mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #58367 from zhangxiaoyu-zidif/do-issue-41161
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value **What this PR does / why we need it**: **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #41161 **Special notes for your reviewer**: **Release note**: ```release-note Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value ```
This commit is contained in:
commit
6def29e004
@ -48,7 +48,7 @@ import (
|
|||||||
// In general, please try to avoid adding flags or configuration fields,
|
// In general, please try to avoid adding flags or configuration fields,
|
||||||
// we already have a confusingly large amount of them.
|
// we already have a confusingly large amount of them.
|
||||||
type KubeletFlags struct {
|
type KubeletFlags struct {
|
||||||
KubeConfig flag.StringFlag
|
KubeConfig string
|
||||||
BootstrapKubeconfig string
|
BootstrapKubeconfig string
|
||||||
RotateCertificates bool
|
RotateCertificates bool
|
||||||
|
|
||||||
@ -178,8 +178,6 @@ type KubeletFlags struct {
|
|||||||
// schedulable. Won't have any effect if register-node is false.
|
// schedulable. Won't have any effect if register-node is false.
|
||||||
// DEPRECATED: use registerWithTaints instead
|
// DEPRECATED: use registerWithTaints instead
|
||||||
RegisterSchedulable bool
|
RegisterSchedulable bool
|
||||||
// RequireKubeConfig is deprecated! A valid KubeConfig is now required if --kubeconfig is provided.
|
|
||||||
RequireKubeConfig bool
|
|
||||||
// nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.
|
// nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.
|
||||||
NonMasqueradeCIDR string
|
NonMasqueradeCIDR string
|
||||||
// This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node.
|
// This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node.
|
||||||
@ -212,9 +210,6 @@ func NewKubeletFlags() *KubeletFlags {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return &KubeletFlags{
|
return &KubeletFlags{
|
||||||
// TODO(#41161:v1.10.0): Remove the default kubeconfig path and --require-kubeconfig.
|
|
||||||
RequireKubeConfig: false,
|
|
||||||
KubeConfig: flag.NewStringFlag("/var/lib/kubelet/kubeconfig"),
|
|
||||||
ContainerRuntimeOptions: *NewContainerRuntimeOptions(),
|
ContainerRuntimeOptions: *NewContainerRuntimeOptions(),
|
||||||
CertDirectory: "/var/lib/kubelet/pki",
|
CertDirectory: "/var/lib/kubelet/pki",
|
||||||
RootDirectory: v1alpha1.DefaultRootDir,
|
RootDirectory: v1alpha1.DefaultRootDir,
|
||||||
@ -304,13 +299,14 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
|
|||||||
func (f *KubeletFlags) AddFlags(fs *pflag.FlagSet) {
|
func (f *KubeletFlags) AddFlags(fs *pflag.FlagSet) {
|
||||||
f.ContainerRuntimeOptions.AddFlags(fs)
|
f.ContainerRuntimeOptions.AddFlags(fs)
|
||||||
|
|
||||||
fs.Var(&f.KubeConfig, "kubeconfig", "Path to a kubeconfig file, specifying how to connect to the API server.")
|
fs.StringVar(&f.KubeConfig, "kubeconfig", f.KubeConfig, "Path to a kubeconfig file, specifying how to connect to the API server. Providing --kubeconfig enables API server mode, omitting --kubeconfig enables standalone mode.")
|
||||||
// TODO(#41161:v1.10.0): Remove the default kubeconfig path and --require-kubeconfig.
|
|
||||||
fs.BoolVar(&f.RequireKubeConfig, "require-kubeconfig", f.RequireKubeConfig, "This flag is no longer necessary. It has been deprecated and will be removed in a future version.")
|
|
||||||
fs.MarkDeprecated("require-kubeconfig", "You no longer need to use --require-kubeconfig. This will be removed in a future version. Providing --kubeconfig enables API server mode, omitting --kubeconfig enables standalone mode unless --require-kubeconfig=true is also set. In the latter case, the legacy default kubeconfig path will be used until --require-kubeconfig is removed.")
