Merge pull request #88480 from savitharaghunathan/kubelet_flag_migration_1

Kubelet flag migration - Part 1
This commit is contained in:
Kubernetes Prow Robot 2020-04-14 12:33:39 -07:00 committed by GitHub
commit 6c499314cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 20 additions and 5 deletions

View File

@ -144,9 +144,6 @@ type KubeletFlags struct {
ExperimentalNodeAllocatableIgnoreEvictionThreshold bool ExperimentalNodeAllocatableIgnoreEvictionThreshold bool
// Node Labels are the node labels to add when registering the node in the cluster // Node Labels are the node labels to add when registering the node in the cluster
NodeLabels map[string]string NodeLabels map[string]string
// volumePluginDir is the full path of the directory in which to search
// for additional third party volume plugins
VolumePluginDir string
// lockFilePath is the path that kubelet will use to as a lock file. // lockFilePath is the path that kubelet will use to as a lock file.
// It uses this file as a lock to synchronize with other kubelet processes // It uses this file as a lock to synchronize with other kubelet processes
// that may be running. // that may be running.
@ -214,7 +211,6 @@ func NewKubeletFlags() *KubeletFlags {
ExperimentalKernelMemcgNotification: false, ExperimentalKernelMemcgNotification: false,
RemoteRuntimeEndpoint: remoteRuntimeEndpoint, RemoteRuntimeEndpoint: remoteRuntimeEndpoint,
NodeLabels: make(map[string]string), NodeLabels: make(map[string]string),
VolumePluginDir: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/",
RegisterNode: true, RegisterNode: true,
SeccompProfileRoot: filepath.Join(defaultRootDir, "seccomp"), SeccompProfileRoot: filepath.Join(defaultRootDir, "seccomp"),
// prior to the introduction of this flag, there was a hardcoded cap of 50 images // prior to the introduction of this flag, there was a hardcoded cap of 50 images
@ -391,7 +387,6 @@ func (f *KubeletFlags) AddFlags(mainfs *pflag.FlagSet) {
fs.BoolVar(&f.ExperimentalNodeAllocatableIgnoreEvictionThreshold, "experimental-allocatable-ignore-eviction", f.ExperimentalNodeAllocatableIgnoreEvictionThreshold, "When set to 'true', Hard Eviction Thresholds will be ignored while calculating Node Allocatable. See https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ for more details. [default=false]") fs.BoolVar(&f.ExperimentalNodeAllocatableIgnoreEvictionThreshold, "experimental-allocatable-ignore-eviction", f.ExperimentalNodeAllocatableIgnoreEvictionThreshold, "When set to 'true', Hard Eviction Thresholds will be ignored while calculating Node Allocatable. See https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ for more details. [default=false]")
bindableNodeLabels := cliflag.ConfigurationMap(f.NodeLabels) bindableNodeLabels := cliflag.ConfigurationMap(f.NodeLabels)
fs.Var(&bindableNodeLabels, "node-labels", fmt.Sprintf("<Warning: Alpha feature> Labels to add when registering the node in the cluster. Labels must be key=value pairs separated by ','. Labels in the 'kubernetes.io' namespace must begin with an allowed prefix (%s) or be in the specifically allowed set (%s)", strings.Join(kubeletapis.KubeletLabelNamespaces(), ", "), strings.Join(kubeletapis.KubeletLabels(), ", "))) fs.Var(&bindableNodeLabels, "node-labels", fmt.Sprintf("<Warning: Alpha feature> Labels to add when registering the node in the cluster. Labels must be key=value pairs separated by ','. Labels in the 'kubernetes.io' namespace must begin with an allowed prefix (%s) or be in the specifically allowed set (%s)", strings.Join(kubeletapis.KubeletLabelNamespaces(), ", "), strings.Join(kubeletapis.KubeletLabels(), ", ")))
