github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into jlx201811031619

pull/564/head
jianglingxia 2018-11-17 12:53:21 +08:00 committed by GitHub
parent 0094e05975 ec2e767e59
commit 6159bab94a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2701 changed files with 87786 additions and 39120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -127,3 +127,6 @@ zz_generated_*_test.go
/bazel-*
*.pyc
# generated by verify-godeps.sh
vendordiff.patch

199
CHANGELOG-1.10.md
View File

@ -1,75 +1,82 @@
<!-- BEGIN MUNGE: GENERATED_TOC -->
- [v1.10.9](#v1109)
- [Downloads for v1.10.9](#downloads-for-v1109)
- [v1.10.10](#v11010)
- [Downloads for v1.10.10](#downloads-for-v11010)
- [Client Binaries](#client-binaries)
- [Server Binaries](#server-binaries)
- [Node Binaries](#node-binaries)
- [Changelog since v1.10.8](#changelog-since-v1108)
- [Changelog since v1.10.9](#changelog-since-v1109)
- [Other notable changes](#other-notable-changes)
- [v1.10.8](#v1108)
- [Downloads for v1.10.8](#downloads-for-v1108)
- [v1.10.9](#v1109)
- [Downloads for v1.10.9](#downloads-for-v1109)
- [Client Binaries](#client-binaries-1)
- [Server Binaries](#server-binaries-1)
- [Node Binaries](#node-binaries-1)
- [Changelog since v1.10.7](#changelog-since-v1107)
- [Changelog since v1.10.8](#changelog-since-v1108)
- [Other notable changes](#other-notable-changes-1)
- [v1.10.7](#v1107)
- [Downloads for v1.10.7](#downloads-for-v1107)
- [v1.10.8](#v1108)
- [Downloads for v1.10.8](#downloads-for-v1108)
- [Client Binaries](#client-binaries-2)
- [Server Binaries](#server-binaries-2)
- [Node Binaries](#node-binaries-2)
- [Changelog since v1.10.6](#changelog-since-v1106)
- [Action Required](#action-required)
- [Changelog since v1.10.7](#changelog-since-v1107)
- [Other notable changes](#other-notable-changes-2)
- [v1.10.6](#v1106)
- [Downloads for v1.10.6](#downloads-for-v1106)
- [v1.10.7](#v1107)
- [Downloads for v1.10.7](#downloads-for-v1107)
- [Client Binaries](#client-binaries-3)
- [Server Binaries](#server-binaries-3)
- [Node Binaries](#node-binaries-3)
- [Changelog since v1.10.5](#changelog-since-v1105)
- [Action Required](#action-required-1)
- [Changelog since v1.10.6](#changelog-since-v1106)
- [Action Required](#action-required)
- [Other notable changes](#other-notable-changes-3)
- [v1.10.5](#v1105)
- [Downloads for v1.10.5](#downloads-for-v1105)
- [v1.10.6](#v1106)
- [Downloads for v1.10.6](#downloads-for-v1106)
- [Client Binaries](#client-binaries-4)
- [Server Binaries](#server-binaries-4)
- [Node Binaries](#node-binaries-4)
- [Changelog since v1.10.4](#changelog-since-v1104)
- [Action Required](#action-required-2)
- [Changelog since v1.10.5](#changelog-since-v1105)
- [Action Required](#action-required-1)
- [Other notable changes](#other-notable-changes-4)
- [v1.10.4](#v1104)
- [Downloads for v1.10.4](#downloads-for-v1104)
- [v1.10.5](#v1105)
- [Downloads for v1.10.5](#downloads-for-v1105)
- [Client Binaries](#client-binaries-5)
- [Server Binaries](#server-binaries-5)
- [Node Binaries](#node-binaries-5)
- [Changelog since v1.10.3](#changelog-since-v1103)
- [Changelog since v1.10.4](#changelog-since-v1104)
- [Action Required](#action-required-2)
- [Other notable changes](#other-notable-changes-5)
- [v1.10.3](#v1103)
- [Downloads for v1.10.3](#downloads-for-v1103)
- [v1.10.4](#v1104)
- [Downloads for v1.10.4](#downloads-for-v1104)
- [Client Binaries](#client-binaries-6)
- [Server Binaries](#server-binaries-6)
- [Node Binaries](#node-binaries-6)
- [Changelog since v1.10.2](#changelog-since-v1102)
- [Changelog since v1.10.3](#changelog-since-v1103)
- [Other notable changes](#other-notable-changes-6)
- [v1.10.2](#v1102)
- [Downloads for v1.10.2](#downloads-for-v1102)
- [v1.10.3](#v1103)
- [Downloads for v1.10.3](#downloads-for-v1103)
- [Client Binaries](#client-binaries-7)
- [Server Binaries](#server-binaries-7)
- [Node Binaries](#node-binaries-7)
- [Changelog since v1.10.1](#changelog-since-v1101)
- [Changelog since v1.10.2](#changelog-since-v1102)
- [Other notable changes](#other-notable-changes-7)
- [v1.10.1](#v1101)
- [Downloads for v1.10.1](#downloads-for-v1101)
- [v1.10.2](#v1102)
- [Downloads for v1.10.2](#downloads-for-v1102)
- [Client Binaries](#client-binaries-8)
- [Server Binaries](#server-binaries-8)
- [Node Binaries](#node-binaries-8)
- [Changelog since v1.10.0](#changelog-since-v1100)
- [Changelog since v1.10.1](#changelog-since-v1101)
- [Other notable changes](#other-notable-changes-8)
- [v1.10.0](#v1100)
- [Downloads for v1.10.0](#downloads-for-v1100)
- [v1.10.1](#v1101)
- [Downloads for v1.10.1](#downloads-for-v1101)
- [Client Binaries](#client-binaries-9)
- [Server Binaries](#server-binaries-9)
- [Node Binaries](#node-binaries-9)
- [Changelog since v1.10.0](#changelog-since-v1100)
- [Other notable changes](#other-notable-changes-9)
- [v1.10.0](#v1100)
- [Downloads for v1.10.0](#downloads-for-v1100)
- [Client Binaries](#client-binaries-10)
- [Server Binaries](#server-binaries-10)
- [Node Binaries](#node-binaries-10)
- [Major Themes](#major-themes)
- [Node](#node)
- [Storage](#storage)
@ -83,7 +90,7 @@
- [Before Upgrading](#before-upgrading)
- [Known Issues](#known-issues)
- [Deprecations](#deprecations)
- [Other Notable Changes](#other-notable-changes-9)
- [Other Notable Changes](#other-notable-changes-10)
- [Apps](#apps)
- [AWS](#aws)
- [Auth](#auth-1)
@ -106,69 +113,137 @@
- [External Dependencies](#external-dependencies)
- [v1.10.0-rc.1](#v1100-rc1)
- [Downloads for v1.10.0-rc.1](#downloads-for-v1100-rc1)
- [Client Binaries](#client-binaries-10)
- [Server Binaries](#server-binaries-10)
- [Node Binaries](#node-binaries-10)
- [Changelog since v1.10.0-beta.4](#changelog-since-v1100-beta4)
- [Other notable changes](#other-notable-changes-10)
- [v1.10.0-beta.4](#v1100-beta4)
- [Downloads for v1.10.0-beta.4](#downloads-for-v1100-beta4)
- [Client Binaries](#client-binaries-11)
- [Server Binaries](#server-binaries-11)
- [Node Binaries](#node-binaries-11)
- [Changelog since v1.10.0-beta.3](#changelog-since-v1100-beta3)
- [Changelog since v1.10.0-beta.4](#changelog-since-v1100-beta4)
- [Other notable changes](#other-notable-changes-11)
- [v1.10.0-beta.3](#v1100-beta3)
- [Downloads for v1.10.0-beta.3](#downloads-for-v1100-beta3)
- [v1.10.0-beta.4](#v1100-beta4)
- [Downloads for v1.10.0-beta.4](#downloads-for-v1100-beta4)
- [Client Binaries](#client-binaries-12)
- [Server Binaries](#server-binaries-12)
- [Node Binaries](#node-binaries-12)
- [Changelog since v1.10.0-beta.2](#changelog-since-v1100-beta2)
- [Changelog since v1.10.0-beta.3](#changelog-since-v1100-beta3)
- [Other notable changes](#other-notable-changes-12)
- [v1.10.0-beta.2](#v1100-beta2)
- [Downloads for v1.10.0-beta.2](#downloads-for-v1100-beta2)
- [v1.10.0-beta.3](#v1100-beta3)
- [Downloads for v1.10.0-beta.3](#downloads-for-v1100-beta3)
- [Client Binaries](#client-binaries-13)
- [Server Binaries](#server-binaries-13)
- [Node Binaries](#node-binaries-13)
- [Changelog since v1.10.0-beta.1](#changelog-since-v1100-beta1)
- [Action Required](#action-required-3)
- [Changelog since v1.10.0-beta.2](#changelog-since-v1100-beta2)
- [Other notable changes](#other-notable-changes-13)
- [v1.10.0-beta.1](#v1100-beta1)
- [Downloads for v1.10.0-beta.1](#downloads-for-v1100-beta1)
- [v1.10.0-beta.2](#v1100-beta2)
- [Downloads for v1.10.0-beta.2](#downloads-for-v1100-beta2)
- [Client Binaries](#client-binaries-14)
- [Server Binaries](#server-binaries-14)
- [Node Binaries](#node-binaries-14)
- [Changelog since v1.10.0-alpha.3](#changelog-since-v1100-alpha3)
- [Action Required](#action-required-4)
- [Changelog since v1.10.0-beta.1](#changelog-since-v1100-beta1)
- [Action Required](#action-required-3)
- [Other notable changes](#other-notable-changes-14)
- [v1.10.0-alpha.3](#v1100-alpha3)
- [Downloads for v1.10.0-alpha.3](#downloads-for-v1100-alpha3)
- [v1.10.0-beta.1](#v1100-beta1)
- [Downloads for v1.10.0-beta.1](#downloads-for-v1100-beta1)
- [Client Binaries](#client-binaries-15)
- [Server Binaries](#server-binaries-15)
- [Node Binaries](#node-binaries-15)
- [Changelog since v1.10.0-alpha.2](#changelog-since-v1100-alpha2)
- [Changelog since v1.10.0-alpha.3](#changelog-since-v1100-alpha3)
- [Action Required](#action-required-4)
- [Other notable changes](#other-notable-changes-15)
- [v1.10.0-alpha.2](#v1100-alpha2)
- [Downloads for v1.10.0-alpha.2](#downloads-for-v1100-alpha2)
- [v1.10.0-alpha.3](#v1100-alpha3)
- [Downloads for v1.10.0-alpha.3](#downloads-for-v1100-alpha3)
- [Client Binaries](#client-binaries-16)
- [Server Binaries](#server-binaries-16)
- [Node Binaries](#node-binaries-16)
- [Changelog since v1.10.0-alpha.1](#changelog-since-v1100-alpha1)
- [Action Required](#action-required-5)
- [Changelog since v1.10.0-alpha.2](#changelog-since-v1100-alpha2)
- [Other notable changes](#other-notable-changes-16)
- [v1.10.0-alpha.1](#v1100-alpha1)
- [Downloads for v1.10.0-alpha.1](#downloads-for-v1100-alpha1)
- [v1.10.0-alpha.2](#v1100-alpha2)
- [Downloads for v1.10.0-alpha.2](#downloads-for-v1100-alpha2)
- [Client Binaries](#client-binaries-17)
- [Server Binaries](#server-binaries-17)
- [Node Binaries](#node-binaries-17)
- [Changelog since v1.10.0-alpha.1](#changelog-since-v1100-alpha1)
- [Action Required](#action-required-5)
- [Other notable changes](#other-notable-changes-17)
- [v1.10.0-alpha.1](#v1100-alpha1)
- [Downloads for v1.10.0-alpha.1](#downloads-for-v1100-alpha1)
- [Client Binaries](#client-binaries-18)
- [Server Binaries](#server-binaries-18)
- [Node Binaries](#node-binaries-18)
- [Changelog since v1.9.0](#changelog-since-v190)
- [Action Required](#action-required-6)
- [Other notable changes](#other-notable-changes-17)
- [Other notable changes](#other-notable-changes-18)
<!-- END MUNGE: GENERATED_TOC -->
<!-- NEW RELEASE NOTES ENTRY -->
# v1.10.10
[Documentation](https://docs.k8s.io)
## Downloads for v1.10.10
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes.tar.gz) | `605609b9b20b1c17f2accc251bb4e5dfb878fce351c7efadd8b6684323bdb8f87f31fbb27cf8a92c5d52c719f92f754ffe0fd065bbec43cb03ec91a6680ee327`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-src.tar.gz) | `0f01069a5198016b616c3e71fd280c5396fdc4c679d2f37fc2db3463f21a9d947a18f5ce69314e71c2d1ad63725807ab1639dad89362b6100ddfdf9cd57d06c5`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-darwin-386.tar.gz) | `ec93db4049f700d3f912ff3b3f463abb809938ac78510a48da58d13644c14a881c5d676d014cdf216d0d30ac8a107f0de6f0fdb48f337d35cf2bf5ab32d686e5`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-darwin-amd64.tar.gz) | `1a13d3c60a7c8f1556e8690cb90a418fa20cd2dda35dafaddc9f17330d2142f25b0c22fc629e92f828af4cf761d190647a49f5df474719c828d381243dbf00be`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-linux-386.tar.gz) | `d291f6472f35e3dbd869865a35f16036f80e79ae5c21ba4c4e5dabc028279ea068924a916a95807fe2659b972c3618094d307e5a98246d83f304aa552aaaefb0`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-linux-amd64.tar.gz) | `101acba3a200fc33026c78adaffc7ca0f6e8dc8be860f06724a01129e6cc29286c6bd735c7166a938f10cb19aa1185f5bbbdcc8c97f6b5750c7417cbf4b36484`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-linux-arm.tar.gz) | `12cd6c4ada86dd9febf15e018e1215c6fc3900e51873f7efef4cf10e5770e1ea3bb2657d89a3a14c334149f3726e98ec7d6b56bef7558c8d53ab0a747b21847a`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-linux-arm64.tar.gz) | `aefa008d4a71f78ea1d9152de754c61d3103b7aaceb7fe6cf47caa1e3cf2c1f0dc203f7253df8f167f37fd3209cf885903d11a2f34fbfd5118c2db7d3edf93bc`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-linux-ppc64le.tar.gz) | `bedbed22c4265aae574240a01ec350cf9961a74977648df4102aa5fc3c827903114be97b057dac0b7a19e92d4cadba4322d8a918083deac63816250c520a9651`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-linux-s390x.tar.gz) | `a7f9c70fb3be422f37dbe87ddc1b3237788121463d8bd1fec668f280488ee034009cdbd3011386a9a894a9a1313f34ce851afb495b62f425698e8e2423078216`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-windows-386.tar.gz) | `872ea8da0478fd80231066afcb7a79a1b1007b727cefa67561210f1d279798dec16c3e32e7a9cc515621faf56294741ecbcdd0044e570d9d28f1af377c10e20d`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-client-windows-amd64.tar.gz) | `ab296181bb60294a08d5b849ea1bc73d800bdc32a14c5a9e31d152224bc51240cb82d1765387997d991cccab30137a798360d8ab787fde171aace69bc8db7f31`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-server-linux-amd64.tar.gz) | `d27e0eecb362f0ff02ae96093749b8b2e44695cb8ed36fe00dc75095812396588a575a994314d78f79d26601ddbef69734944e202991e4b0a44e3ea768c515e3`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-server-linux-arm.tar.gz) | `b0d91a4d6e0700d098ca7c93c8c99c23e23cec61b3d5229d62b42d0f0769be73948832e49c073616da2edc72054017e8081315ea562eaca0da1db32475594b3d`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-server-linux-arm64.tar.gz) | `7cbdfb5e19a499848b9df23a8e68fe827fe913a8b8596d88fb565303dee3a49b9850ab9bc07137f2453a6336e374aaee0cdda4fdd43cb8877308165f295ec976`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-server-linux-ppc64le.tar.gz) | `4e71ab08406ae4e27ddb105901d4f8544e6e61652734539a939ef112672a10a3f89a86cb7eecb0421d1db70123f5d994be2545f8714305ce74c073f83ef8d3fa`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-server-linux-s390x.tar.gz) | `fb45be7bd8d2bba7d8105ea904377007cc697770fe0d1b81f0780ce56d442f20a26df87871594bc3692b59ca6f0f15bae58a473b1d31ebe3e9fbaadeb651408b`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-node-linux-amd64.tar.gz) | `4f97b6f2282af262bf53995e39c2e8eeeda8492cdad34e3616c1aaa9b8bc8c04a6e0ac9ef79ba6290aa53d2ee3bfb65d6cd69b1c3fd1c31dd851bce4420bcfc0`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-node-linux-arm.tar.gz) | `27ba1d0c5b53a26d066ac80b59f997e748b022666f7374a471c4822a551aa6e5396634f0c77666004a0c8aa90d7e4bbb3f4badd4847545e32da49c535d32736d`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-node-linux-arm64.tar.gz) | `b2f361621f24d3c6872f277f790e19be51a4466ca576725554f61ff60539740984d720c75d9266311fd0d2cf18c2eab8aa8454c41ba66deb8685844c263ce53e`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-node-linux-ppc64le.tar.gz) | `19e13f95b8372221d08eb26c694fa533f24889e052c1a3635df6630c2ca3f768bf34b59e6948b05c058c901794905448d648129070c14ec48a64262af1a059f2`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-node-linux-s390x.tar.gz) | `1631f0e2f2c9a7674ec73f2c27cd808f94ef48a782042bfaa7c007caac5fa4d5016863b8fca7c3c2dd92c606b0d079e6cb0038d874e9c1c521cdc73a723a346d`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.10.10/kubernetes-node-windows-amd64.tar.gz) | `7d0d709cf8cbfd076c921ea9cb19b185db1ac04e9915c92bd02be4fc79b3971997b1dcd2c75efeb985e0ff42e85e96c1ac09d9e4a82d03f95460e057d26c6a0f`
## Changelog since v1.10.9
### Other notable changes
* Do not remove shutdown nodes from api-server for vSphere. ([#70291](https://github.com/kubernetes/kubernetes/pull/70291), [@gnufied](https://github.com/gnufied))
* Fixes volume detach from shutdown nodes.
* remove retry operation on attach/detach azure disk ([#70568](https://github.com/kubernetes/kubernetes/pull/70568), [@andyzhangx](https://github.com/andyzhangx))
* fix azure disk attachment error on Linux ([#70002](https://github.com/kubernetes/kubernetes/pull/70002), [@andyzhangx](https://github.com/andyzhangx))
* Ensure orphan public IPs on Azure deleted when service recreated with the same name. ([#70463](https://github.com/kubernetes/kubernetes/pull/70463), [@feiskyer](https://github.com/feiskyer))
* Improve Azure instance metadata handling by adding caches. ([#70353](https://github.com/kubernetes/kubernetes/pull/70353), [@feiskyer](https://github.com/feiskyer))
* Fix cloud-controller-manager crash when using OpenStack provider and PersistentVolume initializing controller ([#70459](https://github.com/kubernetes/kubernetes/pull/70459), [@mvladev](https://github.com/mvladev))
* GCE/GKE load balancer health check default interval changes from 2 seconds to 8 seconds, unhealthyThreshold to 3. ([#70099](https://github.com/kubernetes/kubernetes/pull/70099), [@grayluck](https://github.com/grayluck))
* Health check parameters are configurable to be bigger than default values.
* Scheduling conformance tests related to daemonsets should set the annotation that relaxes node selection restrictions, if any are set. This ensures conformance tests can run on a wider array of clusters. ([#68793](https://github.com/kubernetes/kubernetes/pull/68793), [@aveshagarwal](https://github.com/aveshagarwal))
* Fix cluster autoscaler addon permissions so it can access batch/job. ([#69858](https://github.com/kubernetes/kubernetes/pull/69858), [@losipiuk](https://github.com/losipiuk))
* change default azure file mount permission to 0777 ([#69854](https://github.com/kubernetes/kubernetes/pull/69854), [@andyzhangx](https://github.com/andyzhangx))
* Verify invalid secret/configmap/projected volumes before calling setup ([#68691](https://github.com/kubernetes/kubernetes/pull/68691), [@gnufied](https://github.com/gnufied))
# v1.10.9
[Documentation](https://docs.k8s.io)

