github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 12:43:23 +00:00
Code Issues Projects Releases Wiki Activity

Group container-runtime-specific flags/options together

Browse Source 
Do not store them in kubelet's configuration. Eventually, we would like
to deprecate all these flags as they should not be part of kubelet.
This commit is contained in:
Yu-Ju Hong 2017-05-24 15:19:54 -07:00
parent 017e61c76f
commit c82350214e
12 changed files with 189 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/kubelet/app/options/BUILD
View File

@ -9,7 +9,10 @@ load(
go_library(
name = "go_default_library",
srcs = ["options.go"],
srcs = [
"container_runtime.go",
"options.go",
],
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
@ -18,6 +21,7 @@ go_library(
"//pkg/apis/componentconfig/v1alpha1:go_default_library",
"//pkg/util/taints:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//vendor/k8s.io/apiserver/pkg/util/flag:go_default_library",
],

145
cmd/kubelet/app/options/container_runtime.go Normal file
View File

@ -0,0 +1,145 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"runtime"
"time"
"github.com/spf13/pflag"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
// When these values are updated, also update test/e2e/framework/util.go
defaultPodSandboxImageName = "gcr.io/google_containers/pause"
defaultPodSandboxImageVersion = "3.0"
// From pkg/kubelet/rkt/rkt.go to avoid circular import
defaultRktAPIServiceEndpoint = "localhost:15441"
)
var (
defaultPodSandboxImage = defaultPodSandboxImageName +
"-" + runtime.GOARCH + ":" +
defaultPodSandboxImageVersion
)
type ContainerRuntimeOptions struct {
// Docker-specific options.
// DockershimRootDirectory is the path to the dockershim root directory. Defaults to
// /var/lib/dockershim if unset. Exposed for integration testing (e.g. in OpenShift).
DockershimRootDirectory string
// Enable dockershim only mode.
ExperimentalDockershim bool
// This flag, if set, disables use of a shared PID namespace for pods running in the docker CRI runtime.
// A shared PID namespace is the only option in non-docker runtimes and is required by the CRI. The ability to
// disable it for docker will be removed unless a compelling use case is discovered with widespread use.
// TODO: Remove once we no longer support disabling shared PID namespace (https://issues.k8s.io/41938)
DockerDisableSharedPID bool
// PodSandboxImage is the image whose network/ipc namespaces
// containers in each pod will use.
PodSandboxImage string
// DockerEndpoint is the path to the docker endpoint to communicate with.
DockerEndpoint string
// DockerExecHandlerName is the handler to use when executing a command
// in a container. Valid values are 'native' and 'nsenter'. Defaults to
// 'native'.
DockerExecHandlerName string
// If no pulling progress is made before the deadline imagePullProgressDeadline,
// the image pulling will be cancelled. Defaults to 1m0s.
// +optional
ImagePullProgressDeadline metav1.Duration
// Network plugin options.
// networkPluginName is the name of the network plugin to be invoked for
// various events in kubelet/pod lifecycle
NetworkPluginName string
// NetworkPluginMTU is the MTU to be passed to the network plugin,
// and overrides the default MTU for cases where it cannot be automatically
// computed (such as IPSEC).
NetworkPluginMTU int32
// NetworkPluginDir is the full path of the directory in which to search
// for network plugins (and, for backwards-compat, CNI config files)
NetworkPluginDir string
// CNIConfDir is the full path of the directory in which to search for
// CNI config files
CNIConfDir string
// CNIBinDir is the full path of the directory in which to search for
// CNI plugin binaries
CNIBinDir string
// rkt-specific options.
// rktPath is the path of rkt binary. Leave empty to use the first rkt in $PATH.
RktPath string
// rktApiEndpoint is the endpoint of the rkt API service to communicate with.
RktAPIEndpoint string
// rktStage1Image is the image to use as stage1. Local paths and
// http/https URLs are supported.
RktStage1Image string
}
// NewContainerRuntimeOptions will create a new ContainerRuntimeOptions with
// default values.
func NewContainerRuntimeOptions() *ContainerRuntimeOptions {
dockerEndpoint := ""
if runtime.GOOS != "windows" {
dockerEndpoint = "unix:///var/run/docker.sock"
}
return &ContainerRuntimeOptions{
DockerEndpoint: dockerEndpoint,
DockershimRootDirectory: "/var/lib/dockershim",
DockerExecHandlerName: "native",
PodSandboxImage: defaultPodSandboxImage,
ImagePullProgressDeadline: metav1.Duration{Duration: 1 * time.Minute},
RktAPIEndpoint: defaultRktAPIServiceEndpoint,
ExperimentalDockershim: false,
}
}
func (s *ContainerRuntimeOptions) AddFlags(fs *pflag.FlagSet) {
// Docker-specific settings.
fs.BoolVar(&s.ExperimentalDockershim, "experimental-dockershim", s.ExperimentalDockershim, "Enable dockershim only mode. In this mode, kubelet will only start dockershim without any other functionalities. This flag only serves test purpose, please do not use it unless you are conscious of what you are doing. [default=false]")
fs.MarkHidden("experimental-dockershim")
fs.StringVar(&s.DockershimRootDirectory, "experimental-dockershim-root-directory", s.DockershimRootDirectory, "Path to the dockershim root directory.")
fs.MarkHidden("experimental-dockershim-root-directory")
fs.BoolVar(&s.DockerDisableSharedPID, "docker-disable-shared-pid", s.DockerDisableSharedPID, "The Container Runtime Interface (CRI) defaults to using a shared PID namespace for containers in a pod when running with Docker 1.13.1 or higher. Setting this flag reverts to the previous behavior of isolated PID namespaces. This ability will be removed in a future Kubernetes release.")
fs.StringVar(&s.PodSandboxImage, "pod-infra-container-image", s.PodSandboxImage, "The image whose network/ipc namespaces containers in each pod will use.")
fs.StringVar(&s.DockerEndpoint, "docker-endpoint", s.DockerEndpoint, "Use this for the docker endpoint to communicate with")
// TODO(#40229): Remove the docker-exec-handler flag.
fs.StringVar(&s.DockerExecHandlerName, "docker-exec-handler", s.DockerExecHandlerName, "Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'. Defaults to 'native'.")
fs.MarkDeprecated("docker-exec-handler", "this flag will be removed and only the 'native' handler will be supported in the future.")
fs.DurationVar(&s.ImagePullProgressDeadline.Duration, "image-pull-progress-deadline", s.ImagePullProgressDeadline.Duration, "If no pulling progress is made before this deadline, the image pulling will be cancelled.")
// Network plugin settings. Shared by both docker and rkt.
fs.StringVar(&s.NetworkPluginName, "network-plugin", s.NetworkPluginName, "<Warning: Alpha feature> The name of the network plugin to be invoked for various events in kubelet/pod lifecycle")
fs.StringVar(&s.NetworkPluginDir, "network-plugin-dir", s.NetworkPluginDir, "<Warning: Alpha feature> The full path of the directory in which to search for network plugins or CNI config")
fs.StringVar(&s.CNIConfDir, "cni-conf-dir", s.CNIConfDir, "<Warning: Alpha feature> The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d")
fs.StringVar(&s.CNIBinDir, "cni-bin-dir", s.CNIBinDir, "<Warning: Alpha feature> The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin")
fs.Int32Var(&s.NetworkPluginMTU, "network-plugin-mtu", s.NetworkPluginMTU, "<Warning: Alpha feature> The MTU to be passed to the network plugin, to override the default. Set to 0 to use the default 1460 MTU.")
// Rkt-specific settings.
fs.StringVar(&s.RktPath, "rkt-path", s.RktPath, "Path of rkt binary. Leave empty to use the first rkt in $PATH. Only used if --container-runtime='rkt'.")
fs.StringVar(&s.RktAPIEndpoint, "rkt-api-endpoint", s.RktAPIEndpoint, "The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'.")
fs.StringVar(&s.RktStage1Image, "rkt-stage1-image", s.RktStage1Image, "image to use as stage1. Local paths and http/https URLs are supported. If empty, the 'stage1.aci' in the same directory as '--rkt-path' will be used.")
fs.MarkDeprecated("rkt-stage1-image", "Will be removed in a future version. The default stage1 image will be specified by the rkt configurations, see https://github.com/coreos/rkt/blob/master/Documentation/configuration.md for more details.")
}

