diff --git a/api/api-rules/violation_exceptions.list b/api/api-rules/violation_exceptions.list index 599e55546cb..3261799ceb6 100644 --- a/api/api-rules/violation_exceptions.list +++ b/api/api-rules/violation_exceptions.list @@ -487,6 +487,9 @@ API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,E API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,EndpointSliceControllerConfiguration,ConcurrentServiceEndpointSyncs API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,EndpointSliceControllerConfiguration,EndpointUpdatesBatchPeriod API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,EndpointSliceControllerConfiguration,MaxEndpointsPerSlice +API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,EndpointSliceMirroringControllerConfiguration,MirroringConcurrentServiceEndpointSyncs +API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,EndpointSliceMirroringControllerConfiguration,MirroringEndpointUpdatesBatchPeriod +API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,EndpointSliceMirroringControllerConfiguration,MirroringMaxEndpointsPerSubset API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,GarbageCollectorControllerConfiguration,ConcurrentGCSyncs API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,GarbageCollectorControllerConfiguration,EnableGarbageCollector API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,GarbageCollectorControllerConfiguration,GCIgnoredResources @@ -528,6 +531,7 @@ API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,K API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,KubeControllerManagerConfiguration,DeprecatedController API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,KubeControllerManagerConfiguration,EndpointController API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,KubeControllerManagerConfiguration,EndpointSliceController +API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,KubeControllerManagerConfiguration,EndpointSliceMirroringController API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,KubeControllerManagerConfiguration,GarbageCollectorController API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,KubeControllerManagerConfiguration,Generic API rule violation: names_match,k8s.io/kube-controller-manager/config/v1alpha1,KubeControllerManagerConfiguration,HPAController diff --git a/cmd/cloud-controller-manager/.import-restrictions b/cmd/cloud-controller-manager/.import-restrictions index 962ddf3bd50..5067ab530a2 100644 --- a/cmd/cloud-controller-manager/.import-restrictions +++ b/cmd/cloud-controller-manager/.import-restrictions @@ -39,6 +39,8 @@ rules: - k8s.io/kubernetes/pkg/controller/endpoint/config/v1alpha1 - k8s.io/kubernetes/pkg/controller/endpointslice/config - k8s.io/kubernetes/pkg/controller/endpointslice/config/v1alpha1 + - k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config + - k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config/v1alpha1 - k8s.io/kubernetes/pkg/controller/garbagecollector/config - k8s.io/kubernetes/pkg/controller/garbagecollector/config/v1alpha1 - k8s.io/kubernetes/pkg/controller/job/config diff --git a/cmd/kube-controller-manager/app/BUILD b/cmd/kube-controller-manager/app/BUILD index 14962b7bda0..c857ce59358 100644 --- a/cmd/kube-controller-manager/app/BUILD +++ b/cmd/kube-controller-manager/app/BUILD @@ -56,6 +56,7 @@ go_library( "//pkg/controller/disruption:go_default_library", "//pkg/controller/endpoint:go_default_library", "//pkg/controller/endpointslice:go_default_library", + "//pkg/controller/endpointslicemirroring:go_default_library", "//pkg/controller/garbagecollector:go_default_library", "//pkg/controller/job:go_default_library", "//pkg/controller/namespace:go_default_library", diff --git a/cmd/kube-controller-manager/app/controllermanager.go b/cmd/kube-controller-manager/app/controllermanager.go index 6eb12fe70dc..98c8281f041 100644 --- a/cmd/kube-controller-manager/app/controllermanager.go +++ b/cmd/kube-controller-manager/app/controllermanager.go @@ -387,6 +387,7 @@ func NewControllerInitializers(loopMode ControllerLoopMode) map[string]InitFunc controllers := map[string]InitFunc{} controllers["endpoint"] = startEndpointController controllers["endpointslice"] = startEndpointSliceController + controllers["endpointslicemirroring"] = startEndpointSliceMirroringController