1021
Godeps/Godeps.json generated
View File

File diff suppressed because it is too large Load Diff

2959
Godeps/LICENSES generated
View File

File diff suppressed because it is too large Load Diff

121
OWNERS_ALIASES
View File

@ -1,4 +1,125 @@
aliases:
# sig-auth subproject aliases
sig-auth-audit-approvers:
- sttts
- tallclair
sig-auth-audit-reviewers:
- CaoShuFeng
- hzxuzhonghu
- lavalamp
- sttts
- tallclair
sig-auth-authenticators-approvers:
- deads2k
- liggitt
- mikedanese
sig-auth-authenticators-reviewers:
- deads2k
- enj
- jianhuiz
- lavalamp
- liggitt
- mbohlool
- mikedanese
- sttts
- wojtek-t
sig-auth-authorizers-approvers:
- deads2k
- liggitt
- mikedanese
sig-auth-authorizers-reviewers:
- david-mcmahon
- deads2k
- dims
- enj
- erictune
- jianhuiz
- krousey
- lavalamp
- liggitt
- mbohlool
- mikedanese
- mml
- ncdc
- nikhiljindal
- smarterclayton
- sttts
- thockin
- wojtek-t
sig-auth-certificates-approvers:
- liggitt
- mikedanese
- smarterclayton
sig-auth-certificates-reviewers:
- awly
- caesarxuchao
- david-mcmahon
- deads2k
- dims
- enj
- errordeveloper
- hongchaodeng
- jianhuiz
- lavalamp
- liggitt
- mbohlool
- mikedanese
- smarterclayton
- sttts
- thockin
- timothysc
- wojtek-t
sig-auth-encryption-at-rest-approvers:
- immutableT
- smarterclayton
sig-auth-encryption-at-rest-reviewers:
- enj
- immutableT
- lavalamp
- liggitt
- sakshamsharma
- smarterclayton
- wojtek-t
sig-auth-node-isolation-approvers:
- deads2k
- liggitt
- mikedanese
- tallclair
sig-auth-node-isolation-reviewers:
- deads2k
- liggitt
- mikedanese
- tallclair
sig-auth-policy-approvers:
- deads2k
- liggitt
- tallclair
sig-auth-policy-reviewers:
- deads2k
- hongchaodeng
- jianhuiz
- liggitt
- mbohlool
- pweil-
- tallclair
sig-auth-serviceaccounts-approvers:
- deads2k
- liggitt
- mikedanese
sig-auth-serviceaccounts-reviewers:
- awly
- deads2k
- enj
- liggitt
- mikedanese
sig-storage-reviewers:
- saad-ali
- childsb

1
api/api-rules/violation_exceptions.list
View File

@ -4,6 +4,7 @@ API rule violation: names_match,k8s.io/api/core/v1,ContainerStatus,LastTerminati
API rule violation: names_match,k8s.io/api/core/v1,DaemonEndpoint,Port
API rule violation: names_match,k8s.io/api/core/v1,Event,ReportingController
API rule violation: names_match,k8s.io/api/core/v1,FCVolumeSource,WWIDs
API rule violation: names_match,k8s.io/api/core/v1,GlusterfsPersistentVolumeSource,EndpointsName
API rule violation: names_match,k8s.io/api/core/v1,GlusterfsVolumeSource,EndpointsName
API rule violation: names_match,k8s.io/api/core/v1,ISCSIPersistentVolumeSource,DiscoveryCHAPAuth
API rule violation: names_match,k8s.io/api/core/v1,ISCSIPersistentVolumeSource,SessionCHAPAuth

1122
api/openapi-spec/swagger.json generated
View File

File diff suppressed because it is too large Load Diff

4
api/swagger-spec/apps_v1.json generated
View File

@ -8227,7 +8227,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",
@ -9796,7 +9796,7 @@
},
"volumeMode": {
"$ref": "v1.PersistentVolumeMode",
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is an alpha feature and may change in the future."
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature."
},
"dataSource": {
"$ref": "v1.TypedLocalObjectReference",

4
api/swagger-spec/apps_v1beta1.json generated
View File

@ -5739,7 +5739,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",
@ -6982,7 +6982,7 @@
},
"volumeMode": {
"$ref": "v1.PersistentVolumeMode",
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is an alpha feature and may change in the future."
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature."
},
"dataSource": {
"$ref": "v1.TypedLocalObjectReference",