32
cmd/kubelet/app/options/options.go
View File

@ -74,13 +74,12 @@ type KubeletFlags struct {
// If set, kubelet will use this IP address for the node.
NodeIP string
// DockershimRootDirectory is the path to the dockershim root directory. Defaults to
// /var/lib/dockershim if unset. Exposed for integration testing (e.g. in OpenShift).
DockershimRootDirectory string
// This flag, if set, sets the unique id of the instance that an external provider (i.e. cloudprovider)
// can use to identify a specific node
ProviderID string
// Container-runtime-specific options.
ContainerRuntimeOptions
}
// KubeletServer encapsulates all of the parameters necessary for starting up
@ -100,7 +99,7 @@ func NewKubeletServer() *KubeletServer {
KubeletFlags: KubeletFlags{
KubeConfig: flag.NewStringFlag("/var/lib/kubelet/kubeconfig"),
RequireKubeConfig: false,
DockershimRootDirectory: "/var/lib/dockershim",
ContainerRuntimeOptions: *NewContainerRuntimeOptions(),
},
KubeletConfiguration: config,
}
@ -111,13 +110,14 @@ type kubeletConfiguration componentconfig.KubeletConfiguration
// AddFlags adds flags for a specific KubeletServer to the specified FlagSet
func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
var kc *kubeletConfiguration = (*kubeletConfiguration)(&s.KubeletConfiguration)
s.KubeletFlags.AddFlags(fs)
kc.addFlags(fs)
}
// AddFlags adds flags for a specific KubeletFlags to the specified FlagSet
func (f *KubeletFlags) AddFlags(fs *pflag.FlagSet) {
f.ContainerRuntimeOptions.AddFlags(fs)
fs.Var(&f.KubeConfig, "kubeconfig", "Path to a kubeconfig file, specifying how to connect to the API server. --api-servers will be used for the location unless --require-kubeconfig is set.")
fs.BoolVar(&f.RequireKubeConfig, "require-kubeconfig", f.RequireKubeConfig, "If true the Kubelet will exit if there are configuration errors, and will ignore the value of --api-servers in favor of the server defined in the kubeconfig file.")
@ -139,9 +139,7 @@ func (f *KubeletFlags) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&f.NodeIP, "node-ip", f.NodeIP, "IP address of the node. If set, kubelet will use this IP address for the node")
fs.StringVar(&f.DockershimRootDirectory, "experimental-dockershim-root-directory", f.DockershimRootDirectory, "Path to the dockershim root directory.")
fs.StringVar(&f.ProviderID, "provider-id", f.ProviderID, "Unique identifier for identifying the node in a machine database, i.e cloudprovider")
fs.MarkHidden("experimental-dockershim-root-directory")
}
// addFlags adds flags for a specific componentconfig.KubeletConfiguration to the specified FlagSet
@ -190,8 +188,6 @@ func (c *kubeletConfiguration) addFlags(fs *pflag.FlagSet) {
fs.StringVar(&c.CertDirectory, "cert-dir", c.CertDirectory, "The directory where the TLS certs are located. "+
"If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.")
fs.StringVar(&c.PodInfraContainerImage, "pod-infra-container-image", c.PodInfraContainerImage, "The image whose network/ipc namespaces containers in each pod will use.")
fs.StringVar(&c.DockerEndpoint, "docker-endpoint", c.DockerEndpoint, "Use this for the docker endpoint to communicate with")
fs.StringVar(&c.RootDirectory, "root-dir", c.RootDirectory, "Directory path for managing kubelet files (volume mounts,etc).")
fs.StringVar(&c.SeccompProfileRoot, "seccomp-profile-root", c.SeccompProfileRoot, "Directory path for seccomp profiles.")
fs.BoolVar(&c.AllowPrivileged, "allow-privileged", c.AllowPrivileged, "If true, allow containers to request privileged mode.")
@ -231,11 +227,6 @@ func (c *kubeletConfiguration) addFlags(fs *pflag.FlagSet) {
fs.Int32Var(&c.LowDiskSpaceThresholdMB, "low-diskspace-threshold-mb", c.LowDiskSpaceThresholdMB, "The absolute free disk space, in MB, to maintain. When disk space falls below this threshold, new pods would be rejected.")
fs.MarkDeprecated("low-diskspace-threshold-mb", "Use --eviction-hard instead. Will be removed in a future version.")
fs.DurationVar(&c.VolumeStatsAggPeriod.Duration, "volume-stats-agg-period", c.VolumeStatsAggPeriod.Duration, "Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes. To disable volume calculations, set to 0.")
fs.StringVar(&c.NetworkPluginName, "network-plugin", c.NetworkPluginName, "<Warning: Alpha feature> The name of the network plugin to be invoked for various events in kubelet/pod lifecycle")
fs.StringVar(&c.NetworkPluginDir, "network-plugin-dir", c.NetworkPluginDir, "<Warning: Alpha feature> The full path of the directory in which to search for network plugins or CNI config")
fs.StringVar(&c.CNIConfDir, "cni-conf-dir", c.CNIConfDir, "<Warning: Alpha feature> The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d")
fs.StringVar(&c.CNIBinDir, "cni-bin-dir", c.CNIBinDir, "<Warning: Alpha feature> The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin")
fs.Int32Var(&c.NetworkPluginMTU, "network-plugin-mtu", c.NetworkPluginMTU, "<Warning: Alpha feature> The MTU to be passed to the network plugin, to override the default. Set to 0 to use the default 1460 MTU.")
fs.StringVar(&c.VolumePluginDir, "volume-plugin-dir", c.VolumePluginDir, "<Warning: Alpha feature> The full path of the directory in which to search for additional third party volume plugins")
