diff --git a/cmd/kubelet/app/BUILD b/cmd/kubelet/app/BUILD index a837a646d64..5e9cf6fc816 100644 --- a/cmd/kubelet/app/BUILD +++ b/cmd/kubelet/app/BUILD @@ -113,6 +113,7 @@ go_library( "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 69f0e35d0a9..420c585fdaf 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -30,6 +30,7 @@ import ( "path" "path/filepath" "strconv" + "strings" "time" "github.com/coreos/go-systemd/daemon" @@ -40,6 +41,7 @@ import ( v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/sets" @@ -757,6 +759,11 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName) return nil, nil, err } + // use the correct content type for cert rotation, but don't set QPS + setContentTypeForClient(certConfig, s.ContentType) + + kubeClientConfigOverrides(s, clientConfig) + clientCertificateManager, err := buildClientCertificateManager(certConfig, clientConfig, s.CertDirectory, nodeName) if err != nil { return nil, nil, err @@ -764,7 +771,6 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName) // the rotating transport will use the cert from the cert manager instead of these files transportConfig := restclient.AnonymousClientConfig(clientConfig) - kubeClientConfigOverrides(s, transportConfig) // we set exitAfter to five minutes because we use this client configuration to request new certs - if we are unable // to request new certs, we will be unable to continue normal operation. Exiting the process allows a wrapper @@ -836,7 +842,7 @@ func buildClientCertificateManager(certConfig, clientConfig *restclient.Config, } func kubeClientConfigOverrides(s *options.KubeletServer, clientConfig *restclient.Config) { - clientConfig.ContentType = s.ContentType + setContentTypeForClient(clientConfig, s.ContentType) // Override kubeconfig qps/burst settings from flags clientConfig.QPS = float32(s.KubeAPIQPS) clientConfig.Burst = int(s.KubeAPIBurst) @@ -930,6 +936,21 @@ func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletCo return tlsOptions, nil } +// setContentTypeForClient sets the appropritae content type into the rest config +// and handles defaulting AcceptContentTypes based on that input. +func setContentTypeForClient(cfg *restclient.Config, contentType string) { + if len(contentType) == 0 { + return + } + cfg.ContentType = contentType + switch contentType { + case runtime.ContentTypeProtobuf: + cfg.AcceptContentTypes = strings.Join([]string{runtime.ContentTypeProtobuf, runtime.ContentTypeJSON}, ",") + default: + // otherwise let the rest client perform defaulting + } +} + // RunKubelet is responsible for setting up and running a kubelet. It is used in three different applications: // 1 Integration tests // 2 Kubelet binary diff --git a/staging/src/k8s.io/apimachinery/pkg/runtime/types.go b/staging/src/k8s.io/apimachinery/pkg/runtime/types.go index eb284eac279..3d3ebe5f9d1 100644 --- a/staging/src/k8s.io/apimachinery/pkg/runtime/types.go +++ b/staging/src/k8s.io/apimachinery/pkg/runtime/types.go @@ -41,9 +41,8 @@ type TypeMeta struct { } const ( - ContentTypeJSON string = "application/json" - ContentTypeYAML string = "application/yaml" - + ContentTypeJSON string = "application/json" + ContentTypeYAML string = "application/yaml" ContentTypeProtobuf string = "application/vnd.kubernetes.protobuf" )