|
|
||||||
|
|
||||||
fs.MarkDeprecated("experimental-bootstrap-kubeconfig", "Use --bootstrap-kubeconfig")
|
fs.MarkDeprecated("experimental-bootstrap-kubeconfig", "Use --bootstrap-kubeconfig")
|
||||||
fs.StringVar(&f.BootstrapKubeconfig, "experimental-bootstrap-kubeconfig", f.BootstrapKubeconfig, "deprecated: use --bootstrap-kubeconfig")
|
fs.StringVar(&f.BootstrapKubeconfig, "experimental-bootstrap-kubeconfig", f.BootstrapKubeconfig, "deprecated: use --bootstrap-kubeconfig")
|
||||||
|
// TODO: when pull-kubernetes-e2e-kops-aws does not need this parameter, delete requireKubeConfig.
|
||||||
|
var requireKubeConfig bool
|
||||||
|
fs.BoolVar(&requireKubeConfig, "require-kubeconfig", requireKubeConfig, "This flag is no longer necessary. It has been deprecated and will be removed in a future version.")
|
||||||
|
fs.MarkDeprecated("require-kubeconfig", "You no longer need to use --require-kubeconfig. This will be removed in a future version. Providing --kubeconfig enables API server mode, omitting --kubeconfig enables standalone mode unless --require-kubeconfig=true is also set. In the latter case, the legacy default kubeconfig path will be used until --require-kubeconfig is removed.")
|
||||||
fs.StringVar(&f.BootstrapKubeconfig, "bootstrap-kubeconfig", f.BootstrapKubeconfig, "Path to a kubeconfig file that will be used to get client certificate for kubelet. "+
|
fs.StringVar(&f.BootstrapKubeconfig, "bootstrap-kubeconfig", f.BootstrapKubeconfig, "Path to a kubeconfig file that will be used to get client certificate for kubelet. "+
|
||||||
"If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. "+
|
"If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. "+
|
||||||
"On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig. "+
|
"On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig. "+
|
||||||
|
@ -36,7 +36,6 @@ func newKubeletServerOrDie() *KubeletServer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func cleanFlags(s *KubeletServer) {
|
func cleanFlags(s *KubeletServer) {
|
||||||
s.KubeConfig = utilflag.NewStringFlag(s.KubeConfig.Value())
|
|
||||||
s.DynamicConfigDir = utilflag.NewStringFlag(s.DynamicConfigDir.Value())
|
s.DynamicConfigDir = utilflag.NewStringFlag(s.DynamicConfigDir.Value())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -328,11 +328,7 @@ func run(s *options.KubeletServer, kubeDeps *kubelet.Dependencies) (err error) {
|
|||||||
|
|
||||||
// About to get clients and such, detect standaloneMode
|
// About to get clients and such, detect standaloneMode
|
||||||
standaloneMode := true
|
standaloneMode := true
|
||||||
switch {
|
if len(s.KubeConfig) > 0 {
|
||||||
case s.RequireKubeConfig == true:
|
|
||||||
standaloneMode = false
|
|
||||||
glog.Warningf("--require-kubeconfig is deprecated. Set --kubeconfig without using --require-kubeconfig.")