fs.StringVar(&c.CloudProvider, "cloud-provider", c.CloudProvider, "The provider for cloud services. By default, kubelet will attempt to auto-detect the cloud provider. Specify empty string for running with no cloud provider.")
fs.StringVar(&c.CloudConfigFile, "cloud-config", c.CloudConfigFile, "The path to the cloud provider configuration file. Empty string for no configuration file.")
@ -250,19 +241,11 @@ func (c *kubeletConfiguration) addFlags(fs *pflag.FlagSet) {
fs.StringVar(&c.CgroupRoot, "cgroup-root", c.CgroupRoot, "Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.")
fs.StringVar(&c.ContainerRuntime, "container-runtime", c.ContainerRuntime, "The container runtime to use. Possible values: 'docker', 'rkt'.")
fs.DurationVar(&c.RuntimeRequestTimeout.Duration, "runtime-request-timeout", c.RuntimeRequestTimeout.Duration, "Timeout of all runtime requests except long running request - pull, logs, exec and attach. When timeout exceeded, kubelet will cancel the request, throw out an error and retry later.")
fs.DurationVar(&c.ImagePullProgressDeadline.Duration, "image-pull-progress-deadline", c.ImagePullProgressDeadline.Duration, "If no pulling progress is made before this deadline, the image pulling will be cancelled.")
fs.StringVar(&c.LockFilePath, "lock-file", c.LockFilePath, "<Warning: Alpha feature> The path to file for kubelet to use as a lock file.")
fs.BoolVar(&c.ExitOnLockContention, "exit-on-lock-contention", c.ExitOnLockContention, "Whether kubelet should exit upon lock-file contention.")
fs.StringVar(&c.RktPath, "rkt-path", c.RktPath, "Path of rkt binary. Leave empty to use the first rkt in $PATH. Only used if --container-runtime='rkt'.")
fs.StringVar(&c.ExperimentalMounterPath, "experimental-mounter-path", c.ExperimentalMounterPath, "[Experimental] Path of mounter binary. Leave empty to use the default mount.")
fs.StringVar(&c.RktAPIEndpoint, "rkt-api-endpoint", c.RktAPIEndpoint, "The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'.")
fs.StringVar(&c.RktStage1Image, "rkt-stage1-image", c.RktStage1Image, "image to use as stage1. Local paths and http/https URLs are supported. If empty, the 'stage1.aci' in the same directory as '--rkt-path' will be used.")
fs.MarkDeprecated("rkt-stage1-image", "Will be removed in a future version. The default stage1 image will be specified by the rkt configurations, see https://github.com/coreos/rkt/blob/master/Documentation/configuration.md for more details.")
fs.StringVar(&c.HairpinMode, "hairpin-mode", c.HairpinMode, "How should the kubelet setup hairpin NAT. This allows endpoints of a Service to loadbalance back to themselves if they should try to access their own Service. Valid values are \"promiscuous-bridge\", \"hairpin-veth\" and \"none\".")
fs.Int32Var(&c.MaxPods, "max-pods", c.MaxPods, "Number of Pods that can run on this Kubelet.")
// TODO(#40229): Remove the docker-exec-handler flag.
fs.StringVar(&c.DockerExecHandlerName, "docker-exec-handler", c.DockerExecHandlerName, "Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'.")
fs.MarkDeprecated("docker-exec-handler", "this flag will be removed and only the 'native' handler will be supported in the future.")
fs.StringVar(&c.NonMasqueradeCIDR, "non-masquerade-cidr", c.NonMasqueradeCIDR, "Traffic to IPs outside this range will use IP masquerade. Set to '0.0.0.0/0' to never masquerade.")
fs.MarkDeprecated("non-masquerade-cidr", "will be removed in a future version")
fs.StringVar(&c.PodCIDR, "pod-cidr", "", "The CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master.")
@ -301,11 +284,8 @@ func (c *kubeletConfiguration) addFlags(fs *pflag.FlagSet) {
fs.BoolVar(&c.KeepTerminatedPodVolumes, "keep-terminated-pod-volumes", c.KeepTerminatedPodVolumes, "Keep terminated pod volumes mounted to the node after the pod terminates. Can be useful for debugging volume related issues.")
// CRI flags.
fs.BoolVar(&c.ExperimentalDockershim, "experimental-dockershim", c.ExperimentalDockershim, "Enable dockershim only mode. In this mode, kubelet will only start dockershim without any other functionalities. This flag only serves test purpose, please do not use it unless you are conscious of what you are doing. [default=false]")
fs.MarkHidden("experimental-dockershim")
fs.StringVar(&c.RemoteRuntimeEndpoint, "container-runtime-endpoint", c.RemoteRuntimeEndpoint, "[Experimental] The endpoint of remote runtime service. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'")
fs.StringVar(&c.RemoteImageEndpoint, "image-service-endpoint", c.RemoteImageEndpoint, "[Experimental] The endpoint of remote image service. If not specified, it will be the same with container-runtime-endpoint by default. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'")
fs.BoolVar(&c.DockerDisableSharedPID, "docker-disable-shared-pid", c.DockerDisableSharedPID, "The Container Runtime Interface (CRI) defaults to using a shared PID namespace for containers in a pod when running with Docker 1.13.1 or higher. Setting this flag reverts to the previous behavior of isolated PID namespaces. This ability will be removed in a future Kubernetes release.")
fs.BoolVar(&c.ExperimentalCheckNodeCapabilitiesBeforeMount, "experimental-check-node-capabilities-before-mount", c.ExperimentalCheckNodeCapabilitiesBeforeMount, "[Experimental] if set true, the kubelet will check the underlying node for required componenets (binaries, etc.) before performing the mount")