fs.StringVar(&f.VolumePluginDir, "volume-plugin-dir", f.VolumePluginDir, "The full path of the directory in which to search for additional third party volume plugins")
fs.StringVar(&f.LockFilePath, "lock-file", f.LockFilePath, "<Warning: Alpha feature> The path to file for kubelet to use as a lock file.") fs.StringVar(&f.LockFilePath, "lock-file", f.LockFilePath, "<Warning: Alpha feature> The path to file for kubelet to use as a lock file.")
fs.BoolVar(&f.ExitOnLockContention, "exit-on-lock-contention", f.ExitOnLockContention, "Whether kubelet should exit upon lock-file contention.") fs.BoolVar(&f.ExitOnLockContention, "exit-on-lock-contention", f.ExitOnLockContention, "Whether kubelet should exit upon lock-file contention.")
fs.StringVar(&f.SeccompProfileRoot, "seccomp-profile-root", f.SeccompProfileRoot, "<Warning: Alpha feature> Directory path for seccomp profiles.") fs.StringVar(&f.SeccompProfileRoot, "seccomp-profile-root", f.SeccompProfileRoot, "<Warning: Alpha feature> Directory path for seccomp profiles.")
@ -501,6 +496,7 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig
fs.Int32Var(&c.OOMScoreAdj, "oom-score-adj", c.OOMScoreAdj, "The oom-score-adj value for kubelet process. Values must be within the range [-1000, 1000]") fs.Int32Var(&c.OOMScoreAdj, "oom-score-adj", c.OOMScoreAdj, "The oom-score-adj value for kubelet process. Values must be within the range [-1000, 1000]")
fs.StringVar(&c.ClusterDomain, "cluster-domain", c.ClusterDomain, "Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains") fs.StringVar(&c.ClusterDomain, "cluster-domain", c.ClusterDomain, "Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains")
fs.StringVar(&c.VolumePluginDir, "volume-plugin-dir", c.VolumePluginDir, "The full path of the directory in which to search for additional third party volume plugins")
fs.StringSliceVar(&c.ClusterDNS, "cluster-dns", c.ClusterDNS, "Comma-separated list of DNS server IP address. This value is used for containers DNS server in case of Pods with \"dnsPolicy=ClusterFirst\". Note: all DNS servers appearing in the list MUST serve the same set of records otherwise name resolution within the cluster may not work correctly. There is no guarantee as to which DNS server may be contacted for name resolution.") fs.StringSliceVar(&c.ClusterDNS, "cluster-dns", c.ClusterDNS, "Comma-separated list of DNS server IP address. This value is used for containers DNS server in case of Pods with \"dnsPolicy=ClusterFirst\". Note: all DNS servers appearing in the list MUST serve the same set of records otherwise name resolution within the cluster may not work correctly. There is no guarantee as to which DNS server may be contacted for name resolution.")
fs.DurationVar(&c.StreamingConnectionIdleTimeout.Duration, "streaming-connection-idle-timeout", c.StreamingConnectionIdleTimeout.Duration, "Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m'") fs.DurationVar(&c.StreamingConnectionIdleTimeout.Duration, "streaming-connection-idle-timeout", c.StreamingConnectionIdleTimeout.Duration, "Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m'")
fs.DurationVar(&c.NodeStatusUpdateFrequency.Duration, "node-status-update-frequency", c.NodeStatusUpdateFrequency.Duration, "Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller.") fs.DurationVar(&c.NodeStatusUpdateFrequency.Duration, "node-status-update-frequency", c.NodeStatusUpdateFrequency.Duration, "Specifies how often kubelet posts node status to master. Note: be cautious when changing the constant, it must work with nodeMonitorGracePeriod in nodecontroller.")