controllers["replicationcontroller"] = startReplicationController controllers["podgc"] = startPodGCController controllers["resourcequota"] = startResourceQuotaController diff --git a/cmd/kube-controller-manager/app/core_test.go b/cmd/kube-controller-manager/app/core_test.go index 1ca43f6ce7e..9fdc70dcb5a 100644 --- a/cmd/kube-controller-manager/app/core_test.go +++ b/cmd/kube-controller-manager/app/core_test.go @@ -97,8 +97,10 @@ type controllerInitFunc func(ControllerContext) (http.Handler, bool, error) func TestController_DiscoveryError(t *testing.T) { controllerInitFuncMap := map[string]controllerInitFunc{ - "ResourceQuotaController": startResourceQuotaController, - "GarbageCollectorController": startGarbageCollectorController, + "ResourceQuotaController": startResourceQuotaController, + "GarbageCollectorController": startGarbageCollectorController, + "EndpointSliceController": startEndpointSliceController, + "EndpointSliceMirroringController": startEndpointSliceMirroringController, } tcs := map[string]struct { diff --git a/cmd/kube-controller-manager/app/discovery.go b/cmd/kube-controller-manager/app/discovery.go index 81af5b40832..e0d2421e047 100644 --- a/cmd/kube-controller-manager/app/discovery.go +++ b/cmd/kube-controller-manager/app/discovery.go @@ -27,12 +27,13 @@ import ( utilfeature "k8s.io/apiserver/pkg/util/feature" "k8s.io/klog/v2" endpointslicecontroller "k8s.io/kubernetes/pkg/controller/endpointslice" + endpointslicemirroringcontroller "k8s.io/kubernetes/pkg/controller/endpointslicemirroring" "k8s.io/kubernetes/pkg/features" ) func startEndpointSliceController(ctx ControllerContext) (http.Handler, bool, error) { if !utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) { - klog.V(4).Infof("Not starting endpointslice-controller since EndpointSlice feature gate is disabled") + klog.V(2).Infof("Not starting endpointslice-controller since EndpointSlice feature gate is disabled") return nil, false, nil } @@ -52,3 +53,25 @@ func startEndpointSliceController(ctx ControllerContext) (http.Handler, bool, er ).Run(int(ctx.ComponentConfig.EndpointSliceController.ConcurrentServiceEndpointSyncs), ctx.Stop) return nil, true, nil } + +func startEndpointSliceMirroringController(ctx ControllerContext) (http.Handler, bool, error) { + if !utilfeature.DefaultFeatureGate.Enabled(features.EndpointSlice) { + klog.V(2).Infof("Not starting endpointslicemirroring-controller since EndpointSlice feature gate is disabled") + return nil, false, nil + } + + if !ctx.AvailableResources[discoveryv1beta1.SchemeGroupVersion.WithResource("endpointslices")] { + klog.Warningf("Not starting endpointslicemirroring-controller since discovery.k8s.io/v1beta1 resources are not available") + return nil, false, nil + } + + go endpointslicemirroringcontroller.NewController( + ctx.InformerFactory.Core().V1().Endpoints(), + ctx.InformerFactory.Discovery().V1beta1().EndpointSlices(), + ctx.InformerFactory.Core().V1().Services(), + ctx.ComponentConfig.EndpointSliceMirroringController.MirroringMaxEndpointsPerSubset, + ctx.ClientBuilder.ClientOrDie("endpointslicemirroring-controller"), + ctx.ComponentConfig.EndpointSliceMirroringController.MirroringEndpointUpdatesBatchPeriod.Duration, + ).Run(int(ctx.ComponentConfig.EndpointSliceMirroringController.MirroringConcurrentServiceEndpointSyncs), ctx.Stop) + return nil, true, nil +} diff --git a/cmd/kube-controller-manager/app/options/BUILD b/cmd/kube-controller-manager/app/options/BUILD index c4f3b148798..5ea12a3d846 100644 --- a/cmd/kube-controller-manager/app/options/BUILD +++ b/cmd/kube-controller-manager/app/options/BUILD @@ -16,6 +16,7 @@ go_library( "deprecatedcontroller.go", "endpointcontroller.go", "endpointslicecontroller.go", + "endpointslicemirroringcontroller.go", "garbagecollectorcontroller.go", "hpacontroller.go", "jobcontroller.go", @@ -43,6 +44,7 @@ go_library( "//pkg/controller/deployment/config:go_default_library", "//pkg/controller/endpoint/config:go_default_library", "//pkg/controller/endpointslice/config:go_default_library", + "//pkg/controller/endpointslicemirroring/config:go_default_library", "//pkg/controller/garbagecollector:go_default_library", "//pkg/controller/garbagecollector/config:go_default_library", "//pkg/controller/job/config:go_default_library", @@ -104,6 +106,7 @@ go_test( "//pkg/controller/deployment/config:go_default_library", "//pkg/controller/endpoint/config:go_default_library", "//pkg/controller/endpointslice/config:go_default_library", + "//pkg/controller/endpointslicemirroring/config:go_default_library", "//pkg/controller/garbagecollector/config:go_default_library", "//pkg/controller/job/config:go_default_library", "//pkg/controller/namespace/config:go_default_library", diff --git a/cmd/kube-controller-manager/app/options/endpointslicemirroringcontroller.go b/cmd/kube-controller-manager/app/options/endpointslicemirroringcontroller.go new file mode 100644 index 00000000000..b76f4e0298b --- /dev/null +++ b/cmd/kube-controller-manager/app/options/endpointslicemirroringcontroller.go @@ -0,0 +1,86 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package options + +import ( + "fmt" + + "github.com/spf13/pflag" + + endpointslicemirroringconfig "k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config" +) + +const ( + mirroringMinConcurrentServiceEndpointSyncs = 1 + mirroringMaxConcurrentServiceEndpointSyncs = 50 + mirroringMinMaxEndpointsPerSubset = 1 + mirroringMaxMaxEndpointsPerSubset = 1000 +) + +// EndpointSliceMirroringControllerOptions holds the +// EndpointSliceMirroringController options. +type EndpointSliceMirroringControllerOptions struct { + *endpointslicemirroringconfig.EndpointSliceMirroringControllerConfiguration +} + +// AddFlags adds flags related to EndpointSliceMirroringController for +// controller manager to the specified FlagSet. +func (o *EndpointSliceMirroringControllerOptions) AddFlags(fs *pflag.FlagSet) { + if o == nil { + return + } + + fs.Int32Var(&o.MirroringConcurrentServiceEndpointSyncs, "mirroring-concurrent-service-endpoint-syncs", o.MirroringConcurrentServiceEndpointSyncs, "The number of service endpoint syncing operations that will be done concurrently by the EndpointSliceMirroring controller. Larger number = faster endpoint slice updating, but more CPU (and network) load. Defaults to 5.") + fs.Int32Var(&o.MirroringMaxEndpointsPerSubset, "mirroring-max-endpoints-per-subset", o.MirroringMaxEndpointsPerSubset, "The maximum number of endpoints that will be added to an EndpointSlice by the EndpointSliceMirroring controller. More endpoints per slice will result in less endpoint slices, but larger resources. Defaults to 100.") + fs.DurationVar(&o.MirroringEndpointUpdatesBatchPeriod.Duration, "mirroring-endpointslice-updates-batch-period", o.MirroringEndpointUpdatesBatchPeriod.Duration, "The length of EndpointSlice updates batching period for EndpointSliceMirroring controller. Processing of EndpointSlice changes will be delayed by this duration to join them with potential upcoming updates and reduce the overall number of EndpointSlice updates. Larger number = higher endpoint programming latency, but lower number of endpoints revision generated") +} + +// ApplyTo fills up EndpointSliceMirroringController config with options. +func (o *EndpointSliceMirroringControllerOptions) ApplyTo(cfg *endpointslicemirroringconfig.EndpointSliceMirroringControllerConfiguration) error { + if o == nil { + return nil + } + + cfg.MirroringConcurrentServiceEndpointSyncs = o.MirroringConcurrentServiceEndpointSyncs + cfg.MirroringMaxEndpointsPerSubset = o.MirroringMaxEndpointsPerSubset + cfg.MirroringEndpointUpdatesBatchPeriod = o.MirroringEndpointUpdatesBatchPeriod + + return nil +} + +// Validate checks validation of EndpointSliceMirroringControllerOptions. +func (o *EndpointSliceMirroringControllerOptions) Validate() []error { + if o == nil { + return nil + } + + errs := []error{} + + if o.MirroringConcurrentServiceEndpointSyncs < mirroringMinConcurrentServiceEndpointSyncs { + errs = append(errs, fmt.Errorf("mirroring-concurrent-service-endpoint-syncs must not be less than %d, but got %d", mirroringMinConcurrentServiceEndpointSyncs, o.MirroringConcurrentServiceEndpointSyncs)) + } else if o.MirroringConcurrentServiceEndpointSyncs > mirroringMaxConcurrentServiceEndpointSyncs { + errs = append(errs, fmt.Errorf("mirroring-concurrent-service-endpoint-syncs must not be more than %d, but got %d", mirroringMaxConcurrentServiceEndpointSyncs, o.MirroringConcurrentServiceEndpointSyncs)) + } + + if o.MirroringMaxEndpointsPerSubset < mirroringMinMaxEndpointsPerSubset { + errs = append(errs, fmt.Errorf("mirroring-max-endpoints-per-subset must not be less than %d, but got %d", mirroringMinMaxEndpointsPerSubset, o.MirroringMaxEndpointsPerSubset)) + } else if o.MirroringMaxEndpointsPerSubset > mirroringMaxMaxEndpointsPerSubset { + errs = append(errs, fmt.Errorf("mirroring-max-endpoints-per-subset must not be more than %d, but got %d", mirroringMaxMaxEndpointsPerSubset, o.MirroringMaxEndpointsPerSubset)) + } + + return errs +} diff --git a/cmd/kube-controller-manager/app/options/options.go b/cmd/kube-controller-manager/app/options/options.go index 0ee27b178d2..eea668775a7 100644 --- a/cmd/kube-controller-manager/app/options/options.go +++ b/cmd/kube-controller-manager/app/options/options.go @@ -66,6 +66,7 @@ type KubeControllerManagerOptions struct { DeprecatedFlags *DeprecatedControllerOptions EndpointController *EndpointControllerOptions EndpointSliceController *EndpointSliceControllerOptions + EndpointSliceMirroringController *EndpointSliceMirroringControllerOptions GarbageCollectorController *GarbageCollectorControllerOptions HPAController *HPAControllerOptions JobController *JobControllerOptions @@ -129,6 +130,9 @@ func NewKubeControllerManagerOptions() (*KubeControllerManagerOptions, error) { EndpointSliceController: &EndpointSliceControllerOptions{ &componentConfig.EndpointSliceController, }, + EndpointSliceMirroringController: &EndpointSliceMirroringControllerOptions{ + &componentConfig.EndpointSliceMirroringController, + }, GarbageCollectorController: &GarbageCollectorControllerOptions{ &componentConfig.GarbageCollectorController, }, @@ -233,6 +237,7 @@ func (s *KubeControllerManagerOptions) Flags(allControllers []string, disabledBy s.DeprecatedFlags.AddFlags(fss.FlagSet("deprecated")) s.EndpointController.AddFlags(fss.FlagSet("endpoint controller")) s.EndpointSliceController.AddFlags(fss.FlagSet("endpointslice controller")) + s.EndpointSliceMirroringController.AddFlags(fss.FlagSet("endpointslicemirroring controller")) s.GarbageCollectorController.AddFlags(fss.FlagSet("garbagecollector controller")) s.HPAController.AddFlags(fss.FlagSet("horizontalpodautoscaling controller")) s.JobController.AddFlags(fss.FlagSet("job controller")) @@ -288,6 +293,9 @@ func (s *KubeControllerManagerOptions) ApplyTo(c *kubecontrollerconfig.Config) e if err := s.EndpointSliceController.ApplyTo(&c.ComponentConfig.EndpointSliceController); err != nil { return err } + if err := s.EndpointSliceMirroringController.ApplyTo(&c.ComponentConfig.EndpointSliceMirroringController); err != nil { + return err + } if err := s.GarbageCollectorController.ApplyTo(&c.ComponentConfig.GarbageCollectorController); err != nil { return err } @@ -367,6 +375,7 @@ func (s *KubeControllerManagerOptions) Validate(allControllers []string, disable errs = append(errs, s.DeprecatedFlags.Validate()...) errs = append(errs, s.EndpointController.Validate()...) errs = append(errs, s.EndpointSliceController.Validate()...) + errs = append(errs, s.EndpointSliceMirroringController.Validate()...) errs = append(errs, s.GarbageCollectorController.Validate()...) errs = append(errs, s.HPAController.Validate()...) errs = append(errs, s.JobController.Validate()...) diff --git a/cmd/kube-controller-manager/app/options/options_test.go b/cmd/kube-controller-manager/app/options/options_test.go index 5240d15d510..b6a6140489e 100644 --- a/cmd/kube-controller-manager/app/options/options_test.go +++ b/cmd/kube-controller-manager/app/options/options_test.go @@ -38,6 +38,7 @@ import ( deploymentconfig "k8s.io/kubernetes/pkg/controller/deployment/config" endpointconfig "k8s.io/kubernetes/pkg/controller/endpoint/config" endpointsliceconfig "k8s.io/kubernetes/pkg/controller/endpointslice/config" + endpointslicemirroringconfig "k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config" garbagecollectorconfig "k8s.io/kubernetes/pkg/controller/garbagecollector/config" jobconfig "k8s.io/kubernetes/pkg/controller/job/config" namespaceconfig "k8s.io/kubernetes/pkg/controller/namespace/config" @@ -110,6 +111,8 @@ var args = []string{ "--master=192.168.4.20", "--max-endpoints-per-slice=200", "--min-resync-period=8h", + "--mirroring-concurrent-service-endpoint-syncs=2", + "--mirroring-max-endpoints-per-subset=1000", "--namespace-sync-period=10m", "--node-cidr-mask-size=48", "--node-cidr-mask-size-ipv4=48", @@ -250,6 +253,12 @@ func TestAddFlags(t *testing.T) { MaxEndpointsPerSlice: 200, }, }, + EndpointSliceMirroringController: &EndpointSliceMirroringControllerOptions{ + &endpointslicemirroringconfig.EndpointSliceMirroringControllerConfiguration{ + MirroringConcurrentServiceEndpointSyncs: 2, + MirroringMaxEndpointsPerSubset: 1000, + }, + }, GarbageCollectorController: &GarbageCollectorControllerOptions{ &garbagecollectorconfig.GarbageCollectorControllerConfiguration{ ConcurrentGCSyncs: 30, @@ -481,6 +490,10 @@ func TestApplyTo(t *testing.T) { ConcurrentServiceEndpointSyncs: 10, MaxEndpointsPerSlice: 200, }, + EndpointSliceMirroringController: endpointslicemirroringconfig.EndpointSliceMirroringControllerConfiguration{ + MirroringConcurrentServiceEndpointSyncs: 2, + MirroringMaxEndpointsPerSubset: 1000, + }, GarbageCollectorController: garbagecollectorconfig.GarbageCollectorControllerConfiguration{ ConcurrentGCSyncs: 30, GCIgnoredResources: []garbagecollectorconfig.GroupResource{ diff --git a/hack/.golint_failures b/hack/.golint_failures index d61c97c5bbe..a3066328fbc 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -59,6 +59,7 @@ pkg/controller/disruption pkg/controller/endpoint pkg/controller/endpoint/config/v1alpha1 pkg/controller/endpointslice/config/v1alpha1 +pkg/controller/endpointslicemirroring/config/v1alpha1 pkg/controller/garbagecollector pkg/controller/garbagecollector/config/v1alpha1 pkg/controller/job/config/v1alpha1 diff --git a/pkg/controller/BUILD b/pkg/controller/BUILD index b2adf479bad..c5e57c6c044 100644 --- a/pkg/controller/BUILD +++ b/pkg/controller/BUILD @@ -115,6 +115,7 @@ filegroup( "//pkg/controller/disruption:all-srcs", "//pkg/controller/endpoint:all-srcs", "//pkg/controller/endpointslice:all-srcs", + "//pkg/controller/endpointslicemirroring:all-srcs", "//pkg/controller/garbagecollector:all-srcs", "//pkg/controller/history:all-srcs", "//pkg/controller/job:all-srcs", diff --git a/pkg/controller/apis/config/BUILD b/pkg/controller/apis/config/BUILD index ae35f0823a6..f5340ed02bd 100644 --- a/pkg/controller/apis/config/BUILD +++ b/pkg/controller/apis/config/BUILD @@ -16,6 +16,7 @@ go_library( "//pkg/controller/deployment/config:go_default_library", "//pkg/controller/endpoint/config:go_default_library", "//pkg/controller/endpointslice/config:go_default_library", + "//pkg/controller/endpointslicemirroring/config:go_default_library", "//pkg/controller/garbagecollector/config:go_default_library", "//pkg/controller/job/config:go_default_library", "//pkg/controller/namespace/config:go_default_library", diff --git a/pkg/controller/apis/config/types.go b/pkg/controller/apis/config/types.go index b9f1d0f8fcc..1548cfc1c24 100644 --- a/pkg/controller/apis/config/types.go +++ b/pkg/controller/apis/config/types.go @@ -24,6 +24,7 @@ import ( deploymentconfig "k8s.io/kubernetes/pkg/controller/deployment/config" endpointconfig "k8s.io/kubernetes/pkg/controller/endpoint/config" endpointsliceconfig "k8s.io/kubernetes/pkg/controller/endpointslice/config" + endpointslicemirroringconfig "k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config" garbagecollectorconfig "k8s.io/kubernetes/pkg/controller/garbagecollector/config" jobconfig "k8s.io/kubernetes/pkg/controller/job/config" namespaceconfig "k8s.io/kubernetes/pkg/controller/namespace/config" @@ -78,6 +79,9 @@ type KubeControllerManagerConfiguration struct { // EndpointSliceControllerConfiguration holds configuration for // EndpointSliceController related features. EndpointSliceController endpointsliceconfig.EndpointSliceControllerConfiguration + // EndpointSliceMirroringControllerConfiguration holds configuration for + // EndpointSliceMirroringController related features. + EndpointSliceMirroringController endpointslicemirroringconfig.EndpointSliceMirroringControllerConfiguration // GarbageCollectorControllerConfiguration holds configuration for // GarbageCollectorController related features. GarbageCollectorController garbagecollectorconfig.GarbageCollectorControllerConfiguration diff --git a/pkg/controller/apis/config/v1alpha1/BUILD b/pkg/controller/apis/config/v1alpha1/BUILD index 75f0021b17d..82d2e12570c 100644 --- a/pkg/controller/apis/config/v1alpha1/BUILD +++ b/pkg/controller/apis/config/v1alpha1/BUILD @@ -20,6 +20,7 @@ go_library( "//pkg/controller/deployment/config/v1alpha1:go_default_library", "//pkg/controller/endpoint/config/v1alpha1:go_default_library", "//pkg/controller/endpointslice/config/v1alpha1:go_default_library", + "//pkg/controller/endpointslicemirroring/config/v1alpha1:go_default_library", "//pkg/controller/garbagecollector/config/v1alpha1:go_default_library", "//pkg/controller/job/config/v1alpha1:go_default_library", "//pkg/controller/namespace/config/v1alpha1:go_default_library", diff --git a/pkg/controller/apis/config/v1alpha1/defaults.go b/pkg/controller/apis/config/v1alpha1/defaults.go index 6074d55a009..d97580f8b3a 100644 --- a/pkg/controller/apis/config/v1alpha1/defaults.go +++ b/pkg/controller/apis/config/v1alpha1/defaults.go @@ -28,6 +28,7 @@ import ( deploymentconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/deployment/config/v1alpha1" endpointconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/endpoint/config/v1alpha1" endpointsliceconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/endpointslice/config/v1alpha1" + endpointslicemirroringconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config/v1alpha1" garbagecollectorconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/garbagecollector/config/v1alpha1" jobconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/job/config/v1alpha1" namespaceconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/namespace/config/v1alpha1" @@ -81,6 +82,8 @@ func SetDefaults_KubeControllerManagerConfiguration(obj *kubectrlmgrconfigv1alph endpointconfigv1alpha1.RecommendedDefaultEndpointControllerConfiguration(&obj.EndpointController) // Use the default RecommendedDefaultEndpointSliceControllerConfiguration options endpointsliceconfigv1alpha1.RecommendedDefaultEndpointSliceControllerConfiguration(&obj.EndpointSliceController) + // Use the default RecommendedDefaultEndpointSliceMirroringControllerConfiguration options + endpointslicemirroringconfigv1alpha1.RecommendedDefaultEndpointSliceMirroringControllerConfiguration(&obj.EndpointSliceMirroringController) // Use the default RecommendedDefaultGenericControllerManagerConfiguration options garbagecollectorconfigv1alpha1.RecommendedDefaultGarbageCollectorControllerConfiguration(&obj.GarbageCollectorController) // Use the default RecommendedDefaultJobControllerConfiguration options diff --git a/pkg/controller/apis/config/v1alpha1/doc.go b/pkg/controller/apis/config/v1alpha1/doc.go index bacd8cda6c4..8efb8e3acc4 100644 --- a/pkg/controller/apis/config/v1alpha1/doc.go +++ b/pkg/controller/apis/config/v1alpha1/doc.go @@ -23,6 +23,8 @@ limitations under the License. // +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/endpoint/config/v1alpha1 // +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/endpointslice/config/v1alpha1 // +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/garbagecollector/config/v1alpha1 +// +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/endpointslice/config/v1alpha1 +// +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config/v1alpha1 // +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/job/config/v1alpha1 // +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/namespace/config/v1alpha1 // +k8s:conversion-gen=k8s.io/kubernetes/pkg/controller/nodeipam/config/v1alpha1 diff --git a/pkg/controller/apis/config/v1alpha1/zz_generated.conversion.go b/pkg/controller/apis/config/v1alpha1/zz_generated.conversion.go index d74cb218e3a..a93b332a4c9 100644 --- a/pkg/controller/apis/config/v1alpha1/zz_generated.conversion.go +++ b/pkg/controller/apis/config/v1alpha1/zz_generated.conversion.go @@ -34,6 +34,7 @@ import ( deploymentconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/deployment/config/v1alpha1" endpointconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/endpoint/config/v1alpha1" endpointsliceconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/endpointslice/config/v1alpha1" + endpointslicemirroringconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/endpointslicemirroring/config/v1alpha1" garbagecollectorconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/garbagecollector/config/v1alpha1" jobconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/job/config/v1alpha1" namespaceconfigv1alpha1 "k8s.io/kubernetes/pkg/controller/namespace/config/v1alpha1" @@ -297,6 +298,9 @@ func autoConvert_v1alpha1_KubeControllerManagerConfiguration_To_config_KubeContr if err := endpointsliceconfigv1alpha1.Convert_v1alpha1_EndpointSliceControllerConfiguration_To_config_EndpointSliceControllerConfiguration(&in.EndpointSliceController, &out.EndpointSliceController, s); err != nil { return err } + if err := endpointslicemirroringconfigv1alpha1.Convert_v1alpha1_EndpointSliceMirroringControllerConfiguration_To_config_EndpointSliceMirroringControllerConfiguration(&in.EndpointSliceMirroringController, &out.EndpointSliceMirroringController, s); err != nil { + return err + } if err := garbagecollectorconfigv1alpha1.Convert_v1alpha1_GarbageCollectorControllerConfiguration_To_config_GarbageCollectorControllerConfiguration(&in.GarbageCollectorController, &out.GarbageCollectorController, s); err != nil { return err } @@ -378,6 +382,9 @@ func autoConvert_config_KubeControllerManagerConfiguration_To_v1alpha1_KubeContr if err := endpointsliceconfigv1alpha1.Convert_config_EndpointSliceControllerConfiguration_To_v1alpha1_EndpointSliceControllerConfiguration(&in.EndpointSliceController, &out.EndpointSliceController, s); err != nil { return err } + if err := endpointslicemirroringconfigv1alpha1.Convert_config_EndpointSliceMirroringControllerConfiguration_To_v1alpha1_EndpointSliceMirroringControllerConfiguration(&in.EndpointSliceMirroringController, &out.EndpointSliceMirroringController, s); err != nil { + return err + } if err := garbagecollectorconfigv1alpha1.Convert_config_GarbageCollectorControllerConfiguration_To_v1alpha1_GarbageCollectorControllerConfiguration(&in.GarbageCollectorController, &out.GarbageCollectorController, s); err != nil { return err } diff --git a/pkg/controller/apis/config/zz_generated.deepcopy.go b/pkg/controller/apis/config/zz_generated.deepcopy.go index 6d4565fc976..0f5dd63275e 100644 --- a/pkg/controller/apis/config/zz_generated.deepcopy.go +++ b/pkg/controller/apis/config/zz_generated.deepcopy.go @@ -116,6 +116,7 @@ func (in *KubeControllerManagerConfiguration) DeepCopyInto(out *KubeControllerMa out.DeprecatedController = in.DeprecatedController out.EndpointController = in.EndpointController out.EndpointSliceController = in.EndpointSliceController + out.EndpointSliceMirroringController = in.EndpointSliceMirroringController in.GarbageCollectorController.DeepCopyInto(&out.GarbageCollectorController) out.HPAController = in.HPAController out.JobController = in.JobController diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go index e6d68801528..4871dcc9673 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go @@ -160,6 +160,18 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding) eventsRule(), }, }) + + addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "endpointslicemirroring-controller"}, + Rules: []rbacv1.PolicyRule{ + rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(), + // The controller needs to be able to set a service's finalizers to be able to create an EndpointSlice + // resource that is owned by the service and sets blockOwnerDeletion=true in its ownerRef. + rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("services/finalizers").RuleOrDie(), + rbacv1helpers.NewRule("get", "list", "create", "update", "delete").Groups(discoveryGroup).Resources("endpointslices").RuleOrDie(), + eventsRule(), + }, + }) } if utilfeature.DefaultFeatureGate.Enabled(features.ExpandPersistentVolumes) { diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-role-bindings.yaml b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-role-bindings.yaml index 8a1ab919472..96b2cb3f181 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-role-bindings.yaml +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-role-bindings.yaml @@ -153,6 +153,23 @@ items: - kind: ServiceAccount name: endpointslice-controller namespace: kube-system +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + creationTimestamp: null + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:controller:endpointslicemirroring-controller + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:controller:endpointslicemirroring-controller + subjects: + - kind: ServiceAccount + name: endpointslicemirroring-controller + namespace: kube-system - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml index 954414b9eee..e3b8272e11e 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml @@ -519,6 +519,50 @@ items: - create - patch - update +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + creationTimestamp: null + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:controller:endpointslicemirroring-controller + rules: + - apiGroups: + - "" + resources: + - endpoints + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/finalizers + verbs: + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - create + - delete + - get + - list + - update + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/types.go b/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/types.go index f99980bec8e..8ee6d64abe8 100644 --- a/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/types.go +++ b/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/types.go @@ -114,6 +114,9 @@ type KubeControllerManagerConfiguration struct { // EndpointSliceControllerConfiguration holds configuration for // EndpointSliceController related features. EndpointSliceController EndpointSliceControllerConfiguration + // EndpointSliceMirroringControllerConfiguration holds configuration for + // EndpointSliceMirroringController related features. + EndpointSliceMirroringController EndpointSliceMirroringControllerConfiguration // GarbageCollectorControllerConfiguration holds configuration for // GarbageCollectorController related features. GarbageCollectorController GarbageCollectorControllerConfiguration @@ -319,6 +322,27 @@ type EndpointSliceControllerConfiguration struct { EndpointUpdatesBatchPeriod metav1.Duration } +// EndpointSliceMirroringControllerConfiguration contains elements describing +// EndpointSliceMirroringController. +type EndpointSliceMirroringControllerConfiguration struct { + // mirroringConcurrentServiceEndpointSyncs is the number of service endpoint + // syncing operations that will be done concurrently. Larger number = faster + // endpoint slice updating, but more CPU (and network) load. + MirroringConcurrentServiceEndpointSyncs int32 + + // mirroringMaxEndpointsPerSubset is the maximum number of endpoints that + // will be mirrored to an EndpointSlice for an EndpointSubset. + MirroringMaxEndpointsPerSubset int32 + + // mirroringEndpointUpdatesBatchPeriod can be used to batch EndpointSlice + // updates. All updates triggered by EndpointSlice changes will be delayed + // by up to 'mirroringEndpointUpdatesBatchPeriod'. If other addresses in the + // same Endpoints resource change in that period, they will be batched to a + // single EndpointSlice update. Default 0 value means that each Endpoints + // update triggers an EndpointSlice update. + MirroringEndpointUpdatesBatchPeriod metav1.Duration +} + // GarbageCollectorControllerConfiguration contains elements describing GarbageCollectorController. type GarbageCollectorControllerConfiguration struct { // enables the generic garbage collector. MUST be synced with the diff --git a/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/zz_generated.deepcopy.go b/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/zz_generated.deepcopy.go index afbba171c9d..623ed12b2aa 100644 --- a/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/zz_generated.deepcopy.go +++ b/staging/src/k8s.io/kube-controller-manager/config/v1alpha1/zz_generated.deepcopy.go @@ -157,6 +157,23 @@ func (in *EndpointSliceControllerConfiguration) DeepCopy() *EndpointSliceControl return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EndpointSliceMirroringControllerConfiguration) DeepCopyInto(out *EndpointSliceMirroringControllerConfiguration) { + *out = *in + out.MirroringEndpointUpdatesBatchPeriod = in.MirroringEndpointUpdatesBatchPeriod + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointSliceMirroringControllerConfiguration. +func (in *EndpointSliceMirroringControllerConfiguration) DeepCopy() *EndpointSliceMirroringControllerConfiguration { + if in == nil { + return nil + } + out := new(EndpointSliceMirroringControllerConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GarbageCollectorControllerConfiguration) DeepCopyInto(out *GarbageCollectorControllerConfiguration) { *out = *in @@ -307,6 +324,7 @@ func (in *KubeControllerManagerConfiguration) DeepCopyInto(out *KubeControllerMa out.DeprecatedController = in.DeprecatedController out.EndpointController = in.EndpointController out.EndpointSliceController = in.EndpointSliceController + out.EndpointSliceMirroringController = in.EndpointSliceMirroringController in.GarbageCollectorController.DeepCopyInto(&out.GarbageCollectorController) in.HPAController.DeepCopyInto(&out.HPAController) out.JobController = in.JobController