28
cmd/kubelet/app/server.go
View File

@ -810,7 +810,7 @@ func RunKubelet(kubeFlags *options.KubeletFlags, kubeCfg *componentconfig.Kubele
if kubeDeps.OSInterface == nil {
kubeDeps.OSInterface = kubecontainer.RealOS{}
}
k, err := builder(kubeCfg, kubeDeps, standaloneMode, kubeFlags.HostnameOverride, kubeFlags.NodeIP, kubeFlags.DockershimRootDirectory, kubeFlags.ProviderID)
k, err := builder(kubeCfg, kubeDeps, &kubeFlags.ContainerRuntimeOptions, standaloneMode, kubeFlags.HostnameOverride, kubeFlags.NodeIP, kubeFlags.ProviderID)
if err != nil {
return fmt.Errorf("failed to create kubelet: %v", err)
}
@ -890,11 +890,11 @@ func startKubelet(k kubelet.KubeletBootstrap, podCfg *config.PodConfig, kubeCfg
}
}
func CreateAndInitKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *kubelet.KubeletDeps, standaloneMode bool, hostnameOverride, nodeIP, dockershimRootDir, providerID string) (k kubelet.KubeletBootstrap, err error) {
func CreateAndInitKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *kubelet.KubeletDeps, crOptions *options.ContainerRuntimeOptions, standaloneMode bool, hostnameOverride, nodeIP, providerID string) (k kubelet.KubeletBootstrap, err error) {
// TODO: block until all sources have delivered at least one update to the channel, or break the sync loop
// up into "per source" synchronizations
k, err = kubelet.NewMainKubelet(kubeCfg, kubeDeps, standaloneMode, hostnameOverride, nodeIP, dockershimRootDir, providerID)
k, err = kubelet.NewMainKubelet(kubeCfg, kubeDeps, crOptions, standaloneMode, hostnameOverride, nodeIP, providerID)
if err != nil {
return nil, err
}
@ -934,24 +934,24 @@ func parseResourceList(m componentconfig.ConfigurationMap) (v1.ResourceList, err
// RunDockershim only starts the dockershim in current process. This is only used for cri validate testing purpose
// TODO(random-liu): Move this to a separate binary.
func RunDockershim(c *componentconfig.KubeletConfiguration, dockershimRootDir string) error {
func RunDockershim(c *componentconfig.KubeletConfiguration, r *options.ContainerRuntimeOptions) error {
// Create docker client.
dockerClient := libdocker.ConnectToDockerOrDie(c.DockerEndpoint, c.RuntimeRequestTimeout.Duration,
c.ImagePullProgressDeadline.Duration)
dockerClient := libdocker.ConnectToDockerOrDie(r.DockerEndpoint, c.RuntimeRequestTimeout.Duration,
r.ImagePullProgressDeadline.Duration)
// Initialize network plugin settings.
binDir := c.CNIBinDir
binDir := r.CNIBinDir
if binDir == "" {
binDir = c.NetworkPluginDir
binDir = r.NetworkPluginDir
}
nh := &kubelet.NoOpLegacyHost{}
pluginSettings := dockershim.NetworkPluginSettings{
HairpinMode: componentconfig.HairpinMode(c.HairpinMode),
NonMasqueradeCIDR: c.NonMasqueradeCIDR,
PluginName: c.NetworkPluginName,
PluginConfDir: c.CNIConfDir,
PluginName: r.NetworkPluginName,
PluginConfDir: r.CNIConfDir,
PluginBinDir: binDir,
MTU: int(c.NetworkPluginMTU),
MTU: int(r.NetworkPluginMTU),
LegacyRuntimeHost: nh,
}
@ -965,9 +965,9 @@ func RunDockershim(c *componentconfig.KubeletConfiguration, dockershimRootDir st
SupportedPortForwardProtocols: streaming.DefaultConfig.SupportedPortForwardProtocols,
}
ds, err := dockershim.NewDockerService(dockerClient, c.SeccompProfileRoot, c.PodInfraContainerImage,
streamingConfig, &pluginSettings, c.RuntimeCgroups, c.CgroupDriver, c.DockerExecHandlerName, dockershimRootDir,
c.DockerDisableSharedPID)
ds, err := dockershim.NewDockerService(dockerClient, c.SeccompProfileRoot, r.PodSandboxImage,
streamingConfig, &pluginSettings, c.RuntimeCgroups, c.CgroupDriver, r.DockerExecHandlerName, r.DockershimRootDirectory,
r.DockerDisableSharedPID)
if err != nil {
return err
}

2
cmd/kubelet/kubelet.go
View File

@ -46,7 +46,7 @@ func main() {
verflag.PrintAndExitIfRequested()
if s.ExperimentalDockershim {
if err := app.RunDockershim(&s.KubeletConfiguration, s.DockershimRootDirectory); err != nil {
if err := app.RunDockershim(&s.KubeletConfiguration, &s.ContainerRuntimeOptions); err != nil {
fmt.Fprintf(os.Stderr, "error: %v\n", err)
os.Exit(1)
}

