gce: move etcd dir cleanup to manifests

we deploy it as a manifest, not an addon so locate it with the other master manifests.
2025-07-23 11:50:44 +00:00 · 2018-04-23 09:09:28 -07:00 · 2018-04-23 09:09:28 -07:00 · ae73bed1d0
commit ae73bed1d0
parent d23ad1f894
7 changed files with 6 additions and 92 deletions
--- a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-binding.yaml
+++ b/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-binding.yaml
@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gce:podsecuritypolicy:etcd-empty-dir-cleanup
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: gce:podsecuritypolicy:etcd-empty-dir-cleanup
-subjects:
- kind: ServiceAccount
-  name: etcd-empty-dir-cleanup
-  namespace: kube-system
--- a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-role.yaml
+++ b/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-role.yaml
@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: gce:podsecuritypolicy:etcd-empty-dir-cleanup
-  namespace: kube-system
-  labels:
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
-rules:
- apiGroups:
-  - policy
-  resourceNames:
-  - gce.etcd-empty-dir-cleanup
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
--- a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp.yaml
+++ b/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp.yaml
@ -1,31 +0,0 @@
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: gce.etcd-empty-dir-cleanup
-  annotations:
-    kubernetes.io/description: 'Policy used by the etcd-empty-dir-cleanup addon.'
-    # TODO: etcd-empty-dir-cleanup should run with the default seccomp profile
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
-    # 'runtime/default' is already the default, but must be filled in on the
-    # pod to pass admission.
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-  labels:
-    kubernetes.io/cluster-service: 'true'
-    addonmanager.kubernetes.io/mode: Reconcile
-spec:
-  privileged: false
-  volumes:
-  - 'secret'
-  hostNetwork: true
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'RunAsAny'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'RunAsAny'
-  fsGroup:
-    rule: 'RunAsAny'
-  readOnlyRootFilesystem: false
--- a/cluster/gce/gci/BUILD
+++ b/cluster/gce/gci/BUILD
@ -10,7 +10,7 @@ go_test(
    ],
    data = [
        ":scripts-test-data",
-        "//cluster/gce/manifests:manifests-test-data",
+        "//cluster/gce/manifests",
    ],
    deps = [
        "//pkg/api/legacyscheme:go_default_library",
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -1323,7 +1323,8 @@ function prepare-etcd-manifest {
 }

 function start-etcd-empty-dir-cleanup-pod {
-  cp "${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml" "/etc/kubernetes/manifests"
+  local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/etcd-empty-dir-cleanup.yaml"
+  cp "${src_file}" "/etc/kubernetes/manifests"
 }

 # Starts etcd server pod (and etcd-events pod if needed).
--- a/cluster/gce/manifests/BUILD
+++ b/cluster/gce/manifests/BUILD
@ -5,30 +5,18 @@ load("@io_kubernetes_build//defs:pkg.bzl", "pkg_tar")

 pkg_tar(
    name = "gce-master-manifests",
-    srcs = [
-        "abac-authz-policy.jsonl",
-        "cluster-autoscaler.manifest",
-        "e2e-image-puller.manifest",
-        "etcd.manifest",
-        "glbc.manifest",
-        "kms-plugin-container.manifest",
-        "kube-addon-manager.yaml",
-        "kube-apiserver.manifest",
-        "kube-controller-manager.manifest",
-        "kube-proxy.manifest",
-        "kube-scheduler.manifest",
-        "rescheduler.manifest",
-    ],
+    srcs = [":manifests"],
    mode = "0644",
 )

 filegroup(
-    name = "manifests-test-data",
+    name = "manifests",
    srcs = [
        "abac-authz-policy.jsonl",
        "cluster-autoscaler.manifest",
        "e2e-image-puller.manifest",
        "etcd.manifest",
+        "etcd-empty-dir-cleanup.yaml",
        "glbc.manifest",
        "kms-plugin-container.manifest",
        "kube-addon-manager.yaml",
--- a/cluster/addons/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml
+++ b/cluster/addons/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml
@ -1,14 +1,4 @@
 apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: etcd-empty-dir-cleanup
-  namespace: kube-system
-  labels:
-    k8s-app: etcd-empty-dir-cleanup
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
---
-apiVersion: v1
 kind: Pod
 metadata:
  name: etcd-empty-dir-cleanup
@ -19,7 +9,6 @@ metadata:
    k8s-app: etcd-empty-dir-cleanup
 spec:
  priorityClassName: system-node-critical
-  serviceAccountName: etcd-empty-dir-cleanup
  hostNetwork: true
  dnsPolicy: Default
  containers: