mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-29 14:37:00 +00:00
Removed deprecated --resource-container flag from kube-proxy.
This commit is contained in:
Vallery Lancey
Vallery Lancey
parent
a444f0fa1d
commit
dc0f14312e
@ -43,7 +43,7 @@ spec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- kube-proxy {{cluster_cidr}} --resource-container="" --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
|
||||
- kube-proxy {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
|
||||
env:
|
||||
- name: KUBERNETES_SERVICE_HOST
|
||||
value: {{kubernetes_service_host_env_value}}
|
||||
|
||||
@ -29,7 +29,7 @@ spec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- exec kube-proxy {{api_servers_with_port}} {{kubeconfig}} {{cluster_cidr}} --resource-container="" --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
|
||||
- exec kube-proxy {{api_servers_with_port}} {{kubeconfig}} {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1
|
||||
{{container_env}}
|
||||
{{kube_cache_mutation_detector_env_name}}
|
||||
{{kube_cache_mutation_detector_env_value}}
|
||||
|
||||
@ -902,7 +902,6 @@ function construct-windows-kubeproxy-flags {
|
||||
# double-quotes, because they still break sc.exe after expansion in the
|
||||
# binPath parameter, and single-quotes get parsed as characters instead
|
||||
# of string delimiters.
|
||||
flags+=" --resource-container="
|
||||
|
||||
KUBEPROXY_ARGS="${flags}"
|
||||
}
|
||||
|
||||
@ -972,7 +972,7 @@ function Start-WorkerServices {
|
||||
# generated by start-kube-proxy in configure-helper.sh and contains e.g.:
|
||||
# kube-proxy --master=https://35.239.84.171
|
||||
# --kubeconfig=/var/lib/kube-proxy/kubeconfig --cluster-cidr=10.64.0.0/14
|
||||
# --resource-container="" --oom-score-adj=-998 --v=2
|
||||
# --oom-score-adj=-998 --v=2
|
||||
# --feature-gates=ExperimentalCriticalPodAnnotation=true
|
||||
# --iptables-sync-period=1m --iptables-min-sync-period=10s
|
||||
# --ipvs-sync-period=1m --ipvs-min-sync-period=10s
|
||||
|
||||
@ -40,7 +40,6 @@ go_library(
|
||||
"//pkg/util/ipvs:go_default_library",
|
||||
"//pkg/util/mount:go_default_library",
|
||||
"//pkg/util/oom:go_default_library",
|
||||
"//pkg/util/resourcecontainer:go_default_library",
|
||||
"//pkg/util/sysctl:go_default_library",
|
||||
"//pkg/version:go_default_library",
|
||||
"//pkg/version/verflag:go_default_library",
|
||||
|
||||
@ -69,7 +69,6 @@ import (
|
||||
utiliptables "k8s.io/kubernetes/pkg/util/iptables"
|
||||
utilipvs "k8s.io/kubernetes/pkg/util/ipvs"
|
||||
"k8s.io/kubernetes/pkg/util/oom"
|
||||
"k8s.io/kubernetes/pkg/util/resourcecontainer"
|
||||
"k8s.io/kubernetes/pkg/version"
|
||||
"k8s.io/kubernetes/pkg/version/verflag"
|
||||
"k8s.io/utils/exec"
|
||||
@ -191,10 +190,6 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
|
||||
fs.BoolVar(&o.config.EnableProfiling, "profiling", o.config.EnableProfiling, "If true enables profiling via web interface on /debug/pprof handler.")
|
||||
|
||||
fs.Float32Var(&o.config.ClientConnection.QPS, "kube-api-qps", o.config.ClientConnection.QPS, "QPS to use while talking with kubernetes apiserver")
|
||||
|
||||
// All flags below here are deprecated and will eventually be removed.
|
||||
fs.StringVar(&o.config.ResourceContainer, "resource-container", o.config.ResourceContainer, "Absolute name of the resource-only container to create and run the Kube-proxy in (Default: /kube-proxy).")
|
||||
fs.MarkDeprecated("resource-container", "This feature will be removed in a later release.")
|
||||
}
|
||||
|
||||
// NewOptions returns initialized Options
|
||||
@ -484,7 +479,6 @@ type ProxyServer struct {
|
||||
MetricsBindAddress string
|
||||
EnableProfiling bool
|
||||
OOMScoreAdj *int32
|
||||
ResourceContainer string
|
||||
ConfigSyncPeriod time.Duration
|
||||
HealthzServer *healthcheck.HealthzServer
|
||||
}
|
||||
@ -542,15 +536,6 @@ func (s *ProxyServer) Run() error {
|
||||
}
|
||||
}
|
||||
|
||||
if len(s.ResourceContainer) != 0 {
|
||||
// Run in its own container.