48
pkg/apis/componentconfig/types.go
View File

@ -219,11 +219,6 @@ type KubeletConfiguration struct {
Authentication KubeletAuthentication
// authorization specifies how requests to the Kubelet's server are authorized
Authorization KubeletAuthorization
// podInfraContainerImage is the image whose network/ipc namespaces
// containers in each pod will use.
PodInfraContainerImage string
// dockerEndpoint is the path to the docker endpoint to communicate with.
DockerEndpoint string
// rootDirectory is the directory path to place kubelet files (volume
// mounts,etc).
RootDirectory string
@ -316,22 +311,6 @@ type KubeletConfiguration struct {
LowDiskSpaceThresholdMB int32
// How frequently to calculate and cache volume disk usage for all pods
VolumeStatsAggPeriod metav1.Duration
// networkPluginName is the name of the network plugin to be invoked for
// various events in kubelet/pod lifecycle
NetworkPluginName string
// networkPluginMTU is the MTU to be passed to the network plugin,
// and overrides the default MTU for cases where it cannot be automatically
// computed (such as IPSEC).
NetworkPluginMTU int32
// networkPluginDir is the full path of the directory in which to search
// for network plugins (and, for backwards-compat, CNI config files)
NetworkPluginDir string
// CNIConfDir is the full path of the directory in which to search for
// CNI config files
CNIConfDir string
// CNIBinDir is the full path of the directory in which to search for
// CNI plugin binaries
CNIBinDir string
// volumePluginDir is the full path of the directory in which to search
// for additional third party volume plugins
VolumePluginDir string
@ -374,23 +353,8 @@ type KubeletConfiguration struct {
// requests - pull, logs, exec and attach.
// +optional
RuntimeRequestTimeout metav1.Duration
// If no pulling progress is made before the deadline imagePullProgressDeadline,
// the image pulling will be cancelled. Defaults to 1m0s.
// +optional
ImagePullProgressDeadline metav1.Duration
// rktPath is the path of rkt binary. Leave empty to use the first rkt in
// $PATH.
// +optional
RktPath string
// experimentalMounterPath is the path of mounter binary. Leave empty to use the default mount path
ExperimentalMounterPath string
// rktApiEndpoint is the endpoint of the rkt API service to communicate with.
// +optional
RktAPIEndpoint string
// rktStage1Image is the image to use as stage1. Local paths and
// http/https URLs are supported.
// +optional
RktStage1Image string
// lockFilePath is the path that kubelet will use to as a lock file.
// It uses this file as a lock to synchronize with other kubelet processes
// that may be running.
@ -411,10 +375,6 @@ type KubeletConfiguration struct {
HairpinMode string
// maxPods is the number of pods that can run on this Kubelet.
MaxPods int32
// dockerExecHandlerName is the handler to use when executing a command
// in a container. Valid values are 'native' and 'nsenter'. Defaults to
// 'native'.
DockerExecHandlerName string
// The CIDR to use for pod IP addresses, only used in standalone mode.
// In cluster mode, this is obtained from the master.
PodCIDR string
@ -509,9 +469,6 @@ type KubeletConfiguration struct {
// featureGates is a string of comma-separated key=value pairs that describe feature
// gates for alpha/experimental features.
FeatureGates string
// Enable dockershim only mode.
// +optional
ExperimentalDockershim bool
// TODO(#34726:1.8.0): Remove the opt-in for failing when swap is enabled.
// Tells the Kubelet to fail to start if swap is enabled on the node.
ExperimentalFailSwapOn bool
@ -522,11 +479,6 @@ type KubeletConfiguration struct {
// This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node.
// This can be useful for debugging volume related issues.
KeepTerminatedPodVolumes bool
// This flag, if set, disables use of a shared PID namespace for pods running in the docker CRI runtime.
// A shared PID namespace is the only option in non-docker runtimes and is required by the CRI. The ability to
// disable it for docker will be removed unless a compelling use case is discovered with widespread use.
// TODO: Remove once we no longer support disabling shared PID namespace (https://issues.k8s.io/41938)
DockerDisableSharedPID bool
/* following flags are meant for Node Allocatable */

28
pkg/apis/componentconfig/v1alpha1/defaults.go
View File

@ -35,16 +35,6 @@ import (
const (
defaultRootDir = "/var/lib/kubelet"
// When these values are updated, also update test/e2e/framework/util.go
defaultPodInfraContainerImageName = "gcr.io/google_containers/pause"
defaultPodInfraContainerImageVersion = "3.0"
defaultPodInfraContainerImage = defaultPodInfraContainerImageName +
"-" + runtime.GOARCH + ":" +
defaultPodInfraContainerImageVersion
// From pkg/kubelet/rkt/rkt.go to avoid circular import
defaultRktAPIServiceEndpoint = "localhost:15441"
AutoDetectCloudProvider = "auto-detect"
defaultIPTablesMasqueradeBit = 14
@ -240,18 +230,9 @@ func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration) {
if obj.RuntimeRequestTimeout == zeroDuration {
obj.RuntimeRequestTimeout = metav1.Duration{Duration: 2 * time.Minute}
}
if obj.ImagePullProgressDeadline == zeroDuration {
obj.ImagePullProgressDeadline = metav1.Duration{Duration: 1 * time.Minute}
}
if obj.CPUCFSQuota == nil {
obj.CPUCFSQuota = boolVar(true)
}
if obj.DockerExecHandlerName == "" {
obj.DockerExecHandlerName = "native"
}
if obj.DockerEndpoint == "" && runtime.GOOS != "windows" {
obj.DockerEndpoint = "unix:///var/run/docker.sock"
}
if obj.EventBurst == 0 {
obj.EventBurst = 10
}
@ -336,9 +317,6 @@ func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration) {
temp := int32(qos.KubeletOOMScoreAdj)
obj.OOMScoreAdj = &temp
}
if obj.PodInfraContainerImage == "" {
obj.PodInfraContainerImage = defaultPodInfraContainerImage
}
if obj.Port == 0 {
obj.Port = ports.KubeletPort
}
@ -361,9 +339,6 @@ func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration) {
if obj.ResolverConfig == "" {
obj.ResolverConfig = kubetypes.ResolvConfDefault
}
if obj.RktAPIEndpoint == "" {
obj.RktAPIEndpoint = defaultRktAPIServiceEndpoint
}
if obj.RootDirectory == "" {
obj.RootDirectory = defaultRootDir
}
@ -435,9 +410,6 @@ func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration) {
if obj.EnforceNodeAllocatable == nil {
obj.EnforceNodeAllocatable = defaultNodeAllocatableEnforcement
}
if obj.ExperimentalDockershim == nil {
obj.ExperimentalDockershim = boolVar(false)
}
if obj.RemoteRuntimeEndpoint == "" {
if runtime.GOOS == "linux" {
obj.RemoteRuntimeEndpoint = "unix:///var/run/dockershim.sock"

