mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #62118 from juju-solutions/bug/privileged
Automatic merge from submit-queue (batch tested with PRs 60878, 62118, 62126). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix: when privileged is set correctly in charms **What this PR does / why we need it**: Privileged flag is not correctly set in juju charms causing validation test to fail. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/538 **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
This commit is contained in:
commit
c5fe2ef0a1
@ -378,9 +378,6 @@ def start_worker(kube_api, kube_control, auth_control, cni):
|
|||||||
creds = db.get('credentials')
|
creds = db.get('credentials')
|
||||||
data_changed('kube-control.creds', creds)
|
data_changed('kube-control.creds', creds)
|
||||||
|
|
||||||
# set --allow-privileged flag for kubelet
|
|
||||||
set_privileged()
|
|
||||||
|
|
||||||
create_config(random.choice(servers), creds)
|
create_config(random.choice(servers), creds)
|
||||||
configure_kubelet(dns, ingress_ip)
|
configure_kubelet(dns, ingress_ip)
|
||||||
configure_kube_proxy(servers, cluster_cidr)
|
configure_kube_proxy(servers, cluster_cidr)
|
||||||
@ -632,8 +629,8 @@ def configure_kubelet(dns, ingress_ip):
|
|||||||
if (dns['enable-kube-dns']):
|
if (dns['enable-kube-dns']):
|
||||||
kubelet_opts['cluster-dns'] = dns['sdn-ip']
|
kubelet_opts['cluster-dns'] = dns['sdn-ip']
|
||||||
|
|
||||||
privileged = is_state('kubernetes-worker.privileged')
|
# set --allow-privileged flag for kubelet
|
||||||
kubelet_opts['allow-privileged'] = 'true' if privileged else 'false'
|
kubelet_opts['allow-privileged'] = set_privileged()
|
||||||
|
|
||||||
if is_state('kubernetes-worker.gpu.enabled'):
|
if is_state('kubernetes-worker.gpu.enabled'):
|
||||||
hookenv.log('Adding '
|
hookenv.log('Adding '
|
||||||
@ -871,8 +868,10 @@ def remove_nrpe_config(nagios=None):
|
|||||||
|
|
||||||
|
|
||||||
def set_privileged():
|
def set_privileged():
|
||||||
"""Update the allow-privileged flag for kubelet.
|
"""Return 'true' if privileged containers are needed.
|
||||||
|
This is when a) the user requested them
|
||||||
|
b) user does not care (auto) and GPUs are available in a pre
|
||||||
|
1.9 era
|
||||||
"""
|
"""
|
||||||
privileged = hookenv.config('allow-privileged').lower()
|
privileged = hookenv.config('allow-privileged').lower()
|
||||||
gpu_needs_privileged = (is_state('kubernetes-worker.gpu.enabled') and
|
gpu_needs_privileged = (is_state('kubernetes-worker.gpu.enabled') and
|
||||||
@ -887,6 +886,8 @@ def set_privileged():
|
|||||||
# No need to restart kubernetes (set the restart-needed state)
|
# No need to restart kubernetes (set the restart-needed state)
|
||||||
# because set-privileged is already in the restart path
|
# because set-privileged is already in the restart path
|
||||||
|
|
||||||
|
return privileged
|
||||||
|
|
||||||
|
|
||||||
@when('config.changed.allow-privileged')
|
@when('config.changed.allow-privileged')
|
||||||
@when('kubernetes-worker.config.created')
|
@when('kubernetes-worker.config.created')
|
||||||
|
Loading…
Reference in New Issue
Block a user