mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
feat: cleanup feature gates for KubeletPluginsWatcher
This commit is contained in:
parent
bf55a99eb8
commit
35bc5dc6b6
@ -328,13 +328,6 @@ const (
|
||||
// Only applicable if the VolumeSubpath feature is also enabled
|
||||
VolumeSubpathEnvExpansion featuregate.Feature = "VolumeSubpathEnvExpansion"
|
||||
|
||||
// owner: @vikaschoudhary16
|
||||
// GA: v1.13
|
||||
//
|
||||
//
|
||||
// Enable probe based plugin watcher utility for discovering Kubelet plugins
|
||||
KubeletPluginsWatcher featuregate.Feature = "KubeletPluginsWatcher"
|
||||
|
||||
// owner: @vikaschoudhary16
|
||||
// beta: v1.12
|
||||
//
|
||||
@ -549,7 +542,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
|
||||
BalanceAttachedNodeVolumes: {Default: false, PreRelease: featuregate.Alpha},
|
||||
PodReadinessGates: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.16
|
||||
VolumeSubpathEnvExpansion: {Default: true, PreRelease: featuregate.Beta},
|
||||
KubeletPluginsWatcher: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.16
|
||||
ResourceQuotaScopeSelectors: {Default: true, PreRelease: featuregate.Beta},
|
||||
CSIBlockVolume: {Default: true, PreRelease: featuregate.Beta},
|
||||
CSIInlineVolume: {Default: false, PreRelease: featuregate.Alpha},
|
||||
|
@ -537,7 +537,6 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
|
||||
experimentalHostUserNamespaceDefaulting: utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalHostUserNamespaceDefaultingGate),
|
||||
keepTerminatedPodVolumes: keepTerminatedPodVolumes,
|
||||
nodeStatusMaxImages: nodeStatusMaxImages,
|
||||
enablePluginsWatcher: utilfeature.DefaultFeatureGate.Enabled(features.KubeletPluginsWatcher),
|
||||
}
|
||||
|
||||
if klet.cloud != nil {
|
||||
@ -785,13 +784,11 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if klet.enablePluginsWatcher {
|
||||
klet.pluginManager = pluginmanager.NewPluginManager(
|
||||
klet.getPluginsRegistrationDir(), /* sockDir */
|
||||
klet.getPluginsDir(), /* deprecatedSockDir */
|
||||
kubeDeps.Recorder,
|
||||
)
|
||||
}
|
||||
klet.pluginManager = pluginmanager.NewPluginManager(
|
||||
klet.getPluginsRegistrationDir(), /* sockDir */
|
||||
klet.getPluginsDir(), /* deprecatedSockDir */
|
||||
kubeDeps.Recorder,
|
||||
)
|
||||
|
||||
// If the experimentalMounterPathFlag is set, we do not want to
|
||||
// check node capabilities since the mount path is not the default
|
||||
@ -1210,9 +1207,6 @@ type Kubelet struct {
|
||||
// This flag sets a maximum number of images to report in the node status.
|
||||
nodeStatusMaxImages int32
|
||||
|
||||
// This flag indicates that kubelet should start plugin watcher utility server for discovering Kubelet plugins
|
||||
enablePluginsWatcher bool
|
||||
|
||||
// Handles RuntimeClass objects for the Kubelet.
|
||||
runtimeClassManager *runtimeclass.Manager
|
||||
}
|
||||
@ -1375,15 +1369,13 @@ func (kl *Kubelet) initializeRuntimeDependentModules() {
|
||||
// container log manager must start after container runtime is up to retrieve information from container runtime
|
||||
// and inform container to reopen log file after log rotation.
|
||||
kl.containerLogManager.Start()
|
||||
if kl.enablePluginsWatcher {
|
||||
// Adding Registration Callback function for CSI Driver
|
||||
kl.pluginManager.AddHandler(pluginwatcherapi.CSIPlugin, plugincache.PluginHandler(csi.PluginHandler))
|
||||
// Adding Registration Callback function for Device Manager
|
||||
kl.pluginManager.AddHandler(pluginwatcherapi.DevicePlugin, kl.containerManager.GetPluginRegistrationHandler())
|
||||
// Start the plugin manager
|
||||
klog.V(4).Infof("starting plugin manager")
|
||||
go kl.pluginManager.Run(kl.sourcesReady, wait.NeverStop)
|
||||
}
|
||||
// Adding Registration Callback function for CSI Driver
|
||||
kl.pluginManager.AddHandler(pluginwatcherapi.CSIPlugin, plugincache.PluginHandler(csi.PluginHandler))
|
||||
// Adding Registration Callback function for Device Manager
|
||||
kl.pluginManager.AddHandler(pluginwatcherapi.DevicePlugin, kl.containerManager.GetPluginRegistrationHandler())
|
||||
// Start the plugin manager
|
||||
klog.V(4).Infof("starting plugin manager")
|
||||
go kl.pluginManager.Run(kl.sourcesReady, wait.NeverStop)
|
||||
}
|
||||
|
||||
// Run starts the kubelet reacting to config updates
|
||||
|
@ -32,9 +32,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/api/resource"
|
||||
utilversion "k8s.io/apimachinery/pkg/util/version"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
"k8s.io/klog"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
"k8s.io/kubernetes/pkg/volume"
|
||||
csipbv0 "k8s.io/kubernetes/pkg/volume/csi/csiv0"
|
||||
)
|
||||
@ -158,16 +156,14 @@ func newCsiDriverClient(driverName csiDriverName) (*csiDriverClient, error) {