41
pkg/apis/componentconfig/v1alpha1/types.go
View File

@ -293,11 +293,6 @@ type KubeletConfiguration struct {
Authentication KubeletAuthentication `json:"authentication"`
// authorization specifies how requests to the Kubelet's server are authorized
Authorization KubeletAuthorization `json:"authorization"`
// podInfraContainerImage is the image whose network/ipc namespaces
// containers in each pod will use.
PodInfraContainerImage string `json:"podInfraContainerImage"`
// dockerEndpoint is the path to the docker endpoint to communicate with.
DockerEndpoint string `json:"dockerEndpoint"`
// rootDirectory is the directory path to place kubelet files (volume
// mounts,etc).
RootDirectory string `json:"rootDirectory"`
@ -391,22 +386,6 @@ type KubeletConfiguration struct {
LowDiskSpaceThresholdMB int32 `json:"lowDiskSpaceThresholdMB"`
// How frequently to calculate and cache volume disk usage for all pods
VolumeStatsAggPeriod metav1.Duration `json:"volumeStatsAggPeriod"`
// networkPluginName is the name of the network plugin to be invoked for
// various events in kubelet/pod lifecycle
NetworkPluginName string `json:"networkPluginName"`
// networkPluginDir is the full path of the directory in which to search
// for network plugins (and, for backwards-compat, CNI config files)
NetworkPluginDir string `json:"networkPluginDir"`
// CNIConfDir is the full path of the directory in which to search for
// CNI config files
CNIConfDir string `json:"cniConfDir"`
// CNIBinDir is the full path of the directory in which to search for
// CNI plugin binaries
CNIBinDir string `json:"cniBinDir"`
// networkPluginMTU is the MTU to be passed to the network plugin,
// and overrides the default MTU for cases where it cannot be automatically
// computed (such as IPSEC).
NetworkPluginMTU int32 `json:"networkPluginMTU"`
// volumePluginDir is the full path of the directory in which to search
// for additional third party volume plugins
VolumePluginDir string `json:"volumePluginDir"`
@ -442,20 +421,9 @@ type KubeletConfiguration struct {
// runtimeRequestTimeout is the timeout for all runtime requests except long running
// requests - pull, logs, exec and attach.
RuntimeRequestTimeout metav1.Duration `json:"runtimeRequestTimeout"`
// If no pulling progress is made before the deadline imagePullProgressDeadline,
// the image pulling will be cancelled. Defaults to 1m0s.
ImagePullProgressDeadline metav1.Duration `json:"imagePullProgressDeadline,omitempty"`
// rktPath is the path of rkt binary. Leave empty to use the first rkt in
// $PATH.
RktPath string `json:"rktPath"`
// experimentalMounterPath is the path to mounter binary. If not set, kubelet will attempt to use mount
// binary that is available via $PATH,
ExperimentalMounterPath string `json:"experimentalMounterPath,omitempty"`
// rktApiEndpoint is the endpoint of the rkt API service to communicate with.
RktAPIEndpoint string `json:"rktAPIEndpoint"`
// rktStage1Image is the image to use as stage1. Local paths and
// http/https URLs are supported.
RktStage1Image string `json:"rktStage1Image"`
// lockFilePath is the path that kubelet will use to as a lock file.
// It uses this file as a lock to synchronize with other kubelet processes
// that may be running.
@ -476,10 +444,6 @@ type KubeletConfiguration struct {
HairpinMode string `json:"hairpinMode"`
// maxPods is the number of pods that can run on this Kubelet.
MaxPods int32 `json:"maxPods"`
// dockerExecHandlerName is the handler to use when executing a command
// in a container. Valid values are 'native' and 'nsenter'. Defaults to
// 'native'.
DockerExecHandlerName string `json:"dockerExecHandlerName"`
// The CIDR to use for pod IP addresses, only used in standalone mode.
// In cluster mode, this is obtained from the master.
PodCIDR string `json:"podCIDR"`
@ -567,9 +531,6 @@ type KubeletConfiguration struct {
// featureGates is a string of comma-separated key=value pairs that describe feature
// gates for alpha/experimental features.
FeatureGates string `json:"featureGates,omitempty"`
// Enable dockershim only mode.
// +optional
ExperimentalDockershim *bool `json:"experimentalDockershim,omitempty"`
// TODO(#34726:1.8.0): Remove the opt-in for failing when swap is enabled.
// Tells the Kubelet to fail to start if swap is enabled on the node.
ExperimentalFailSwapOn bool `json:"experimentalFailSwapOn,omitempty"`
@ -580,8 +541,6 @@ type KubeletConfiguration struct {
// This flag, if set, instructs the kubelet to keep volumes from terminated pods mounted to the node.
// This can be useful for debugging volume related issues.
KeepTerminatedPodVolumes bool `json:"keepTerminatedPodVolumes,omitempty"`
// This flag, if set, disables use of a shared PID namespace for pods run by the docker CRI runtime.
DockerDisableSharedPID *bool `json:"dockerDisableSharedPID,omitempty"`
/* following flags are meant for Node Allocatable */

