github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #62118 from juju-solutions/bug/privileged

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 60878, 62118, 62126). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix: when privileged is set correctly in charms

**What this PR does / why we need it**: Privileged flag is not correctly set in juju charms causing validation test to fail.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/538

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-04-04 12:01:06 -07:00 committed by GitHub
commit c5fe2ef0a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py
View File

@ -378,9 +378,6 @@ def start_worker(kube_api, kube_control, auth_control, cni):
creds = db.get('credentials') creds = db.get('credentials')
data_changed('kube-control.creds', creds) data_changed('kube-control.creds', creds)
# set --allow-privileged flag for kubelet
set_privileged()
create_config(random.choice(servers), creds) create_config(random.choice(servers), creds)
configure_kubelet(dns, ingress_ip) configure_kubelet(dns, ingress_ip)
configure_kube_proxy(servers, cluster_cidr) configure_kube_proxy(servers, cluster_cidr)
@ -632,8 +629,8 @@ def configure_kubelet(dns, ingress_ip):
if (dns['enable-kube-dns']): if (dns['enable-kube-dns']):
kubelet_opts['cluster-dns'] = dns['sdn-ip'] kubelet_opts['cluster-dns'] = dns['sdn-ip']
privileged = is_state('kubernetes-worker.privileged') # set --allow-privileged flag for kubelet
kubelet_opts['allow-privileged'] = 'true' if privileged else 'false' kubelet_opts['allow-privileged'] = set_privileged()
if is_state('kubernetes-worker.gpu.enabled'): if is_state('kubernetes-worker.gpu.enabled'):
hookenv.log('Adding ' hookenv.log('Adding '
@ -871,8 +868,10 @@ def remove_nrpe_config(nagios=None):
def set_privileged(): def set_privileged():
"""Update the allow-privileged flag for kubelet. """Return 'true' if privileged containers are needed.
This is when a) the user requested them
b) user does not care (auto) and GPUs are available in a pre
1.9 era
""" """
privileged = hookenv.config('allow-privileged').lower() privileged = hookenv.config('allow-privileged').lower()
gpu_needs_privileged = (is_state('kubernetes-worker.gpu.enabled') and gpu_needs_privileged = (is_state('kubernetes-worker.gpu.enabled') and
@ -887,6 +886,8 @@ def set_privileged():
# No need to restart kubernetes (set the restart-needed state) # No need to restart kubernetes (set the restart-needed state)
# because set-privileged is already in the restart path # because set-privileged is already in the restart path
return privileged
@when('config.changed.allow-privileged') @when('config.changed.allow-privileged')
@when('kubernetes-worker.config.created') @when('kubernetes-worker.config.created')