Merge pull request #13192 from jiangyaoguo/rate-limit-events-in-kubelet

Auto commit by PR queue bot

cmd/kubelet/app/server.go

@@ -84,6 +84,8 @@ type KubeletServer struct {
 	HostNetworkSources             string
 	RegistryPullQPS                float64
 	RegistryBurst                  int
+	EventRecordQPS                 float32
+	EventBurst                     int
 	RunOnce                        bool
 	EnableDebuggingHandlers        bool
 	MinimumGCAge                   time.Duration
@@ -220,6 +222,8 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&s.HostNetworkSources, "host-network-sources", s.HostNetworkSources, "Comma-separated list of sources from which the Kubelet allows pods to use of host network. For all sources use \"*\" [default=\"file\"]")
 	fs.Float64Var(&s.RegistryPullQPS, "registry-qps", s.RegistryPullQPS, "If > 0, limit registry pull QPS to this value.  If 0, unlimited. [default=0.0]")
 	fs.IntVar(&s.RegistryBurst, "registry-burst", s.RegistryBurst, "Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps.  Only used if --registry-qps > 0")
+	fs.Float32Var(&s.EventRecordQPS, "event-qps", s.EventRecordQPS, "If > 0, limit event creations per second to this value. If 0, unlimited. [default=0.0]")
+	fs.IntVar(&s.EventBurst, "event-burst", s.EventBurst, "Maximum size of a bursty event records, temporarily allows event records to burst to this number, while still not exceeding event-qps. Only used if --event-qps > 0")
 	fs.BoolVar(&s.RunOnce, "runonce", s.RunOnce, "If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server")
 	fs.BoolVar(&s.EnableDebuggingHandlers, "enable-debugging-handlers", s.EnableDebuggingHandlers, "Enables server endpoints for log collection and local running of containers and commands")
 	fs.DurationVar(&s.MinimumGCAge, "minimum-container-ttl-duration", s.MinimumGCAge, "Minimum age for a finished container before it is garbage collected.  Examples: '300ms', '10s' or '2h45m'")
@@ -327,6 +331,8 @@ func (s *KubeletServer) KubeletConfig() (*KubeletConfig, error) {
 		SyncFrequency:                  s.SyncFrequency,
 		RegistryPullQPS:                s.RegistryPullQPS,
 		RegistryBurst:                  s.RegistryBurst,
+		EventRecordQPS:                 s.EventRecordQPS,
+		EventBurst:                     s.EventBurst,
 		MinimumGCAge:                   s.MinimumGCAge,
 		MaxPerPodContainerCount:        s.MaxPerPodContainerCount,
 		MaxContainerCount:              s.MaxContainerCount,
@@ -646,7 +652,13 @@ func RunKubelet(kcfg *KubeletConfig, builder KubeletBuilder) error {
 	eventBroadcaster.StartLogging(glog.V(3).Infof)
 	if kcfg.KubeClient != nil {
 		glog.V(4).Infof("Sending events to api server.")
-		eventBroadcaster.StartRecordingToSink(kcfg.KubeClient.Events(""))
+		if kcfg.EventRecordQPS == 0.0 {
+			eventBroadcaster.StartRecordingToSink(kcfg.KubeClient.Events(""))
+		} else {
+			eventClient := *kcfg.KubeClient
+			eventClient.Throttle = util.NewTokenBucketRateLimiter(kcfg.EventRecordQPS, kcfg.EventBurst)
+			eventBroadcaster.StartRecordingToSink(eventClient.Events(""))
+		}
 	} else {
 		glog.Warning("No api server defined - no events will be sent to API server.")
 	}
@@ -742,6 +754,8 @@ type KubeletConfig struct {
 	SyncFrequency                  time.Duration
 	RegistryPullQPS                float64
 	RegistryBurst                  int
+	EventRecordQPS                 float32
+	EventBurst                     int
 	MinimumGCAge                   time.Duration
 	MaxPerPodContainerCount        int
 	MaxContainerCount              int
@@ -809,6 +823,8 @@ func createAndInitKubelet(kc *KubeletConfig) (k KubeletBootstrap, pc *config.Pod
 		kc.SyncFrequency,
 		float32(kc.RegistryPullQPS),
 		kc.RegistryBurst,
+		kc.EventRecordQPS,
+		kc.EventBurst,
 		gcPolicy,
 		pc.SeenAllSources,
 		kc.RegisterNode,