4
api/swagger-spec/apps_v1beta2.json generated
View File

@ -8227,7 +8227,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",
@ -9800,7 +9800,7 @@
},
"volumeMode": {
"$ref": "v1.PersistentVolumeMode",
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is an alpha feature and may change in the future."
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature."
},
"dataSource": {
"$ref": "v1.TypedLocalObjectReference",

14
api/swagger-spec/authentication.k8s.io_v1.json generated
View File

@ -395,6 +395,13 @@
"token": {
"type": "string",
"description": "Token is the opaque bearer token."
},
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver."
}
}
},
@ -410,6 +417,13 @@
"$ref": "v1.UserInfo",
"description": "User is the UserInfo associated with the provided token."
},
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server."
},
"error": {
"type": "string",
"description": "Error indicates that the token couldn't be checked"

14
api/swagger-spec/authentication.k8s.io_v1beta1.json generated
View File

@ -395,6 +395,13 @@
"token": {
"type": "string",
"description": "Token is the opaque bearer token."
},
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver."
}
}
},
@ -410,6 +417,13 @@
"$ref": "v1beta1.UserInfo",
"description": "User is the UserInfo associated with the provided token."
},
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server."
},
"error": {
"type": "string",
"description": "Error indicates that the token couldn't be checked"

2
api/swagger-spec/batch_v1.json generated
View File

@ -2923,7 +2923,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",

2
api/swagger-spec/batch_v1beta1.json generated
View File

@ -2978,7 +2978,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",

2
api/swagger-spec/batch_v2alpha1.json generated
View File

@ -2978,7 +2978,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",

2
api/swagger-spec/extensions_v1beta1.json generated
View File

@ -8923,7 +8923,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",

1030
api/swagger-spec/storage.k8s.io_v1.json generated
View File

File diff suppressed because it is too large Load Diff

38
api/swagger-spec/v1.json generated
View File

@ -19987,7 +19987,7 @@
},
"volumeMode": {
"$ref": "v1.PersistentVolumeMode",
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is an alpha feature and may change in the future."
"description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature."
},
"dataSource": {
"$ref": "v1.TypedLocalObjectReference",
@ -20217,7 +20217,7 @@
"description": "HostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
},
"glusterfs": {
"$ref": "v1.GlusterfsVolumeSource",
"$ref": "v1.GlusterfsPersistentVolumeSource",
"description": "Glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md"
},
"nfs": {
@ -20320,7 +20320,7 @@
},
"volumeMode": {
"$ref": "v1.PersistentVolumeMode",
"description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec. This is an alpha feature and may change in the future."
"description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec. This is a beta feature."
},
"nodeAffinity": {
"$ref": "v1.VolumeNodeAffinity",
@ -20401,8 +20401,8 @@
"id": "v1.HostPathType",
"properties": {}
},
"v1.GlusterfsVolumeSource": {
"id": "v1.GlusterfsVolumeSource",
"v1.GlusterfsPersistentVolumeSource": {
"id": "v1.GlusterfsPersistentVolumeSource",
"description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.",
"required": [
"endpoints",
@ -20420,6 +20420,10 @@
"readOnly": {
"type": "boolean",
"description": "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod"
},
"endpointsNamespace": {
"type": "string",
"description": "EndpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod"
}
}
},
@ -21568,6 +21572,28 @@
}
}
},
"v1.GlusterfsVolumeSource": {
"id": "v1.GlusterfsVolumeSource",
"description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.",
"required": [
"endpoints",
"path"
],
"properties": {
"endpoints": {
"type": "string",
"description": "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod"
},
"path": {
"type": "string",
"description": "Path is the Glusterfs volume path. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod"
},
"readOnly": {
"type": "boolean",
"description": "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod"
}
}
},
"v1.PersistentVolumeClaimVolumeSource": {
"id": "v1.PersistentVolumeClaimVolumeSource",
"description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).",
@ -22117,7 +22143,7 @@
"items": {
"$ref": "v1.VolumeDevice"
},
"description": "volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future."
"description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature."
},
"livenessProbe": {
"$ref": "v1.Probe",

2
build/build-image/cross/Dockerfile
View File

@ -15,7 +15,7 @@
# This file creates a standard build environment for building cross
# platform go binary for the architecture kubernetes cares about.
FROM golang:1.11.1
FROM golang:1.11.2
ENV GOARM 7
ENV KUBE_DYNAMIC_CROSSPLATFORMS \

2
build/build-image/cross/VERSION
View File

@ -1 +1 @@
v1.11.1-2
v1.11.2-1

4
build/debian-base/Makefile
View File

@ -27,6 +27,8 @@ ALL_ARCH = amd64 arm arm64 ppc64le s390x
TEMP_DIR:=$(shell mktemp -d)
QEMUVERSION=v2.9.1
SUDO=$(if $(filter 0,$(shell id -u)),,sudo)
# This option is for running docker manifest command
export DOCKER_CLI_EXPERIMENTAL := enabled
@ -80,7 +82,7 @@ ifeq ($(ARCH),amd64)
else
# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
docker run --rm --privileged multiarch/qemu-user-static:register --reset
$(SUDO) ../../third_party/multiarch/qemu-user-static/register/register.sh --reset
curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)
# Ensure we don't get surprised by umask settings
chmod 0755 $(TEMP_DIR)/qemu-$(QEMUARCH)-static

4
build/debian-hyperkube-base/Makefile
View File

@ -33,6 +33,8 @@ CNI_TARBALL=cni-plugins-$(ARCH)-$(CNI_VERSION).tgz
# This option is for running docker manifest command
export DOCKER_CLI_EXPERIMENTAL := enabled
SUDO=$(if $(filter 0,$(shell id -u)),,sudo)
.PHONY: all build push clean all-build all-push-images all-push push-manifest
all: all-push
@ -74,7 +76,7 @@ endif
ifneq ($(ARCH),amd64)
# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
docker run --rm --privileged multiarch/qemu-user-static:register --reset
$(SUDO) ../../third_party/multiarch/qemu-user-static/register/register.sh --reset
endif
docker build --pull -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
rm -rf $(TEMP_DIR)

4
build/debian-iptables/Makefile
View File

@ -26,13 +26,15 @@ BASEIMAGE?=k8s.gcr.io/debian-base-$(ARCH):0.4.0
# This option is for running docker manifest command
export DOCKER_CLI_EXPERIMENTAL := enabled
SUDO=$(if $(filter 0,$(shell id -u)),,sudo)
build:
cp ./* $(TEMP_DIR)
cd $(TEMP_DIR) && sed -i "s|BASEIMAGE|$(BASEIMAGE)|g" Dockerfile
ifneq ($(ARCH),amd64)
# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
docker run --rm --privileged multiarch/qemu-user-static:register --reset
$(SUDO) ../../third_party/multiarch/qemu-user-static/register/register.sh --reset
endif
docker build --pull -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)

8
build/root/WORKSPACE
View File

@ -4,8 +4,8 @@ load("//build:workspace.bzl", "CRI_TOOLS_VERSION")
http_archive(
name = "io_bazel_rules_go",
sha256 = "7519e9e1c716ae3c05bd2d984a42c3b02e690c5df728dc0a84b23f90c355c5a1",
urls = mirror("https://github.com/bazelbuild/rules_go/releases/download/0.15.4/rules_go-0.15.4.tar.gz"),
sha256 = "f87fa87475ea107b3c69196f39c82b7bbf58fe27c62a338684c20ca17d1d8613",
urls = mirror("https://github.com/bazelbuild/rules_go/releases/download/0.16.2/rules_go-0.16.2.tar.gz"),
)
http_archive(
@ -41,7 +41,7 @@ http_archive(
load("@bazel_skylib//:lib.bzl", "versions")
versions.check(minimum_bazel_version = "0.16.0")
versions.check(minimum_bazel_version = "0.17.2")
load("@io_bazel_rules_go//go:def.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies")
load("@io_bazel_rules_docker//docker:docker.bzl", "docker_pull", "docker_repositories")
@ -49,7 +49,7 @@ load("@io_bazel_rules_docker//docker:docker.bzl", "docker_pull", "docker_reposit
go_rules_dependencies()
go_register_toolchains(
go_version = "1.11.1",
go_version = "1.11.2",
)
docker_repositories()

4
cluster/addons/cluster-monitoring/google/heapster-controller.yaml
View File

@ -79,7 +79,7 @@ spec:
- /eventer
- --source=kubernetes:''
- --sink=gcl
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: heapster-nanny
resources:
limits:
@ -115,7 +115,7 @@ spec:
# Specifies the smallest cluster (defined in number of nodes)
# resources will be scaled to.
- --minClusterSize={{ heapster_min_cluster_size }}
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: eventer-nanny
resources:
limits:

4
cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml
View File

@ -80,7 +80,7 @@ spec:
- /eventer
- --source=kubernetes:''
- --sink=gcl
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: heapster-nanny
resources:
limits:
@ -116,7 +116,7 @@ spec:
# Specifies the smallest cluster (defined in number of nodes)
# resources will be scaled to.
- --minClusterSize={{ heapster_min_cluster_size }}
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: eventer-nanny
resources:
limits:

4
cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml
View File

@ -79,7 +79,7 @@ spec:
- /eventer
- --source=kubernetes:''
- --sink=influxdb:http://monitoring-influxdb:8086
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: heapster-nanny
resources:
limits:
@ -115,7 +115,7 @@ spec:
# Specifies the smallest cluster (defined in number of nodes)
# resources will be scaled to.
- --minClusterSize={{ heapster_min_cluster_size }}
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: eventer-nanny
resources:
limits:

2
cluster/addons/cluster-monitoring/stackdriver/heapster-controller.yaml
View File

@ -81,7 +81,7 @@ spec:
fieldRef:
fieldPath: metadata.namespace
# END_PROMETHEUS_TO_SD
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: heapster-nanny
resources:
limits:

2
cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml
View File

@ -59,7 +59,7 @@ spec:
command:
- /heapster
- --source=kubernetes.summary_api:''
- image: k8s.gcr.io/addon-resizer:1.8.3
- image: k8s.gcr.io/addon-resizer:1.8.4
name: heapster-nanny
resources:
limits:

4
cluster/addons/dns/coredns/coredns.yaml.base
View File

@ -108,13 +108,11 @@ spec:
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.4
image: k8s.gcr.io/coredns:1.2.6
imagePullPolicy: IfNotPresent
resources:
limits:

4
cluster/addons/dns/coredns/coredns.yaml.in
View File

@ -108,13 +108,11 @@ spec:
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.4
image: k8s.gcr.io/coredns:1.2.6
imagePullPolicy: IfNotPresent
resources:
limits:

4
cluster/addons/dns/coredns/coredns.yaml.sed
View File

@ -108,13 +108,11 @@ spec:
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.4
image: k8s.gcr.io/coredns:1.2.6
imagePullPolicy: IfNotPresent
resources:
limits:

35
cluster/addons/dns/nodelocaldns/README.md Normal file
View File

@ -0,0 +1,35 @@
# Nodelocal DNS Cache
This addon runs a node-local-dns pod on all cluster nodes. The pod runs CoreDNS as the dns cache. It runs with `hostNetwork:True` and creates a dedicated dummy interface with a link local ip(169.254.20.10/32 by default) to listen for DNS queries. The cache instances connect to clusterDNS in case of cache misses.
Design details [here](https://github.com/kubernetes/community/blob/master/keps/sig-network/0030-nodelocal-dns-cache.md)
## nodelocaldns addon template
This directory contains the addon config yaml - `nodelocaldns.yaml`
The variables will be substituted by the configure scripts when the yaml is copied into master.
### Network policy and DNS connectivity
When running nodelocaldns addon on clusters using network policy, additional rules might be required to enable dns connectivity.
Using a namespace selector for dns egress traffic as shown [here](https://docs.projectcalico.org/v2.6/getting-started/kubernetes/tutorials/advanced-policy)
might not be enough since the node-local-dns pods run with `hostNetwork: True`
One way to enable connectivity from node-local-dns pods to clusterDNS ip is to use an ipBlock rule instead:
```
spec:
egress:
- ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
to:
- ipBlock:
cidr: <well-known clusterIP for DNS>/32
podSelector: {}
policyTypes:
- Ingress
- Egress
```