36
pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go
View File

@ -381,8 +381,6 @@ func autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfigu
if err := Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization(&in.Authorization, &out.Authorization, s); err != nil {
return err
}
out.PodInfraContainerImage = in.PodInfraContainerImage
out.DockerEndpoint = in.DockerEndpoint
out.RootDirectory = in.RootDirectory
out.SeccompProfileRoot = in.SeccompProfileRoot
if err := v1.Convert_Pointer_bool_To_bool(&in.AllowPrivileged, &out.AllowPrivileged, s); err != nil {
@ -431,11 +429,6 @@ func autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfigu
}
out.LowDiskSpaceThresholdMB = in.LowDiskSpaceThresholdMB
out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod
out.NetworkPluginName = in.NetworkPluginName
out.NetworkPluginDir = in.NetworkPluginDir
out.CNIConfDir = in.CNIConfDir
out.CNIBinDir = in.CNIBinDir
out.NetworkPluginMTU = in.NetworkPluginMTU
out.VolumePluginDir = in.VolumePluginDir
out.CloudProvider = in.CloudProvider
out.CloudConfigFile = in.CloudConfigFile
@ -451,18 +444,13 @@ func autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfigu
out.RemoteRuntimeEndpoint = in.RemoteRuntimeEndpoint
out.RemoteImageEndpoint = in.RemoteImageEndpoint
out.RuntimeRequestTimeout = in.RuntimeRequestTimeout
out.ImagePullProgressDeadline = in.ImagePullProgressDeadline
out.RktPath = in.RktPath
out.ExperimentalMounterPath = in.ExperimentalMounterPath
out.RktAPIEndpoint = in.RktAPIEndpoint
out.RktStage1Image = in.RktStage1Image
if err := v1.Convert_Pointer_string_To_string(&in.LockFilePath, &out.LockFilePath, s); err != nil {
return err
}
out.ExitOnLockContention = in.ExitOnLockContention
out.HairpinMode = in.HairpinMode
out.MaxPods = in.MaxPods
out.DockerExecHandlerName = in.DockerExecHandlerName
out.PodCIDR = in.PodCIDR
out.ResolverConfig = in.ResolverConfig
if err := v1.Convert_Pointer_bool_To_bool(&in.CPUCFSQuota, &out.CPUCFSQuota, s); err != nil {
@ -516,15 +504,9 @@ func autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfigu
}
out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls))
out.FeatureGates = in.FeatureGates
if err := v1.Convert_Pointer_bool_To_bool(&in.ExperimentalDockershim, &out.ExperimentalDockershim, s); err != nil {
return err
}
out.ExperimentalFailSwapOn = in.ExperimentalFailSwapOn
out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount
out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes
if err := v1.Convert_Pointer_bool_To_bool(&in.DockerDisableSharedPID, &out.DockerDisableSharedPID, s); err != nil {
return err
}
out.SystemReserved = *(*componentconfig.ConfigurationMap)(unsafe.Pointer(&in.SystemReserved))
out.KubeReserved = *(*componentconfig.ConfigurationMap)(unsafe.Pointer(&in.KubeReserved))
out.SystemReservedCgroup = in.SystemReservedCgroup
@ -561,8 +543,6 @@ func autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfigu
if err := Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(&in.Authorization, &out.Authorization, s); err != nil {
return err
}
out.PodInfraContainerImage = in.PodInfraContainerImage
out.DockerEndpoint = in.DockerEndpoint
out.RootDirectory = in.RootDirectory
out.SeccompProfileRoot = in.SeccompProfileRoot
if err := v1.Convert_bool_To_Pointer_bool(&in.AllowPrivileged, &out.AllowPrivileged, s); err != nil {
@ -627,11 +607,6 @@ func autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfigu
}
out.LowDiskSpaceThresholdMB = in.LowDiskSpaceThresholdMB
out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod
out.NetworkPluginName = in.NetworkPluginName
out.NetworkPluginMTU = in.NetworkPluginMTU
out.NetworkPluginDir = in.NetworkPluginDir
out.CNIConfDir = in.CNIConfDir
out.CNIBinDir = in.CNIBinDir
out.VolumePluginDir = in.VolumePluginDir
out.CloudProvider = in.CloudProvider
out.CloudConfigFile = in.CloudConfigFile
@ -647,18 +622,13 @@ func autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfigu
out.RemoteRuntimeEndpoint = in.RemoteRuntimeEndpoint
out.RemoteImageEndpoint = in.RemoteImageEndpoint
out.RuntimeRequestTimeout = in.RuntimeRequestTimeout
out.ImagePullProgressDeadline = in.ImagePullProgressDeadline
out.RktPath = in.RktPath
out.ExperimentalMounterPath = in.ExperimentalMounterPath
out.RktAPIEndpoint = in.RktAPIEndpoint
out.RktStage1Image = in.RktStage1Image
if err := v1.Convert_string_To_Pointer_string(&in.LockFilePath, &out.LockFilePath, s); err != nil {
return err
}
out.ExitOnLockContention = in.ExitOnLockContention
out.HairpinMode = in.HairpinMode
out.MaxPods = in.MaxPods
out.DockerExecHandlerName = in.DockerExecHandlerName
out.PodCIDR = in.PodCIDR
out.ResolverConfig = in.ResolverConfig
if err := v1.Convert_bool_To_Pointer_bool(&in.CPUCFSQuota, &out.CPUCFSQuota, s); err != nil {
@ -716,15 +686,9 @@ func autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfigu
}
out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls))
out.FeatureGates = in.FeatureGates
if err := v1.Convert_bool_To_Pointer_bool(&in.ExperimentalDockershim, &out.ExperimentalDockershim, s); err != nil {
return err
}
out.ExperimentalFailSwapOn = in.ExperimentalFailSwapOn
out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount
out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes
if err := v1.Convert_bool_To_Pointer_bool(&in.DockerDisableSharedPID, &out.DockerDisableSharedPID, s); err != nil {
return err
}
out.SystemReserved = *(*map[string]string)(unsafe.Pointer(&in.SystemReserved))
out.KubeReserved = *(*map[string]string)(unsafe.Pointer(&in.KubeReserved))
out.SystemReservedCgroup = in.SystemReservedCgroup

10
pkg/apis/componentconfig/v1alpha1/zz_generated.deepcopy.go
View File

@ -335,16 +335,6 @@ func DeepCopy_v1alpha1_KubeletConfiguration(in interface{}, out interface{}, c *
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ExperimentalDockershim != nil {
in, out := &in.ExperimentalDockershim, &out.ExperimentalDockershim
*out = new(bool)
**out = **in
}
if in.DockerDisableSharedPID != nil {
in, out := &in.DockerDisableSharedPID, &out.DockerDisableSharedPID
*out = new(bool)
**out = **in
}
if in.SystemReserved != nil {
in, out := &in.SystemReserved, &out.SystemReserved
*out = make(map[string]string)

