diff --git a/cluster/addons/kube-proxy/kube-proxy-ds.yaml b/cluster/addons/kube-proxy/kube-proxy-ds.yaml index fb28b02a4c8..c4a95ec6775 100644 --- a/cluster/addons/kube-proxy/kube-proxy-ds.yaml +++ b/cluster/addons/kube-proxy/kube-proxy-ds.yaml @@ -43,7 +43,7 @@ spec: command: - /bin/sh - -c - - kube-proxy {{cluster_cidr}} --resource-container="" --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1 + - kube-proxy {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1 env: - name: KUBERNETES_SERVICE_HOST value: {{kubernetes_service_host_env_value}} diff --git a/cluster/gce/manifests/kube-proxy.manifest b/cluster/gce/manifests/kube-proxy.manifest index 821eefe91e7..0dcc3c52ec5 100644 --- a/cluster/gce/manifests/kube-proxy.manifest +++ b/cluster/gce/manifests/kube-proxy.manifest @@ -29,7 +29,7 @@ spec: command: - /bin/sh - -c - - exec kube-proxy {{api_servers_with_port}} {{kubeconfig}} {{cluster_cidr}} --resource-container="" --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1 + - exec kube-proxy {{api_servers_with_port}} {{kubeconfig}} {{cluster_cidr}} --oom-score-adj=-998 {{params}} 1>>/var/log/kube-proxy.log 2>&1 {{container_env}} {{kube_cache_mutation_detector_env_name}} {{kube_cache_mutation_detector_env_value}} diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index 815efd390ba..631dd395d16 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -902,7 +902,6 @@ function construct-windows-kubeproxy-flags { # double-quotes, because they still break sc.exe after expansion in the # binPath parameter, and single-quotes get parsed as characters instead # of string delimiters. - flags+=" --resource-container=" KUBEPROXY_ARGS="${flags}" } diff --git a/cluster/gce/windows/k8s-node-setup.psm1 b/cluster/gce/windows/k8s-node-setup.psm1 index 2a1fbd9183b..f8c5ef9d553 100644 --- a/cluster/gce/windows/k8s-node-setup.psm1 +++ b/cluster/gce/windows/k8s-node-setup.psm1 @@ -972,7 +972,7 @@ function Start-WorkerServices { # generated by start-kube-proxy in configure-helper.sh and contains e.g.: # kube-proxy --master=https://35.239.84.171 # --kubeconfig=/var/lib/kube-proxy/kubeconfig --cluster-cidr=10.64.0.0/14 - # --resource-container="" --oom-score-adj=-998 --v=2 + # --oom-score-adj=-998 --v=2 # --feature-gates=ExperimentalCriticalPodAnnotation=true # --iptables-sync-period=1m --iptables-min-sync-period=10s # --ipvs-sync-period=1m --ipvs-min-sync-period=10s diff --git a/cmd/kube-proxy/app/BUILD b/cmd/kube-proxy/app/BUILD index 552a6cae68f..55a67682916 100644 --- a/cmd/kube-proxy/app/BUILD +++ b/cmd/kube-proxy/app/BUILD @@ -40,7 +40,6 @@ go_library( "//pkg/util/ipvs:go_default_library", "//pkg/util/mount:go_default_library", "//pkg/util/oom:go_default_library", - "//pkg/util/resourcecontainer:go_default_library", "//pkg/util/sysctl:go_default_library", "//pkg/version:go_default_library", "//pkg/version/verflag:go_default_library", diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go index f002f136484..508e28f44cc 100644 --- a/cmd/kube-proxy/app/server.go +++ b/cmd/kube-proxy/app/server.go @@ -69,7 +69,6 @@ import ( utiliptables "k8s.io/kubernetes/pkg/util/iptables" utilipvs "k8s.io/kubernetes/pkg/util/ipvs" "k8s.io/kubernetes/pkg/util/oom" - "k8s.io/kubernetes/pkg/util/resourcecontainer" "k8s.io/kubernetes/pkg/version" "k8s.io/kubernetes/pkg/version/verflag" "k8s.io/utils/exec" @@ -191,10 +190,6 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) { fs.BoolVar(&o.config.EnableProfiling, "profiling", o.config.EnableProfiling, "If true enables profiling via web interface