144
cluster/addons/dns/nodelocaldns/nodelocaldns.yaml Normal file
View File

@ -0,0 +1,144 @@
# Copyright 2018 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apiVersion: v1
kind: ServiceAccount
metadata:
name: node-local-dns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: v1
kind: ConfigMap
metadata:
name: node-local-dns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
__PILLAR__DNS__DOMAIN__:53 {
errors
cache 30
reload
loop
bind __PILLAR__LOCAL__DNS__
forward . __PILLAR__DNS__SERVER__ {
force_tcp
}
prometheus :9253
health __PILLAR__LOCAL__DNS__:8080
}
in-addr.arpa:53 {
errors
cache 30
reload
loop
bind __PILLAR__LOCAL__DNS__
forward . __PILLAR__DNS__SERVER__ {
force_tcp
}
prometheus :9253
}
ip6.arpa:53 {
errors
cache 30
reload
loop
bind __PILLAR__LOCAL__DNS__
forward . __PILLAR__DNS__SERVER__ {
force_tcp
}
prometheus :9253
}
.:53 {
errors
cache 30
reload
loop
bind __PILLAR__LOCAL__DNS__
forward . /etc/resolv.conf {
force_tcp
}
prometheus :9253
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-local-dns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: node-local-dns
template:
metadata:
labels:
k8s-app: node-local-dns
spec:
priorityClassName: system-node-critical
serviceAccountName: node-local-dns
hostNetwork: true
dnsPolicy: Default # Don't use cluster DNS.
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: node-cache
image: k8s.gcr.io/k8s-dns-node-cache:1.15.0
resources:
limits:
memory: 30Mi
requests:
cpu: 25m
memory: 5Mi
args: [ "-localip", "__PILLAR__LOCAL__DNS__", "-conf", "/etc/coredns/Corefile" ]
securityContext:
privileged: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9253
name: metrics
protocol: TCP
livenessProbe:
httpGet:
host: __PILLAR__LOCAL__DNS__
path: /health
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
volumes:
- name: config-volume
configMap:
name: node-local-dns
items:
- key: Corefile
path: Corefile

2
cluster/addons/fluentd-elasticsearch/es-image/BUILD
View File

@ -22,7 +22,7 @@ go_library(
"//staging/src/k8s.io/client-go/rest:go_default_library",
"//staging/src/k8s.io/client-go/tools/clientcmd:go_default_library",
"//staging/src/k8s.io/client-go/tools/clientcmd/api:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

20
cluster/addons/fluentd-elasticsearch/es-image/elasticsearch_logging_discovery.go
View File

@ -24,11 +24,11 @@ import (
"strings"
"time"
"github.com/golang/glog"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
restclient "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
clientapi "k8s.io/client-go/tools/clientcmd/api"
"k8s.io/klog"
api "k8s.io/kubernetes/pkg/apis/core"
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
)
@ -61,22 +61,22 @@ func flattenSubsets(subsets []api.EndpointSubset) []string {
func main() {
flag.Parse()
glog.Info("Kubernetes Elasticsearch logging discovery")
klog.Info("Kubernetes Elasticsearch logging discovery")
cc, err := buildConfigFromEnvs(os.Getenv("APISERVER_HOST"), os.Getenv("KUBE_CONFIG_FILE"))
if err != nil {
glog.Fatalf("Failed to make client: %v", err)
klog.Fatalf("Failed to make client: %v", err)
}
client, err := clientset.NewForConfig(cc)
if err != nil {
glog.Fatalf("Failed to make client: %v", err)
klog.Fatalf("Failed to make client: %v", err)
}
namespace := metav1.NamespaceSystem
envNamespace := os.Getenv("NAMESPACE")
if envNamespace != "" {
if _, err := client.Core().Namespaces().Get(envNamespace, metav1.GetOptions{}); err != nil {
glog.Fatalf("%s namespace doesn't exist: %v", envNamespace, err)
klog.Fatalf("%s namespace doesn't exist: %v", envNamespace, err)
}
namespace = envNamespace
}
@ -98,7 +98,7 @@ func main() {
// If we did not find an elasticsearch logging service then log a warning
// and return without adding any unicast hosts.
if elasticsearch == nil {
glog.Warningf("Failed to find the elasticsearch-logging service: %v", err)
klog.Warningf("Failed to find the elasticsearch-logging service: %v", err)
return
}
@ -112,17 +112,17 @@ func main() {
continue
}
addrs = flattenSubsets(endpoints.Subsets)
glog.Infof("Found %s", addrs)
if len(addrs) > 0 && len(addrs) == count {
klog.Infof("Found %s", addrs)
if len(addrs) > 0 && len(addrs) >= count {
break
}
}
// If there was an error finding endpoints then log a warning and quit.
if err != nil {
glog.Warningf("Error finding endpoints: %v", err)
klog.Warningf("Error finding endpoints: %v", err)
return
}
glog.Infof("Endpoints = %s", addrs)
klog.Infof("Endpoints = %s", addrs)
fmt.Printf("discovery.zen.ping.unicast.hosts: [%s]\n", strings.Join(addrs, ", "))
}

2
cluster/addons/metrics-server/metrics-server-deployment.yaml
View File

@ -62,7 +62,7 @@ spec:
name: https
protocol: TCP
- name: metrics-server-nanny
image: k8s.gcr.io/addon-resizer:1.8.3
image: k8s.gcr.io/addon-resizer:1.8.4
resources:
limits:
cpu: 100m

2
cluster/addons/prometheus/kube-state-metrics-deployment.yaml
View File

@ -39,7 +39,7 @@ spec:
initialDelaySeconds: 5
timeoutSeconds: 5
- name: addon-resizer
image: k8s.gcr.io/addon-resizer:1.8.3
image: k8s.gcr.io/addon-resizer:1.8.4
resources:
limits:
cpu: 100m

6
cluster/addons/python-image/README.md
View File

@ -1,6 +0,0 @@
# Python image
The python image here is used by OS distros that don't have python installed to
run python scripts to parse the yaml files in the addon updater script.
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/python-image/README.md?pixel)]()

6
cluster/addons/storage-crds/OWNERS Normal file
View File

@ -0,0 +1,6 @@
approvers:
- saad-ali
- jsafrane
- msau42
reviewers:
- davidz627

13
cluster/addons/storage-crds/README.md Normal file
View File

@ -0,0 +1,13 @@
# Kubernetes CSI CRDs
The Kubernetes Container Storage Interface implementation defines some API objects as CRDs that Kubernetes components
including the Attach/Detach controller depend on.
If you are using CSI, it is recommended that you enable the relevant feature gates (e.g. `CSIDriverRegistry`, `CSINodeInfo`, etc.), and ensure the CRDs in this directory are installed.
These objects and their CRDs are defined in `staging/src/k8s.io/csi-api/pkg/crd/manifests`, the source of truth.
They are copied from that CRD manifest directory to this addon directory.
A unit test in `staging/src/k8s.io/csi-api/pkg/crd` verifies that this (and any other) copies of the manifest outside of `staging/src/k8s.io/csi-api/pkg/crd/manifests` do not drift from that source of truth.
If you need to make changes please make changes in the `staging/src/k8s.io/csi-api/pkg/crd/manifests` directory and then update this copy.
For more information, see: https://kubernetes-csi.github.io/docs/

9
staging/src/k8s.io/csi-api/pkg/crd/testdata/csidriver.yaml → cluster/addons/storage-crds/csidriver.yaml
View File

@ -1,8 +1,9 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: csidrivers.csi.storage.k8s.io
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
group: csi.storage.k8s.io
names:
@ -25,9 +26,3 @@ spec:
information (like podName, podUID, etc.) during mount operations.
type: string
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

54
cluster/addons/storage-crds/csinodeinfo.yaml Normal file
View File

@ -0,0 +1,54 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: csinodeinfos.csi.storage.k8s.io
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
group: csi.storage.k8s.io
names:
kind: CSINodeInfo
plural: csinodeinfos
scope: Cluster
validation:
openAPIV3Schema:
properties:
spec:
description: Specification of CSINodeInfo
properties:
drivers:
description: List of CSI drivers running on the node and their specs.
type: array
items:
properties:
name:
description: The CSI driver that this object refers to.
type: string
nodeID:
description: The node from the driver point of view.
type: string
topologyKeys:
description: List of keys supported by the driver.
items:
type: string
type: array
status:
description: Status of CSINodeInfo
properties:
drivers:
description: List of CSI drivers running on the node and their statuses.
type: array
items:
properties:
name:
description: The CSI driver that this object refers to.
type: string
available:
description: Whether the CSI driver is installed.
type: boolean
volumePluginMechanism:
description: Indicates to external components the required mechanism
to use for any in-tree plugins replaced by this driver.
pattern: in-tree|csi
type: string
version: v1alpha1

13
cluster/gce/config-default.sh
View File

@ -198,6 +198,9 @@ if [[ ${ENABLE_NETD:-} == "true" ]]; then
NON_MASTER_NODE_LABELS="${NON_MASTER_NODE_LABELS:+${NON_MASTER_NODE_LABELS},}cloud.google.com/gke-netd-ready=true"
fi
ENABLE_NODELOCAL_DNS="${KUBE_ENABLE_NODELOCAL_DNS:-false}"
LOCAL_DNS_IP="${KUBE_LOCAL_DNS_IP:-169.254.20.10}"
# Enable metadata concealment by firewalling pod traffic to the metadata server
# and run a proxy daemonset on nodes.
#
@ -216,8 +219,8 @@ fi
ENCRYPTION_PROVIDER_CONFIG="${ENCRYPTION_PROVIDER_CONFIG:-}"
if [[ -z "${ENCRYPTION_PROVIDER_CONFIG}" ]]; then
ENCRYPTION_PROVIDER_CONFIG=$(cat << EOM | base64 | tr -d '\r\n'
kind: EncryptionConfig
apiVersion: v1
kind: EncryptionConfiguration
apiVersion: apiserver.config.k8s.io/v1
resources:
- resources:
- secrets
@ -455,11 +458,7 @@ ROTATE_CERTIFICATES="${ROTATE_CERTIFICATES:-}"
# into kube-controller-manager via `--concurrent-service-syncs`
CONCURRENT_SERVICE_SYNCS="${CONCURRENT_SERVICE_SYNCS:-}"
if [[ "${ENABLE_TOKENREQUEST:-}" == "true" ]]; then
FEATURE_GATES="${FEATURE_GATES},TokenRequest=true"
SERVICEACCOUNT_ISSUER="https://kubernetes.io/${CLUSTER_NAME}"
SERVICEACCOUNT_API_AUDIENCES="https://kubernetes.default.svc"
fi
SERVICEACCOUNT_ISSUER="https://kubernetes.io/${CLUSTER_NAME}"
# Optional: Enable Node termination Handler for Preemptible and GPU VMs.
# https://github.com/GoogleCloudPlatform/k8s-node-termination-handler

13
cluster/gce/config-test.sh
View File

@ -53,6 +53,10 @@ NODE_LOCAL_SSDS_EXT=${NODE_LOCAL_SSDS_EXT:-}
NODE_ACCELERATORS=${NODE_ACCELERATORS:-""}
REGISTER_MASTER_KUBELET=${REGISTER_MASTER:-true}
KUBE_APISERVER_REQUEST_TIMEOUT=300
# Increase initial delay for the apiserver liveness probe, to avoid prematurely tearing it down
KUBE_APISERVER_LIVENESS_PROBE_INITIAL_DELAY_SEC=${KUBE_APISERVER_LIVENESS_PROBE_INITIAL_DELAY_SEC:-45}
# Also increase the initial delay for etcd just to be safe
ETCD_LIVENESS_PROBE_INITIAL_DELAY_SEC=${ETCD_LIVENESS_PROBE_INITIAL_DELAY_SEC:-45}
PREEMPTIBLE_NODE=${PREEMPTIBLE_NODE:-false}
PREEMPTIBLE_MASTER=${PREEMPTIBLE_MASTER:-false}
KUBE_DELETE_NODES=${KUBE_DELETE_NODES:-true}
@ -230,6 +234,8 @@ if [[ ${ENABLE_NETD:-} == "true" ]]; then
NON_MASTER_NODE_LABELS="${NON_MASTER_NODE_LABELS:+${NON_MASTER_NODE_LABELS},}cloud.google.com/gke-netd-ready=true"
fi
ENABLE_NODELOCAL_DNS="${KUBE_ENABLE_NODELOCAL_DNS:-false}"
# To avoid running Calico on a node that is not configured appropriately,
# label each Node so that the DaemonSet can run the Pods only on ready Nodes.
if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
@ -272,6 +278,7 @@ fi
CLUSTER_DNS_CORE_DNS="${CLUSTER_DNS_CORE_DNS:-true}"
ENABLE_CLUSTER_DNS="${KUBE_ENABLE_CLUSTER_DNS:-true}"
DNS_SERVER_IP="10.0.0.10"
LOCAL_DNS_IP="${KUBE_LOCAL_DNS_IP:-169.254.20.10}"
DNS_DOMAIN="cluster.local"
# Optional: Enable DNS horizontal autoscaler
@ -470,11 +477,7 @@ ROTATE_CERTIFICATES="${ROTATE_CERTIFICATES:-}"
# into kube-controller-manager via `--concurrent-service-syncs`
CONCURRENT_SERVICE_SYNCS="${CONCURRENT_SERVICE_SYNCS:-}"
if [[ "${ENABLE_TOKENREQUEST:-}" == "true" ]]; then
FEATURE_GATES="${FEATURE_GATES},TokenRequest=true"
SERVICEACCOUNT_ISSUER="https://kubernetes.io/${CLUSTER_NAME}"
SERVICEACCOUNT_API_AUDIENCES="https://kubernetes.default.svc"
fi
SERVICEACCOUNT_ISSUER="https://kubernetes.io/${CLUSTER_NAME}"
# Optional: Enable Node termination Handler for Preemptible and GPU VMs.
# https://github.com/GoogleCloudPlatform/k8s-node-termination-handler