contrib/mesos/pkg/executor/service/service.go

@@ -301,6 +301,8 @@ func (ks *KubeletExecutorServer) createAndInitKubelet(
 		kc.SyncFrequency,
 		float32(kc.RegistryPullQPS),
 		kc.RegistryBurst,
+		kc.EventRecordQPS,
+		kc.EventBurst,
 		gcPolicy,
 		pc.SeenAllSources,
 		kc.RegisterNode,

hack/verify-flags/known-flags.txt

@@ -1,269 +1,273 @@
-accept-hosts
+accept-hosts
-accept-paths
+accept-paths
-account-for-pod-resources
+account-for-pod-resources
-admission-control
+admission-control
-admission-control-config-file
+admission-control-config-file
-advertise-address
+advertise-address
-advertised-address
+advertised-address
-algorithm-provider
+algorithm-provider
-all-namespaces
+all-namespaces
-allocate-node-cidrs
+allocate-node-cidrs
-allow-privileged
+allow-privileged
-api-prefix
+api-burst
-api-servers
+api-prefix
-api-token
+api-rate
-api-version
+api-servers
-authorization-mode
+api-token
-authorization-policy-file
+api-version
-auth-path
+authorization-mode
-basic-auth-file
+authorization-policy-file
-bench-pods
+auth-path
-bench-quiet
+basic-auth-file
-bench-tasks
+bench-pods
-bench-workers
+bench-quiet
-bind-address
+bench-tasks
-bind-pods-burst
+bench-workers
-bind-pods-qps
+bind-address
-cadvisor-port
+bind-pods-burst
-cert-dir
+bind-pods-qps
-certificate-authority
+cadvisor-port
-cgroup-root
+cert-dir
-chaos-chance
+certificate-authority
-cleanup-iptables
+cgroup-root
-client-ca-file
+chaos-chance
-client-certificate
+cleanup-iptables
-client-key
+client-ca-file
-cloud-config
+client-certificate
-cloud-provider
+client-key
-cluster-cidr
+cloud-config
-cluster-dns
+cloud-provider
-cluster-domain
+cluster-cidr
-cluster-name
+cluster-dns
-cluster-tag
+cluster-domain
-concurrent-endpoint-syncs
+cluster-name
-configure-cbr0
+cluster-tag
-contain-pod-resources
+concurrent-endpoint-syncs
-container-port
+configure-cbr0
-container-runtime
+contain-pod-resources
-cors-allowed-origins
+container-port
-create-external-load-balancer
+container-runtime
-current-release-pr
+cors-allowed-origins
-current-replicas
+create-external-load-balancer
-default-container-cpu-limit
+current-release-pr
-default-container-mem-limit
+current-replicas
-delay-shutdown
+default-container-cpu-limit
-deleting-pods-burst
+default-container-mem-limit
-deleting-pods-qps
+delay-shutdown
-deployment-label-key
+deleting-pods-burst
-dest-file
+deleting-pods-qps
-disable-filter
+deployment-label-key
-docker-endpoint
+dest-file
-docker-exec-handler
+disable-filter
-dockercfg-path
+docker-endpoint
-driver-port
+docker-exec-handler
-dry-run
+dockercfg-path
-duration-sec
+driver-port
-e2e-output-dir
+dry-run
-enable-debugging-handlers
+duration-sec
-enable-horizontal-pod-autoscaler
+e2e-output-dir
-enable-server
+enable-debugging-handlers
-etcd-config
+enable-horizontal-pod-autoscaler
-etcd-prefix
+enable-server
-etcd-server
+etcd-config
-etcd-servers
+etcd-prefix
-event-ttl
+etcd-server
-executor-bindall
+etcd-servers
-executor-logv
+event-burst
-executor-path
+event-qps
-executor-suicide-timeout
+event-ttl
-experimental-keystone-url
+executor-bindall
-experimental-prefix
+executor-logv
-external-hostname
+executor-path
-external-ip
+executor-suicide-timeout
-failover-timeout
+experimental-keystone-url
-file-check-frequency
+experimental-prefix
-file-suffix
+external-hostname
-forward-services
+external-ip
-framework-name
+failover-timeout
-framework-weburi
+file-check-frequency
-func-dest
+file-suffix
-fuzz-iters
+forward-services
-gce-project
