Merge pull request #79305 from paivagustavo/clean-up-self-set-node-labels

Clean up self-set node labels

cluster/addons/ip-masq-agent/ip-masq-agent.yaml

@@ -46,8 +46,7 @@ spec:
           - name: config
             mountPath: /etc/config
       nodeSelector:
-        # TODO(liggitt): switch to node.kubernetes.io/masq-agent-ds-ready in 1.16
+        node.kubernetes.io/masq-agent-ds-ready: "true"
-        beta.kubernetes.io/masq-agent-ds-ready: "true"
       volumes:
         - name: config
           configMap:

cluster/addons/kube-proxy/kube-proxy-ds.yaml

@@ -27,8 +27,7 @@ spec:
       priorityClassName: system-node-critical
       hostNetwork: true
       nodeSelector:
-        # TODO(liggitt): switch to node.kubernetes.io/kube-proxy-ds-ready in 1.16
+        node.kubernetes.io/kube-proxy-ds-ready: "true"
-        beta.kubernetes.io/kube-proxy-ds-ready: "true"
       tolerations:
       - operator: "Exists"
         effect: "NoExecute"

cluster/addons/metadata-proxy/gce/metadata-proxy.yaml

@@ -88,7 +88,6 @@ spec:
                 fieldPath: metadata.namespace
       # END_PROMETHEUS_TO_SD
       nodeSelector:
-        # TODO(liggitt): switch to cloud.google.com/metadata-proxy-ready=true in v1.16
+        cloud.google.com/metadata-proxy-ready: "true"
-        beta.kubernetes.io/metadata-proxy-ready: "true"
         beta.kubernetes.io/os: linux
       terminationGracePeriodSeconds: 30

cluster/gce/config-default.sh

@@ -220,8 +220,6 @@ METADATA_CONCEALMENT_NO_FIREWALL="${METADATA_CONCEALMENT_NO_FIREWALL:-false}" #
 if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then
   # Put the necessary label on the node so the daemonset gets scheduled.
   NODE_LABELS="${NODE_LABELS},cloud.google.com/metadata-proxy-ready=true"
-  # TODO(liggitt): remove this in v1.16
-  NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
   # Add to the provider custom variables.
   PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT METADATA_CONCEALMENT_NO_FIREWALL"
 fi

cluster/gce/config-test.sh

@@ -260,8 +260,6 @@ METADATA_CONCEALMENT_NO_FIREWALL="${METADATA_CONCEALMENT_NO_FIREWALL:-false}" #
 if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then
   # Put the necessary label on the node so the daemonset gets scheduled.
   NODE_LABELS="${NODE_LABELS},cloud.google.com/metadata-proxy-ready=true"
-  # TODO(liggitt): remove this in v1.16
-  NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
   # Add to the provider custom variables.
   PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT METADATA_CONCEALMENT_NO_FIREWALL"
 fi

cluster/gce/util.sh

@@ -611,8 +611,7 @@ function build-linux-node-labels {
   if [[ "${KUBE_PROXY_DAEMONSET:-}" == "true" && "${master}" != "true" ]]; then
     # Add kube-proxy daemonset label to node to avoid situation during cluster
     # upgrade/downgrade when there are two instances of kube-proxy running on a node.
-    # TODO(liggitt): drop beta.kubernetes.io/kube-proxy-ds-ready in 1.16
+    node_labels="node.kubernetes.io/kube-proxy-ds-ready=true"
-    node_labels="node.kubernetes.io/kube-proxy-ds-ready=true,beta.kubernetes.io/kube-proxy-ds-ready=true"
   fi
   if [[ -n "${NODE_LABELS:-}" ]]; then
     node_labels="${node_labels:+${node_labels},}${NODE_LABELS}"

cmd/kubelet/app/options/options.go

@@ -30,7 +30,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	cliflag "k8s.io/component-base/cli/flag"
-	"k8s.io/klog"
 	"k8s.io/kubelet/config/v1beta1"
 	"k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/pkg/features"
@@ -247,9 +246,7 @@ func ValidateKubeletFlags(f *KubeletFlags) error {
 		}
 	}
 	if len(unknownLabels) > 0 {
-		// TODO(liggitt): in 1.16, return an error
+		return fmt.Errorf("unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels: %v\n--node-labels in the 'kubernetes.io' namespace must begin with an allowed prefix (%s) or be in the specifically allowed set (%s)", unknownLabels.List(), strings.Join(kubeletapis.KubeletLabelNamespaces(), ", "), strings.Join(kubeletapis.KubeletLabels(), ", "))
-		klog.Warningf("unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels: %v", unknownLabels.List())
-		klog.Warningf("in 1.16, --node-labels in the 'kubernetes.io' namespace must begin with an allowed prefix (%s) or be in the specifically allowed set (%s)", strings.Join(kubeletapis.KubeletLabelNamespaces(), ", "), strings.Join(kubeletapis.KubeletLabels(), ", "))
 	}
 
 	return nil

cmd/kubelet/app/options/options_test.go

@@ -145,3 +145,48 @@ func asArgs(fn, defaultFn func(*pflag.FlagSet)) []string {
 	})
 	return args
 }
+
+func TestValidateKubeletFlags(t *testing.T) {
+	tests := []struct {
+		name   string
+		error  bool
+		labels map[string]string
+	}{
+		{
+			name:  "Invalid kubernetes.io label",
+			error: true,
+			labels: map[string]string{
+				"beta.kubernetes.io/metadata-proxy-ready": "true",
+			},
+		},
+		{
+			name:  "Valid label outside of kubernetes.io and k8s.io",
+			error: false,
+			labels: map[string]string{
+				"cloud.google.com/metadata-proxy-ready": "true",
+			},
+		},
+		{
+			name:   "Empty label list",
+			error:  false,
+			labels: map[string]string{},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := ValidateKubeletFlags(&KubeletFlags{
+				NodeLabels: tt.labels,
+			})
+
+			if tt.error && err == nil {
+				t.Errorf("ValidateKubeletFlags should have failed with labels: %+v", tt.labels)
+			}
+
+			if !tt.error && err != nil {
+				t.Errorf("ValidateKubeletFlags should not have failed with labels: %+v", tt.labels)
+			}
+		})
+	}
+
+}