|
||||
if err := resourcecontainer.RunInResourceContainer(s.ResourceContainer); err != nil {
|
||||
klog.Warningf("Failed to start in resource-only container %q: %v", s.ResourceContainer, err)
|
||||
} else {
|
||||
klog.V(2).Infof("Running in resource-only container %q", s.ResourceContainer)
|
||||
}
|
||||
}
|
||||
|
||||
if s.Broadcaster != nil && s.EventClient != nil {
|
||||
s.Broadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: s.EventClient.Events("")})
|
||||
}
|
||||
|
||||
@ -231,7 +231,6 @@ func newProxyServer(
|
||||
MetricsBindAddress: config.MetricsBindAddress,
|
||||
EnableProfiling: config.EnableProfiling,
|
||||
OOMScoreAdj: config.OOMScoreAdj,
|
||||
ResourceContainer: config.ResourceContainer,
|
||||
ConfigSyncPeriod: config.ConfigSyncPeriod.Duration,
|
||||
HealthzServer: healthzServer,
|
||||
}, nil
|
||||
|
||||
@ -188,7 +188,6 @@ metricsBindAddress: "%s"
|
||||
mode: "%s"
|
||||
oomScoreAdj: 17
|
||||
portRange: "2-7"
|
||||
resourceContainer: /foo
|
||||
udpIdleTimeout: 123ms
|
||||
nodePortAddresses:
|
||||
- "10.20.30.40/16"
|
||||
@ -303,7 +302,6 @@ nodePortAddresses:
|
||||
Mode: kubeproxyconfig.ProxyMode(tc.mode),
|
||||
OOMScoreAdj: utilpointer.Int32Ptr(17),
|
||||
PortRange: "2-7",
|
||||
ResourceContainer: "/foo",
|
||||
UDPIdleTimeout: metav1.Duration{Duration: 123 * time.Millisecond},
|
||||
NodePortAddresses: []string{"10.20.30.40/16", "fd00:1::0/64"},
|
||||
}
|
||||
@ -437,7 +435,6 @@ mode: ""
|
||||
nodePortAddresses: null
|
||||
oomScoreAdj: -999
|
||||
portRange: ""
|
||||
resourceContainer: /kube-proxy
|
||||
udpIdleTimeout: 250ms`)
|
||||
if err != nil {
|
||||
return nil, "", fmt.Errorf("unexpected error when writing content to temp kube-proxy config file: %v", err)
|
||||
|
||||
@ -145,7 +145,6 @@ func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExi
|
||||
MetricsBindAddress: config.MetricsBindAddress,
|
||||
EnableProfiling: config.EnableProfiling,
|
||||
OOMScoreAdj: config.OOMScoreAdj,
|
||||
ResourceContainer: config.ResourceContainer,
|
||||
ConfigSyncPeriod: config.ConfigSyncPeriod.Duration,
|
||||
HealthzServer: healthzServer,
|
||||
}, nil
|
||||
|
||||
@ -64,7 +64,6 @@ ComponentConfigs:
|
||||
NodePortAddresses: null
|
||||
OOMScoreAdj: -999
|
||||
PortRange: ""
|
||||
ResourceContainer: /kube-proxy
|
||||
UDPIdleTimeout: 250ms
|
||||
Winkernel:
|
||||
EnableDSR: false
|
||||
|
||||
@ -64,7 +64,6 @@ ComponentConfigs:
|
||||
NodePortAddresses: null
|
||||
OOMScoreAdj: -999
|
||||
PortRange: ""
|
||||
ResourceContainer: /kube-proxy
|
||||
UDPIdleTimeout: 250ms
|
||||
Winkernel:
|
||||
EnableDSR: false
|
||||
|
||||
@ -87,7 +87,6 @@ mode: iptables
|
||||
nodePortAddresses: null
|
||||
