github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #74424 from liggitt/drop-k8s-io-node-labels 

Clean up self-set node labels
pull/564/head
Kubernetes Prow Robot 2019-03-06 08:24:26 -08:00 committed by GitHub
parent 5ff303000a e1db43ad1b
commit 45e5f6053b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 43 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/addons/fluentd-elasticsearch/README.md
View File

@ -52,10 +52,6 @@ Fluentd is deployed as a [DaemonSet][daemonSet] which spawns a pod on each
node that reads logs, generated by kubelet, container runtime and containers node that reads logs, generated by kubelet, container runtime and containers
and sends them to Elasticsearch. and sends them to Elasticsearch.
**Note:** in order for Fluentd to work, every Kubernetes node must be labeled
with `beta.kubernetes.io/fluentd-ds-ready=true`, as otherwise the Fluentd
DaemonSet will ignore them.
Learn more in the [official Kubernetes documentation][k8sElasticsearchDocs]. Learn more in the [official Kubernetes documentation][k8sElasticsearchDocs].
## Building ## Building

2
cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
View File

@ -95,8 +95,6 @@ spec:
readOnly: true readOnly: true
- name: config-volume - name: config-volume
mountPath: /etc/fluent/config.d mountPath: /etc/fluent/config.d
nodeSelector:
beta.kubernetes.io/fluentd-ds-ready: "true"
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
volumes: volumes:
- name: varlog - name: varlog

1
cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml
View File

@ -103,7 +103,6 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
# END_PROMETHEUS_TO_SD # END_PROMETHEUS_TO_SD
nodeSelector: nodeSelector:
beta.kubernetes.io/fluentd-ds-ready: "true"
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
tolerations: tolerations:

1
cluster/addons/ip-masq-agent/ip-masq-agent.yaml
View File

@ -45,6 +45,7 @@ spec:
- name: config - name: config
mountPath: /etc/config mountPath: /etc/config
nodeSelector: nodeSelector:
# TODO(liggitt): switch to node.kubernetes.io/masq-agent-ds-ready in 1.16
beta.kubernetes.io/masq-agent-ds-ready: "true" beta.kubernetes.io/masq-agent-ds-ready: "true"
volumes: volumes:
- name: config - name: config

1
cluster/addons/kube-proxy/kube-proxy-ds.yaml
View File

@ -27,6 +27,7 @@ spec:
priorityClassName: system-node-critical priorityClassName: system-node-critical
hostNetwork: true hostNetwork: true
nodeSelector: nodeSelector:
# TODO(liggitt): switch to node.kubernetes.io/kube-proxy-ds-ready in 1.16
beta.kubernetes.io/kube-proxy-ds-ready: "true" beta.kubernetes.io/kube-proxy-ds-ready: "true"
tolerations: tolerations:
- operator: "Exists" - operator: "Exists"

1
cluster/addons/metadata-proxy/gce/metadata-proxy.yaml
View File

@ -88,6 +88,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
# END_PROMETHEUS_TO_SD # END_PROMETHEUS_TO_SD
nodeSelector: nodeSelector:
# TODO(liggitt): switch to cloud.google.com/metadata-proxy-ready=true in v1.16
beta.kubernetes.io/metadata-proxy-ready: "true" beta.kubernetes.io/metadata-proxy-ready: "true"
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30

