From f46ecf5648917e007f531e91865be2d70f2c9ea6 Mon Sep 17 00:00:00 2001 From: Shingo Omura Date: Sat, 22 Jun 2024 21:32:55 +0900 Subject: [PATCH] KEP-3619: Wiring up from RuntimeFeatures.SupplementalGroupsPolicy(CRI) to NodeFeatures.SupplementalGroupsPolicy(API) KEP-3619: fix typos in pkg/kubelet/container/runtime.go --- pkg/kubelet/container/runtime.go | 17 ++++++++++++++++- pkg/kubelet/kubelet.go | 1 + pkg/kubelet/kubelet_node_status.go | 1 + pkg/kubelet/kuberuntime/helpers.go | 10 ++++++++-- pkg/kubelet/kuberuntime/kuberuntime_manager.go | 2 +- pkg/kubelet/nodestatus/setters.go | 17 +++++++++++++++++ pkg/kubelet/runtime.go | 13 +++++++++++++ pkg/registry/core/node/strategy.go | 4 ++++ 8 files changed, 61 insertions(+), 4 deletions(-) diff --git a/pkg/kubelet/container/runtime.go b/pkg/kubelet/container/runtime.go index b6c4ff6624d..18f219dd190 100644 --- a/pkg/kubelet/container/runtime.go +++ b/pkg/kubelet/container/runtime.go @@ -556,6 +556,8 @@ type RuntimeStatus struct { Conditions []RuntimeCondition // Handlers is an array of current available handlers Handlers []RuntimeHandler + // Features is the set of features implemented by the runtime + Features *RuntimeFeatures } // GetRuntimeCondition gets a specified runtime condition from the runtime status. @@ -579,7 +581,7 @@ func (r *RuntimeStatus) String() string { for _, h := range r.Handlers { sh = append(sh, h.String()) } - return fmt.Sprintf("Runtime Conditions: %s; Handlers: %s", strings.Join(ss, ", "), strings.Join(sh, ", ")) + return fmt.Sprintf("Runtime Conditions: %s; Handlers: %s, Features: %s", strings.Join(ss, ", "), strings.Join(sh, ", "), r.Features.String()) } // RuntimeHandler contains condition information for the runtime handler. @@ -617,6 +619,19 @@ func (c *RuntimeCondition) String() string { return fmt.Sprintf("%s=%t reason:%s message:%s", c.Type, c.Status, c.Reason, c.Message) } +// RuntimeFeatures contains the set of features implemented by the runtime +type RuntimeFeatures struct { + SupplementalGroupsPolicy bool +} + +// String formats the runtime condition into a human readable string. +func (f *RuntimeFeatures) String() string { + if f == nil { + return "nil" + } + return fmt.Sprintf("SupplementalGroupsPolicy: %v", f.SupplementalGroupsPolicy) +} + // Pods represents the list of pods type Pods []*Pod diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 3b2693b67a4..758a90c218d 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -2883,6 +2883,7 @@ func (kl *Kubelet) updateRuntimeUp() { kl.runtimeState.setRuntimeState(nil) kl.runtimeState.setRuntimeHandlers(s.Handlers) + kl.runtimeState.setRuntimeFeatures(s.Features) kl.oneTimeInitializer.Do(kl.initializeRuntimeDependentModules) kl.runtimeState.setRuntimeSync(kl.clock.Now()) } diff --git a/pkg/kubelet/kubelet_node_status.go b/pkg/kubelet/kubelet_node_status.go index ca5e732ea38..ce3b3afa83f 100644 --- a/pkg/kubelet/kubelet_node_status.go +++ b/pkg/kubelet/kubelet_node_status.go @@ -737,6 +737,7 @@ func (kl *Kubelet) defaultNodeStatusFuncs() []func(context.Context, *v1.Node) er nodestatus.Images(kl.nodeStatusMaxImages, kl.imageManager.GetImageList), nodestatus.GoRuntime(), nodestatus.RuntimeHandlers(kl.runtimeState.runtimeHandlers), + nodestatus.NodeFeatures(kl.runtimeState.runtimeFeatures), ) setters = append(setters, diff --git a/pkg/kubelet/kuberuntime/helpers.go b/pkg/kubelet/kuberuntime/helpers.go index 85961cb0280..7787402bff7 100644 --- a/pkg/kubelet/kuberuntime/helpers.go +++ b/pkg/kubelet/kuberuntime/helpers.go @@ -208,7 +208,7 @@ func parsePodUIDFromLogsDirectory(name string) types.UID { } // toKubeRuntimeStatus converts the runtimeapi.RuntimeStatus to kubecontainer.RuntimeStatus. -func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeapi.RuntimeHandler) *kubecontainer.RuntimeStatus { +func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeapi.RuntimeHandler, features *runtimeapi.RuntimeFeatures) *kubecontainer.RuntimeStatus { conditions := []kubecontainer.RuntimeCondition{} for _, c := range status.GetConditions() { conditions = append(conditions, kubecontainer.RuntimeCondition{ @@ -232,7 +232,13 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeap SupportsUserNamespaces: supportsUserns, } } - return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers} + var retFeatures *kubecontainer.RuntimeFeatures + if features != nil { + retFeatures = &kubecontainer.RuntimeFeatures{ + SupplementalGroupsPolicy: features.SupplementalGroupsPolicy, + } + } + return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers, Features: retFeatures} } func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) { diff --git a/pkg/kubelet/kuberuntime/kuberuntime_manager.go b/pkg/kubelet/kuberuntime/kuberuntime_manager.go index 716ff486385..69ddc1fe68d 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_manager.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_manager.go @@ -347,7 +347,7 @@ func (m *kubeGenericRuntimeManager) Status(ctx context.Context) (*kubecontainer. if resp.GetStatus() == nil { return nil, errors.New("runtime status is nil") } - return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers()), nil + return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers(), resp.GetFeatures()), nil } // GetPods returns a list of containers grouped by pods. The boolean parameter diff --git a/pkg/kubelet/nodestatus/setters.go b/pkg/kubelet/nodestatus/setters.go index 5766ddc04d4..5c8b37c46eb 100644 --- a/pkg/kubelet/nodestatus/setters.go +++ b/pkg/kubelet/nodestatus/setters.go @@ -482,6 +482,23 @@ func GoRuntime() Setter { } } +// NodeFeatures returns a Setter that sets NodeFeatures on the node. +func NodeFeatures(featuresGetter func() *kubecontainer.RuntimeFeatures) Setter { + return func(ctx context.Context, node *v1.Node) error { + if !utilfeature.DefaultFeatureGate.Enabled(features.SupplementalGroupsPolicy) { + return nil + } + features := featuresGetter() + if features == nil { + return nil + } + node.Status.Features = &v1.NodeFeatures{ + SupplementalGroupsPolicy: &features.SupplementalGroupsPolicy, + } + return nil + } +} + // RuntimeHandlers returns a Setter that sets RuntimeHandlers on the node. func RuntimeHandlers(fn func() []kubecontainer.RuntimeHandler) Setter { return func(ctx context.Context, node *v1.Node) error { diff --git a/pkg/kubelet/runtime.go b/pkg/kubelet/runtime.go index 43335d8f957..7f9da7f7dbf 100644 --- a/pkg/kubelet/runtime.go +++ b/pkg/kubelet/runtime.go @@ -36,6 +36,7 @@ type runtimeState struct { cidr string healthChecks []*healthCheck rtHandlers []kubecontainer.RuntimeHandler + rtFeatures *kubecontainer.RuntimeFeatures } // A health check function should be efficient and not rely on external @@ -83,6 +84,18 @@ func (s *runtimeState) runtimeHandlers() []kubecontainer.RuntimeHandler { return s.rtHandlers } +func (s *runtimeState) setRuntimeFeatures(features *kubecontainer.RuntimeFeatures) { + s.Lock() + defer s.Unlock() + s.rtFeatures = features +} + +func (s *runtimeState) runtimeFeatures() *kubecontainer.RuntimeFeatures { + s.RLock() + defer s.RUnlock() + return s.rtFeatures +} + func (s *runtimeState) setStorageState(err error) { s.Lock() defer s.Unlock() diff --git a/pkg/registry/core/node/strategy.go b/pkg/registry/core/node/strategy.go index 638e573e480..2e442f2498c 100644 --- a/pkg/registry/core/node/strategy.go +++ b/pkg/registry/core/node/strategy.go @@ -106,6 +106,10 @@ func dropDisabledFields(node *api.Node, oldNode *api.Node) { if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) { node.Status.RuntimeHandlers = nil } + + if !utilfeature.DefaultFeatureGate.Enabled(features.SupplementalGroupsPolicy) { + node.Status.Features = nil + } } // nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used)