oomScoreAdj: -999
|
||||
portRange: ""
|
||||
resourceContainer: /kube-proxy
|
||||
udpIdleTimeout: 250ms
|
||||
winkernel:
|
||||
enableDSR: false
|
||||
|
||||
@ -87,7 +87,6 @@ mode: iptables
|
||||
nodePortAddresses: null
|
||||
oomScoreAdj: -999
|
||||
portRange: ""
|
||||
resourceContainer: /kube-proxy
|
||||
udpIdleTimeout: 250ms
|
||||
winkernel:
|
||||
enableDSR: false
|
||||
|
||||
@ -73,7 +73,6 @@ mode: ""
|
||||
nodePortAddresses: null
|
||||
oomScoreAdj: -999
|
||||
portRange: ""
|
||||
resourceContainer: /kube-proxy
|
||||
udpIdleTimeout: 250ms
|
||||
winkernel:
|
||||
enableDSR: false
|
||||
|
||||
@ -73,7 +73,6 @@ mode: ""
|
||||
nodePortAddresses: null
|
||||
oomScoreAdj: -999
|
||||
portRange: ""
|
||||
resourceContainer: /kube-proxy
|
||||
udpIdleTimeout: 250ms
|
||||
winkernel:
|
||||
enableDSR: false
|
||||
|
||||
@ -107,17 +107,16 @@ func NewHollowProxyOrDie(
|
||||
}
|
||||
return &HollowProxy{
|
||||
ProxyServer: &proxyapp.ProxyServer{
|
||||
Client: client,
|
||||
EventClient: eventClient,
|
||||
IptInterface: iptInterface,
|
||||
Proxier: proxier,
|
||||
Broadcaster: broadcaster,
|
||||
Recorder: recorder,
|
||||
ProxyMode: "fake",
|
||||
NodeRef: nodeRef,
|
||||
OOMScoreAdj: utilpointer.Int32Ptr(0),
|
||||
ResourceContainer: "",
|
||||
ConfigSyncPeriod: 30 * time.Second,
|
||||
Client: client,
|
||||
EventClient: eventClient,
|
||||
IptInterface: iptInterface,
|
||||
Proxier: proxier,
|
||||
Broadcaster: broadcaster,
|
||||
Recorder: recorder,
|
||||
ProxyMode: "fake",
|
||||
NodeRef: nodeRef,
|
||||
OOMScoreAdj: utilpointer.Int32Ptr(0),
|
||||
ConfigSyncPeriod: 30 * time.Second,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
@ -44,7 +44,6 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
|
||||
obj.IPTables.MasqueradeBit = utilpointer.Int32Ptr(c.Int31())
|
||||
obj.MetricsBindAddress = fmt.Sprintf("%d.%d.%d.%d:%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(65536))
|
||||
obj.OOMScoreAdj = utilpointer.Int32Ptr(c.Int31())
|
||||
obj.ResourceContainer = "foo"
|
||||
obj.ClientConnection.ContentType = "bar"
|
||||
obj.NodePortAddresses = []string{"1.2.3.0/24"}
|
||||
},
|
||||
|
||||
@ -135,9 +135,6 @@ type KubeProxyConfiguration struct {
|
||||
// portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
|
||||
// in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
|
||||
PortRange string
|
||||
// resourceContainer is the absolute name of the resource-only container to create and run
|
||||
// the Kube-proxy in (Default: /kube-proxy).
|
||||
ResourceContainer string
|
||||
// udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s').
|
||||
// Must be greater than 0. Only applicable for proxyMode=userspace.