10
cluster/gce/config-default.sh
View File

@ -38,13 +38,7 @@ MASTER_ROOT_DISK_SIZE=${MASTER_ROOT_DISK_SIZE:-$(get-master-root-disk-size)}
NODE_DISK_TYPE=${NODE_DISK_TYPE:-pd-standard} NODE_DISK_TYPE=${NODE_DISK_TYPE:-pd-standard}
NODE_DISK_SIZE=${NODE_DISK_SIZE:-100GB} NODE_DISK_SIZE=${NODE_DISK_SIZE:-100GB}
NODE_LOCAL_SSDS=${NODE_LOCAL_SSDS:-0} NODE_LOCAL_SSDS=${NODE_LOCAL_SSDS:-0}
NODE_LABELS="${KUBE_NODE_LABELS:-}"
# Historically fluentd was a manifest pod and then was migrated to DaemonSet.
# To avoid situation during cluster upgrade when there are two instances
# of fluentd running on a node, kubelet need to mark node on which
# fluentd is not running as a manifest pod with appropriate label.
# TODO(piosz): remove this in 1.8
NODE_LABELS="${KUBE_NODE_LABELS:-beta.kubernetes.io/fluentd-ds-ready=true}"
WINDOWS_NODE_LABELS="${WINDOWS_NODE_LABELS:-}" WINDOWS_NODE_LABELS="${WINDOWS_NODE_LABELS:-}"
# An extension to local SSDs allowing users to specify block/fs and SCSI/NVMe devices # An extension to local SSDs allowing users to specify block/fs and SCSI/NVMe devices
@ -217,6 +211,8 @@ ENABLE_METADATA_CONCEALMENT="${ENABLE_METADATA_CONCEALMENT:-false}" # true, fals
METADATA_CONCEALMENT_NO_FIREWALL="${METADATA_CONCEALMENT_NO_FIREWALL:-false}" # true, false METADATA_CONCEALMENT_NO_FIREWALL="${METADATA_CONCEALMENT_NO_FIREWALL:-false}" # true, false
if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then
# Put the necessary label on the node so the daemonset gets scheduled. # Put the necessary label on the node so the daemonset gets scheduled.
NODE_LABELS="${NODE_LABELS},cloud.google.com/metadata-proxy-ready=true"
# TODO(liggitt): remove this in v1.16
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true" NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
# Add to the provider custom variables. # Add to the provider custom variables.
PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT METADATA_CONCEALMENT_NO_FIREWALL" PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT METADATA_CONCEALMENT_NO_FIREWALL"

10
cluster/gce/config-test.sh
View File

@ -38,13 +38,7 @@ MASTER_ROOT_DISK_SIZE=${MASTER_ROOT_DISK_SIZE:-$(get-master-root-disk-size)}
NODE_DISK_TYPE=${NODE_DISK_TYPE:-pd-standard} NODE_DISK_TYPE=${NODE_DISK_TYPE:-pd-standard}
NODE_DISK_SIZE=${NODE_DISK_SIZE:-100GB} NODE_DISK_SIZE=${NODE_DISK_SIZE:-100GB}
NODE_LOCAL_SSDS=${NODE_LOCAL_SSDS:-0} NODE_LOCAL_SSDS=${NODE_LOCAL_SSDS:-0}
NODE_LABELS="${KUBE_NODE_LABELS:-}"
# Historically fluentd was a manifest pod and then was migrated to DaemonSet.
# To avoid situation during cluster upgrade when there are two instances
# of fluentd running on a node, kubelet need to mark node on which
# fluentd is not running as a manifest pod with appropriate label.
# TODO(piosz): remove this in 1.8
NODE_LABELS="${KUBE_NODE_LABELS:-beta.kubernetes.io/fluentd-ds-ready=true}"
WINDOWS_NODE_LABELS="${WINDOWS_NODE_LABELS:-}" WINDOWS_NODE_LABELS="${WINDOWS_NODE_LABELS:-}"
# An extension to local SSDs allowing users to specify block/fs and SCSI/NVMe devices # An extension to local SSDs allowing users to specify block/fs and SCSI/NVMe devices
@ -257,6 +251,8 @@ ENABLE_METADATA_CONCEALMENT="${ENABLE_METADATA_CONCEALMENT:-true}" # true, false
METADATA_CONCEALMENT_NO_FIREWALL="${METADATA_CONCEALMENT_NO_FIREWALL:-false}" # true, false METADATA_CONCEALMENT_NO_FIREWALL="${METADATA_CONCEALMENT_NO_FIREWALL:-false}" # true, false
if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then
# Put the necessary label on the node so the daemonset gets scheduled. # Put the necessary label on the node so the daemonset gets scheduled.
NODE_LABELS="${NODE_LABELS},cloud.google.com/metadata-proxy-ready=true"
# TODO(liggitt): remove this in v1.16
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true" NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
# Add to the provider custom variables. # Add to the provider custom variables.
PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT METADATA_CONCEALMENT_NO_FIREWALL" PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT METADATA_CONCEALMENT_NO_FIREWALL"

