From 09e4de385c3ea5422ce4d696c7c84f7ea12bb3e9 Mon Sep 17 00:00:00 2001 From: Wojciech Tyczynski Date: Tue, 13 Dec 2016 11:32:12 +0100 Subject: [PATCH] Enable nontrivial secret manager --- pkg/kubelet/BUILD | 1 + pkg/kubelet/kubelet.go | 3 +- pkg/kubelet/kubelet_test.go | 4 +- pkg/kubelet/pod/BUILD | 2 + pkg/kubelet/pod/pod_manager.go | 14 ++++++- pkg/kubelet/pod/pod_manager_test.go | 4 +- pkg/kubelet/prober/common_test.go | 2 +- pkg/kubelet/prober/worker_test.go | 2 +- pkg/kubelet/runonce_test.go | 4 +- pkg/kubelet/secret/fake_manager.go | 40 +++++++++++++++++++ pkg/kubelet/status/BUILD | 1 + pkg/kubelet/status/status_manager_test.go | 3 +- pkg/kubelet/volumemanager/BUILD | 1 + .../volumemanager/volume_manager_test.go | 5 ++- 14 files changed, 76 insertions(+), 10 deletions(-) create mode 100644 pkg/kubelet/secret/fake_manager.go diff --git a/pkg/kubelet/BUILD b/pkg/kubelet/BUILD index b9e2315fd2..59e66ce482 100644 --- a/pkg/kubelet/BUILD +++ b/pkg/kubelet/BUILD @@ -174,6 +174,7 @@ go_test( "//pkg/kubelet/pod/testing:go_default_library", "//pkg/kubelet/prober/results:go_default_library", "//pkg/kubelet/prober/testing:go_default_library", + "//pkg/kubelet/secret:go_default_library", "//pkg/kubelet/server/remotecommand:go_default_library", "//pkg/kubelet/server/stats:go_default_library", "//pkg/kubelet/status:go_default_library", diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 55eee92e0d..04ee4604ce 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -505,7 +505,8 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub klet.livenessManager = proberesults.NewManager() klet.podCache = kubecontainer.NewCache() - klet.podManager = kubepod.NewBasicPodManager(kubepod.NewBasicMirrorClient(klet.kubeClient)) + // podManager is also responsible for keeping secretManager contents up-to-date. + klet.podManager = kubepod.NewBasicPodManager(kubepod.NewBasicMirrorClient(klet.kubeClient), secretManager) if kubeCfg.RemoteRuntimeEndpoint != "" { // kubeCfg.RemoteImageEndpoint is same as kubeCfg.RemoteRuntimeEndpoint if not explicitly specified diff --git a/pkg/kubelet/kubelet_test.go b/pkg/kubelet/kubelet_test.go index a7c1d6bb5c..3c23784bb9 100644 --- a/pkg/kubelet/kubelet_test.go +++ b/pkg/kubelet/kubelet_test.go @@ -56,6 +56,7 @@ import ( podtest "k8s.io/kubernetes/pkg/kubelet/pod/testing" proberesults "k8s.io/kubernetes/pkg/kubelet/prober/results" probetest "k8s.io/kubernetes/pkg/kubelet/prober/testing" + "k8s.io/kubernetes/pkg/kubelet/secret" "k8s.io/kubernetes/pkg/kubelet/server/stats" "k8s.io/kubernetes/pkg/kubelet/status" kubetypes "k8s.io/kubernetes/pkg/kubelet/types" @@ -166,7 +167,8 @@ func newTestKubeletWithImageList( kubelet.cadvisor = mockCadvisor fakeMirrorClient := podtest.NewFakeMirrorClient() - kubelet.podManager = kubepod.NewBasicPodManager(fakeMirrorClient) + fakeSecretManager := secret.NewFakeManager() + kubelet.podManager = kubepod.NewBasicPodManager(fakeMirrorClient, fakeSecretManager) kubelet.statusManager = status.NewManager(fakeKubeClient, kubelet.podManager) kubelet.containerRefManager = kubecontainer.NewRefManager() diskSpaceManager, err := newDiskSpaceManager(mockCadvisor, DiskSpacePolicy{}) diff --git