Merge pull request #62118 from juju-solutions/bug/privileged

Automatic merge from submit-queue (batch tested with PRs 60878, 62118, 62126). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix: when privileged is set correctly in charms **What this PR does / why we need it**: Privileged flag is not correctly set in juju charms causing validation test to fail. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/538 **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
2025-07-22 19:31:44 +00:00 · 2018-04-04 12:01:06 -07:00 · 2018-04-04 12:01:06 -07:00 · c5fe2ef0a1
commit c5fe2ef0a1
parent aa565dcc24 708b180266
1 changed files with 8 additions and 7 deletions
--- a/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py
+++ b/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py
@ -378,9 +378,6 @@ def start_worker(kube_api, kube_control, auth_control, cni):
    creds = db.get('credentials')
    data_changed('kube-control.creds', creds)

-    # set --allow-privileged flag for kubelet
-    set_privileged()
-
    create_config(random.choice(servers), creds)
    configure_kubelet(dns, ingress_ip)
    configure_kube_proxy(servers, cluster_cidr)
@ -632,8 +629,8 @@ def configure_kubelet(dns, ingress_ip):
    if (dns['enable-kube-dns']):
        kubelet_opts['cluster-dns'] = dns['sdn-ip']

-    privileged = is_state('kubernetes-worker.privileged')
-    kubelet_opts['allow-privileged'] = 'true' if privileged else 'false'
+    # set --allow-privileged flag for kubelet
+    kubelet_opts['allow-privileged'] = set_privileged()

    if is_state('kubernetes-worker.gpu.enabled'):
        hookenv.log('Adding '
@ -871,8 +868,10 @@ def remove_nrpe_config(nagios=None):


 def set_privileged():
-    """Update the allow-privileged flag for kubelet.
-
+    """Return 'true' if privileged containers are needed.
+    This is when a) the user requested them
+                 b) user does not care (auto) and GPUs are available in a pre
+                    1.9 era
    """
    privileged = hookenv.config('allow-privileged').lower()
    gpu_needs_privileged = (is_state('kubernetes-worker.gpu.enabled') and
@ -887,6 +886,8 @@ def set_privileged():
        # No need to restart kubernetes (set the restart-needed state)
        # because set-privileged is already in the restart path

+    return privileged
+

@when('config.changed.allow-privileged')
@when('kubernetes-worker.config.created')