From 3da0f1809cbe23ac7417802eff77320d5a8bff5d Mon Sep 17 00:00:00 2001 From: Andrew Sy Kim Date: Mon, 19 Dec 2022 13:27:29 -0500 Subject: [PATCH] apiserver: update lease label key to apiserver.kubernetes.io/identity Signed-off-by: Andrew Sy Kim --- .../storageversiongc/gc_controller_test.go | 2 +- .../apiserverleasegc/gc_controller_test.go | 12 +++++------ pkg/controlplane/instance.go | 21 ++++++++++++++++++- test/e2e/apimachinery/apiserver_identity.go | 4 ++-- 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/pkg/controller/storageversiongc/gc_controller_test.go b/pkg/controller/storageversiongc/gc_controller_test.go index 9e1a039706d..4f11b7e33a9 100644 --- a/pkg/controller/storageversiongc/gc_controller_test.go +++ b/pkg/controller/storageversiongc/gc_controller_test.go @@ -48,7 +48,7 @@ func newKubeApiserverLease(name, holderIdentity string) *coordinationv1.Lease { Name: name, Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - "k8s.io/component": "kube-apiserver", + "apiserver.kubernetes.io/identity": "kube-apiserver", }, }, Spec: coordinationv1.LeaseSpec{ diff --git a/pkg/controlplane/controller/apiserverleasegc/gc_controller_test.go b/pkg/controlplane/controller/apiserverleasegc/gc_controller_test.go index 0e86e70ff9f..38e18c3181f 100644 --- a/pkg/controlplane/controller/apiserverleasegc/gc_controller_test.go +++ b/pkg/controlplane/controller/apiserverleasegc/gc_controller_test.go @@ -44,7 +44,7 @@ func Test_Controller(t *testing.T) { Name: "kube-apiserver-12345", Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - "k8s.io/component": "kube-apiserver", + "apiserver.kubernetes.io/identity": "kube-apiserver", }, }, Spec: coordinationv1.LeaseSpec{ @@ -62,7 +62,7 @@ func Test_Controller(t *testing.T) { Name: "kube-apiserver-12345", Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - "k8s.io/component": "kube-controller-manager", + "apiserver.kubernetes.io/identity": "kube-controller-manager", }, }, Spec: coordinationv1.LeaseSpec{ @@ -80,7 +80,7 @@ func Test_Controller(t *testing.T) { Name: "kube-apiserver-12345", Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - "k8s.io/component": "kube-apiserver", + "apiserver.kubernetes.io/identity": "kube-apiserver", }, }, Spec: coordinationv1.LeaseSpec{ @@ -98,7 +98,7 @@ func Test_Controller(t *testing.T) { Name: "kube-apiserver-12345", Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - "k8s.io/component": "kube-apiserver", + "apiserver.kubernetes.io/identity": "kube-apiserver", }, }, Spec: coordinationv1.LeaseSpec{ @@ -116,7 +116,7 @@ func Test_Controller(t *testing.T) { Name: "kube-apiserver-12345", Namespace: metav1.NamespaceSystem, Labels: map[string]string{ - "k8s.io/component": "kube-apiserver", + "apiserver.kubernetes.io/identity": "kube-apiserver", }, }, Spec: coordinationv1.LeaseSpec{ @@ -132,7 +132,7 @@ func Test_Controller(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { clientset := fake.NewSimpleClientset(test.lease) - controller := NewAPIServerLeaseGC(clientset, 100*time.Millisecond, metav1.NamespaceSystem, "k8s.io/component=kube-apiserver") + controller := NewAPIServerLeaseGC(clientset, 100*time.Millisecond, metav1.NamespaceSystem, "apiserver.kubernetes.io/identity=kube-apiserver") go controller.Run(nil) time.Sleep(time.Second) diff --git a/pkg/controlplane/instance.go b/pkg/controlplane/instance.go index db60aae7db0..c5d872b35ca 100644 --- a/pkg/controlplane/instance.go +++ b/pkg/controlplane/instance.go @@ -123,9 +123,11 @@ const ( // IdentityLeaseComponentLabelKey is used to apply a component label to identity lease objects, indicating: // 1. the lease is an identity lease (different from leader election leases) // 2. which component owns this lease - IdentityLeaseComponentLabelKey = "k8s.io/component" + IdentityLeaseComponentLabelKey = "apiserver.kubernetes.io/identity" // KubeAPIServer defines variable used internally when referring to kube-apiserver component KubeAPIServer = "kube-apiserver" + // DeprecatedKubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases + DeprecatedKubeAPIServerIdentityLeaseLabelSelector = "k8s.io/component=kube-apiserver" // KubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases KubeAPIServerIdentityLeaseLabelSelector = IdentityLeaseComponentLabelKey + "=" + KubeAPIServer // repairLoopInterval defines the interval used to run the Services ClusterIP and NodePort repair loops @@ -509,6 +511,23 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget) go controller.Run(hookContext.StopCh) return nil }) + // Labels for apiserver idenitiy leases switched from k8s.io/component=kube-apiserver to apiserver.kubernetes.io/identity=kube-apiserver. + // For compatibility, garbage collect leases with both labels for at least 1 release + // TODO: remove in Kubernetes 1.28 + m.GenericAPIServer.AddPostStartHookOrDie("start-deprecated-kube-apiserver-identity-lease-garbage-collector", func(hookContext genericapiserver.PostStartHookContext) error { + kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) + if err != nil { + return err + } + go apiserverleasegc.NewAPIServerLeaseGC( + kubeClient, + IdentityLeaseGCPeriod, + metav1.NamespaceSystem, + DeprecatedKubeAPIServerIdentityLeaseLabelSelector, + ).Run(hookContext.StopCh) + return nil + }) + // TODO: move this into generic apiserver and make the lease identity value configurable m.GenericAPIServer.AddPostStartHookOrDie("start-kube-apiserver-identity-lease-garbage-collector", func(hookContext genericapiserver.PostStartHookContext) error { kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig) if err != nil { diff --git a/test/e2e/apimachinery/apiserver_identity.go b/test/e2e/apimachinery/apiserver_identity.go index 72db85329d7..887cbbdfaac 100644 --- a/test/e2e/apimachinery/apiserver_identity.go +++ b/test/e2e/apimachinery/apiserver_identity.go @@ -115,7 +115,7 @@ var _ = SIGDescribe("kube-apiserver identity [Feature:APIServerIdentity]", func( } leases, err := client.CoordinationV1().Leases(metav1.NamespaceSystem).List(context.TODO(), metav1.ListOptions{ - LabelSelector: "k8s.io/component=kube-apiserver", + LabelSelector: "apiserver.kubernetes.io/identity=kube-apiserver", }) framework.ExpectNoError(err) framework.ExpectEqual(len(leases.Items), len(controlPlaneNodes), "unexpected number of leases") @@ -161,7 +161,7 @@ var _ = SIGDescribe("kube-apiserver identity [Feature:APIServerIdentity]", func( // As long as the hostname of kube-apiserver is unchanged, a restart should not result in new Lease objects. // Check that the number of lease objects remains the same after restarting kube-apiserver. leases, err = client.CoordinationV1().Leases(metav1.NamespaceSystem).List(context.TODO(), metav1.ListOptions{ - LabelSelector: "k8s.io/component=kube-apiserver", + LabelSelector: "apiserver.kubernetes.io/identity=kube-apiserver", }) framework.ExpectNoError(err) framework.ExpectEqual(len(leases.Items), len(controlPlaneNodes), "unexpected number of leases")