|
||||
UDPIdleTimeout metav1.Duration
|
||||
|
||||
@ -58,9 +58,6 @@ func SetDefaults_KubeProxyConfiguration(obj *kubeproxyconfigv1alpha1.KubeProxyCo
|
||||
temp := int32(qos.KubeProxyOOMScoreAdj)
|
||||
obj.OOMScoreAdj = &temp
|
||||
}
|
||||
if obj.ResourceContainer == "" {
|
||||
obj.ResourceContainer = "/kube-proxy"
|
||||
}
|
||||
if obj.IPTables.SyncPeriod.Duration == 0 {
|
||||
obj.IPTables.SyncPeriod = metav1.Duration{Duration: 30 * time.Second}
|
||||
}
|
||||
|
||||
@ -111,7 +111,6 @@ func autoConvert_v1alpha1_KubeProxyConfiguration_To_config_KubeProxyConfiguratio
|
||||
out.OOMScoreAdj = (*int32)(unsafe.Pointer(in.OOMScoreAdj))
|
||||
out.Mode = config.ProxyMode(in.Mode)
|
||||
out.PortRange = in.PortRange
|
||||
out.ResourceContainer = in.ResourceContainer
|
||||
out.UDPIdleTimeout = in.UDPIdleTimeout
|
||||
if err := Convert_v1alpha1_KubeProxyConntrackConfiguration_To_config_KubeProxyConntrackConfiguration(&in.Conntrack, &out.Conntrack, s); err != nil {
|
||||
return err
|
||||
@ -149,7 +148,6 @@ func autoConvert_config_KubeProxyConfiguration_To_v1alpha1_KubeProxyConfiguratio
|
||||
out.OOMScoreAdj = (*int32)(unsafe.Pointer(in.OOMScoreAdj))
|
||||
out.Mode = v1alpha1.ProxyMode(in.Mode)
|
||||
out.PortRange = in.PortRange
|
||||
out.ResourceContainer = in.ResourceContainer
|
||||
out.UDPIdleTimeout = in.UDPIdleTimeout
|
||||
if err := Convert_config_KubeProxyConntrackConfiguration_To_v1alpha1_KubeProxyConntrackConfiguration(&in.Conntrack, &out.Conntrack, s); err != nil {
|
||||
return err
|
||||
|
||||
@ -45,7 +45,6 @@ filegroup(
|
||||
"//pkg/util/prometheusclientgo:all-srcs",
|
||||
"//pkg/util/removeall:all-srcs",
|
||||
"//pkg/util/resizefs:all-srcs",
|
||||
"//pkg/util/resourcecontainer:all-srcs",
|
||||
"//pkg/util/rlimit:all-srcs",
|
||||
"//pkg/util/selinux:all-srcs",
|
||||
"//pkg/util/slice:all-srcs",
|
||||
|
||||
@ -1,35 +0,0 @@
|
||||
package(default_visibility = ["//visibility:public"])
|
||||
|
||||
load(
|
||||
"@io_bazel_rules_go//go:def.bzl",
|
||||
"go_library",
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = [
|
||||
"resource_container_linux.go",
|
||||
"resource_container_unsupported.go",
|
||||
],
|
||||
importpath = "k8s.io/kubernetes/pkg/util/resourcecontainer",
|
||||
deps = select({
|
||||
"@io_bazel_rules_go//go/platform:linux": [
|
||||
"//vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs:go_default_library",
|
||||
"//vendor/github.com/opencontainers/runc/libcontainer/configs:go_default_library",
|
||||
],
|
||||
"//conditions:default": [],
|
||||
}),
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [":package-srcs"],
|
||||
tags = ["automanaged"],
|
||||
)
|
||||
@ -1,45 +0,0 @@
|
||||
// +build linux
|
||||
|
||||
/*
|
||||
Copyright 2015 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package resourcecontainer
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/opencontainers/runc/libcontainer/cgroups/fs"
|
||||
"github.com/opencontainers/runc/libcontainer/configs"
|
||||
)
|
||||
|
||||
// RunInResourceContainer creates resource-only containerName if it does not already exist and moves
|
||||
// the current process to it.
|
||||
//
|
||||
// containerName must be an absolute container name.
|
||||
func RunInResourceContainer(containerName string) error {
|
||||
allowAllDevices := true
|
||||
manager := fs.Manager{
|
||||
Cgroups: &configs.Cgroup{
|
||||
Parent: "/",
|
||||
Name: containerName,
|
||||
Resources: &configs.Resources{
|
||||
AllowAllDevices: &allowAllDevices,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
return manager.Apply(os.Getpid())
|
||||
}
|
||||
@ -1,28 +0,0 @@
|
||||
// +build !linux
|
||||
|
||||
/*
|
||||
Copyright 2015 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package resourcecontainer
|
||||
|
||||
import (
|
||||
"errors"
|
||||
)
|
||||
|
||||
// RunInResourceContainer creates resource-only containerName unsupported.
|
||||
func RunInResourceContainer(containerName string) error {
|
||||
return errors.New("resource-only containers unsupported in this platform")
|
||||
}
|
||||
@ -131,9 +131,6 @@ type KubeProxyConfiguration struct {
|
||||
// portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
|
||||
// in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
|
||||
PortRange string `json:"portRange"`
|
||||
// resourceContainer is the bsolute name of the resource-only container to create and run
|
||||
// the Kube-proxy in (Default: /kube-proxy).
|
||||
ResourceContainer string `json:"resourceContainer"`
|
||||
// udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s').
|
||||
// Must be greater than 0. Only applicable for proxyMode=userspace.
|
||||
UDPIdleTimeout metav1.Duration `json:"udpIdleTimeout"`
|
||||
|
||||
Loading…
Reference in New Issue
Block a user