconfig" - v1alpha1 "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" + "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig" + kubeletconfigv1alpha1 "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" stats "k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1" kubeletmetrics "k8s.io/kubernetes/pkg/kubelet/metrics" "k8s.io/kubernetes/test/e2e/framework" @@ -81,7 +81,7 @@ func getNodeSummary() (*stats.Summary, error) { } // Returns the current KubeletConfiguration -func getCurrentKubeletConfig() (*componentconfig.KubeletConfiguration, error) { +func getCurrentKubeletConfig() (*kubeletconfig.KubeletConfiguration, error) { resp := pollConfigz(5*time.Minute, 5*time.Second) kubeCfg, err := decodeConfigz(resp) if err != nil { @@ -93,8 +93,8 @@ func getCurrentKubeletConfig() (*componentconfig.KubeletConfiguration, error) { // Must be called within a Context. Allows the function to modify the KubeletConfiguration during the BeforeEach of the context. // The change is reverted in the AfterEach of the context. // Returns true on success. -func tempSetCurrentKubeletConfig(f *framework.Framework, updateFunction func(initialConfig *componentconfig.KubeletConfiguration)) { - var oldCfg *componentconfig.KubeletConfiguration +func tempSetCurrentKubeletConfig(f *framework.Framework, updateFunction func(initialConfig *kubeletconfig.KubeletConfiguration)) { + var oldCfg *kubeletconfig.KubeletConfiguration BeforeEach(func() { configEnabled, err := isKubeletConfigEnabled(f) framework.ExpectNoError(err) @@ -103,7 +103,7 @@ func tempSetCurrentKubeletConfig(f *framework.Framework, updateFunction func(ini framework.ExpectNoError(err) clone, err := scheme.Scheme.DeepCopy(oldCfg) framework.ExpectNoError(err) - newCfg := clone.(*componentconfig.KubeletConfiguration) + newCfg := clone.(*kubeletconfig.KubeletConfiguration) updateFunction(newCfg) framework.ExpectNoError(setKubeletConfiguration(f, newCfg)) } else { @@ -132,7 +132,7 @@ func isKubeletConfigEnabled(f *framework.Framework) (bool, error) { // Creates or updates the configmap for KubeletConfiguration, waits for the Kubelet to restart // with the new configuration. Returns an error if the configuration after waiting for restartGap // doesn't match what you attempted to set, or if the dynamic configuration feature is disabled. -func setKubeletConfiguration(f *framework.Framework, kubeCfg *componentconfig.KubeletConfiguration) error { +func setKubeletConfiguration(f *framework.Framework, kubeCfg *kubeletconfig.KubeletConfiguration) error { const ( restartGap = 40 * time.Second pollInterval = 5 * time.Second @@ -217,16 +217,16 @@ func pollConfigz(timeout time.Duration, pollInterval time.Duration) *http.Respon return resp } -// Decodes the http response from /configz and returns a componentconfig.KubeletConfiguration (internal type). -func decodeConfigz(resp *http.Response) (*componentconfig.KubeletConfiguration, error) { +// Decodes the http response from /configz and returns a kubeletconfig.KubeletConfiguration (internal type). +func decodeConfigz(resp *http.Response) (*kubeletconfig.KubeletConfiguration, error) { // This hack because /configz reports the following structure: - // {"componentconfig": {the JSON representation of v1alpha1.KubeletConfiguration}} + // {"kubeletconfig": {the JSON representation of kubeletconfigv1alpha1.KubeletConfiguration}} type configzWrapper struct { - ComponentConfig v1alpha1.KubeletConfiguration `json:"componentconfig"` + ComponentConfig kubeletconfigv1alpha1.KubeletConfiguration `json:"kubeletconfig"` } configz := configzWrapper{} - kubeCfg := componentconfig.KubeletConfiguration{} + kubeCfg := kubeletconfig.KubeletConfiguration{} contentsBytes, err := ioutil.ReadAll(resp.Body) if err != nil { @@ -247,7 +247,7 @@ func decodeConfigz(resp *http.Response) (*componentconfig.KubeletConfiguration, } // creates a configmap containing kubeCfg in kube-system namespace -func createConfigMap(f *framework.Framework, internalKC *componentconfig.KubeletConfiguration) (*v1.ConfigMap, error) { +func createConfigMap(f *framework.Framework, internalKC *kubeletconfig.KubeletConfiguration) (*v1.ConfigMap, error) { cmap := makeKubeletConfigMap(internalKC) cmap, err := f.ClientSet.Core().ConfigMaps("kube-system").Create(cmap) if err != nil { @@ -257,11 +257,11 @@ func createConfigMap(f *framework.Framework, internalKC *componentconfig.Kubelet } // constructs a ConfigMap, populating one of its keys with the KubeletConfiguration. Uses GenerateName. -func makeKubeletConfigMap(internalKC *componentconfig.KubeletConfiguration) *v1.ConfigMap { - externalKC := &v1alpha1.KubeletConfiguration{} +func makeKubeletConfigMap(internalKC *kubeletconfig.KubeletConfiguration) *v1.ConfigMap { + externalKC := &kubeletconfigv1alpha1.KubeletConfiguration{} api.Scheme.Convert(internalKC, externalKC, nil) - encoder, err := newJSONEncoder(componentconfig.GroupName) + encoder, err := newJSONEncoder(kubeletconfig.GroupName) framework.ExpectNoError(err) data, err := runtime.Encode(encoder, externalKC) diff --git a/test/integration/etcd/etcd_storage_path_test.go b/test/integration/etcd/etcd_storage_path_test.go index 2ce3d0758ea..62a63a832d4 100644 --- a/test/integration/etcd/etcd_storage_path_test.go +++ b/test/integration/etcd/etcd_storage_path_test.go @@ -412,11 +412,14 @@ var ephemeralWhiteList = createEphemeralWhiteList( // -- // k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1 - gvr("componentconfig", "v1alpha1", "kubeletconfigurations"), // not stored in etcd gvr("componentconfig", "v1alpha1", "kubeschedulerconfigurations"), // not stored in etcd gvr("componentconfig", "v1alpha1", "kubeproxyconfigurations"), // not stored in etcd // -- + // k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1 + gvr("kubeletconfig", "v1alpha1", "kubeletconfigurations"), // not stored in etcd + // -- + // k8s.io/kubernetes/pkg/apis/extensions/v1beta1 gvr("extensions", "v1beta1", "deploymentrollbacks"), // used to rollback deployment, not stored in etcd gvr("extensions", "v1beta1", "replicationcontrollerdummies"), // not stored in etcd