View File

@ -96,6 +96,7 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
obj.ContainerLogMaxSize = "10Mi" obj.ContainerLogMaxSize = "10Mi"
obj.ConfigMapAndSecretChangeDetectionStrategy = "Watch" obj.ConfigMapAndSecretChangeDetectionStrategy = "Watch"
obj.AllowedUnsafeSysctls = []string{} obj.AllowedUnsafeSysctls = []string{}
obj.VolumePluginDir = kubeletconfigv1beta1.DefaultVolumePluginDir
}, },
} }
} }

View File

@ -26,5 +26,6 @@ func KubeletConfigurationPathRefs(kc *KubeletConfiguration) []*string {
paths = append(paths, &kc.TLSCertFile) paths = append(paths, &kc.TLSCertFile)
paths = append(paths, &kc.TLSPrivateKeyFile) paths = append(paths, &kc.TLSPrivateKeyFile)
paths = append(paths, &kc.ResolverConfig) paths = append(paths, &kc.ResolverConfig)
paths = append(paths, &kc.VolumePluginDir)
return paths return paths
} }

View File

@ -224,5 +224,6 @@ var (
"TypeMeta.APIVersion", "TypeMeta.APIVersion",
"TypeMeta.Kind", "TypeMeta.Kind",
"VolumeStatsAggPeriod.Duration", "VolumeStatsAggPeriod.Duration",
"VolumePluginDir",
) )
) )

View File

@ -97,6 +97,9 @@ type KubeletConfiguration struct {
// readOnlyPort is the read-only port for the Kubelet to serve on with // readOnlyPort is the read-only port for the Kubelet to serve on with
// no authentication/authorization (set to 0 to disable) // no authentication/authorization (set to 0 to disable)
ReadOnlyPort int32 ReadOnlyPort int32
// volumePluginDir is the full path of the directory in which to search
// for additional third party volume plugins.
VolumePluginDir string
// tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert,
// if any, concatenated after server cert). If tlsCertFile and // if any, concatenated after server cert). If tlsCertFile and
// tlsPrivateKeyFile are not provided, a self-signed certificate // tlsPrivateKeyFile are not provided, a self-signed certificate

View File

@ -33,6 +33,7 @@ const (
// TODO: Move these constants to k8s.io/kubelet/config/v1beta1 instead? // TODO: Move these constants to k8s.io/kubelet/config/v1beta1 instead?
DefaultIPTablesMasqueradeBit = 14 DefaultIPTablesMasqueradeBit = 14
DefaultIPTablesDropBit = 15 DefaultIPTablesDropBit = 15
DefaultVolumePluginDir = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/"
) )
var ( var (
@ -223,4 +224,7 @@ func SetDefaults_KubeletConfiguration(obj *kubeletconfigv1beta1.KubeletConfigura
if obj.EnforceNodeAllocatable == nil { if obj.EnforceNodeAllocatable == nil {
obj.EnforceNodeAllocatable = DefaultNodeAllocatableEnforcement obj.EnforceNodeAllocatable = DefaultNodeAllocatableEnforcement
} }
if obj.VolumePluginDir == "" {
obj.VolumePluginDir = DefaultVolumePluginDir
}
} }

View File

@ -332,6 +332,7 @@ func autoConvert_v1beta1_KubeletConfiguration_To_config_KubeletConfiguration(in
out.KubeReservedCgroup = in.KubeReservedCgroup out.KubeReservedCgroup = in.KubeReservedCgroup
out.EnforceNodeAllocatable = *(*[]string)(unsafe.Pointer(&in.EnforceNodeAllocatable)) out.EnforceNodeAllocatable = *(*[]string)(unsafe.Pointer(&in.EnforceNodeAllocatable))
out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls))
out.VolumePluginDir = in.VolumePluginDir
return nil return nil
} }
@ -350,6 +351,7 @@ func autoConvert_config_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in
out.Address = in.Address out.Address = in.Address
out.Port = in.Port out.Port = in.Port
out.ReadOnlyPort = in.ReadOnlyPort out.ReadOnlyPort = in.ReadOnlyPort
out.VolumePluginDir = in.VolumePluginDir
out.TLSCertFile = in.TLSCertFile out.TLSCertFile = in.TLSCertFile
out.TLSPrivateKeyFile = in.TLSPrivateKeyFile out.TLSPrivateKeyFile = in.TLSPrivateKeyFile
out.TLSCipherSuites = *(*[]string)(unsafe.Pointer(&in.TLSCipherSuites)) out.TLSCipherSuites = *(*[]string)(unsafe.Pointer(&in.TLSCipherSuites))

View File

@ -755,6 +755,13 @@ type KubeletConfiguration struct {
// Default: [] // Default: []
// +optional // +optional
AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"` AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"`
// volumePluginDir is the full path of the directory in which to search
// for additional third party volume plugins.
// Dynamic Kubelet Config (beta): If dynamically updating this field, consider that changing
// the volumePluginDir may disrupt workloads relying on third party volume plugins.
// Default: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/"
// +optional
VolumePluginDir string `json:"volumePluginDir,omitempty"`
} }
type KubeletAuthorizationMode string type KubeletAuthorizationMode string