2
cluster/gce/gci/apiserver_manifest_test.go
View File

@ -55,6 +55,8 @@ readonly ETC_MANIFESTS=${KUBE_HOME}/etc/kubernetes/manifests
readonly KUBE_API_SERVER_DOCKER_TAG=v1.11.0-alpha.0.1808_3c7452dc11645d-dirty
readonly LOG_OWNER_USER=$(id -un)
readonly LOG_OWNER_GROUP=$(id -gn)
readonly SERVICEACCOUNT_ISSUER=https://foo.bar.baz
readonly SERVICEACCOUNT_KEY_PATH=/foo/bar/baz.key
{{if .EncryptionProviderConfig}}
ENCRYPTION_PROVIDER_CONFIG={{.EncryptionProviderConfig}}
{{end}}

31
cluster/gce/gci/configure-helper.sh
View File

@ -828,6 +828,13 @@ rules:
resources:
- group: "" # core
resources: ["namespaces", "namespaces/status", "namespaces/finalize"]
- level: None
users: ["cluster-autoscaler"]
verbs: ["get", "update"]
namespaces: ["kube-system"]
resources:
- group: "" # core
resources: ["configmaps", "endpoints"]
# Don't log HPA fetching metrics.
- level: None
users:
@ -1563,11 +1570,9 @@ function start-kube-apiserver {
if [[ -n "${SERVICE_CLUSTER_IP_RANGE:-}" ]]; then
params+=" --service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE}"
fi
if [[ -n "${SERVICEACCOUNT_ISSUER:-}" ]]; then
params+=" --service-account-issuer=${SERVICEACCOUNT_ISSUER}"
params+=" --service-account-signing-key-file=${SERVICEACCOUNT_KEY_PATH}"
params+=" --service-account-api-audiences=${SERVICEACCOUNT_API_AUDIENCES}"
fi
params+=" --service-account-issuer=${SERVICEACCOUNT_ISSUER}"
params+=" --service-account-api-audiences=${SERVICEACCOUNT_ISSUER}"
params+=" --service-account-signing-key-file=${SERVICEACCOUNT_KEY_PATH}"
local audit_policy_config_mount=""
local audit_policy_config_volume=""
@ -2349,6 +2354,16 @@ EOF
fi
}
# Sets up the manifests of local dns cache agent for k8s addons.
function setup-nodelocaldns-manifest {
setup-addon-manifests "addons" "dns/nodelocaldns"
local -r localdns_file="${dst_dir}/dns/nodelocaldns/nodelocaldns.yaml"
# Replace the sed configurations with variable values.
sed -i -e "s/__PILLAR__DNS__DOMAIN__/${DNS_DOMAIN}/g" "${localdns_file}"
sed -i -e "s/__PILLAR__DNS__SERVER__/${DNS_SERVER_IP}/g" "${localdns_file}"
sed -i -e "s/__PILLAR__LOCAL__DNS__/${LOCAL_DNS_IP}/g" "${localdns_file}"
}
# Sets up the manifests of netd for k8s addons.
function setup-netd-manifest {
local -r netd_file="${dst_dir}/netd/netd.yaml"
@ -2520,6 +2535,9 @@ EOF
setup-addon-manifests "addons" "dns/kube-dns"
setup-kube-dns-manifest
fi
if [[ "${ENABLE_NODELOCAL_DNS:-}" == "true" ]]; then
setup-nodelocaldns-manifest
fi
fi
if [[ "${ENABLE_NETD:-}" == "true" ]]; then
setup-netd-manifest
@ -2567,6 +2585,9 @@ EOF
if [[ "${ENABLE_DEFAULT_STORAGE_CLASS:-}" == "true" ]]; then
setup-addon-manifests "addons" "storage-class/gce"
fi
if [[ "${FEATURE_GATES:-}" =~ "AllAlpha=true" || "${FEATURE_GATES:-}" =~ "CSIDriverRegistry=true" || "${FEATURE_GATES:-}" =~ "CSINodeInfo=true" ]]; then
setup-addon-manifests "addons" "storage-crds"
fi
if [[ "${ENABLE_IP_MASQ_AGENT:-}" == "true" ]]; then
setup-addon-manifests "addons" "ip-masq-agent"
fi

10
cluster/gce/manifests/kube-apiserver.manifest
View File

@ -34,11 +34,19 @@
"httpGet": {
"host": "127.0.0.1",
"port": 8080,
"path": "/healthz"
"path": "/healthz?exclude=etcd"
},
"initialDelaySeconds": {{liveness_probe_initial_delay}},
"timeoutSeconds": 15
},
"readinessProbe": {
"httpGet": {
"host": "127.0.0.1",
"port": 8080,
"path": "/healthz"
},
"timeoutSeconds": 15
},
"ports":[
{ "name": "https",
"containerPort": {{secure_port}},

10
cluster/gce/util.sh
View File

@ -708,6 +708,9 @@ function build-kubelet-config {
declare quoted_dns_server_ip
declare quoted_dns_domain
quoted_dns_server_ip=$(yaml-quote "${DNS_SERVER_IP}")
if [[ "${ENABLE_NODELOCAL_DNS:-}" == "true" ]]; then
quoted_dns_server_ip=$(yaml-quote "${LOCAL_DNS_IP}")
fi
quoted_dns_domain=$(yaml-quote "${DNS_DOMAIN}")
cat <<EOF
kind: KubeletConfiguration
@ -848,7 +851,9 @@ LOGGING_DESTINATION: $(yaml-quote ${LOGGING_DESTINATION:-})
ELASTICSEARCH_LOGGING_REPLICAS: $(yaml-quote ${ELASTICSEARCH_LOGGING_REPLICAS:-})
ENABLE_CLUSTER_DNS: $(yaml-quote ${ENABLE_CLUSTER_DNS:-false})
CLUSTER_DNS_CORE_DNS: $(yaml-quote ${CLUSTER_DNS_CORE_DNS:-true})
ENABLE_NODELOCAL_DNS: $(yaml-quote ${ENABLE_NODELOCAL_DNS:-false})
DNS_SERVER_IP: $(yaml-quote ${DNS_SERVER_IP:-})
LOCAL_DNS_IP: $(yaml-quote ${LOCAL_DNS_IP:-})
DNS_DOMAIN: $(yaml-quote ${DNS_DOMAIN:-})
ENABLE_DNS_HORIZONTAL_AUTOSCALER: $(yaml-quote ${ENABLE_DNS_HORIZONTAL_AUTOSCALER:-false})
KUBE_PROXY_DAEMONSET: $(yaml-quote ${KUBE_PROXY_DAEMONSET:-false})
@ -1008,13 +1013,8 @@ ETCD_CA_CERT: $(yaml-quote ${ETCD_CA_CERT_BASE64:-})
ETCD_PEER_KEY: $(yaml-quote ${ETCD_PEER_KEY_BASE64:-})
ETCD_PEER_CERT: $(yaml-quote ${ETCD_PEER_CERT_BASE64:-})
ENCRYPTION_PROVIDER_CONFIG: $(yaml-quote ${ENCRYPTION_PROVIDER_CONFIG:-})
EOF
if [[ "${ENABLE_TOKENREQUEST:-}" == "true" ]]; then
cat >>$file <<EOF
SERVICEACCOUNT_ISSUER: $(yaml-quote ${SERVICEACCOUNT_ISSUER:-})
SERVICEACCOUNT_API_AUDIENCES: $(yaml-quote ${SERVICEACCOUNT_API_AUDIENCES:-})
EOF
fi
# KUBE_APISERVER_REQUEST_TIMEOUT_SEC (if set) controls the --request-timeout
# flag
if [ -n "${KUBE_APISERVER_REQUEST_TIMEOUT_SEC:-}" ]; then

2
cluster/images/etcd-version-monitor/BUILD
View File

@ -17,12 +17,12 @@ go_library(
importpath = "k8s.io/kubernetes/cluster/images/etcd-version-monitor",
deps = [
"//vendor/github.com/gogo/protobuf/proto:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus/promhttp:go_default_library",
"//vendor/github.com/prometheus/client_model/go:go_default_library",
"//vendor/github.com/prometheus/common/expfmt:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

8
cluster/images/etcd-version-monitor/etcd-version-monitor.go
View File

@ -25,12 +25,12 @@ import (
"time"
"github.com/gogo/protobuf/proto"
"github.com/golang/glog"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
dto "github.com/prometheus/client_model/go"
"github.com/prometheus/common/expfmt"
"github.com/spf13/pflag"
"k8s.io/klog"
)
// Initialize the prometheus instrumentation and client related flags.
@ -245,7 +245,7 @@ func getVersionPeriodically(stopCh <-chan struct{}) {
lastSeenBinaryVersion := ""
for {
if err := getVersion(&lastSeenBinaryVersion); err != nil {
glog.Errorf("Failed to fetch etcd version: %v", err)
klog.Errorf("Failed to fetch etcd version: %v", err)
}
select {
case <-stopCh:
@ -399,7 +399,7 @@ func main() {
go getVersionPeriodically(stopCh)
// Serve our metrics on listenAddress/metricsPath.
glog.Infof("Listening on: %v", listenAddress)
klog.Infof("Listening on: %v", listenAddress)
http.Handle(metricsPath, promhttp.HandlerFor(gatherer, promhttp.HandlerOpts{}))
glog.Errorf("Stopped listening/serving metrics: %v", http.ListenAndServe(listenAddress, nil))
klog.Errorf("Stopped listening/serving metrics: %v", http.ListenAndServe(listenAddress, nil))
}

2
cluster/images/etcd/migrate/BUILD
View File

@ -42,8 +42,8 @@ go_library(
"//vendor/github.com/coreos/etcd/wal:go_default_library",
"//vendor/github.com/coreos/etcd/wal/walpb:go_default_library",
"//vendor/github.com/coreos/go-semver/semver:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

6
cluster/images/etcd/migrate/data_dir.go
View File

@ -25,7 +25,7 @@ import (
"path/filepath"
"strings"
"github.com/golang/glog"
"k8s.io/klog"
)
// DataDirectory provides utilities for initializing and backing up an
@ -45,7 +45,7 @@ func OpenOrCreateDataDirectory(path string) (*DataDirectory, error) {
return nil, err
}
if !exists {
glog.Infof("data directory '%s' does not exist, creating it", path)
klog.Infof("data directory '%s' does not exist, creating it", path)
err := os.MkdirAll(path, 0777)
if err != nil {
return nil, fmt.Errorf("failed to create data directory %s: %v", path, err)
@ -67,7 +67,7 @@ func (d *DataDirectory) Initialize(target *EtcdVersionPair) error {
return err
}
if isEmpty {
glog.Infof("data directory '%s' is empty, writing target version '%s' to version.txt", d.path, target)
klog.Infof("data directory '%s' is empty, writing target version '%s' to version.txt", d.path, target)
err = d.versionFile.Write(target)
if err != nil {
return fmt.Errorf("failed to write version.txt to '%s': %v", d.path, err)

