From 7c72594c85b2220e14ada6b5b52a2930d5e04f13 Mon Sep 17 00:00:00 2001 From: Di Xu Date: Sun, 18 Jun 2017 21:34:24 +0800 Subject: [PATCH 1/2] update related files --- cluster/addons/node-problem-detector/npd.yaml | 1 + .../gce/container-linux/configure-helper.sh | 10 +++++----- cluster/gce/gci/configure-helper.sh | 14 ++++++------- .../cluster-autoscaler.manifest | 5 +++-- .../e2e-image-puller.manifest | 2 ++ cluster/saltbase/salt/etcd/etcd.manifest | 3 ++- .../kube-apiserver/kube-apiserver.manifest | 20 ++++++++++--------- .../kube-controller-manager.manifest | 5 +++-- .../salt/kube-proxy/kube-proxy.manifest | 2 ++ .../kube-scheduler/kube-scheduler.manifest | 2 +- cluster/saltbase/salt/l7-gcp/glbc.manifest | 2 ++ .../salt/rescheduler/rescheduler.manifest | 1 + .../app/phases/addons/proxy/manifests.go | 2 +- examples/newrelic/newrelic-daemonset.yaml | 1 + examples/oms/omsagent-daemonset.yaml | 3 ++- examples/sysdig-cloud/sysdig-daemonset.yaml | 1 + examples/sysdig-cloud/sysdig-rc.yaml | 1 + 17 files changed, 46 insertions(+), 29 deletions(-) diff --git a/cluster/addons/node-problem-detector/npd.yaml b/cluster/addons/node-problem-detector/npd.yaml index 7761b6a978..87365ad17f 100644 --- a/cluster/addons/node-problem-detector/npd.yaml +++ b/cluster/addons/node-problem-detector/npd.yaml @@ -76,6 +76,7 @@ spec: - name: localtime hostPath: path: /etc/localtime + type: "FileOrCreate" serviceAccountName: node-problem-detector tolerations: - operator: "Exists" diff --git a/cluster/gce/container-linux/configure-helper.sh b/cluster/gce/container-linux/configure-helper.sh index 5e7b90357e..081ca970b7 100755 --- a/cluster/gce/container-linux/configure-helper.sh +++ b/cluster/gce/container-linux/configure-helper.sh @@ -828,7 +828,7 @@ function compute-master-manifest-variables { CLOUD_CONFIG_MOUNT="" if [[ -f /etc/gce.conf ]]; then CLOUD_CONFIG_OPT="--cloud-config=/etc/gce.conf" - CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\"}}," + CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}}," CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true}," fi DOCKER_REGISTRY="gcr.io/google_containers" @@ -933,10 +933,10 @@ function start-kube-apiserver { params+=" --admission-control-config-file=/etc/admission_controller.config" # Mount the file to configure admission controllers if ImagePolicyWebhook is set. admission_controller_config_mount="{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"/etc/admission_controller.config\", \"readOnly\": false}," - admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\"}}," + admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\", \"type\": \"FileOrCreate\"}}," # Mount the file to configure the ImagePolicyWebhook's webhook. image_policy_webhook_config_mount="{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," - image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\"}}," + image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}}," fi fi @@ -963,7 +963,7 @@ function start-kube-apiserver { if [[ -n "${GCP_AUTHN_URL:-}" ]]; then params+=" --authentication-token-webhook-config-file=/etc/gcp_authn.config" webhook_authn_config_mount="{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"/etc/gcp_authn.config\", \"readOnly\": false}," - webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\"}}," + webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\", \"type\": \"FileOrCreate\"}}," fi local authorization_mode="RBAC" @@ -994,7 +994,7 @@ function start-kube-apiserver { authorization_mode+=",Webhook" params+=" --authorization-webhook-config-file=/etc/gcp_authz.config" webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false}," - webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\"}}," + webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\", \"type\": \"FileOrCreate\"}}," fi params+=" --authorization-mode=${authorization_mode}" diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 08958b93ff..8f50a18153 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1154,7 +1154,7 @@ function compute-master-manifest-variables { CLOUD_CONFIG_MOUNT="" if [[ -f /etc/gce.conf ]]; then CLOUD_CONFIG_OPT="--cloud-config=/etc/gce.conf" - CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\"}}," + CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}}," CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true}," fi DOCKER_REGISTRY="gcr.io/google_containers" @@ -1282,7 +1282,7 @@ function start-kube-apiserver { # Create the audit policy file, and mount it into the apiserver pod. create-master-audit-policy "${audit_policy_file}" audit_policy_config_mount="{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"${audit_policy_file}\", \"readOnly\": true}," - audit_policy_config_volume="{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"${audit_policy_file}\"}}," + audit_policy_config_volume="{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"${audit_policy_file}\", \"type\": \"FileOrCreate\"}}," if [[ "${ADVANCED_AUDIT_BACKEND:-log}" == *"log"* ]]; then # The advanced audit log backend config matches the basic audit log config. @@ -1304,7 +1304,7 @@ function start-kube-apiserver { params+=" --audit-webhook-config-file=${audit_webhook_config_file}" create-master-audit-webhook-config "${audit_webhook_config_file}" audit_webhook_config_mount="{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"${audit_webhook_config_file}\", \"readOnly\": true}," - audit_webhook_config_volume="{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"${audit_webhook_config_file}\"}}," + audit_webhook_config_volume="{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"${audit_webhook_config_file}\", \"type\": \"FileOrCreate\"}}," fi fi @@ -1322,10 +1322,10 @@ function start-kube-apiserver { params+=" --admission-control-config-file=/etc/admission_controller.config" # Mount the file to configure admission controllers if ImagePolicyWebhook is set. admission_controller_config_mount="{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"/etc/admission_controller.config\", \"readOnly\": false}," - admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\"}}," + admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\", \"type\": \"FileOrCreate\"}}," # Mount the file to configure the ImagePolicyWebhook's webhook. image_policy_webhook_config_mount="{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," - image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\"}}," + image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}}," fi fi @@ -1352,7 +1352,7 @@ function start-kube-apiserver { if [[ -n "${GCP_AUTHN_URL:-}" ]]; then params+=" --authentication-token-webhook-config-file=/etc/gcp_authn.config" webhook_authn_config_mount="{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"/etc/gcp_authn.config\", \"readOnly\": false}," - webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\"}}," + webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\", \"type\": \"FileOrCreate\"}}," fi @@ -1384,7 +1384,7 @@ function start-kube-apiserver { authorization_mode+=",Webhook" params+=" --authorization-webhook-config-file=/etc/gcp_authz.config" webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false}," - webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\"}}," + webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\", \"type\": \"FileOrCreate\"}}," fi params+=" --authorization-mode=${authorization_mode}" diff --git a/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest b/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest index 00bcd8ac06..5b0a0a5210 100644 --- a/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest +++ b/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest @@ -5,7 +5,7 @@ {% if grains.cloud == 'gce' and grains.cloud_config is defined -%} {% set cloud_config = "--cloud-config=" + grains.cloud_config -%} {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} - {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\"}}," -%} + {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%} {% endif -%} {% set params = pillar['autoscaler_mig_config'] + " " + cloud_config + " " + pillar.get('autoscaler_expander_config', '') -%} @@ -95,7 +95,8 @@ { "name": "logfile", "hostPath": { - "path": "/var/log/cluster-autoscaler.log" + "path": "/var/log/cluster-autoscaler.log", + "type": "FileOrCreate" } } ], diff --git a/cluster/saltbase/salt/e2e-image-puller/e2e-image-puller.manifest b/cluster/saltbase/salt/e2e-image-puller/e2e-image-puller.manifest index 3cf4a928be..137c7d289b 100644 --- a/cluster/saltbase/salt/e2e-image-puller/e2e-image-puller.manifest +++ b/cluster/saltbase/salt/e2e-image-puller/e2e-image-puller.manifest @@ -50,9 +50,11 @@ spec: volumes: - hostPath: path: /var/run/docker.sock + type: Socket name: socket - hostPath: path: /usr/bin/docker + type: File name: docker # This pod is really fire-and-forget. restartPolicy: OnFailure diff --git a/cluster/saltbase/salt/etcd/etcd.manifest b/cluster/saltbase/salt/etcd/etcd.manifest index 1f1be4ffe8..c5e56b5a51 100644 --- a/cluster/saltbase/salt/etcd/etcd.manifest +++ b/cluster/saltbase/salt/etcd/etcd.manifest @@ -103,7 +103,8 @@ }, { "name": "varlogetcd", "hostPath": { - "path": "/var/log/etcd{{ suffix }}.log"} + "path": "/var/log/etcd{{ suffix }}.log", + "type": "FileOrCreate"} }, { "name": "etc", "hostPath": { diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest index 4f6ad7bdfd..e3d8f4cac8 100644 --- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest +++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest @@ -25,7 +25,7 @@ {% if grains.cloud in [ 'aws', 'gce' ] and grains.cloud_config is defined -%} {% set cloud_config = "--cloud-config=" + grains.cloud_config -%} {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} - {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\"}}," -%} + {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%} {% endif -%} {% if grains.cloud in ['openstack'] -%} @@ -119,7 +119,7 @@ {% if grains.webhook_authentication_config is defined -%} {% set webhook_authentication_config = " --authentication-token-webhook-config-file=" + grains.webhook_authentication_config -%} {% set webhook_authn_config_mount = "{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"" + grains.webhook_authentication_config + "\", \"readOnly\": false}," -%} - {% set webhook_authn_config_volume = "{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authentication_config + "\"}}," -%} + {% set webhook_authn_config_volume = "{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authentication_config + "\", \"type\": \"FileOrCreate\"}}," -%} {% endif -%} {% set webhook_authorization_config = "" -%} @@ -128,7 +128,7 @@ {% if grains.webhook_authorization_config is defined -%} {% set webhook_authorization_config = " --authorization-webhook-config-file=" + grains.webhook_authorization_config -%} {% set webhook_config_mount = "{\"name\": \"webhookconfigmount\",\"mountPath\": \"" + grains.webhook_authorization_config + "\", \"readOnly\": false}," -%} - {% set webhook_config_volume = "{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authorization_config + "\"}}," -%} + {% set webhook_config_volume = "{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authorization_config + "\", \"type\": \"FileOrCreate\"}}," -%} {% set authz_mode = authz_mode + ",Webhook" -%} {% endif -%} @@ -140,9 +140,9 @@ {% if grains.image_review_config is defined -%} {% set image_review_config = " --admission-control-config-file=" + grains.image_review_config -%} {% set admission_controller_config_mount = "{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"" + grains.image_review_config + "\", \"readOnly\": false}," -%} - {% set admission_controller_config_volume = "{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"" + grains.image_review_config + "\"}}," -%} + {% set admission_controller_config_volume = "{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"" + grains.image_review_config + "\", \"type\": \"FileOrCreate\"}}," -%} {% set image_policy_webhook_config_mount = "{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," -%} - {% set image_policy_webhook_config_volume = "{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\"}}," -%} + {% set image_policy_webhook_config_volume = "{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}}," -%} {% endif -%} {% set admission_control = "" -%} @@ -185,14 +185,14 @@ {% elif pillar['enable_apiserver_advanced_audit'] is defined and pillar['enable_apiserver_advanced_audit'] in ['true'] -%} {% set audit_log = "--audit-policy-file=/etc/audit_policy.config" -%} {% set audit_policy_config_mount = "{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"/etc/audit_policy.config\", \"readOnly\": true}," -%} - {% set audit_policy_config_volume = "{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_policy.config\"}}," -%} + {% set audit_policy_config_volume = "{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_policy.config\", \"type\": \"FileOrCreate\"}}," -%} {% if pillar['advanced_audit_backend'] is defined and 'log' in pillar['advanced_audit_backend'] -%} {% set audit_log = audit_log + " --audit-log-path=/var/log/kube-apiserver-audit.log --audit-log-maxage=0 --audit-log-maxbackup=0 --audit-log-maxsize=2000000000" -%} {% endif %} {% if pillar['advanced_audit_backend'] is defined and 'webhook' in pillar['advanced_audit_backend'] -%} {% set audit_log = audit_log + " --audit-webhook-mode=batch" -%} {% set audit_webhook_config_mount = "{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"/etc/audit_webhook.config\", \"readOnly\": true}," -%} - {% set audit_webhook_config_volume = "{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_webhook.config\"}}," -%} + {% set audit_webhook_config_volume = "{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_webhook.config\", \"type\": \"FileOrCreate\"}}," -%} {% endif %} {% endif -%} @@ -308,11 +308,13 @@ }, { "name": "logfile", "hostPath": { - "path": "/var/log/kube-apiserver.log"} + "path": "/var/log/kube-apiserver.log", + "type": "FileOrCreate"} }, { "name": "auditlogfile", "hostPath": { - "path": "/var/log/kube-apiserver-audit.log"} + "path": "/var/log/kube-apiserver-audit.log", + "type": "FileOrCreate"} }, { "name": "etcssl", "hostPath": { diff --git a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest index 9911d09b8d..65359afda7 100644 --- a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest +++ b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest @@ -49,7 +49,7 @@ {% if grains.cloud in [ 'aws', 'gce' ] and grains.cloud_config is defined -%} {% set cloud_config = "--cloud-config=" + grains.cloud_config -%} {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} - {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\"}}," -%} + {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%} {% endif -%} {% if grains.cloud in ['openstack'] -%} @@ -164,7 +164,8 @@ }, { "name": "logfile", "hostPath": { - "path": "/var/log/kube-controller-manager.log"} + "path": "/var/log/kube-controller-manager.log", + "type": "FileOrCreate"} }, { "name": "etcssl", "hostPath": { diff --git a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest index b07ff649e3..efb20b086a 100644 --- a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest +++ b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest @@ -102,6 +102,7 @@ spec: name: etc-ssl-certs - hostPath: path: /var/lib/kube-proxy/kubeconfig + type: FileOrCreate name: kubeconfig - hostPath: path: /var/log @@ -111,4 +112,5 @@ spec: name: run - hostPath: path: /run/xtables.lock + type: FileOrCreate name: iptableslock diff --git a/cluster/saltbase/salt/kube-scheduler/kube-scheduler.manifest b/cluster/saltbase/salt/kube-scheduler/kube-scheduler.manifest index 8a78a6ddc5..6f946bd8c8 100644 --- a/cluster/saltbase/salt/kube-scheduler/kube-scheduler.manifest +++ b/cluster/saltbase/salt/kube-scheduler/kube-scheduler.manifest @@ -83,7 +83,7 @@ }, { "name": "logfile", - "hostPath": {"path": "/var/log/kube-scheduler.log"} + "hostPath": {"path": "/var/log/kube-scheduler.log", "type": "FileOrCreate"} } ] }} diff --git a/cluster/saltbase/salt/l7-gcp/glbc.manifest b/cluster/saltbase/salt/l7-gcp/glbc.manifest index bb6863d495..1214a131f3 100644 --- a/cluster/saltbase/salt/l7-gcp/glbc.manifest +++ b/cluster/saltbase/salt/l7-gcp/glbc.manifest @@ -48,7 +48,9 @@ spec: volumes: - hostPath: path: /etc/gce.conf + type: FileOrCreate name: cloudconfig - hostPath: path: /var/log/glbc.log + type: FileOrCreate name: logfile diff --git a/cluster/saltbase/salt/rescheduler/rescheduler.manifest b/cluster/saltbase/salt/rescheduler/rescheduler.manifest index 8132a7d6fc..ef9af1f5f7 100644 --- a/cluster/saltbase/salt/rescheduler/rescheduler.manifest +++ b/cluster/saltbase/salt/rescheduler/rescheduler.manifest @@ -32,4 +32,5 @@ spec: volumes: - hostPath: path: /var/log/rescheduler.log + type: FileOrCreate name: logfile diff --git a/cmd/kubeadm/app/phases/addons/proxy/manifests.go b/cmd/kubeadm/app/phases/addons/proxy/manifests.go index dfca6bd5e9..b9903192d1 100644 --- a/cmd/kubeadm/app/phases/addons/proxy/manifests.go +++ b/cmd/kubeadm/app/phases/addons/proxy/manifests.go @@ -81,7 +81,6 @@ spec: volumeMounts: - mountPath: /var/lib/kube-proxy name: kube-proxy - # TODO: Make this a file hostpath mount - mountPath: /run/xtables.lock name: xtables-lock readOnly: false @@ -100,5 +99,6 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate ` ) diff --git a/examples/newrelic/newrelic-daemonset.yaml b/examples/newrelic/newrelic-daemonset.yaml index 24adb38237..fd46972204 100644 --- a/examples/newrelic/newrelic-daemonset.yaml +++ b/examples/newrelic/newrelic-daemonset.yaml @@ -52,6 +52,7 @@ spec: - name: run hostPath: path: /var/run/docker.sock + type: Socket - name: sys hostPath: path: /sys diff --git a/examples/oms/omsagent-daemonset.yaml b/examples/oms/omsagent-daemonset.yaml index bf59b370ed..8ab523f060 100644 --- a/examples/oms/omsagent-daemonset.yaml +++ b/examples/oms/omsagent-daemonset.yaml @@ -27,4 +27,5 @@ spec: volumes: - name: docker-sock hostPath: - path: /var/run/docker.sock \ No newline at end of file + path: /var/run/docker.sock + type: Socket diff --git