rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-05 00:40:10 +00:00
Code Issues Releases Wiki Activity

add comments and other minor improvements

Browse Source
This commit is contained in:
Jiaqi Luo
2022-11-22 11:04:42 -07:00
parent 4741eb8fb1
commit b183dd71ce
4 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cluster/cluster.go
View File

@@ -412,15 +412,15 @@ func parseEventRateLimit(clusterFile string, rkeConfig *v3.RancherKubernetesEngi
return nil
}
logrus.Debugf("event rate limit is found in cluster.yml")
var r map[string]interface{}
err := ghodssyaml.Unmarshal([]byte(clusterFile), &r)
var parsedClusterFile map[string]interface{}
err := ghodssyaml.Unmarshal([]byte(clusterFile), &parsedClusterFile)
if err != nil {
return fmt.Errorf("error unmarshalling: %v", err)
}
if r["services"] == nil {
if parsedClusterFile["services"] == nil {
return nil
}
cfg, found, err := unstructured.NestedMap(r, "services", "kube-api", "event_rate_limit", "configuration")
cfg, found, err := unstructured.NestedMap(parsedClusterFile, "services", "kube-api", "event_rate_limit", "configuration")
if err != nil {
return err
}

7
cluster/hosts.go
View File

@@ -282,15 +282,16 @@ func (c *Cluster) SetUpHosts(ctx context.Context, flags ExternalFlags) error {
if _, ok := c.Services.KubeAPI.ExtraArgs[KubeAPIArgAdmissionControlConfigFile]; !ok {
controlPlaneHosts := hosts.GetUniqueHostList(nil, c.ControlPlaneHosts, nil)
ac, err := c.getConsolidatedAdmissionConfiguration()
admissionConfig, err := c.getConsolidatedAdmissionConfiguration()
if err != nil {
return fmt.Errorf("error getting consolidated admission configuration: %v", err)
}
bytes, err := yaml.Marshal(ac)
bytes, err := yaml.Marshal(admissionConfig)
if err != nil {
return err
}
if err := deployFile(ctx, controlPlaneHosts, c.SystemImages.Alpine, c.PrivateRegistriesMap, DefaultKubeAPIArgAdmissionControlConfigFileValue, string(bytes), c.Version); err != nil {
err = deployFile(ctx, controlPlaneHosts, c.SystemImages.Alpine, c.PrivateRegistriesMap, DefaultKubeAPIArgAdmissionControlConfigFileValue, string(bytes), c.Version)
if err != nil {
return err
}
log.Infof(ctx, "[%s] Successfully deployed admission control config to Cluster control nodes", DefaultKubeAPIArgAdmissionControlConfigFileValue)

2
cluster/reconcile.go
View File

@@ -490,7 +490,7 @@ func getTaintValue(taint v3.RKETaint) string {
return fmt.Sprintf("%s=%s:%s", taint.Key, taint.Value, taint.Effect)
}
// RestartKubeAPIServerWhenConfigChanges restarts the kube-apiserver container on the control plan nodes
// RestartKubeAPIServerWhenConfigChanges restarts the kube-apiserver container on the control plane nodes
// when changes are detected on the to-be-applied kube-api configuration. This is needed to handle the case
// where changes happen on the generated admission-control-config-file but not on the kube-apiserver container
func RestartKubeAPIServerWhenConfigChanges(ctx context.Context, kubeCluster, currentCluster *Cluster) error {

4
cluster/validation.go
View File

@@ -684,6 +684,10 @@ func validatePodSecurity(c *Cluster) error {
return err
}
logrus.Debugf("Checking PodSecurity for cluster version [%s]", c.Version)
// The following requirements must be met to set the default Pod Security Admission Config:
// - RBAC is enabled on the cluster
// - Cluster version is at least 1.23
// - valid values are privileged and restricted
level := c.Services.KubeAPI.PodSecurityConfiguration
if len(level) != 0 {
if c.Authorization.Mode != services.RBACAuthorizationMode {