22
cluster/images/etcd/migrate/migrate.go
View File

@ -21,8 +21,8 @@ import (
"os"
"path/filepath"
"github.com/golang/glog"
"github.com/spf13/cobra"
"k8s.io/klog"
)
const (
@ -85,7 +85,7 @@ func runMigrate() {
if opts.name == "" {
hostname, err := os.Hostname()
if err != nil {
glog.Errorf("Error while getting hostname to supply default --name: %v", err)
klog.Errorf("Error while getting hostname to supply default --name: %v", err)
os.Exit(1)
}
opts.name = fmt.Sprintf("etcd-%s", hostname)
@ -98,29 +98,29 @@ func runMigrate() {
opts.initialCluster = fmt.Sprintf("%s=http://localhost:2380", opts.name)
}
if opts.targetStorage == "" {
glog.Errorf("--target-storage is required")
klog.Errorf("--target-storage is required")
os.Exit(1)
}
if opts.targetVersion == "" {
glog.Errorf("--target-version is required")
klog.Errorf("--target-version is required")
os.Exit(1)
}
if opts.dataDir == "" {
glog.Errorf("--data-dir is required")
klog.Errorf("--data-dir is required")
os.Exit(1)
}
if opts.bundledVersionString == "" {
glog.Errorf("--bundled-versions is required")
klog.Errorf("--bundled-versions is required")
os.Exit(1)
}
bundledVersions, err := ParseSupportedVersions(opts.bundledVersionString)
if err != nil {
glog.Errorf("Failed to parse --supported-versions: %v", err)
klog.Errorf("Failed to parse --supported-versions: %v", err)
}
err = validateBundledVersions(bundledVersions, opts.binDir)
if err != nil {
glog.Errorf("Failed to validate that 'etcd-<version>' and 'etcdctl-<version>' binaries exist in --bin-dir '%s' for all --bundled-verions '%s': %v",
klog.Errorf("Failed to validate that 'etcd-<version>' and 'etcdctl-<version>' binaries exist in --bin-dir '%s' for all --bundled-verions '%s': %v",
opts.binDir, opts.bundledVersionString, err)
os.Exit(1)
}
@ -139,7 +139,7 @@ func migrate(name string, port uint64, peerListenUrls string, peerAdvertiseUrls
dataDir, err := OpenOrCreateDataDirectory(dataDirPath)
if err != nil {
glog.Errorf("Error opening or creating data directory %s: %v", dataDirPath, err)
klog.Errorf("Error opening or creating data directory %s: %v", dataDirPath, err)
os.Exit(1)
}
@ -158,7 +158,7 @@ func migrate(name string, port uint64, peerListenUrls string, peerAdvertiseUrls
}
client, err := NewEtcdMigrateClient(cfg)
if err != nil {
glog.Errorf("Migration failed: %v", err)
klog.Errorf("Migration failed: %v", err)
os.Exit(1)
}
defer client.Close()
@ -167,7 +167,7 @@ func migrate(name string, port uint64, peerListenUrls string, peerAdvertiseUrls
err = migrator.MigrateIfNeeded(target)
if err != nil {
glog.Errorf("Migration failed: %v", err)
klog.Errorf("Migration failed: %v", err)
os.Exit(1)
}
}

8
cluster/images/etcd/migrate/migrate_client.go
View File

@ -29,7 +29,7 @@ import (
clientv2 "github.com/coreos/etcd/client"
"github.com/coreos/etcd/clientv3"
"github.com/golang/glog"
"k8s.io/klog"
)
// CombinedEtcdClient provides an implementation of EtcdMigrateClient using a combination of the etcd v2 client, v3 client
@ -202,13 +202,13 @@ func (e *CombinedEtcdClient) AttachLease(leaseDuration time.Duration) error {
if err != nil {
return fmt.Errorf("Error while creating lease: %v", err)
}
glog.Infof("Lease with TTL: %v created", lease.TTL)
klog.Infof("Lease with TTL: %v created", lease.TTL)
glog.Infof("Attaching lease to %d entries", len(objectsResp.Kvs))
klog.Infof("Attaching lease to %d entries", len(objectsResp.Kvs))
for _, kv := range objectsResp.Kvs {
putResp, err := v3client.KV.Put(ctx, string(kv.Key), string(kv.Value), clientv3.WithLease(lease.ID), clientv3.WithPrevKV())
if err != nil {
glog.Errorf("Error while attaching lease to: %s", string(kv.Key))
klog.Errorf("Error while attaching lease to: %s", string(kv.Key))
}
if bytes.Compare(putResp.PrevKv.Value, kv.Value) != 0 {
return fmt.Errorf("concurrent access to key detected when setting lease on %s, expected previous value of %s but got %s",

12
cluster/images/etcd/migrate/migrate_server.go
View File

@ -23,7 +23,7 @@ import (
"strings"
"time"
"github.com/golang/glog"
"k8s.io/klog"
)
// EtcdMigrateServer manages starting and stopping a versioned etcd server binary.
@ -75,10 +75,10 @@ func (r *EtcdMigrateServer) Start(version *EtcdVersion) error {
case <-interval.C:
err := r.client.SetEtcdVersionKeyValue(version)
if err != nil {
glog.Infof("Still waiting for etcd to start, current error: %v", err)
klog.Infof("Still waiting for etcd to start, current error: %v", err)
// keep waiting
} else {
glog.Infof("Etcd on port %d is up.", r.cfg.port)
klog.Infof("Etcd on port %d is up.", r.cfg.port)
r.cmd = etcdCmd
return nil
}
@ -114,7 +114,7 @@ func (r *EtcdMigrateServer) Stop() error {
case <-stopped:
return
case <-timedout:
glog.Infof("etcd server has not terminated gracefully after %s, killing it.", gracefulWait)
klog.Infof("etcd server has not terminated gracefully after %s, killing it.", gracefulWait)
r.cmd.Process.Kill()
return
}
@ -122,11 +122,11 @@ func (r *EtcdMigrateServer) Stop() error {
err = r.cmd.Wait()
stopped <- true
if exiterr, ok := err.(*exec.ExitError); ok {
glog.Infof("etcd server stopped (signal: %s)", exiterr.Error())
klog.Infof("etcd server stopped (signal: %s)", exiterr.Error())
// stopped
} else if err != nil {
return fmt.Errorf("error waiting for etcd to stop: %v", err)
}
glog.Infof("Stopped etcd server %s", r.cfg.name)
klog.Infof("Stopped etcd server %s", r.cfg.name)
return nil
}

38
cluster/images/etcd/migrate/migrator.go
View File

@ -23,7 +23,7 @@ import (
"time"
"github.com/blang/semver"
"github.com/golang/glog"
"k8s.io/klog"
)
// EtcdMigrateCfg provides all configuration required to perform etcd data upgrade/downgrade migrations.
@ -63,7 +63,7 @@ type Migrator struct {
// MigrateIfNeeded upgrades or downgrades the etcd data directory to the given target version.
func (m *Migrator) MigrateIfNeeded(target *EtcdVersionPair) error {
glog.Infof("Starting migration to %s", target)
klog.Infof("Starting migration to %s", target)
err := m.dataDirectory.Initialize(target)
if err != nil {
return fmt.Errorf("failed to initialize data directory %s: %v", m.dataDirectory.path, err)
@ -84,28 +84,28 @@ func (m *Migrator) MigrateIfNeeded(target *EtcdVersionPair) error {
}
for {
glog.Infof("Converging current version '%s' to target version '%s'", current, target)
klog.Infof("Converging current version '%s' to target version '%s'", current, target)
currentNextMinorVersion := &EtcdVersion{Version: semver.Version{Major: current.version.Major, Minor: current.version.Minor + 1}}
switch {
case current.version.MajorMinorEquals(target.version) || currentNextMinorVersion.MajorMinorEquals(target.version):
glog.Infof("current version '%s' equals or is one minor version previous of target version '%s' - migration complete", current, target)
klog.Infof("current version '%s' equals or is one minor version previous of target version '%s' - migration complete", current, target)
err = m.dataDirectory.versionFile.Write(target)
if err != nil {
return fmt.Errorf("failed to write version.txt to '%s': %v", m.dataDirectory.path, err)
}
return nil
case current.storageVersion == storageEtcd2 && target.storageVersion == storageEtcd3:
glog.Infof("upgrading from etcd2 storage to etcd3 storage")
klog.Infof("upgrading from etcd2 storage to etcd3 storage")
current, err = m.etcd2ToEtcd3Upgrade(current, target)
case current.version.Major == 3 && target.version.Major == 2:
glog.Infof("downgrading from etcd 3.x to 2.x")
klog.Infof("downgrading from etcd 3.x to 2.x")
current, err = m.rollbackToEtcd2(current, target)
case current.version.Major == target.version.Major && current.version.Minor < target.version.Minor:
stepVersion := m.cfg.supportedVersions.NextVersionPair(current)
glog.Infof("upgrading etcd from %s to %s", current, stepVersion)
klog.Infof("upgrading etcd from %s to %s", current, stepVersion)
current, err = m.minorVersionUpgrade(current, stepVersion)
case current.version.Major == 3 && target.version.Major == 3 && current.version.Minor > target.version.Minor:
glog.Infof("rolling etcd back from %s to %s", current, target)
klog.Infof("rolling etcd back from %s to %s", current, target)
current, err = m.rollbackEtcd3MinorVersion(current, target)
}
if err != nil {
@ -116,13 +116,13 @@ func (m *Migrator) MigrateIfNeeded(target *EtcdVersionPair) error {
func (m *Migrator) backupEtcd2(current *EtcdVersion) error {
backupDir := fmt.Sprintf("%s/%s", m.dataDirectory, "migration-backup")
glog.Infof("Backup etcd before starting migration")
klog.Infof("Backup etcd before starting migration")
err := os.Mkdir(backupDir, 0666)
if err != nil {
return fmt.Errorf("failed to create backup directory before starting migration: %v", err)
}
m.client.Backup(current, backupDir)
glog.Infof("Backup done in %s", backupDir)
klog.Infof("Backup done in %s", backupDir)
return nil
}
@ -131,7 +131,7 @@ func (m *Migrator) rollbackEtcd3MinorVersion(current *EtcdVersionPair, target *E
return nil, fmt.Errorf("rollback from %s to %s not supported, only rollbacks to the previous minor version are supported", current.version, target.version)
}
glog.Infof("Performing etcd %s -> %s rollback", current.version, target.version)
klog.Infof("Performing etcd %s -> %s rollback", current.version, target.version)
err := m.dataDirectory.Backup()
if err != nil {
return nil, err
@ -145,14 +145,14 @@ func (m *Migrator) rollbackEtcd3MinorVersion(current *EtcdVersionPair, target *E
// Start current version of etcd.
runner := m.newServer()
glog.Infof("Starting etcd version %s to capture rollback snapshot.", current.version)
klog.Infof("Starting etcd version %s to capture rollback snapshot.", current.version)
err = runner.Start(current.version)
if err != nil {
glog.Fatalf("Unable to automatically downgrade etcd: starting etcd version %s to capture rollback snapshot failed: %v", current.version, err)
klog.Fatalf("Unable to automatically downgrade etcd: starting etcd version %s to capture rollback snapshot failed: %v", current.version, err)
return nil, err
}
glog.Infof("Snapshotting etcd %s to %s", current.version, snapshotFilename)
klog.Infof("Snapshotting etcd %s to %s", current.version, snapshotFilename)
err = m.client.Snapshot(current.version, snapshotFilename)
if err != nil {
return nil, err
@ -163,7 +163,7 @@ func (m *Migrator) rollbackEtcd3MinorVersion(current *EtcdVersionPair, target *E
return nil, err
}
glog.Infof("Backing up data before rolling back")
klog.Infof("Backing up data before rolling back")
backupDir := fmt.Sprintf("%s.bak", m.dataDirectory)
err = os.RemoveAll(backupDir)
if err != nil {
@ -178,7 +178,7 @@ func (m *Migrator) rollbackEtcd3MinorVersion(current *EtcdVersionPair, target *E
return nil, err
}
glog.Infof("Restoring etcd %s from %s", target.version, snapshotFilename)
klog.Infof("Restoring etcd %s from %s", target.version, snapshotFilename)
err = m.client.Restore(target.version, snapshotFilename)
if err != nil {
return nil, err
@ -195,7 +195,7 @@ func (m *Migrator) rollbackToEtcd2(current *EtcdVersionPair, target *EtcdVersion
if !(current.version.Major == 3 && current.version.Minor == 0 && target.version.Major == 2 && target.version.Minor == 2) {
return nil, fmt.Errorf("etcd3 -> etcd2 downgrade is supported only between 3.0.x and 2.2.x, got current %s target %s", current, target)
}
glog.Infof("Backup and remove all existing v2 data")
klog.Infof("Backup and remove all existing v2 data")
err := m.dataDirectory.Backup()
if err != nil {
return nil, err
@ -214,12 +214,12 @@ func (m *Migrator) etcd2ToEtcd3Upgrade(current *EtcdVersionPair, target *EtcdVer
}
runner := m.newServer()
glog.Infof("Performing etcd2 -> etcd3 migration")
klog.Infof("Performing etcd2 -> etcd3 migration")
err := m.client.Migrate(target.version)
if err != nil {
return nil, err
}
glog.Infof("Attaching leases to TTL entries")
klog.Infof("Attaching leases to TTL entries")
// Now attach lease to all keys.
// To do it, we temporarily start etcd on a random port (so that