a/examples/sysdig-cloud/sysdig-daemonset.yaml b/examples/sysdig-cloud/sysdig-daemonset.yaml index e1fc1534a7..3cfd4a54f8 100644 --- a/examples/sysdig-cloud/sysdig-daemonset.yaml +++ b/examples/sysdig-cloud/sysdig-daemonset.yaml @@ -16,6 +16,7 @@ spec: - name: docker-sock hostPath: path: /var/run/docker.sock + type: Socket - name: dev-vol hostPath: path: /dev diff --git a/examples/sysdig-cloud/sysdig-rc.yaml b/examples/sysdig-cloud/sysdig-rc.yaml index d088cd5355..dfef08de1a 100644 --- a/examples/sysdig-cloud/sysdig-rc.yaml +++ b/examples/sysdig-cloud/sysdig-rc.yaml @@ -14,6 +14,7 @@ spec: - name: docker-sock hostPath: path: /var/run/docker.sock + type: Socket - name: dev-vol hostPath: path: /dev From 01e4b960d8000f25af51d3fa2e4b7d9b043b0b90 Mon Sep 17 00:00:00 2001 From: Di Xu Date: Thu, 24 Aug 2017 21:11:52 +0800 Subject: [PATCH 2/2] update kubeadm to use hostpath type --- .../app/phases/controlplane/volumes.go | 25 ++-- .../app/phases/controlplane/volumes_test.go | 113 ++++++++++++++---- cmd/kubeadm/app/phases/etcd/local.go | 3 +- .../selfhosting/podspec_mutation_test.go | 12 ++ .../phases/selfhosting/selfhosting_test.go | 4 + cmd/kubeadm/app/util/staticpod/utils.go | 7 +- cmd/kubeadm/app/util/staticpod/utils_test.go | 10 +- 7 files changed, 136 insertions(+), 38 deletions(-) diff --git a/cmd/kubeadm/app/phases/controlplane/volumes.go b/cmd/kubeadm/app/phases/controlplane/volumes.go index cf8f8e8765..d83df4961d 100644 --- a/cmd/kubeadm/app/phases/controlplane/volumes.go +++ b/cmd/kubeadm/app/phases/controlplane/volumes.go @@ -42,14 +42,16 @@ var caCertsPkiVolumePath = "/etc/pki" // getHostPathVolumesForTheControlPlane gets the required hostPath volumes and mounts for the control plane func getHostPathVolumesForTheControlPlane(cfg *kubeadmapi.MasterConfiguration) controlPlaneHostPathMounts { + hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate + hostPathFileOrCreate := v1.HostPathFileOrCreate mounts := newControlPlaneHostPathMounts() // HostPath volumes for the API Server // Read-only mount for the certificates directory // TODO: Always mount the K8s Certificates directory to a static path inside of the container - mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, kubeadmconstants.KubeCertificatesVolumeName, cfg.CertificatesDir, cfg.CertificatesDir, true) + mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, kubeadmconstants.KubeCertificatesVolumeName, cfg.CertificatesDir, cfg.CertificatesDir, true, &hostPathDirectoryOrCreate) // Read-only mount for the ca certs (/etc/ssl/certs) directory - mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, caCertsVolumeName, caCertsVolumePath, caCertsVolumePath, true) + mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, caCertsVolumeName, caCertsVolumePath, caCertsVolumePath, true, &hostPathDirectoryOrCreate) // If external etcd is specified, mount the directories needed for accessing the CA/serving certs and the private key if len(cfg.Etcd.Endpoints) != 0 { @@ -60,23 +62,23 @@ func getHostPathVolumesForTheControlPlane(cfg *kubeadmapi.MasterConfiguration) c // HostPath volumes for the controller manager // Read-only mount for the certificates directory // TODO: Always mount the K8s Certificates directory to a static path inside of the container - mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, kubeadmconstants.KubeCertificatesVolumeName, cfg.CertificatesDir, cfg.CertificatesDir, true) + mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, kubeadmconstants.KubeCertificatesVolumeName, cfg.CertificatesDir, cfg.CertificatesDir, true, &hostPathDirectoryOrCreate) // Read-only mount for the ca certs (/etc/ssl/certs) directory - mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, caCertsVolumeName, caCertsVolumePath, caCertsVolumePath, true) + mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, caCertsVolumeName, caCertsVolumePath, caCertsVolumePath, true, &hostPathDirectoryOrCreate) // Read-only mount for the controller manager kubeconfig file controllerManagerKubeConfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName) - mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, kubeadmconstants.KubeConfigVolumeName, controllerManagerKubeConfigFile, controllerManagerKubeConfigFile, true) + mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, kubeadmconstants.KubeConfigVolumeName, controllerManagerKubeConfigFile, controllerManagerKubeConfigFile, true, &hostPathFileOrCreate) // HostPath volumes for the scheduler // Read-only mount for the scheduler kubeconfig file schedulerKubeConfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.SchedulerKubeConfigFileName) - mounts.NewHostPathMount(kubeadmconstants.KubeScheduler, kubeadmconstants.KubeConfigVolumeName, schedulerKubeConfigFile, schedulerKubeConfigFile, true) + mounts.NewHostPathMount(kubeadmconstants.KubeScheduler, kubeadmconstants.KubeConfigVolumeName, schedulerKubeConfigFile, schedulerKubeConfigFile, true, &hostPathFileOrCreate) // On some systems were we host-mount /etc/ssl/certs, it is also required to mount /etc/pki. This is needed // due to symlinks pointing from files in /etc/ssl/certs into /etc/pki/ if isPkiVolumeMountNeeded() { - mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, caCertsPkiVolumeName, caCertsPkiVolumePath, caCertsPkiVolumePath, true) - mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, caCertsPkiVolumeName, caCertsPkiVolumePath, caCertsPkiVolumePath, true) + mounts.NewHostPathMount(kubeadmconstants.KubeAPIServer, caCertsPkiVolumeName, caCertsPkiVolumePath, caCertsPkiVolumePath, true, &hostPathDirectoryOrCreate) + mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, caCertsPkiVolumeName, caCertsPkiVolumePath, caCertsPkiVolumePath, true, &hostPathDirectoryOrCreate) } return mounts @@ -95,8 +97,8 @@ func newControlPlaneHostPathMounts() controlPlaneHostPathMounts { } } -func (c *controlPlaneHostPathMounts) NewHostPathMount(component, mountName, hostPath, containerPath string, readOnly bool) { - c.volumes[component] = append(c.volumes[component], staticpodutil.NewVolume(mountName, hostPath)) +func (c *controlPlaneHostPathMounts) NewHostPathMount(component, mountName, hostPath, containerPath string, readOnly bool, hostPathType *v1.HostPathType) { + c.volumes[component] = append(c.volumes[component], staticpodutil.NewVolume(mountName, hostPath, hostPathType)) c.volumeMounts[component] = append(c.volumeMounts[component], staticpodutil.NewVolumeMount(mountName, containerPath, readOnly)) } @@ -143,9 +145,10 @@ func getEtcdCertVolumes(etcdCfg kubeadmapi.Etcd) ([]v1.Volume, []v1.VolumeMount) volumes := []v1.Volume{} volumeMounts := []v1.VolumeMount{} + pathType := v1.HostPathDirectoryOrCreate for i, certDir := range certDirs.List() { name := fmt.Sprintf("etcd-certs-%d", i) - volumes = append(volumes, staticpodutil.NewVolume(name, certDir)) + volumes = append(volumes, staticpodutil.NewVolume(name, certDir, &pathType)) volumeMounts = append(volumeMounts, staticpodutil.NewVolumeMount(name, certDir, true)) } return volumes, volumeMounts diff --git a/cmd/kubeadm/app/phases/controlplane/volumes_test.go b/cmd/kubeadm/app/phases/controlplane/volumes_test.go index d711e03bad..ebe74eed56 100644 --- a/cmd/kubeadm/app/phases/controlplane/volumes_test.go +++ b/cmd/kubeadm/app/phases/controlplane/volumes_test.go @@ -29,6 +29,7 @@ import ( ) func TestGetEtcdCertVolumes(t *testing.T) { + hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate var tests = []struct { ca, cert, key string vol []v1.Volume @@ -67,7 +68,10 @@ func TestGetEtcdCertVolumes(t *testing.T) { { Name: "etcd-certs-0", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/var/lib/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/var/lib/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, }, @@ -88,13 +92,19 @@ func TestGetEtcdCertVolumes(t *testing.T) { { Name: "etcd-certs-0", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "etcd-certs-1", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/var/lib/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/var/lib/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, }, @@ -120,19 +130,28 @@ func TestGetEtcdCertVolumes(t *testing.T) { { Name: "etcd-certs-0", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "etcd-certs-1", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/var/lib/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/var/lib/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "etcd-certs-2", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/var/lib/certs/private"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/var/lib/certs/private", + Type: &hostPathDirectoryOrCreate, + }, }, }, }, @@ -163,7 +182,10 @@ func TestGetEtcdCertVolumes(t *testing.T) { { Name: "etcd-certs-0", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, }, @@ -184,7 +206,10 @@ func TestGetEtcdCertVolumes(t *testing.T) { { Name: "etcd-certs-0", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, }, @@ -222,6 +247,8 @@ func TestGetEtcdCertVolumes(t *testing.T) { } func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { + hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate + hostPathFileOrCreate := v1.HostPathFileOrCreate var tests = []struct { cfg *kubeadmapi.MasterConfiguration vol map[string][]v1.Volume @@ -238,13 +265,19 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { { Name: "k8s-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: testCertsDir}, + HostPath: &v1.HostPathVolumeSource{ + Path: testCertsDir, + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "ca-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/ssl/certs"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, + }, }, }, }, @@ -252,19 +285,28 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { { Name: "k8s-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: testCertsDir}, + HostPath: &v1.HostPathVolumeSource{ + Path: testCertsDir, + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "ca-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/ssl/certs"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/kubernetes/controller-manager.conf"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/kubernetes/controller-manager.conf", + Type: &hostPathFileOrCreate, + }, }, }, }, @@ -272,7 +314,10 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/kubernetes/scheduler.conf"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/kubernetes/scheduler.conf", + Type: &hostPathFileOrCreate, + }, }, }, }, @@ -332,25 +377,37 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { { Name: "k8s-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: testCertsDir}, + HostPath: &v1.HostPathVolumeSource{ + Path: testCertsDir, + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "ca-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/ssl/certs"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "etcd-certs-0", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "etcd-certs-1", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/var/lib/certs/etcd"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/var/lib/certs/etcd", + Type: &hostPathDirectoryOrCreate, + }, }, }, }, @@ -358,19 +415,28 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { { Name: "k8s-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: testCertsDir}, + HostPath: &v1.HostPathVolumeSource{ + Path: testCertsDir, + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "ca-certs", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/ssl/certs"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, + }, }, }, { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/kubernetes/controller-manager.conf"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/kubernetes/controller-manager.conf", + Type: &hostPathFileOrCreate, + }, }, }, }, @@ -378,7 +444,10 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/kubernetes/scheduler.conf"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/kubernetes/scheduler.conf", + Type: &hostPathFileOrCreate, + }, }, }, }, diff --git a/cmd/kubeadm/app/phases/etcd/local.go b/cmd/kubeadm/app/phases/etcd/local.go index 58fa56f9f7..e947794fcc 100644 --- a/cmd/kubeadm/app/phases/etcd/local.go +++ b/cmd/kubeadm/app/phases/etcd/local.go @@ -49,6 +49,7 @@ func CreateLocalEtcdStaticPodManifestFile(manifestDir string, cfg *kubeadmapi.Ma // GetEtcdPodSpec returns the etcd static Pod actualized to the context of the current MasterConfiguration // NB. GetEtcdPodSpec methods holds the information about how kubeadm creates etcd static pod mainfests. func GetEtcdPodSpec(cfg *kubeadmapi.MasterConfiguration) v1.Pod { + pathType := v1.HostPathDirectoryOrCreate return staticpodutil.ComponentPod(v1.Container{ Name: kubeadmconstants.Etcd, Command: getEtcdCommand(cfg), @@ -56,7 +57,7 @@ func GetEtcdPodSpec(cfg *kubeadmapi.MasterConfiguration) v1.Pod { // Mount the etcd datadir path read-write so etcd can store data in a more persistent manner VolumeMounts: []v1.VolumeMount{staticpodutil.NewVolumeMount(etcdVolumeName, cfg.Etcd.DataDir, false)}, LivenessProbe: staticpodutil.ComponentProbe(2379, "/health", v1.URISchemeHTTP), - }, []v1.Volume{staticpodutil.NewVolume(etcdVolumeName, cfg.Etcd.DataDir)}) + }, []v1.Volume{staticpodutil.NewVolume(etcdVolumeName, cfg.Etcd.DataDir, &pathType)}) } // getEtcdCommand builds the right etcd command from the given config object diff --git a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go index 60dacbfab8..b5e2483c94 100644 --- a/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go +++ b/cmd/kubeadm/app/phases/selfhosting/podspec_mutation_test.go @@ -186,6 +186,7 @@ func TestSetRightDNSPolicyOnPodSpec(t *testing.T) { } func TestSetSelfHostedVolumesForAPIServer(t *testing.T) { + hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate var tests = []struct { podSpec *v1.PodSpec expected v1.PodSpec @@ -215,6 +216,7 @@ func TestSetSelfHostedVolumesForAPIServer(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, }, }, }, @@ -223,6 +225,7 @@ func TestSetSelfHostedVolumesForAPIServer(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/kubernetes/pki", + Type: &hostPathDirectoryOrCreate, }, }, }, @@ -252,6 +255,7 @@ func TestSetSelfHostedVolumesForAPIServer(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, }, }, }, @@ -276,6 +280,8 @@ func TestSetSelfHostedVolumesForAPIServer(t *testing.T) { } func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { + hostPathFileOrCreate := v1.HostPathFileOrCreate + hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate var tests = []struct { podSpec *v1.PodSpec expected v1.PodSpec @@ -310,6 +316,7 @@ func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, }, }, }, @@ -318,6 +325,7 @@ func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/kubernetes/pki", + Type: &hostPathDirectoryOrCreate, }, }, }, @@ -326,6 +334,7 @@ func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/kubernetes/controller-manager.conf", + Type: &hostPathFileOrCreate, }, }, }, @@ -360,6 +369,7 @@ func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/ssl/certs", + Type: &hostPathDirectoryOrCreate, }, }, }, @@ -388,6 +398,7 @@ func TestSetSelfHostedVolumesForControllerManager(t *testing.T) { } func TestSetSelfHostedVolumesForScheduler(t *testing.T) { + hostPathFileOrCreate := v1.HostPathFileOrCreate var tests = []struct { podSpec *v1.PodSpec expected v1.PodSpec @@ -414,6 +425,7 @@ func TestSetSelfHostedVolumesForScheduler(t *testing.T) { VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ Path: "/etc/kubernetes/scheduler.conf", + Type: &hostPathFileOrCreate, }, }, }, diff --git a/cmd/kubeadm/app/phases/selfhosting/selfhosting_test.go b/cmd/kubeadm/app/phases/selfhosting/selfhosting_test.go index aa73f01273..3ac5a6e6ad 100644 --- a/cmd/kubeadm/app/phases/selfhosting/selfhosting_test.go +++ b/cmd/kubeadm/app/phases/selfhosting/selfhosting_test.go @@ -249,6 +249,7 @@ spec: name: ca-certs - hostPath: path: /etc/kubernetes/controller-manager.conf + type: FileOrCreate name: kubeconfig - hostPath: path: /etc/pki @@ -324,6 +325,7 @@ spec: name: ca-certs - hostPath: path: /etc/kubernetes/controller-manager.conf + type: FileOrCreate name: kubeconfig - hostPath: path: /etc/pki @@ -374,6 +376,7 @@ spec: volumes: - hostPath: path: /etc/kubernetes/scheduler.conf + type: FileOrCreate name: kubeconfig status: {} ` @@ -425,6 +428,7 @@ spec: volumes: - hostPath: path: /etc/kubernetes/scheduler.conf + type: FileOrCreate name: kubeconfig updateStrategy: {} status: diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go index c8004bcc6b..9b40ea6664 100644 --- a/cmd/kubeadm/app/util/staticpod/utils.go +++ b/cmd/kubeadm/app/util/staticpod/utils.go @@ -82,11 +82,14 @@ func ComponentProbe(port int, path string, scheme v1.URIScheme) *v1.Probe { } // NewVolume creates a v1.Volume with a hostPath mount to the specified location -func NewVolume(name, path string) v1.Volume { +func NewVolume(name, path string, pathType *v1.HostPathType) v1.Volume { return v1.Volume{ Name: name, VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: path}, + HostPath: &v1.HostPathVolumeSource{ + Path: path, + Type: pathType, + }, }, } } diff --git a/cmd/kubeadm/app/util/staticpod/utils_test.go b/cmd/kubeadm/app/util/staticpod/utils_test.go index d7ecb43718..9d7707f961 100644 --- a/cmd/kubeadm/app/util/staticpod/utils_test.go +++ b/cmd/kubeadm/app/util/staticpod/utils_test.go @@ -123,10 +123,12 @@ func TestComponentPod(t *testing.T) { } func TestNewVolume(t *testing.T) { + hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate var tests = []struct { name string path string expected v1.Volume + pathType *v1.HostPathType }{ { name: "foo", @@ -134,14 +136,18 @@ func TestNewVolume(t *testing.T) { expected: v1.Volume{ Name: "foo", VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{Path: "/etc/foo"}, + HostPath: &v1.HostPathVolumeSource{ + Path: "/etc/foo", + Type: &hostPathDirectoryOrCreate, + }, }, }, + pathType: &hostPathDirectoryOrCreate, }, } for _, rt := range tests { - actual := NewVolume(rt.name, rt.path) + actual := NewVolume(rt.name, rt.path, rt.pathType) if !reflect.DeepEqual(actual, rt.expected) { t.Errorf( "failed newVolume:\n\texpected: %v\n\t actual: %v",