a/pkg/kubelet/pod/BUILD b/pkg/kubelet/pod/BUILD index ea8ad683e4..341ab74e8b 100644 --- a/pkg/kubelet/pod/BUILD +++ b/pkg/kubelet/pod/BUILD @@ -19,6 +19,7 @@ go_library( "//pkg/api/v1:go_default_library", "//pkg/client/clientset_generated/clientset:go_default_library", "//pkg/kubelet/container:go_default_library", + "//pkg/kubelet/secret:go_default_library", "//pkg/kubelet/types:go_default_library", "//vendor:github.com/golang/glog", "//vendor:k8s.io/apimachinery/pkg/api/errors", @@ -38,6 +39,7 @@ go_test( "//pkg/api/v1:go_default_library", "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/pod/testing:go_default_library", + "//pkg/kubelet/secret:go_default_library", "//pkg/kubelet/types:go_default_library", "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", "//vendor:k8s.io/apimachinery/pkg/types", diff --git a/pkg/kubelet/pod/pod_manager.go b/pkg/kubelet/pod/pod_manager.go index e02d09dcf5..e2427065c9 100644 --- a/pkg/kubelet/pod/pod_manager.go +++ b/pkg/kubelet/pod/pod_manager.go @@ -22,6 +22,8 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api/v1" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" + "k8s.io/kubernetes/pkg/kubelet/secret" + "k8s.io/kubernetes/pkg/types" ) // Manager stores and manages access to pods, maintaining the mappings @@ -112,13 +114,17 @@ type basicManager struct { // Mirror pod UID to pod UID map. translationByUID map[types.UID]types.UID + // basicManager is keeping secretManager up-to-date. + secretManager secret.Manager + // A mirror pod client to create/delete mirror pods. MirrorClient } // NewBasicPodManager returns a functional Manager. -func NewBasicPodManager(client MirrorClient) Manager { +func NewBasicPodManager(client MirrorClient, secretManager secret.Manager) Manager { pm := &basicManager{} + pm.secretManager = secretManager pm.MirrorClient = client pm.SetPods(nil) return pm @@ -153,6 +159,9 @@ func (pm *basicManager) UpdatePod(pod *v1.Pod) { // lock. func (pm *basicManager) updatePodsInternal(pods ...*v1.Pod) { for _, pod := range pods { + if pm.secretManager != nil { + pm.secretManager.RegisterPod(pod) + } podFullName := kubecontainer.GetPodFullName(pod) if IsMirrorPod(pod) { pm.mirrorPodByUID[pod.UID] = pod @@ -173,6 +182,9 @@ func (pm *basicManager) updatePodsInternal(pods ...*v1.Pod) { func (pm *basicManager) DeletePod(pod *v1.Pod) { pm.lock.Lock() defer pm.lock.Unlock() + if pm.secretManager != nil { + pm.secretManager.UnregisterPod(pod) + } podFullName := kubecontainer.GetPodFullName(pod) if IsMirrorPod(pod) { delete(pm.mirrorPodByUID, pod.UID) diff --git a/pkg/kubelet/pod/pod_manager_test.go b/pkg/kubelet/pod/pod_manager_test.go index 3d530a1f46..f87a0836dc 100644 --- a/pkg/kubelet/pod/pod_manager_test.go +++ b/pkg/kubelet/pod/pod_manager_test.go @@ -24,13 +24,15 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api/v1" podtest "k8s.io/kubernetes/pkg/kubelet/pod/testing" + "k8s.io/kubernetes/pkg/kubelet/secret" kubetypes "k8s.io/kubernetes/pkg/kubelet/types" ) // Stub out mirror client for testing purpose. func newTestManager() (*basicManager, *podtest.FakeMirrorClient) { fakeMirrorClient := podtest.NewFakeMirrorClient() - manager := NewBasicPodManager(fakeMirrorClient).