14
cluster/images/etcd/migrate/rollback_v2.go
View File

@ -42,7 +42,7 @@ import (
"github.com/coreos/etcd/wal"
"github.com/coreos/etcd/wal/walpb"
"github.com/coreos/go-semver/semver"
"github.com/golang/glog"
"k8s.io/klog"
)
const rollbackVersion = "2.2.0"
@ -50,7 +50,7 @@ const rollbackVersion = "2.2.0"
// RollbackV3ToV2 rolls back an etcd 3.0.x data directory to the 2.x.x version specified by rollbackVersion.
func RollbackV3ToV2(migrateDatadir string, ttl time.Duration) error {
dbpath := path.Join(migrateDatadir, "member", "snap", "db")
glog.Infof("Rolling db file %s back to etcd 2.x", dbpath)
klog.Infof("Rolling db file %s back to etcd 2.x", dbpath)
// etcd3 store backend. We will use it to parse v3 data files and extract information.
be := backend.NewDefaultBackend(dbpath)
@ -139,7 +139,7 @@ func RollbackV3ToV2(migrateDatadir string, ttl time.Duration) error {
v = rollbackVersion
}
if _, err := st.Set(n.Key, n.Dir, v, store.TTLOptionSet{}); err != nil {
glog.Error(err)
klog.Error(err)
}
// update nodes
@ -147,7 +147,7 @@ func RollbackV3ToV2(migrateDatadir string, ttl time.Duration) error {
if len(fields) == 4 && fields[2] == "members" {
nodeID, err := strconv.ParseUint(fields[3], 16, 64)
if err != nil {
glog.Fatalf("failed to parse member ID (%s): %v", fields[3], err)
klog.Fatalf("failed to parse member ID (%s): %v", fields[3], err)
}
nodes = append(nodes, nodeID)
}
@ -172,7 +172,7 @@ func RollbackV3ToV2(migrateDatadir string, ttl time.Duration) error {
if err := snapshotter.SaveSnap(raftSnap); err != nil {
return err
}
glog.Infof("Finished successfully")
klog.Infof("Finished successfully")
return nil
}
@ -214,7 +214,7 @@ func traverseAndDeleteEmptyDir(st store.Store, dir string) error {
}
for _, node := range e.Node.Nodes {
if !node.Dir {
glog.V(2).Infof("key: %s", node.Key[len(etcdserver.StoreKeysPrefix):])
klog.V(2).Infof("key: %s", node.Key[len(etcdserver.StoreKeysPrefix):])
} else {
err := traverseAndDeleteEmptyDir(st, node.Key)
if err != nil {
@ -344,6 +344,6 @@ func applyRequest(r *pb.Request, applyV2 etcdserver.ApplierV2) {
case "POST", "QGET", "SYNC":
return
default:
glog.Fatal("unknown command")
klog.Fatal("unknown command")
}
}

3
cmd/cloud-controller-manager/app/BUILD
View File

@ -19,13 +19,14 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/util/uuid:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/healthz:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flag:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//staging/src/k8s.io/client-go/tools/leaderelection:go_default_library",
"//staging/src/k8s.io/client-go/tools/leaderelection/resourcelock:go_default_library",
"//staging/src/k8s.io/cloud-provider:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

51
cmd/cloud-controller-manager/app/controllermanager.go
View File

@ -24,12 +24,13 @@ import (
"strings"
"time"
"github.com/golang/glog"
"github.com/spf13/cobra"
"k8s.io/klog"
"k8s.io/apimachinery/pkg/util/uuid"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apiserver/pkg/server"
"k8s.io/apiserver/pkg/server/healthz"
apiserverflag "k8s.io/apiserver/pkg/util/flag"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/leaderelection"
@ -50,13 +51,15 @@ import (
const (
// ControllerStartJitter is the jitter value used when starting controller managers.
ControllerStartJitter = 1.0
// ConfigzName is the name used for register cloud-controller manager /configz, same with GroupName.
ConfigzName = "cloudcontrollermanager.config.k8s.io"
)
// NewCloudControllerManagerCommand creates a *cobra.Command object with default parameters
func NewCloudControllerManagerCommand() *cobra.Command {
s, err := options.NewCloudControllerManagerOptions()
if err != nil {
glog.Fatalf("unable to initialize command options: %v", err)
klog.Fatalf("unable to initialize command options: %v", err)
}
cmd := &cobra.Command{
@ -104,41 +107,49 @@ the cloud specific control loops shipped with Kubernetes.`,
// Run runs the ExternalCMServer. This should never exit.
func Run(c *cloudcontrollerconfig.CompletedConfig, stopCh <-chan struct{}) error {
// To help debugging, immediately log version
glog.Infof("Version: %+v", version.Get())
klog.Infof("Version: %+v", version.Get())
cloud, err := cloudprovider.InitCloudProvider(c.ComponentConfig.KubeCloudShared.CloudProvider.Name, c.ComponentConfig.KubeCloudShared.CloudProvider.CloudConfigFile)
if err != nil {
glog.Fatalf("Cloud provider could not be initialized: %v", err)
klog.Fatalf("Cloud provider could not be initialized: %v", err)
}
if cloud == nil {
glog.Fatalf("cloud provider is nil")
klog.Fatalf("cloud provider is nil")
}
if cloud.HasClusterID() == false {
if c.ComponentConfig.KubeCloudShared.AllowUntaggedCloud == true {
glog.Warning("detected a cluster without a ClusterID. A ClusterID will be required in the future. Please tag your cluster to avoid any future issues")
klog.Warning("detected a cluster without a ClusterID. A ClusterID will be required in the future. Please tag your cluster to avoid any future issues")
} else {
glog.Fatalf("no ClusterID found. A ClusterID is required for the cloud provider to function properly. This check can be bypassed by setting the allow-untagged-cloud option")
klog.Fatalf("no ClusterID found. A ClusterID is required for the cloud provider to function properly. This check can be bypassed by setting the allow-untagged-cloud option")
}
}
// setup /configz endpoint
if cz, err := configz.New("componentconfig"); err == nil {
if cz, err := configz.New(ConfigzName); err == nil {
cz.Set(c.ComponentConfig)
} else {
glog.Errorf("unable to register configz: %c", err)
klog.Errorf("unable to register configz: %c", err)
}
// Setup any healthz checks we will want to use.
var checks []healthz.HealthzChecker
var electionChecker *leaderelection.HealthzAdaptor
if c.ComponentConfig.Generic.LeaderElection.LeaderElect {
electionChecker = leaderelection.NewLeaderHealthzAdaptor(time.Second * 20)
checks = append(checks, electionChecker)
}
// Start the controller manager HTTP server
if c.SecureServing != nil {
unsecuredMux := genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging)
unsecuredMux := genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging, checks...)
handler := genericcontrollermanager.BuildHandlerChain(unsecuredMux, &c.Authorization, &c.Authentication)
if err := c.SecureServing.Serve(handler, 0, stopCh); err != nil {
return err
}
}
if c.InsecureServing != nil {
unsecuredMux := genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging)
unsecuredMux := genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging, checks...)
insecureSuperuserAuthn := server.AuthenticationInfo{Authenticator: &server.InsecureSuperuser{}}
handler := genericcontrollermanager.BuildHandlerChain(unsecuredMux, nil, &insecureSuperuserAuthn)
if err := c.InsecureServing.Serve(handler, 0, stopCh); err != nil {
@ -148,7 +159,7 @@ func Run(c *cloudcontrollerconfig.CompletedConfig, stopCh <-chan struct{}) error
run := func(ctx context.Context) {
if err := startControllers(c, ctx.Done(), cloud); err != nil {
glog.Fatalf("error running controllers: %v", err)
klog.Fatalf("error running controllers: %v", err)
}
}
@ -175,7 +186,7 @@ func Run(c *cloudcontrollerconfig.CompletedConfig, stopCh <-chan struct{}) error
EventRecorder: c.EventRecorder,
})
if err != nil {
glog.Fatalf("error creating lock: %v", err)
klog.Fatalf("error creating lock: %v", err)
}
// Try and become the leader and start cloud controller manager loops
@ -187,9 +198,11 @@ func Run(c *cloudcontrollerconfig.CompletedConfig, stopCh <-chan struct{}) error
Callbacks: leaderelection.LeaderCallbacks{
OnStartedLeading: run,
OnStoppedLeading: func() {
glog.Fatalf("leaderelection lost")
klog.Fatalf("leaderelection lost")
},
},
WatchDog: electionChecker,
Name: "cloud-controller-manager",
})
panic("unreachable")
}
@ -228,7 +241,7 @@ func startControllers(c *cloudcontrollerconfig.CompletedConfig, stop <-chan stru
c.ComponentConfig.KubeCloudShared.ClusterName,
)
if err != nil {
glog.Errorf("Failed to start service controller: %v", err)
klog.Errorf("Failed to start service controller: %v", err)
} else {
go serviceController.Run(stop, int(c.ComponentConfig.ServiceController.ConcurrentServiceSyncs))
time.Sleep(wait.Jitter(c.ComponentConfig.Generic.ControllerStartInterval.Duration, ControllerStartJitter))
@ -237,13 +250,13 @@ func startControllers(c *cloudcontrollerconfig.CompletedConfig, stop <-chan stru
// If CIDRs should be allocated for pods and set on the CloudProvider, then start the route controller
if c.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs && c.ComponentConfig.KubeCloudShared.ConfigureCloudRoutes {
if routes, ok := cloud.Routes(); !ok {
glog.Warning("configure-cloud-routes is set, but cloud provider does not support routes. Will not configure cloud provider routes.")
klog.Warning("configure-cloud-routes is set, but cloud provider does not support routes. Will not configure cloud provider routes.")
} else {
var clusterCIDR *net.IPNet
if len(strings.TrimSpace(c.ComponentConfig.KubeCloudShared.ClusterCIDR)) != 0 {
_, clusterCIDR, err = net.ParseCIDR(c.ComponentConfig.KubeCloudShared.ClusterCIDR)
if err != nil {
glog.Warningf("Unsuccessful parsing of cluster CIDR %v: %v", c.ComponentConfig.KubeCloudShared.ClusterCIDR, err)
klog.Warningf("Unsuccessful parsing of cluster CIDR %v: %v", c.ComponentConfig.KubeCloudShared.ClusterCIDR, err)
}
}
@ -252,14 +265,14 @@ func startControllers(c *cloudcontrollerconfig.CompletedConfig, stop <-chan stru
time.Sleep(wait.Jitter(c.ComponentConfig.Generic.ControllerStartInterval.Duration, ControllerStartJitter))
}
} else {
glog.Infof("Will not configure cloud provider routes for allocate-node-cidrs: %v, configure-cloud-routes: %v.", c.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs, c.ComponentConfig.KubeCloudShared.ConfigureCloudRoutes)
klog.Infof("Will not configure cloud provider routes for allocate-node-cidrs: %v, configure-cloud-routes: %v.", c.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs, c.ComponentConfig.KubeCloudShared.ConfigureCloudRoutes)
}
// If apiserver is not running we should wait for some time and fail only then. This is particularly
// important when we start apiserver and controller manager at the same time.
err = genericcontrollermanager.WaitForAPIServer(c.VersionedClient, 10*time.Second)
if err != nil {
glog.Fatalf("Failed to wait for apiserver being healthy: %v", err)
klog.Fatalf("Failed to wait for apiserver being healthy: %v", err)
}
c.SharedInformers.Start(stop)

2
cmd/cloud-controller-manager/app/options/BUILD
View File

@ -32,7 +32,7 @@ go_library(
"//staging/src/k8s.io/client-go/rest:go_default_library",
"//staging/src/k8s.io/client-go/tools/clientcmd:go_default_library",
"//staging/src/k8s.io/client-go/tools/record:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

4
cmd/cloud-controller-manager/app/options/options.go
View File

@ -22,7 +22,7 @@ import (
"net"
"time"
"github.com/golang/glog"
"k8s.io/klog"
"k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -265,7 +265,7 @@ func (o *CloudControllerManagerOptions) Config() (*cloudcontrollerconfig.Config,
func createRecorder(kubeClient clientset.Interface, userAgent string) record.EventRecorder {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartLogging(klog.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")})
// TODO: remove dependence on the legacyscheme
return eventBroadcaster.NewRecorder(legacyscheme.Scheme, v1.EventSource{Component: userAgent})