+framework-name
-gce-zone
+framework-weburi
-gke-cluster
+func-dest
-google-json-key
+fuzz-iters
-grace-period
+gce-project
-ha-domain
+gce-zone
-healthz-bind-address
+gke-cluster
-healthz-port
+google-json-key
-horizontal-pod-autoscaler-sync-period
+grace-period
-hostname-override
+ha-domain
-host-network-sources
+healthz-bind-address
-http-check-frequency
+healthz-port
-http-port
+horizontal-pod-autoscaler-sync-period
-ignore-not-found
+hostname-override
-image-gc-high-threshold
+host-network-sources
-image-gc-low-threshold
+http-check-frequency
-insecure-bind-address
+http-port
-insecure-port
+ignore-not-found
-insecure-skip-tls-verify
+image-gc-high-threshold
-iptables-sync-period
+image-gc-low-threshold
-ir-data-source
+insecure-bind-address
-ir-dbname
+insecure-port
-ir-influxdb-host
+insecure-skip-tls-verify
-ir-password
+iptables-sync-period
-ir-user
+ir-data-source
-jenkins-host
+ir-dbname
-jenkins-jobs
+ir-influxdb-host
-km-path
+ir-password
-kubectl-path
+ir-user
-kubelet-cadvisor-port
+jenkins-host
-kubelet-certificate-authority
+jenkins-jobs
-kubelet-client-certificate
+km-path
-kubelet-client-key
+kubectl-path
-kubelet-docker-endpoint
+kubelet-cadvisor-port
-kubelet-host-network-sources
+kubelet-certificate-authority
-kubelet-https
+kubelet-client-certificate
-kubelet-network-plugin
+kubelet-client-key
-kubelet-pod-infra-container-image
+kubelet-docker-endpoint
-kubelet-port
+kubelet-host-network-sources
-kubelet-root-dir
+kubelet-https
-kubelet-sync-frequency
+kubelet-network-plugin
-kubelet-timeout
+kubelet-pod-infra-container-image
-kube-master
+kubelet-port
-label-columns
+kubelet-root-dir
-last-release-pr
+kubelet-sync-frequency
-legacy-userspace-proxy
+kubelet-timeout
-log-flush-frequency
+kube-master
-long-running-request-regexp
+label-columns
-low-diskspace-threshold-mb
+last-release-pr
-manifest-url
+legacy-userspace-proxy
-manifest-url-header
+log-flush-frequency
-masquerade-all
+long-running-request-regexp
-master-service-namespace
+low-diskspace-threshold-mb
-max-concurrency
+manifest-url
-max-connection-bytes-per-sec
+manifest-url-header
-maximum-dead-containers
+masquerade-all
-maximum-dead-containers-per-container
+master-service-namespace
-max-log-age
+max-concurrency
-max-log-backups
+max-connection-bytes-per-sec
-max-log-size
+maximum-dead-containers
-max-outgoing-burst
+maximum-dead-containers-per-container
-max-outgoing-qps
+max-log-age
-max-pods
+max-log-backups
-max-requests-inflight
+max-log-size
-mesos-authentication-principal
+max-outgoing-burst
-mesos-authentication-provider
+max-outgoing-qps
-mesos-authentication-secret-file
+max-pods
-mesos-cgroup-prefix
+max-requests-inflight
-mesos-executor-cpus
+mesos-authentication-principal
-mesos-executor-mem
+mesos-authentication-provider
-mesos-master
+mesos-authentication-secret-file
-mesos-role
+mesos-cgroup-prefix
-mesos-user
+mesos-executor-cpus
-minimum-container-ttl-duration
+mesos-executor-mem
-minion-max-log-age
+mesos-master
-minion-max-log-backups
+mesos-role
-minion-max-log-size
+mesos-user
-minion-path-override
+minimum-container-ttl-duration
-min-pr-number
+minion-max-log-age
-min-request-timeout
+minion-max-log-backups
-namespace-sync-period
+minion-max-log-size
-network-plugin
+minion-path-override
-network-plugin-dir
+min-pr-number
-node-instance-group
+min-request-timeout
-node-monitor-grace-period
+namespace-sync-period
-node-monitor-period
+network-plugin
-node-startup-grace-period
+network-plugin-dir
-node-status-update-frequency