on /debug/pprof handler.") fs.Float32Var(&o.config.ClientConnection.QPS, "kube-api-qps", o.config.ClientConnection.QPS, "QPS to use while talking with kubernetes apiserver") - - // All flags below here are deprecated and will eventually be removed. - fs.StringVar(&o.config.ResourceContainer, "resource-container", o.config.ResourceContainer, "Absolute name of the resource-only container to create and run the Kube-proxy in (Default: /kube-proxy).") - fs.MarkDeprecated("resource-container", "This feature will be removed in a later release.") } // NewOptions returns initialized Options @@ -484,7 +479,6 @@ type ProxyServer struct { MetricsBindAddress string EnableProfiling bool OOMScoreAdj *int32 - ResourceContainer string ConfigSyncPeriod time.Duration HealthzServer *healthcheck.HealthzServer } @@ -542,15 +536,6 @@ func (s *ProxyServer) Run() error { } } - if len(s.ResourceContainer) != 0 { - // Run in its own container. - if err := resourcecontainer.RunInResourceContainer(s.ResourceContainer); err != nil { - klog.Warningf("Failed to start in resource-only container %q: %v", s.ResourceContainer, err) - } else { - klog.V(2).Infof("Running in resource-only container %q", s.ResourceContainer) - } - } - if s.Broadcaster != nil && s.EventClient != nil { s.Broadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: s.EventClient.Events("")}) } diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index 1b31497db02..a86a9593cf5 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -231,7 +231,6 @@ func newProxyServer( MetricsBindAddress: config.MetricsBindAddress, EnableProfiling: config.EnableProfiling, OOMScoreAdj: config.OOMScoreAdj, - ResourceContainer: config.ResourceContainer, ConfigSyncPeriod: config.ConfigSyncPeriod.Duration, HealthzServer: healthzServer, }, nil diff --git a/cmd/kube-proxy/app/server_test.go b/cmd/kube-proxy/app/server_test.go index e037cf41f0d..78688db5d6d 100644 --- a/cmd/kube-proxy/app/server_test.go +++ b/cmd/kube-proxy/app/server_test.go @@ -188,7 +188,6 @@ metricsBindAddress: "%s" mode: "%s" oomScoreAdj: 17 portRange: "2-7" -resourceContainer: /foo udpIdleTimeout: 123ms nodePortAddresses: - "10.20.30.40/16" @@ -303,7 +302,6 @@ nodePortAddresses: Mode: kubeproxyconfig.ProxyMode(tc.mode), OOMScoreAdj: utilpointer.Int32Ptr(17), PortRange: "2-7", - ResourceContainer: "/foo", UDPIdleTimeout: metav1.Duration{Duration: 123 * time.Millisecond}, NodePortAddresses: []string{"10.20.30.40/16", "fd00:1::0/64"}, } @@ -437,7 +435,6 @@ mode: "" nodePortAddresses: null oomScoreAdj: -999 portRange: "" -resourceContainer: /kube-proxy udpIdleTimeout: 250ms`) if err != nil { return nil, "", fmt.Errorf("unexpected error when writing content to temp kube-proxy config file: %v", err) diff --git a/cmd/kube-proxy/app/server_windows.go b/cmd/kube-proxy/app/server_windows.go index 04ecf8fb0e1..b34e7e086ba 100644 --- a/cmd/kube-proxy/app/server_windows.go +++ b/cmd/kube-proxy/app/server_windows.go @@ -145,7 +145,6 @@ func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExi MetricsBindAddress: config.MetricsBindAddress, EnableProfiling: config.EnableProfiling, OOMScoreAdj: config.OOMScoreAdj, - ResourceContainer: config.ResourceContainer, ConfigSyncPeriod: config.ConfigSyncPeriod.Duration, HealthzServer: healthzServer, }, nil diff --git a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal.yaml b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal.yaml index 19a52551b48..21a41762eeb 100644 --- a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal.yaml +++ b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal.yaml @@ -64,7 +64,6 @@ ComponentConfigs: NodePortAddresses: null OOMScoreAdj: -999 PortRange: "" - ResourceContainer: /kube-proxy UDPIdleTimeout: 250ms Winkernel: EnableDSR: false diff --git a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal_non_linux.yaml b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal_non_linux.yaml index eff03ce2936..799d03fa1d2 100644 --- a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal_non_linux.yaml +++ b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/internal_non_linux.yaml @@ -64,7 +64,6 @@ ComponentConfigs: NodePortAddresses: null OOMScoreAdj: -999 PortRange: "" - ResourceContainer: /kube-proxy UDPIdleTimeout: 250ms Winkernel: EnableDSR: false diff --git a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1.yaml b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1.yaml index daaaf3c8faf..118310a2a3b 100644 --- a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1.yaml +++ b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1.yaml @@ -87,7 +87,6 @@ mode: iptables nodePortAddresses: null oomScoreAdj: -999 portRange: "" -resourceContainer: /kube-proxy udpIdleTimeout: 250ms winkernel: enableDSR: false diff --git a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1_non_linux.yaml b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1_non_linux.yaml index ce680d45081..dddf42df362 100644 --- a/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1_non_linux.yaml +++ b/cmd/kubeadm/app/util/config/testdata/conversion/controlplane/v1beta1_non_linux.yaml @@ -87,7 +87,6 @@ mode: iptables nodePortAddresses: null oomScoreAdj: -999 portRange: "" -resourceContainer: /kube-proxy udpIdleTimeout: 250ms winkernel: enableDSR: false diff --git a/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted.yaml b/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted.yaml index fc9a880b3fa..1e08692f727 100644 --- a/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted.yaml +++ b/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted.yaml @@ -73,7 +73,6 @@ mode: "" nodePortAddresses: null oomScoreAdj: -999 portRange: "" -resourceContainer: /kube-proxy udpIdleTimeout: 250ms winkernel: enableDSR: false diff --git a/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted_non_linux.yaml b/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted_non_linux.yaml index ca5d7ecd98d..0f982e2c8de 100644 --- a/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted_non_linux.yaml +++ b/cmd/kubeadm/app/util/config/testdata/defaulting/controlplane/defaulted_non_linux.yaml @@ -73,7 +73,6 @@ mode: "" nodePortAddresses: null oomScoreAdj: -999 portRange: "" -resourceContainer: /kube-proxy udpIdleTimeout: 250ms winkernel: enableDSR: false diff --git a/pkg/kubemark/hollow_proxy.go b/pkg/kubemark/hollow_proxy.go index 600a97b295b..e2665845f1f 100644 --- a/pkg/kubemark/hollow_proxy.go +++ b/pkg/kubemark/hollow_proxy.go @@ -107,17 +107,16 @@ func NewHollowProxyOrDie( } return &HollowProxy{ ProxyServer: &proxyapp.ProxyServer{ - Client: client, - EventClient: eventClient, - IptInterface: iptInterface, - Proxier: proxier, - Broadcaster: broadcaster, - Recorder: recorder, - ProxyMode: "fake", - NodeRef: nodeRef, - OOMScoreAdj: utilpointer.Int32Ptr(0), - ResourceContainer: "", - ConfigSyncPeriod: 30 * time.Second, + Client: client, + EventClient: eventClient, + IptInterface: iptInterface, + Proxier: proxier, + Broadcaster: broadcaster, + Recorder: recorder, + ProxyMode: "fake", + NodeRef: nodeRef, + OOMScoreAdj: utilpointer.Int32Ptr(0), + ConfigSyncPeriod: 30 * time.Second, }, }, nil } diff --git a/pkg/proxy/apis/config/fuzzer/fuzzer.go b/pkg/proxy/apis/config/fuzzer/fuzzer.go index e64f60ba14b..343f9ba67af 100644 --- a/pkg/proxy/apis/config/fuzzer/fuzzer.go +++ b/pkg/proxy/apis/config/fuzzer/fuzzer.go @@ -44,7 +44,6 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} { obj.IPTables.MasqueradeBit = utilpointer.Int32Ptr(c.Int31()) obj.MetricsBindAddress = fmt.Sprintf("%d.