mirror of
https://github.com/k3s-io/kubernetes.git
synced 2026-01-17 07:14:58 +00:00
cf92d921d9
Automatic merge from submit-queue (batch tested with PRs 56995, 58498, 57426, 58902, 58863). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. flag precedence redo Changes the Kubelet configuration flag precedence order so that flags take precedence over config from files/ConfigMaps. This should fix the re-parse issue with #56097 that led to revert. Fixes #56171. In order to prevent global flags (registered in 3rd party libs, etc.) from leaking into the command's help text, this PR turns off Cobra's flag parsing in the `kubelet` command and re-implements help and usage funcs for the Kubelet. Cobra's default funcs automatically merge all global flags into the command's flagset, which results in incorrect help text. I tried to keep the formatting as close as possible to the what the Kubelet currently produces. Diff between Kubelet's help text on `upstream/master` vs `mtaufen/kc-flags-precedence-redo`, which shows a leaked flag being removed, but no change to the formatting: ``` diff --git a/upstream.master.help b/mtaufen.kc-flags-precedence-redo.help index 798a030..0797869 100644 --- a/upstream.master.help +++ b/mtaufen.kc-flags-precedence-redo.help @@ -30,7 +30,6 @@ Flags: --authorization-mode string Authorization mode for Kubelet server. Valid options are AlwaysAllow or Webhook. Webhook mode uses the SubjectAccessReview API to determine authorization. (default "AlwaysAllow") --authorization-webhook-cache-authorized-ttl duration The duration to cache 'authorized' responses from the webhook authorizer. (default 5m0s) --authorization-webhook-cache-unauthorized-ttl duration The duration to cache 'unauthorized' responses from the webhook authorizer. (default 30s) - --azure-container-registry-config string Path to the file containing Azure container registry configuration information. --bootstrap-checkpoint-path string <Warning: Alpha feature> Path to to the directory where the checkpoints are stored --bootstrap-kubeconfig string Path to a kubeconfig file that will be used to get client certificate for kubelet. If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server. On success, a kubeconfig file referencing the generated client certificate and key is written to the path specified by --kubeconfig. The client certificate and key file will be stored in the directory pointed by --cert-dir. --cadvisor-port int32 The port of the localhost cAdvisor endpoint (set to 0 to disable) (default 4194) ``` Ultimately, I think we should implement a common lib that K8s components can use to generate clean help text, as the global flag leakage problem affects all core k8s binaries. I would like to do so in a future PR, to keep this PR simple. We could base the help text format on the default values returned from `Command.HelpTemplate` and `Command.UsageTemplate`. Unfortunately, the template funcs used to process these defaults are private to Cobra, so we'd have to re-implement these, or avoid using them. ```release-note NONE ```