+node-instance-group
-node-sync-period
+node-monitor-grace-period
-no-headers
+node-monitor-period
-num-nodes
+node-startup-grace-period
-oidc-ca-file
+node-status-update-frequency
-oidc-client-id
+node-sync-period
-oidc-issuer-url
+no-headers
-oidc-username-claim
+num-nodes
-oom-score-adj
+oidc-ca-file
-output-version
+oidc-client-id
-out-version
+oidc-issuer-url
-path-override
+oidc-username-claim
-pod-cidr
+oom-score-adj
-pod-eviction-timeout
+output-version
-pod-infra-container-image
+out-version
-policy-config-file
+path-override
-poll-interval
+pod-cidr
-portal-net
+pod-eviction-timeout
-private-mountns
+pod-infra-container-image
-prom-push-gateway
+policy-config-file
-proxy-bindall
+poll-interval
-proxy-logv
+portal-net
-proxy-port-range
+private-mountns
-public-address-override
+prom-push-gateway
-pvclaimbinder-sync-period
+proxy-bindall
-read-only-port
+proxy-logv
-really-crash-for-testing
+proxy-port-range
-reconcile-cooldown
+public-address-override
-reconcile-interval
+pvclaimbinder-sync-period
-register-node
+read-only-port
-register-retry-count
+really-crash-for-testing
-registry-burst
+reconcile-cooldown
-registry-qps
+reconcile-interval
-reject-methods
+register-node
-reject-paths
+register-retry-count
-repo-root
+registry-burst
-report-dir
+registry-qps
-required-contexts
+reject-methods
-resolv-conf
+reject-paths
-resource-container
+repo-root
-resource-quota-sync-period
+report-dir
-resource-version
+required-contexts
-rkt-path
+resolv-conf
-root-ca-file
+resource-container
-root-dir
+resource-quota-sync-period
-run-proxy
+resource-version
-runtime-config
+rkt-path
-scheduler-config
+root-ca-file
-secure-port
+root-dir
-service-account-key-file
+run-proxy
-service-account-lookup
+runtime-config
-service-account-private-key-file
+scheduler-config
-service-address
+secure-port
-service-cluster-ip-range
+service-account-key-file
-service-node-port-range
+service-account-lookup
-service-node-ports
+service-account-private-key-file
-service-sync-period
+service-address
-session-affinity
+service-cluster-ip-range
-show-all
+service-node-port-range
-shutdown-fd
+service-node-ports
-shutdown-fifo
+service-sync-period
-skip-munges
+session-affinity
-sort-by
+show-all
-source-file
+shutdown-fd
-ssh-keyfile
+shutdown-fifo
-ssh-user
+skip-munges
-static-pods-config
+sort-by
-stats-port
+source-file
-storage-version
+ssh-keyfile
-streaming-connection-idle-timeout
+ssh-user
-suicide-timeout
+static-pods-config
-sync-frequency
+stats-port
-system-container
+storage-version
-target-port
+streaming-connection-idle-timeout
-tcp-services
+suicide-timeout
-tls-cert-file
+sync-frequency
-tls-private-key-file
+system-container
-token-auth-file
+target-port
-ttl-secs
+tcp-services
-type-src
+tls-cert-file
-unix-socket
+tls-private-key-file
-update-period
+token-auth-file
-upgrade-target
+ttl-secs
-use-kubernetes-cluster-service
+type-src
-user-whitelist
+unix-socket
-watch-cache
+update-period
-watch-only
+upgrade-target
-whitelist-override-label
+use-kubernetes-cluster-service
-www-prefix
+user-whitelist
-retry_time
+watch-cache
-file_content_in_loop
+watch-only
-cpu-cfs-quota
+whitelist-override-label
+www-prefix
+retry_time
+file_content_in_loop
+cpu-cfs-quota

pkg/kubelet/kubelet.go

@@ -139,6 +139,8 @@ func NewMainKubelet(
 	resyncInterval time.Duration,
 	pullQPS float32,
 	pullBurst int,
+	eventQPS float32,
+	eventBurst int,
 	containerGCPolicy ContainerGCPolicy,
 	sourcesReady SourcesReadyFn,
 	registerNode bool,