30
cluster/gce/gci/configure-helper.sh
View File

@ -1931,6 +1931,35 @@ function setup-etcd-encryption {
fi fi
} }
# Updates node labels used by addons.
function update-legacy-addon-node-labels() {
# need kube-apiserver to be ready
until kubectl get nodes; do
sleep 5
done
update-node-label "beta.kubernetes.io/metadata-proxy-ready=true,cloud.google.com/metadata-proxy-ready!=true" "cloud.google.com/metadata-proxy-ready=true"
update-node-label "beta.kubernetes.io/kube-proxy-ds-ready=true,node.kubernetes.io/kube-proxy-ds-ready!=true" "node.kubernetes.io/kube-proxy-ds-ready=true"
update-node-label "beta.kubernetes.io/masq-agent-ds-ready=true,node.kubernetes.io/masq-agent-ds-ready!=true" "node.kubernetes.io/masq-agent-ds-ready=true"
}
# A helper function for labeling all nodes matching a given selector.
# Runs: kubectl label --overwrite nodes -l "${1}" "${2}"
# Retries on failure
#
# $1: label selector of nodes
# $2: label to apply
function update-node-label() {
local selector="$1"
local label="$2"
local retries=5
until (( retries == 0 )); do
if kubectl label --overwrite nodes -l "${selector}" "${label}"; then
break
fi
(( retries-- ))
sleep 3
done
}
# Applies encryption provider config. # Applies encryption provider config.
# This function may be triggered in two scenarios: # This function may be triggered in two scenarios:
@ -2903,6 +2932,7 @@ function main() {
start-kube-addons start-kube-addons
start-cluster-autoscaler start-cluster-autoscaler
start-lb-controller start-lb-controller
update-legacy-addon-node-labels &
apply-encryption-config & apply-encryption-config &
else else
if [[ "${KUBE_PROXY_DAEMONSET:-}" != "true" ]]; then if [[ "${KUBE_PROXY_DAEMONSET:-}" != "true" ]]; then

3
cluster/gce/util.sh
View File

@ -610,7 +610,8 @@ function build-linux-node-labels {
if [[ "${KUBE_PROXY_DAEMONSET:-}" == "true" && "${master}" != "true" ]]; then if [[ "${KUBE_PROXY_DAEMONSET:-}" == "true" && "${master}" != "true" ]]; then
# Add kube-proxy daemonset label to node to avoid situation during cluster # Add kube-proxy daemonset label to node to avoid situation during cluster
# upgrade/downgrade when there are two instances of kube-proxy running on a node. # upgrade/downgrade when there are two instances of kube-proxy running on a node.
node_labels="beta.kubernetes.io/kube-proxy-ds-ready=true" # TODO(liggitt): drop beta.kubernetes.io/kube-proxy-ds-ready in 1.16
node_labels="node.kubernetes.io/kube-proxy-ds-ready=true,beta.kubernetes.io/kube-proxy-ds-ready=true"
fi fi
if [[ -n "${NODE_LABELS:-}" ]]; then if [[ -n "${NODE_LABELS:-}" ]]; then
node_labels="${node_labels:+${node_labels},}${NODE_LABELS}" node_labels="${node_labels:+${node_labels},}${NODE_LABELS}"

4
cmd/kubelet/app/options/options.go
View File

@ -263,9 +263,9 @@ func ValidateKubeletFlags(f *KubeletFlags) error {
} }
} }
if len(unknownLabels) > 0 { if len(unknownLabels) > 0 {
// TODO(liggitt): in 1.15, return an error // TODO(liggitt): in 1.16, return an error
klog.Warningf("unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels: %v", unknownLabels.List()) klog.Warningf("unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels: %v", unknownLabels.List())
klog.Warningf("in 1.15, --node-labels in the 'kubernetes.io' namespace must begin with an allowed prefix (%s) or be in the specifically allowed set (%s)", strings.Join(kubeletapis.KubeletLabelNamespaces(), ", "), strings.Join(kubeletapis.KubeletLabels(), ", ")) klog.Warningf("in 1.16, --node-labels in the 'kubernetes.io' namespace must begin with an allowed prefix (%s) or be in the specifically allowed set (%s)", strings.Join(kubeletapis.KubeletLabelNamespaces(), ", "), strings.Join(kubeletapis.KubeletLabels(), ", "))
} }
return nil return nil