github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-20 18:31:15 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #78466 from yuwenma/revert-77904-revert-76396-reapply-75624

Browse Source 
Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""
This commit is contained in:
Kubernetes Prow Robot 2019-10-01 01:21:33 -07:00 committed by GitHub
commit 6610260cc4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 70 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
cluster/gce/gci/apiserver_manifest_test.go
View File

@ -94,11 +94,12 @@ func (c *kubeAPIServerManifestTestCase) invokeTest(e kubeAPIServerEnv, kubeEnv s
func TestEncryptionProviderFlag(t *testing.T) { func TestEncryptionProviderFlag(t *testing.T) {
var ( var (
// command": [ // command": [
// "/bin/sh", - Index 0 // "/usr/local/bin/kube-apiserver " - Index 0,
// "-c", - Index 1 // "--flag1=val1", - Index 1,
// "exec /usr/local/bin/kube-apiserver " - Index 2 // "--flag2=val2", - Index 2,
execArgsIndex = 2 // ...
// "--flagN=valN", - Index N,
encryptionConfigFlag = "--encryption-provider-config" encryptionConfigFlag = "--encryption-provider-config"
) )
@ -132,10 +133,15 @@ func TestEncryptionProviderFlag(t *testing.T) {
c.invokeTest(e, deployHelperEnv) c.invokeTest(e, deployHelperEnv)
execArgs := c.pod.Spec.Containers[0].Command[execArgsIndex] var flagIsInArg bool
flagIsInArg := strings.Contains(execArgs, encryptionConfigFlag) var flag, execArgs string
flag := fmt.Sprintf("%s=%s", encryptionConfigFlag, e.EncryptionProviderConfigPath) for _, execArgs = range c.pod.Spec.Containers[0].Args[1:] {
if strings.Contains(execArgs, encryptionConfigFlag) {
flagIsInArg = true
flag = fmt.Sprintf("%s=%s", encryptionConfigFlag, e.EncryptionProviderConfigPath)
break
}
}
switch { switch {
case tc.wantFlag && !flagIsInArg: case tc.wantFlag && !flagIsInArg:
t.Fatalf("Got %q,\n want flags to contain %q", execArgs, flag) t.Fatalf("Got %q,\n want flags to contain %q", execArgs, flag)