|
||||
|
||||
addr := fmt.Sprintf(csiAddrTemplate, driverName)
|
||||
requiresV0Client := true
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.KubeletPluginsWatcher) {
|
||||
existingDriver, driverExists := csiDrivers.Get(string(driverName))
|
||||
if !driverExists {
|
||||
return nil, fmt.Errorf("driver name %s not found in the list of registered CSI drivers", driverName)
|
||||
}
|
||||
|
||||
addr = existingDriver.endpoint
|
||||
requiresV0Client = versionRequiresV0Client(existingDriver.highestSupportedVersion)
|
||||
existingDriver, driverExists := csiDrivers.Get(string(driverName))
|
||||
if !driverExists {
|
||||
return nil, fmt.Errorf("driver name %s not found in the list of registered CSI drivers", driverName)
|
||||
}
|
||||
|
||||
addr = existingDriver.endpoint
|
||||
requiresV0Client = versionRequiresV0Client(existingDriver.highestSupportedVersion)
|
||||
|
||||
nodeV1ClientCreator := newV1NodeClient
|
||||
nodeV0ClientCreator := newV0NodeClient
|
||||
if requiresV0Client {
|
||||
|
@ -155,10 +155,10 @@ func (p *Plugin) Admit(a admission.Attributes, o admission.ObjectInterfaces) err
|
||||
return admission.NewForbidden(a, fmt.Errorf("disabled by feature gate %s", features.NodeLease))
|
||||
|
||||
case csiNodeResource:
|
||||
if p.features.Enabled(features.KubeletPluginsWatcher) && p.features.Enabled(features.CSINodeInfo) {
|
||||
if p.features.Enabled(features.CSINodeInfo) {
|
||||
return p.admitCSINode(nodeName, a)
|
||||
}
|
||||
return admission.NewForbidden(a, fmt.Errorf("disabled by feature gates %s and %s", features.KubeletPluginsWatcher, features.CSINodeInfo))
|
||||
return admission.NewForbidden(a, fmt.Errorf("disabled by feature gates %s", features.CSINodeInfo))
|
||||
|
||||
default:
|
||||
return nil
|
||||
|
@ -66,15 +66,9 @@ func init() {
|
||||
if err := leaseDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.NodeLease: {Default: false}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: true}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: true}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: false}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: false}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
@ -1170,7 +1164,7 @@ func Test_nodePlugin_Admit(t *testing.T) {
|
||||
name: "disallowed create CSINode - feature disabled",
|
||||
attributes: admission.NewAttributesRecord(nodeInfo, nil, csiNodeKind, nodeInfo.Namespace, nodeInfo.Name, csiNodeResource, "", admission.Create, &metav1.CreateOptions{}, false, mynode),
|
||||
features: csiNodeInfoDisabledFeature,
|
||||
err: fmt.Sprintf("forbidden: disabled by feature gates %s and %s", features.KubeletPluginsWatcher, features.CSINodeInfo),
|
||||
err: fmt.Sprintf("forbidden: disabled by feature gates %s", features.CSINodeInfo),
|
||||
},
|
||||
{
|
||||
name: "disallowed create another node's CSINode - feature enabled",
|
||||
|
@ -123,10 +123,10 @@ func (r *NodeAuthorizer) Authorize(attrs authorizer.Attributes) (authorizer.Deci
|
||||
}
|
||||
return authorizer.DecisionNoOpinion, fmt.Sprintf("disabled by feature gate %s", features.NodeLease), nil
|
||||
case csiNodeResource:
|
||||
if r.features.Enabled(features.KubeletPluginsWatcher) && r.features.Enabled(features.CSINodeInfo) {
|
||||
if r.features.Enabled(features.CSINodeInfo) {
|
||||
return r.authorizeCSINode(nodeName, attrs)
|
||||
}
|
||||
return authorizer.DecisionNoOpinion, fmt.Sprintf("disabled by feature gates %s and %s", features.KubeletPluginsWatcher, features.CSINodeInfo), nil
|
||||
return authorizer.DecisionNoOpinion, fmt.Sprintf("disabled by feature gates %s", features.CSINodeInfo), nil
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -69,15 +69,9 @@ func init() {
|
||||
if err := leaseDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.NodeLease: {Default: false}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: true}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: true}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: false}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: false}}); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
@ -164,8 +164,7 @@ func NodeRules() []rbacv1.PolicyRule {
|
||||
nodePolicyRules = append(nodePolicyRules, csiDriverRule)
|
||||
}
|
||||
}
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.KubeletPluginsWatcher) &&
|
||||
utilfeature.DefaultFeatureGate.Enabled(features.CSINodeInfo) {
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.CSINodeInfo) {
|
||||
csiNodeInfoRule := rbacv1helpers.NewRule("get", "create", "update", "patch", "delete").Groups("storage.k8s.io").Resources("csinodes").RuleOrDie()
|
||||
nodePolicyRules = append(nodePolicyRules, csiNodeInfoRule)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user