%d.%d.%d:%d", c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(256), c.Intn(65536)) obj.OOMScoreAdj = utilpointer.Int32Ptr(c.Int31()) - obj.ResourceContainer = "foo" obj.ClientConnection.ContentType = "bar" obj.NodePortAddresses = []string{"1.2.3.0/24"} }, diff --git a/pkg/proxy/apis/config/types.go b/pkg/proxy/apis/config/types.go index 0131cc02fa1..991a9096b6e 100644 --- a/pkg/proxy/apis/config/types.go +++ b/pkg/proxy/apis/config/types.go @@ -135,9 +135,6 @@ type KubeProxyConfiguration struct { // portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed // in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. PortRange string - // resourceContainer is the absolute name of the resource-only container to create and run - // the Kube-proxy in (Default: /kube-proxy). - ResourceContainer string // udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s'). // Must be greater than 0. Only applicable for proxyMode=userspace. UDPIdleTimeout metav1.Duration diff --git a/pkg/proxy/apis/config/v1alpha1/defaults.go b/pkg/proxy/apis/config/v1alpha1/defaults.go index da018b33cdd..a80f94313a6 100644 --- a/pkg/proxy/apis/config/v1alpha1/defaults.go +++ b/pkg/proxy/apis/config/v1alpha1/defaults.go @@ -58,9 +58,6 @@ func SetDefaults_KubeProxyConfiguration(obj *kubeproxyconfigv1alpha1.KubeProxyCo temp := int32(qos.KubeProxyOOMScoreAdj) obj.OOMScoreAdj = &temp } - if obj.ResourceContainer == "" { - obj.ResourceContainer = "/kube-proxy" - } if obj.IPTables.SyncPeriod.Duration == 0 { obj.IPTables.SyncPeriod = metav1.Duration{Duration: 30 * time.Second} } diff --git a/pkg/proxy/apis/config/v1alpha1/zz_generated.conversion.go b/pkg/proxy/apis/config/v1alpha1/zz_generated.conversion.go index 11dc5a0c877..0f6248af45c 100644 --- a/pkg/proxy/apis/config/v1alpha1/zz_generated.conversion.go +++ b/pkg/proxy/apis/config/v1alpha1/zz_generated.conversion.go @@ -111,7 +111,6 @@ func autoConvert_v1alpha1_KubeProxyConfiguration_To_config_KubeProxyConfiguratio out.OOMScoreAdj = (*int32)(unsafe.Pointer(in.OOMScoreAdj)) out.Mode = config.ProxyMode(in.Mode) out.PortRange = in.PortRange - out.ResourceContainer = in.ResourceContainer out.UDPIdleTimeout = in.UDPIdleTimeout if err := Convert_v1alpha1_KubeProxyConntrackConfiguration_To_config_KubeProxyConntrackConfiguration(&in.Conntrack, &out.Conntrack, s); err != nil { return err @@ -149,7 +148,6 @@ func autoConvert_config_KubeProxyConfiguration_To_v1alpha1_KubeProxyConfiguratio out.OOMScoreAdj = (*int32)(unsafe.Pointer(in.OOMScoreAdj)) out.Mode = v1alpha1.ProxyMode(in.Mode) out.PortRange = in.PortRange - out.ResourceContainer = in.ResourceContainer out.UDPIdleTimeout = in.UDPIdleTimeout if err := Convert_config_KubeProxyConntrackConfiguration_To_v1alpha1_KubeProxyConntrackConfiguration(&in.Conntrack, &out.Conntrack, s); err != nil { return err diff --git a/pkg/util/BUILD b/pkg/util/BUILD index 9198cdad66e..7504f96968d 100644 --- a/pkg/util/BUILD +++ b/pkg/util/BUILD @@ -45,7 +45,6 @@ filegroup( "//pkg/util/prometheusclientgo:all-srcs", "//pkg/util/removeall:all-srcs", "//pkg/util/resizefs:all-srcs", - "//pkg/util/resourcecontainer:all-srcs", "//pkg/util/rlimit:all-srcs", "//pkg/util/selinux:all-srcs", "//pkg/util/slice:all-srcs", diff --git a/pkg/util/resourcecontainer/BUILD b/pkg/util/resourcecontainer/BUILD deleted file mode 100644 index 94cd8fd9414..00000000000 --- a/pkg/util/resourcecontainer/BUILD +++ /dev/null @@ -1,35 +0,0 @@ -package(default_visibility = ["//visibility:public"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", -) - -go_library( - name = "go_default_library", - srcs = [ - "resource_container_linux.go", - "resource_container_unsupported.go", - ], - importpath = "k8s.io/kubernetes/pkg/util/resourcecontainer", - deps = select({ - "@io_bazel_rules_go//go/platform:linux": [ - "//vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs:go_default_library", - "//vendor/github.com/opencontainers/runc/libcontainer/configs:go_default_library", - ], - "//conditions:default": [], - }), -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [":package-srcs"], - tags = ["automanaged"], -) diff --git a/pkg/util/resourcecontainer/resource_container_linux.go b/pkg/util/resourcecontainer/resource_container_linux.go deleted file mode 100644 index efb65468576..00000000000 --- a/pkg/util/resourcecontainer/resource_container_linux.go +++ /dev/null @@ -1,45 +0,0 @@ -// +build linux - -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcecontainer - -import ( - "os" - - "github.com/opencontainers/runc/libcontainer/cgroups/fs" - "github.com/opencontainers/runc/libcontainer/configs" -) - -// RunInResourceContainer creates resource-only containerName if it does not already exist and moves -// the current process to it. -// -// containerName must be an absolute container name. -func RunInResourceContainer(containerName string) error { - allowAllDevices := true - manager := fs.Manager{ - Cgroups: &configs.Cgroup{ - Parent: "/", - Name: containerName, - Resources: &configs.Resources{ - AllowAllDevices: &allowAllDevices, - }, - }, - } - - return manager.Apply(os.Getpid()) -} diff --git a/pkg/util/resourcecontainer/resource_container_unsupported.go b/pkg/util/resourcecontainer/resource_container_unsupported.go deleted file mode 100644 index 2c9db7b064c..00000000000 --- a/pkg/util/resourcecontainer/resource_container_unsupported.go +++ /dev/null @@ -1,28 +0,0 @@ -// +build !linux - -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resourcecontainer - -import ( - "errors" -) - -// RunInResourceContainer creates resource-only containerName unsupported. -func RunInResourceContainer(containerName string) error { - return errors.New("resource-only containers unsupported in this platform") -} diff --git a/staging/src/k8s.io/kube-proxy/config/v1alpha1/types.go b/staging/src/k8s.io/kube-proxy/config/v1alpha1/types.go index 8d7e064a1f4..8bc7894e481 100644 --- a/staging/src/k8s.io/kube-proxy/config/v1alpha1/types.go +++ b/staging/src/k8s.io/kube-proxy/config/v1alpha1/types.go @@ -131,9 +131,6 @@ type KubeProxyConfiguration struct { // portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed // in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. PortRange string `json:"portRange"` - // resourceContainer is the bsolute name of the resource-only container to create and run - // the Kube-proxy in (Default: /kube-proxy). - ResourceContainer string `json:"resourceContainer"` // udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s'). // Must be greater than 0. Only applicable for proxyMode=userspace. UDPIdleTimeout metav1.Duration `json:"udpIdleTimeout"`