(*basicManager) + secretManager := secret.NewFakeManager() + manager := NewBasicPodManager(fakeMirrorClient, secretManager).(*basicManager) return manager, fakeMirrorClient } diff --git a/pkg/kubelet/prober/common_test.go b/pkg/kubelet/prober/common_test.go index f5e69428f8..2dcc972c6e 100644 --- a/pkg/kubelet/prober/common_test.go +++ b/pkg/kubelet/prober/common_test.go @@ -98,7 +98,7 @@ func setTestProbe(pod *v1.Pod, probeType probeType, probeSpec v1.Probe) { func newTestManager() *manager { refManager := kubecontainer.NewRefManager() refManager.SetRef(testContainerID, &v1.ObjectReference{}) // Suppress prober warnings. - podManager := kubepod.NewBasicPodManager(nil) + podManager := kubepod.NewBasicPodManager(nil, nil) // Add test pod to pod manager, so that status manager can get the pod from pod manager if needed. podManager.AddPod(getTestPod()) m := NewManager( diff --git a/pkg/kubelet/prober/worker_test.go b/pkg/kubelet/prober/worker_test.go index 41fe42e896..590756a324 100644 --- a/pkg/kubelet/prober/worker_test.go +++ b/pkg/kubelet/prober/worker_test.go @@ -117,7 +117,7 @@ func TestDoProbe(t *testing.T) { } // Clean up. - m.statusManager = status.NewManager(&fake.Clientset{}, kubepod.NewBasicPodManager(nil)) + m.statusManager = status.NewManager(&fake.Clientset{}, kubepod.NewBasicPodManager(nil, nil)) resultsManager(m, probeType).Remove(testContainerID) } } diff --git a/pkg/kubelet/runonce_test.go b/pkg/kubelet/runonce_test.go index 047b5a819a..1fc0850b07 100644 --- a/pkg/kubelet/runonce_test.go +++ b/pkg/kubelet/runonce_test.go @@ -39,6 +39,7 @@ import ( nettest "k8s.io/kubernetes/pkg/kubelet/network/testing" kubepod "k8s.io/kubernetes/pkg/kubelet/pod" podtest "k8s.io/kubernetes/pkg/kubelet/pod/testing" + "k8s.io/kubernetes/pkg/kubelet/secret" "k8s.io/kubernetes/pkg/kubelet/server/stats" "k8s.io/kubernetes/pkg/kubelet/status" "k8s.io/kubernetes/pkg/kubelet/volumemanager" @@ -59,7 +60,8 @@ func TestRunOnce(t *testing.T) { Usage: 9 * mb, Capacity: 10 * mb, }, nil) - podManager := kubepod.NewBasicPodManager(podtest.NewFakeMirrorClient()) + podManager := kubepod.NewBasicPodManager( + podtest.NewFakeMirrorClient(), secret.NewFakeManager()) diskSpaceManager, _ := newDiskSpaceManager(cadvisor, DiskSpacePolicy{}) fakeRuntime := &containertest.FakeRuntime{} basePath, err := utiltesting.MkTmpdir("kubelet") diff --git a/pkg/kubelet/secret/fake_manager.go b/pkg/kubelet/secret/fake_manager.go new file mode 100644 index 0000000000..25f948f57e --- /dev/null +++ b/pkg/kubelet/secret/fake_manager.go @@ -0,0 +1,40 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package secret + +import ( + "k8s.io/kubernetes/pkg/api/v1" +) + +// fakeManager implements Manager interface for testing purposes. +// simple operations to apiserver. +type fakeManager struct { +} + +func NewFakeManager() Manager { + return &fakeManager{} +} + +func (s *fakeManager) GetSecret(namespace, name string) (*v1.Secret, error) { + return nil, nil +} + +func (s *fakeManager) RegisterPod(pod *v1.Pod) { +} + +func (s *fakeManager) UnregisterPod(pod *v1.Pod) { +} diff --git a/pkg/kubelet/status/BUILD b/pkg/kubelet/status/BUILD index ef2f86fee4..b9df40b46b 100644 --- a/pkg/kubelet/status/BUILD +++ b/pkg/kubelet/status/BUILD @@ -50,6 +50,7 @@ go_test( "//pkg/kubelet/container:go_default_library", "//pkg/kubelet/pod:go_default_library", "//pkg/kubelet/pod/testing:go_default_library", + "//pkg/kubelet/secret:go_default_library", "//pkg/kubelet/types:go_default_library", "//vendor:github.com/stretchr/testify/assert", "//vendor:k8s.io/apimachinery/pkg/api/errors", diff --git a/pkg/kubelet/status/status_manager_test.go b/pkg/kubelet/status/status_manager_test.go index a11290633d..c4b5a2b759 100644 --- a/pkg/kubelet/status/status_manager_test.go +++ b/pkg/kubelet/status/status_manager_test.go @@ -38,6 +38,7 @@ import ( kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" kubepod "k8s.io/kubernetes/pkg/kubelet/pod" podtest "k8s.io/kubernetes/pkg/kubelet/pod/testing" + kubesecret "k8s.io/kubernetes/pkg/kubelet/secret" kubetypes "k8s.io/kubernetes/pkg/kubelet/types" ) @@ -71,7 +72,7 @@ func (m *manager) testSyncBatch() { } func newTestManager(kubeClient clientset.Interface) *manager { - podManager := kubepod.NewBasicPodManager(podtest.NewFakeMirrorClient()) + podManager := kubepod.NewBasicPodManager(podtest.NewFakeMirrorClient(), kubesecret.NewFakeManager()) podManager.AddPod(getTestPod()) return NewManager(kubeClient, podManager).(*manager) } diff --git a/pkg/kubelet/volumemanager/BUILD b/pkg/kubelet/volumemanager/BUILD index 88f381e0a7..21232f8caa 100644 --- a/pkg/kubelet/volumemanager/BUILD +++ b/pkg/kubelet/volumemanager/BUILD @@ -50,6 +50,7 @@ go_test( "//pkg/kubelet/container/testing:go_default_library", "//pkg/kubelet/pod:go_default_library", "//pkg/kubelet/pod/testing:go_default_library", + "//pkg/kubelet/secret:go_default_library", "//pkg/util/mount:go_default_library", "//pkg/util/testing:go_default_library", "//pkg/volume:go_default_library", diff --git a/pkg/kubelet/volumemanager/volume_manager_test.go b/pkg/kubelet/volumemanager/volume_manager_test.go index ce52675e5e..d2c9a6a3fe 100644 --- a/pkg/kubelet/volumemanager/volume_manager_test.go +++ b/pkg/kubelet/volumemanager/volume_manager_test.go @@ -34,6 +34,7 @@ import ( "k8s.io/kubernetes/pkg/kubelet/pod" kubepod "k8s.io/kubernetes/pkg/kubelet/pod" podtest "k8s.io/kubernetes/pkg/kubelet/pod/testing" + "k8s.io/kubernetes/pkg/kubelet/secret" "k8s.io/kubernetes/pkg/util/mount" utiltesting "k8s.io/kubernetes/pkg/util/testing" "k8s.io/kubernetes/pkg/volume" @@ -52,7 +53,7 @@ func TestGetMountedVolumesForPodAndGetVolumesInUse(t *testing.T) { t.Fatalf("can't make a temp dir: %v", err) } defer os.RemoveAll(tmpDir) - podManager := kubepod.NewBasicPodManager(podtest.NewFakeMirrorClient()) + podManager := kubepod.NewBasicPodManager(podtest.NewFakeMirrorClient(), secret.NewFakeManager()) node, pod, pv, claim := createObjects() kubeClient := fake.NewSimpleClientset(node, pod, pv, claim) @@ -97,7 +98,7 @@ func TestGetExtraSupplementalGroupsForPod(t *testing.T) { t.Fatalf("can't make a temp dir: %v", err) } defer os.RemoveAll(tmpDir) - podManager := kubepod.NewBasicPodManager(podtest.NewFakeMirrorClient()) + podManager := kubepod.NewBasicPodManager(podtest.NewFakeMirrorClient(), secret.NewFakeManager()) node, pod, _, claim := createObjects()