44
cluster/gce/gci/configure-helper.sh
View File

@ -25,6 +25,24 @@ set -o errexit
set -o nounset set -o nounset
set -o pipefail set -o pipefail
function convert-manifest-params {
# A helper function to convert the manifest args from a string to a list of
# flag arguments.
# Old format:
# command=["/bin/sh", "-c", "exec KUBE_EXEC_BINARY --param1=val1 --param2-val2"].
# New format:
# command=["KUBE_EXEC_BINARY"] # No shell dependencies.
# args=["--param1=val1", "--param2-val2"]
IFS=' ' read -ra FLAGS <<< "$1"
params=""
for flag in "${FLAGS[@]}"; do
params+="\n\"$flag\","
done
if [ ! -z $params ]; then
echo "${params::-1}" # drop trailing comma
fi
}
function setup-os-params { function setup-os-params {
# Reset core_pattern. On GCI, the default core_pattern pipes the core dumps to # Reset core_pattern. On GCI, the default core_pattern pipes the core dumps to
# /sbin/crash_reporter which is more restrictive in saving crash dumps. So for # /sbin/crash_reporter which is more restrictive in saving crash dumps. So for
@ -2048,6 +2066,10 @@ function start-kube-apiserver {
# params is passed by reference, so no "$" # params is passed by reference, so no "$"
setup-etcd-encryption "${src_file}" params setup-etcd-encryption "${src_file}" params
params+=" --log-file=${KUBE_API_SERVER_LOG_PATH:-/var/log/kube-apiserver.log}"
params+=" --logtostderr=false"
params+=" --log-file-max-size=0"
params="$(convert-manifest-params "${params}")"
# Evaluate variables. # Evaluate variables.
local -r kube_apiserver_docker_tag="${KUBE_API_SERVER_DOCKER_TAG:-$(cat /home/kubernetes/kube-docker-files/kube-apiserver.docker_tag)}" local -r kube_apiserver_docker_tag="${KUBE_API_SERVER_DOCKER_TAG:-$(cat /home/kubernetes/kube-docker-files/kube-apiserver.docker_tag)}"
sed -i -e "s@{{params}}@${params}@g" "${src_file}" sed -i -e "s@{{params}}@${params}@g" "${src_file}"
@ -2195,7 +2217,8 @@ function update-node-label() {
function start-kube-controller-manager { function start-kube-controller-manager {
echo "Start kubernetes controller-manager" echo "Start kubernetes controller-manager"
create-kubeconfig "kube-controller-manager" ${KUBE_CONTROLLER_MANAGER_TOKEN} create-kubeconfig "kube-controller-manager" ${KUBE_CONTROLLER_MANAGER_TOKEN}
prepare-log-file /var/log/kube-controller-manager.log local LOG_PATH=/var/log/kube-controller-manager.log
prepare-log-file "${LOG_PATH}"
# Calculate variables and assemble the command line. # Calculate variables and assemble the command line.
local params="${CONTROLLER_MANAGER_TEST_LOG_LEVEL:-"--v=2"} ${CONTROLLER_MANAGER_TEST_ARGS:-} ${CLOUD_CONFIG_OPT}" local params="${CONTROLLER_MANAGER_TEST_LOG_LEVEL:-"--v=2"} ${CONTROLLER_MANAGER_TEST_ARGS:-} ${CLOUD_CONFIG_OPT}"
params+=" --use-service-account-credentials" params+=" --use-service-account-credentials"
@ -2223,7 +2246,7 @@ function start-kube-controller-manager {
params+=" --concurrent-service-syncs=${CONCURRENT_SERVICE_SYNCS}" params+=" --concurrent-service-syncs=${CONCURRENT_SERVICE_SYNCS}"
fi fi
if [[ "${NETWORK_PROVIDER:-}" == "kubenet" ]]; then if [[ "${NETWORK_PROVIDER:-}" == "kubenet" ]]; then
params+=" --allocate-node-cidrs=true" params+=" --allocate-node-cidrs"
elif [[ -n "${ALLOCATE_NODE_CIDRS:-}" ]]; then elif [[ -n "${ALLOCATE_NODE_CIDRS:-}" ]]; then
params+=" --allocate-node-cidrs=${ALLOCATE_NODE_CIDRS}" params+=" --allocate-node-cidrs=${ALLOCATE_NODE_CIDRS}"
fi fi
@ -2254,9 +2277,14 @@ function start-kube-controller-manager {
params+=" --pv-recycler-pod-template-filepath-hostpath=$PV_RECYCLER_OVERRIDE_TEMPLATE" params+=" --pv-recycler-pod-template-filepath-hostpath=$PV_RECYCLER_OVERRIDE_TEMPLATE"
fi fi
if [[ -n "${RUN_CONTROLLERS:-}" ]]; then if [[ -n "${RUN_CONTROLLERS:-}" ]]; then
params+=" --controllers=${RUN_CONTROLLERS}" # Trim the `RUN_CONTROLLERS` value. This field is quoted which is
# incompatible with the `convert-manifest-params` format.
params+=" --controllers=${RUN_CONTROLLERS//\'}"
fi fi
params+=" --log-file=${LOG_PATH}"
params+=" --logtostderr=false"
params+=" --log-file-max-size=0"
params="$(convert-manifest-params "${params}")"
local -r kube_rc_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-controller-manager.docker_tag) local -r kube_rc_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-controller-manager.docker_tag)
local container_env="" local container_env=""
if [[ -n "${ENABLE_CACHE_MUTATION_DETECTOR:-}" ]]; then if [[ -n "${ENABLE_CACHE_MUTATION_DETECTOR:-}" ]]; then
@ -2291,7 +2319,8 @@ function start-kube-controller-manager {
function start-kube-scheduler { function start-kube-scheduler {
echo "Start kubernetes scheduler" echo "Start kubernetes scheduler"
create-kubeconfig "kube-scheduler" ${KUBE_SCHEDULER_TOKEN} create-kubeconfig "kube-scheduler" ${KUBE_SCHEDULER_TOKEN}
prepare-log-file /var/log/kube-scheduler.log local LOG_PATH=/var/log/kube-scheduler.log
prepare-log-file "${LOG_PATH}"
# Calculate variables and set them in the manifest. # Calculate variables and set them in the manifest.
params="${SCHEDULER_TEST_LOG_LEVEL:-"--v=2"} ${SCHEDULER_TEST_ARGS:-}" params="${SCHEDULER_TEST_LOG_LEVEL:-"--v=2"} ${SCHEDULER_TEST_ARGS:-}"
@ -2307,6 +2336,11 @@ function start-kube-scheduler {
params+=" --use-legacy-policy-config" params+=" --use-legacy-policy-config"
params+=" --policy-config-file=/etc/srv/kubernetes/kube-scheduler/policy-config" params+=" --policy-config-file=/etc/srv/kubernetes/kube-scheduler/policy-config"
fi fi
params+=" --log-file=${LOG_PATH}"
params+=" --logtostderr=false"
params+=" --log-file-max-size=0"
params="$(convert-manifest-params "${params}")"
local -r kube_scheduler_docker_tag=$(cat "${KUBE_HOME}/kube-docker-files/kube-scheduler.docker_tag") local -r kube_scheduler_docker_tag=$(cat "${KUBE_HOME}/kube-docker-files/kube-scheduler.docker_tag")
# Remove salt comments and replace variables with values. # Remove salt comments and replace variables with values.

10
cluster/gce/manifests/kube-apiserver.manifest
View File

@ -25,10 +25,12 @@
} }
}, },
"command": [ "command": [
"/bin/sh", "/usr/local/bin/kube-apiserver"
"-c", ],
"exec /usr/local/bin/kube-apiserver {{params}} --allow-privileged={{pillar['allow_privileged']}} 1>>/var/log/kube-apiserver.log 2>&1" "args": [
], "--allow-privileged={{pillar['allow_privileged']}}",
{{params}}
],
{{container_env}} {{container_env}}
"livenessProbe": { "livenessProbe": {
"httpGet": { "httpGet": {

9
cluster/gce/manifests/kube-controller-manager.manifest
View File

@ -25,10 +25,11 @@
} }
}, },
"command": [ "command": [
"/bin/sh", "/usr/local/bin/kube-controller-manager"
"-c", ],
"exec /usr/local/bin/kube-controller-manager {{params}} 1>>/var/log/kube-controller-manager.log 2>&1" "args": [
], {{params}}
],
{{container_env}} {{container_env}}
"livenessProbe": { "livenessProbe": {
"httpGet": { "httpGet": {

9
cluster/gce/manifests/kube-scheduler.manifest
View File

@ -25,10 +25,11 @@
} }
}, },
"command": [ "command": [
"/bin/sh", "/usr/local/bin/kube-scheduler"
"-c", ],
"exec /usr/local/bin/kube-scheduler {{params}} 1>>/var/log/kube-scheduler.log 2>&1" "args": [
], {{params}}
],
"livenessProbe": { "livenessProbe": {
"httpGet": { "httpGet": {
"host": "127.0.0.1", "host": "127.0.0.1",