Merge pull request #25196 from luxas/auto_create_kube_system

Automatic merge from submit-queue

Automatically create the kube-system namespace

At the same time we ensure that the `default` namespace is present, it also creates `kube-system` if it doesn't exist.

`kube-system` will now exist from the beginning, and will be recreated every 10s if deleted, in the same manner as the `default` ns

This makes UX much better, no need for `kubectl`ing a `kube-system.yaml` file anymore for a function that is essential to Kubernetes (addons). For instance, this makes dashboard deployment much easier when there's no need to check for the `kube-system` ns first.

A follow up in the future may remove places where logic to manually create the kube-system namespace is present.

Also fixed a small bug where `CreateNamespaceIfNeeded` ignored the `ns` parameter and was hardcoded to `api.NamespaceDefault`.

@davidopp @lavalamp @thockin @mikedanese @bryk @cheld @fgrzadkowski @smarterclayton @wojtek-t @dlorenc @vishh @dchen1107 @bgrant0607 @roberthbailey

<!-- Reviewable:start -->
---
This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/25196)
<!-- Reviewable:end -->

pkg/master/controller.go

@@ -39,7 +39,7 @@ import (
 )
 
 // Controller is the controller manager for the core bootstrap Kubernetes controller
-// loops, which manage creating the "kubernetes" service, the "default"
+// loops, which manage creating the "kubernetes" service, the "default" and "kube-system"
 // namespace, and provide the IP repair check on service IPs
 type Controller struct {
 	NamespaceRegistry namespace.Registry
@@ -58,6 +58,9 @@ type Controller struct {
 	EndpointRegistry endpoint.Registry
 	EndpointInterval time.Duration
 
+	SystemNamespaces         []string
+	SystemNamespacesInterval time.Duration
+
 	PublicIP net.IP
 
 	ServiceIP                 net.IP
@@ -94,10 +97,22 @@ func (c *Controller) Start() {
 		glog.Errorf("Unable to perform initial Kubernetes service initialization: %v", err)
 	}
 
-	c.runner = util.NewRunner(c.RunKubernetesService, repairClusterIPs.RunUntil, repairNodePorts.RunUntil)
+	c.runner = util.NewRunner(c.RunKubernetesNamespaces, c.RunKubernetesService, repairClusterIPs.RunUntil, repairNodePorts.RunUntil)
 	c.runner.Start()
 }
 
+// RunKubernetesNamespaces periodically makes sure that all internal namespaces exist
+func (c *Controller) RunKubernetesNamespaces(ch chan struct{}) {
+	wait.Until(func() {
+		// Loop the system namespace list, and create them if they do not exist
+		for _, ns := range c.SystemNamespaces {
+			if err := c.CreateNamespaceIfNeeded(ns); err != nil {
+				runtime.HandleError(fmt.Errorf("unable to create required kubernetes system namespace %s: %v", ns, err))
+			}
+		}
+	}, c.SystemNamespacesInterval, ch)
+}
+
 // RunKubernetesService periodically updates the kubernetes service
 func (c *Controller) RunKubernetesService(ch chan struct{}) {
 	wait.Until(func() {
@@ -132,10 +147,10 @@ func (c *Controller) UpdateKubernetesService(reconcile bool) error {
 	return nil
 }
 
-// CreateNamespaceIfNeeded will create the namespace that contains the master services if it doesn't already exist
+// CreateNamespaceIfNeeded will create a namespace if it doesn't already exist
 func (c *Controller) CreateNamespaceIfNeeded(ns string) error {
 	ctx := api.NewContext()
-	if _, err := c.NamespaceRegistry.GetNamespace(ctx, api.NamespaceDefault); err == nil {
+	if _, err := c.NamespaceRegistry.GetNamespace(ctx, ns); err == nil {
 		// the namespace already exists
 		return nil
 	}

pkg/master/master.go

@@ -510,6 +510,9 @@ func (m *Master) NewBootstrapController() *Controller {
 		EndpointRegistry: m.endpointRegistry,
 		EndpointInterval: 10 * time.Second,
 
+		SystemNamespaces:         []string{api.NamespaceSystem},
+		SystemNamespacesInterval: 1 * time.Minute,
+
 		ServiceClusterIPRegistry: m.serviceClusterIPAllocator,
 		ServiceClusterIPRange:    m.ServiceClusterIPRange,
 		ServiceClusterIPInterval: 3 * time.Minute,

plugin/pkg/admission/namespace/lifecycle/admission.go

@@ -36,7 +36,7 @@ const PluginName = "NamespaceLifecycle"
 
 func init() {
 	admission.RegisterPlugin(PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) {
-		return NewLifecycle(client, sets.NewString(api.NamespaceDefault)), nil
+		return NewLifecycle(client, sets.NewString(api.NamespaceDefault, api.NamespaceSystem)), nil
 	})
 }