31
pkg/kubelet/kubelet.go
View File

@ -49,6 +49,7 @@ import (
"k8s.io/client-go/tools/record"
"k8s.io/client-go/util/flowcontrol"
"k8s.io/client-go/util/integer"
"k8s.io/kubernetes/cmd/kubelet/app/options"
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/v1"
"k8s.io/kubernetes/pkg/apis/componentconfig"
@ -186,7 +187,7 @@ type KubeletBootstrap interface {
}
// create and initialize a Kubelet instance
type KubeletBuilder func(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *KubeletDeps, standaloneMode bool, hostnameOverride, nodeIP, dockershimRootDir, providerID string) (KubeletBootstrap, error)
type KubeletBuilder func(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *KubeletDeps, crOptions *options.ContainerRuntimeOptions, standaloneMode bool, hostnameOverride, nodeIP, providerID string) (KubeletBootstrap, error)
// KubeletDeps is a bin for things we might consider "injected dependencies" -- objects constructed
// at runtime that are necessary for running the Kubelet. This is a temporary solution for grouping
@ -281,7 +282,7 @@ func getRuntimeAndImageServices(config *componentconfig.KubeletConfiguration) (i
// NewMainKubelet instantiates a new Kubelet object along with all the required internal modules.
// No initialization of Kubelet and its modules should happen here.
func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *KubeletDeps, standaloneMode bool, hostnameOverride, nodeIP, dockershimRootDir, providerID string) (*Kubelet, error) {
func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *KubeletDeps, crOptions *options.ContainerRuntimeOptions, standaloneMode bool, hostnameOverride, nodeIP, providerID string) (*Kubelet, error) {
if kubeCfg.RootDirectory == "" {
return nil, fmt.Errorf("invalid root directory %q", kubeCfg.RootDirectory)
}
@ -466,7 +467,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
glog.Infof("Experimental host user namespace defaulting is enabled.")
}
hairpinMode, err := effectiveHairpinMode(componentconfig.HairpinMode(kubeCfg.HairpinMode), kubeCfg.ContainerRuntime, kubeCfg.NetworkPluginName)
hairpinMode, err := effectiveHairpinMode(componentconfig.HairpinMode(kubeCfg.HairpinMode), kubeCfg.ContainerRuntime, crOptions.NetworkPluginName)
if err != nil {
// This is a non-recoverable error. Returning it up the callstack will just
// lead to retries of the same failure, so just fail hard.
@ -474,7 +475,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
}
glog.Infof("Hairpin mode set to %q", hairpinMode)
if plug, err := network.InitNetworkPlugin(kubeDeps.NetworkPlugins, kubeCfg.NetworkPluginName, &criNetworkHost{&networkHost{klet}, &network.NoopPortMappingGetter{}}, hairpinMode, kubeCfg.NonMasqueradeCIDR, int(kubeCfg.NetworkPluginMTU)); err != nil {
if plug, err := network.InitNetworkPlugin(kubeDeps.NetworkPlugins, crOptions.NetworkPluginName, &criNetworkHost{&networkHost{klet}, &network.NoopPortMappingGetter{}}, hairpinMode, kubeCfg.NonMasqueradeCIDR, int(crOptions.NetworkPluginMTU)); err != nil {
return nil, err
} else {
klet.networkPlugin = plug
@ -501,17 +502,17 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
}
// TODO: These need to become arguments to a standalone docker shim.
binDir := kubeCfg.CNIBinDir
binDir := crOptions.CNIBinDir
if binDir == "" {
binDir = kubeCfg.NetworkPluginDir
binDir = crOptions.NetworkPluginDir
}
pluginSettings := dockershim.NetworkPluginSettings{
HairpinMode: hairpinMode,
NonMasqueradeCIDR: kubeCfg.NonMasqueradeCIDR,
PluginName: kubeCfg.NetworkPluginName,
PluginConfDir: kubeCfg.CNIConfDir,
PluginName: crOptions.NetworkPluginName,
PluginConfDir: crOptions.CNIConfDir,
PluginBinDir: binDir,
MTU: int(kubeCfg.NetworkPluginMTU),
MTU: int(crOptions.NetworkPluginMTU),
}
// Remote runtime shim just cannot talk back to kubelet, so it doesn't
@ -532,9 +533,9 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
case "docker":
// Create and start the CRI shim running as a grpc server.
streamingConfig := getStreamingConfig(kubeCfg, kubeDeps)
ds, err := dockershim.NewDockerService(kubeDeps.DockerClient, kubeCfg.SeccompProfileRoot, kubeCfg.PodInfraContainerImage,
streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups, kubeCfg.CgroupDriver, kubeCfg.DockerExecHandlerName, dockershimRootDir,
kubeCfg.DockerDisableSharedPID)
ds, err := dockershim.NewDockerService(kubeDeps.DockerClient, kubeCfg.SeccompProfileRoot, crOptions.PodSandboxImage,
streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups, kubeCfg.CgroupDriver, crOptions.DockerExecHandlerName,
crOptions.DockershimRootDirectory, crOptions.DockerDisableSharedPID)
if err != nil {
return nil, err
}
@ -599,12 +600,12 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
// rkt uses the legacy, non-CRI, integration. Configure it the old way.
// TODO: Include hairpin mode settings in rkt?
conf := &rkt.Config{
Path: kubeCfg.RktPath,
Stage1Image: kubeCfg.RktStage1Image,
Path: crOptions.RktPath,
Stage1Image: crOptions.RktStage1Image,
InsecureOptions: "image,ondisk",
}
runtime, err := rkt.New(
kubeCfg.RktAPIEndpoint,
crOptions.RktAPIEndpoint,
conf,
klet,
kubeDeps.Recorder,

10
pkg/kubemark/hollow_kubelet.go
View File

@ -111,6 +111,8 @@ func GetHollowKubeletConfig(
// Flags struct
f := &options.KubeletFlags{
HostnameOverride: nodeName,
// Use the default runtime options.
ContainerRuntimeOptions: *options.NewContainerRuntimeOptions(),
}
// Config struct
@ -137,7 +139,6 @@ func GetHollowKubeletConfig(
c.MaxPods = int32(maxPods)
c.PodsPerCore = int32(podsPerCore)
c.ClusterDNS = []string{}
c.DockerExecHandlerName = "native"
c.ImageGCHighThresholdPercent = 90
c.ImageGCLowThresholdPercent = 80
c.LowDiskSpaceThresholdMB = 256
@ -168,12 +169,5 @@ func GetHollowKubeletConfig(
c.SystemCgroups = ""
c.ProtectKernelDefaults = false
// TODO(mtaufen): Note that PodInfraContainerImage was being set to the empty value before,
// but this may not have been intentional. (previous code (SimpleKubelet)
// was peeling it off of a componentconfig.KubeletConfiguration{}, but may
// have actually wanted the default).
// The default will be present in the KubeletConfiguration contstructed above.
return f, c
}