|
|
||||||
case s.KubeConfig.Provided():
|
|
||||||
standaloneMode = false
|
standaloneMode = false
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -364,7 +360,7 @@ func run(s *options.KubeletServer, kubeDeps *kubelet.Dependencies) (err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.BootstrapKubeconfig != "" {
|
if s.BootstrapKubeconfig != "" {
|
||||||
if err := bootstrap.LoadClientCert(s.KubeConfig.Value(), s.BootstrapKubeconfig, s.CertDirectory, nodeName); err != nil {
|
if err := bootstrap.LoadClientCert(s.KubeConfig, s.BootstrapKubeconfig, s.CertDirectory, nodeName); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -384,58 +380,52 @@ func run(s *options.KubeletServer, kubeDeps *kubelet.Dependencies) (err error) {
|
|||||||
var externalKubeClient clientset.Interface
|
var externalKubeClient clientset.Interface
|
||||||
|
|
||||||
clientConfig, err := createAPIServerClientConfig(s)
|
clientConfig, err := createAPIServerClientConfig(s)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("invalid kubeconfig: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
var clientCertificateManager certificate.Manager
|
var clientCertificateManager certificate.Manager
|
||||||
if err == nil {
|
if s.RotateCertificates && utilfeature.DefaultFeatureGate.Enabled(features.RotateKubeletClientCertificate) {
|
||||||
if s.RotateCertificates && utilfeature.DefaultFeatureGate.Enabled(features.RotateKubeletClientCertificate) {
|
clientCertificateManager, err = kubeletcertificate.NewKubeletClientCertificateManager(s.CertDirectory, nodeName, clientConfig.CertData, clientConfig.KeyData, clientConfig.CertFile, clientConfig.KeyFile)
|
||||||
clientCertificateManager, err = kubeletcertificate.NewKubeletClientCertificateManager(s.CertDirectory, nodeName, clientConfig.CertData, clientConfig.KeyData, clientConfig.CertFile, clientConfig.KeyFile)
|
if err != nil {
|
||||||
if err != nil {
|
return err
|
||||||
return err
|
|
||||||
}
|
|
||||||
// we set exitIfExpired to true because we use this client configuration to request new certs - if we are unable
|
|
||||||
// to request new certs, we will be unable to continue normal operation
|
|
||||||
if err := kubeletcertificate.UpdateTransport(wait.NeverStop, clientConfig, clientCertificateManager, true); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
// we set exitIfExpired to true because we use this client configuration to request new certs - if we are unable
|
||||||
|
// to request new certs, we will be unable to continue normal operation
|
||||||
|
if err := kubeletcertificate.UpdateTransport(wait.NeverStop, clientConfig, clientCertificateManager, true); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
kubeClient, err = clientset.NewForConfig(clientConfig)
|
kubeClient, err = clientset.NewForConfig(clientConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Warningf("New kubeClient from clientConfig error: %v", err)
|
glog.Warningf("New kubeClient from clientConfig error: %v", err)
|
||||||
} else if kubeClient.CertificatesV1beta1() != nil && clientCertificateManager != nil {
|
} else if kubeClient.CertificatesV1beta1() != nil && clientCertificateManager != nil {
|
||||||
glog.V(2).Info("Starting client certificate rotation.")
|
glog.V(2).Info("Starting client certificate rotation.")
|
||||||
clientCertificateManager.SetCertificateSigningRequestClient(kubeClient.CertificatesV1beta1().CertificateSigningRequests())
|
clientCertificateManager.SetCertificateSigningRequestClient(kubeClient.CertificatesV1beta1().CertificateSigningRequests())
|
||||||
clientCertificateManager.Start()
|
clientCertificateManager.Start()
|
||||||
}
|
}
|
||||||
externalKubeClient, err = clientset.NewForConfig(clientConfig)
|
externalKubeClient, err = clientset.NewForConfig(clientConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Warningf("New kubeClient from clientConfig error: %v", err)
|
glog.Warningf("New kubeClient from clientConfig error: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// make a separate client for events
|
// make a separate client for events
|
||||||
eventClientConfig := *clientConfig
|
eventClientConfig := *clientConfig
|
||||||
eventClientConfig.QPS = float32(s.EventRecordQPS)
|
eventClientConfig.QPS = float32(s.EventRecordQPS)
|
||||||
eventClientConfig.Burst = int(s.EventBurst)
|
eventClientConfig.Burst = int(s.EventBurst)
|
||||||
eventClient, err = v1core.NewForConfig(&eventClientConfig)
|
eventClient, err = v1core.NewForConfig(&eventClientConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Warningf("Failed to create API Server client for Events: %v", err)
|
glog.Warningf("Failed to create API Server client for Events: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// make a separate client for heartbeat with throttling disabled and a timeout attached
|
// make a separate client for heartbeat with throttling disabled and a timeout attached
|
||||||
heartbeatClientConfig := *clientConfig
|
heartbeatClientConfig := *clientConfig
|
||||||
heartbeatClientConfig.Timeout = s.KubeletConfiguration.NodeStatusUpdateFrequency.Duration
|
heartbeatClientConfig.Timeout = s.KubeletConfiguration.NodeStatusUpdateFrequency.Duration
|
||||||
heartbeatClientConfig.QPS = float32(-1)
|
heartbeatClientConfig.QPS = float32(-1)
|
||||||
heartbeatClient, err = v1core.NewForConfig(&heartbeatClientConfig)
|
heartbeatClient, err = v1core.NewForConfig(&heartbeatClientConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Warningf("Failed to create API Server client for heartbeat: %v", err)
|
glog.Warningf("Failed to create API Server client for heartbeat: %v", err)
|
||||||
}
|
|
||||||
} else {
|
|
||||||
switch {
|
|
||||||
case s.RequireKubeConfig:
|
|
||||||
return fmt.Errorf("invalid kubeconfig: %v", err)
|
|
||||||
case s.KubeConfig.Provided():
|
|
||||||
glog.Warningf("invalid kubeconfig: %v", err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
kubeDeps.KubeClient = kubeClient
|
kubeDeps.KubeClient = kubeClient
|
||||||
@ -658,19 +648,15 @@ func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletCo
|
|||||||
|
|
||||||
func kubeconfigClientConfig(s *options.KubeletServer) (*restclient.Config, error) {
|
func kubeconfigClientConfig(s *options.KubeletServer) (*restclient.Config, error) {
|
||||||
return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
|
return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
|
||||||
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.KubeConfig.Value()},
|
&clientcmd.ClientConfigLoadingRules{ExplicitPath: s.KubeConfig},
|
||||||
&clientcmd.ConfigOverrides{},
|
&clientcmd.ConfigOverrides{},
|
||||||
).ClientConfig()
|
).ClientConfig()
|
||||||
}
|
}
|
||||||
|
|
||||||
// createClientConfig creates a client configuration from the command line arguments.
|
// createClientConfig creates a client configuration from the command line arguments.
|
||||||
// If --kubeconfig is explicitly set, it will be used. If it is not set but
|
// If --kubeconfig is explicitly set, it will be used.
|
||||||
// --require-kubeconfig=true, we attempt to load the default kubeconfig file.
|
|
||||||
func createClientConfig(s *options.KubeletServer) (*restclient.Config, error) {
|
func createClientConfig(s *options.KubeletServer) (*restclient.Config, error) {
|
||||||
// If --kubeconfig was not provided, it will have a default path set in cmd/kubelet/app/options/options.go.
|
if s.BootstrapKubeconfig != "" || len(s.KubeConfig) > 0 {
|
||||||
// We only use that default path when --require-kubeconfig=true. The default path is temporary until --require-kubeconfig is removed.
|
|
||||||
// TODO(#41161:v1.10.0): Remove the default kubeconfig path and --require-kubeconfig.
|
|
||||||
if s.BootstrapKubeconfig != "" || s.KubeConfig.Provided() || s.RequireKubeConfig == true {
|
|
||||||
return kubeconfigClientConfig(s)
|
return kubeconfigClientConfig(s)
|
||||||
} else {
|
} else {
|
||||||
return nil, fmt.Errorf("createClientConfig called in standalone mode")
|
return nil, fmt.Errorf("createClientConfig called in standalone mode")
|
||||||
|
Loading…
Reference in New Issue
Block a user