2
cmd/controller-manager/app/BUILD
View File

@ -21,8 +21,8 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/server/mux:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/routes:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

4
cmd/controller-manager/app/helper.go
View File

@ -21,9 +21,9 @@ import (
"net/http"
"time"
"github.com/golang/glog"
"k8s.io/apimachinery/pkg/util/wait"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/klog"
)
// WaitForAPIServer waits for the API Server's /healthz endpoint to report "ok" with timeout.
@ -40,7 +40,7 @@ func WaitForAPIServer(client clientset.Interface, timeout time.Duration) error {
if healthStatus != http.StatusOK {
content, _ := result.Raw()
lastErr = fmt.Errorf("APIServer isn't healthy: %v", string(content))
glog.Warningf("APIServer isn't healthy yet: %v. Waiting a little while.", string(content))
klog.Warningf("APIServer isn't healthy yet: %v. Waiting a little while.", string(content))
return false, nil
}

7
cmd/controller-manager/app/serve.go
View File

@ -17,11 +17,10 @@ limitations under the License.
package app
import (
"github.com/prometheus/client_golang/prometheus"
"net/http"
goruntime "runtime"
"github.com/prometheus/client_golang/prometheus"
apiserverconfig "k8s.io/apiserver/pkg/apis/config"
genericapifilters "k8s.io/apiserver/pkg/endpoints/filters"
apirequest "k8s.io/apiserver/pkg/endpoints/request"
@ -53,9 +52,9 @@ func BuildHandlerChain(apiHandler http.Handler, authorizationInfo *apiserver.Aut
}
// NewBaseHandler takes in CompletedConfig and returns a handler.
func NewBaseHandler(c *apiserverconfig.DebuggingConfiguration) *mux.PathRecorderMux {
func NewBaseHandler(c *apiserverconfig.DebuggingConfiguration, checks ...healthz.HealthzChecker) *mux.PathRecorderMux {
mux := mux.NewPathRecorderMux("controller-manager")
healthz.InstallHandler(mux)
healthz.InstallHandler(mux, checks...)
if c.EnableProfiling {
routes.Profiling{}.Install(mux)
if c.EnableContentionProfiling {

2
cmd/genswaggertypedocs/BUILD
View File

@ -17,8 +17,8 @@ go_library(
importpath = "k8s.io/kubernetes/cmd/genswaggertypedocs",
deps = [
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

6
cmd/genswaggertypedocs/swagger_type_docs.go
View File

@ -23,8 +23,8 @@ import (
kruntime "k8s.io/apimachinery/pkg/runtime"
"github.com/golang/glog"
flag "github.com/spf13/pflag"
"k8s.io/klog"
)
var (
@ -37,7 +37,7 @@ func main() {
flag.Parse()
if *typeSrc == "" {
glog.Fatalf("Please define -s flag as it is the source file")
klog.Fatalf("Please define -s flag as it is the source file")
}
var funcOut io.Writer
@ -46,7 +46,7 @@ func main() {
} else {
file, err := os.Create(*functionDest)
if err != nil {
glog.Fatalf("Couldn't open %v: %v", *functionDest, err)
klog.Fatalf("Couldn't open %v: %v", *functionDest, err)
}
defer file.Close()
funcOut = file

3
cmd/kube-apiserver/app/BUILD
View File

@ -14,7 +14,6 @@ go_library(
"//pkg/api/legacyscheme:go_default_library",
"//pkg/capabilities:go_default_library",
"//pkg/controller/serviceaccount:go_default_library",
"//pkg/features:go_default_library",
"//pkg/generated/openapi:go_default_library",
"//pkg/kubeapiserver:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
@ -73,8 +72,8 @@ go_library(
"//staging/src/k8s.io/kube-aggregator/pkg/client/informers/internalversion/apiregistration/internalversion:go_default_library",
"//staging/src/k8s.io/kube-aggregator/pkg/controllers/autoregister:go_default_library",
"//vendor/github.com/go-openapi/spec:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
"//vendor/k8s.io/kube-openapi/pkg/common:go_default_library",
],
)

5
cmd/kube-apiserver/app/aggregator.go
View File

@ -26,7 +26,7 @@ import (
"strings"
"sync"
"github.com/golang/glog"
"k8s.io/klog"
apiextensionsinformers "k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -167,7 +167,7 @@ func makeAPIService(gv schema.GroupVersion) *apiregistration.APIService {
if !ok {
// if we aren't found, then we shouldn't register ourselves because it could result in a CRD group version
// being permanently stuck in the APIServices list.
glog.Infof("Skipping APIService creation for %v", gv)
klog.Infof("Skipping APIService creation for %v", gv)
return nil
}
return &apiregistration.APIService{
@ -270,6 +270,7 @@ var apiVersionPriorities = map[schema.GroupVersion]priority{
{Group: "scheduling.k8s.io", Version: "v1beta1"}: {group: 16600, version: 12},
{Group: "scheduling.k8s.io", Version: "v1alpha1"}: {group: 16600, version: 9},
{Group: "coordination.k8s.io", Version: "v1beta1"}: {group: 16500, version: 9},
{Group: "auditregistration.k8s.io", Version: "v1alpha1"}: {group: 16400, version: 1},
// Append a new group to the end of the list if unsure.
// You can use min(existing group)-100 as the initial value for a group.
// Version can be set to 9 (to have space around) for a new group.

5
cmd/kube-apiserver/app/apiextensions.go
View File

@ -28,6 +28,7 @@ import (
genericapiserver "k8s.io/apiserver/pkg/server"
genericoptions "k8s.io/apiserver/pkg/server/options"
utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/apiserver/pkg/util/webhook"
kubeexternalinformers "k8s.io/client-go/informers"
"k8s.io/kubernetes/cmd/kube-apiserver/app/options"
)
@ -38,6 +39,8 @@ func createAPIExtensionsConfig(
pluginInitializers []admission.PluginInitializer,
commandOptions *options.ServerRunOptions,
masterCount int,
serviceResolver webhook.ServiceResolver,
authResolverWrapper webhook.AuthenticationInfoResolverWrapper,
) (*apiextensionsapiserver.Config, error) {
// make a shallow copy to let us twiddle a few things
// most of the config actually remains the same. We only need to mess with a couple items related to the particulars of the apiextensions
@ -74,6 +77,8 @@ func createAPIExtensionsConfig(
ExtraConfig: apiextensionsapiserver.ExtraConfig{
CRDRESTOptionsGetter: apiextensionsoptions.NewCRDRESTOptionsGetter(etcdOptions),
MasterCount: masterCount,
AuthResolverWrapper: authResolverWrapper,
ServiceResolver: serviceResolver,
},
}

2
cmd/kube-apiserver/app/options/BUILD
View File

@ -21,10 +21,12 @@ go_library(
"//pkg/kubelet/client:go_default_library",
"//pkg/master/ports:go_default_library",
"//pkg/master/reconcilers:go_default_library",
"//pkg/serviceaccount:go_default_library",
"//staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flag:go_default_library",
"//staging/src/k8s.io/kube-aggregator/pkg/apiserver/scheme:go_default_library",
],

9
cmd/kube-apiserver/app/options/options.go
View File

@ -27,13 +27,12 @@ import (
"k8s.io/apiserver/pkg/storage/storagebackend"
apiserverflag "k8s.io/apiserver/pkg/util/flag"
api "k8s.io/kubernetes/pkg/apis/core"
_ "k8s.io/kubernetes/pkg/features" // add the kubernetes feature gates
kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
"k8s.io/kubernetes/pkg/master/ports"
"k8s.io/kubernetes/pkg/master/reconcilers"
// add the kubernetes feature gates
_ "k8s.io/kubernetes/pkg/features"
"k8s.io/kubernetes/pkg/serviceaccount"
)
// ServerRunOptions runs a kubernetes api server.
@ -70,7 +69,9 @@ type ServerRunOptions struct {
MasterCount int
EndpointReconcilerType string
ServiceAccountSigningKeyFile string
ServiceAccountSigningKeyFile string
ServiceAccountIssuer serviceaccount.TokenGenerator
ServiceAccountTokenMaxExpiration time.Duration
}
// NewServerRunOptions creates a new ServerRunOptions object with default parameters

99
cmd/kube-apiserver/app/options/validation.go
View File

@ -17,74 +17,89 @@ limitations under the License.
package options
import (
"errors"
"fmt"
apiextensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
utilfeature "k8s.io/apiserver/pkg/util/feature"
aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/features"
)
// TODO: Longer term we should read this from some config store, rather than a flag.
func validateClusterIPFlags(options *ServerRunOptions) []error {
errors := []error{}
var errs []error
if options.ServiceClusterIPRange.IP == nil {
errors = append(errors, fmt.Errorf("no --service-cluster-ip-range specified"))
errs = append(errs, errors.New("no --service-cluster-ip-range specified"))
}
var ones, bits = options.ServiceClusterIPRange.Mask.Size()
if bits-ones > 20 {
errors = append(errors, fmt.Errorf("specified --service-cluster-ip-range is too large"))
errs = append(errs, errors.New("specified --service-cluster-ip-range is too large"))
}
return errors
return errs
}
func validateServiceNodePort(options *ServerRunOptions) []error {
errors := []error{}
var errs []error
if options.KubernetesServiceNodePort < 0 || options.KubernetesServiceNodePort > 65535 {
errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
errs = append(errs, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
}
if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {
errors = append(errors, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
errs = append(errs, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
}
return errors
return errs
}
// Validate checks ServerRunOptions and return a slice of found errors.
func validateTokenRequest(options *ServerRunOptions) []error {
var errs []error
enableAttempted := options.ServiceAccountSigningKeyFile != "" ||
options.Authentication.ServiceAccounts.Issuer != "" ||
len(options.Authentication.APIAudiences) != 0
enableSucceeded := options.ServiceAccountIssuer != nil
if enableAttempted && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) {
errs = append(errs, errors.New("the TokenRequest feature is not enabled but --service-account-signing-key-file, --service-account-issuer and/or --api-audiences flags were passed"))
}
if utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) {
errs = append(errs, errors.New("the BoundServiceAccountTokenVolume feature depends on the TokenRequest feature, but the TokenRequest features is not enabled"))
}
if !enableAttempted && utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) {
errs = append(errs, errors.New("--service-account-signing-key-file and --service-account-issuer are required flags"))
}
if enableAttempted && !enableSucceeded {
errs = append(errs, errors.New("--service-account-signing-key-file, --service-account-issuer, and --api-audiences should be specified together"))
}
return errs
}
// Validate checks ServerRunOptions and return a slice of found errs.
func (s *ServerRunOptions) Validate() []error {
var errors []error
if errs := s.Etcd.Validate(); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := validateClusterIPFlags(s); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := validateServiceNodePort(s); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := s.SecureServing.Validate(); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := s.Authentication.Validate(); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := s.Authorization.Validate(); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := s.Audit.Validate(); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := s.Admission.Validate(); len(errs) > 0 {
errors = append(errors, errs...)
}
if errs := s.InsecureServing.Validate(); len(errs) > 0 {
errors = append(errors, errs...)
}
var errs []error
if s.MasterCount <= 0 {
errors = append(errors, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))
}
if errs := s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme); len(errs) > 0 {
errors = append(errors, errs...)
errs = append(errs, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))
}
errs = append(errs, s.Etcd.Validate()...)
errs = append(errs, validateClusterIPFlags(s)...)
errs = append(errs, validateServiceNodePort(s)...)
errs = append(errs, s.SecureServing.Validate()...)
errs = append(errs, s.Authentication.Validate()...)
errs = append(errs, s.Authorization.Validate()...)
errs = append(errs, s.Audit.Validate()...)
errs = append(errs, s.Admission.Validate()...)
errs = append(errs, s.InsecureServing.Validate()...)
errs = append(errs, s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme)...)
errs = append(errs, validateTokenRequest(s)...)
return errors
return errs
}

113
cmd/kube-apiserver/app/server.go
View File

@ -32,7 +32,6 @@ import (
"time"
"github.com/go-openapi/spec"
"github.com/golang/glog"
"github.com/spf13/cobra"
extensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
@ -50,13 +49,13 @@ import (
serveroptions "k8s.io/apiserver/pkg/server/options"
serverstorage "k8s.io/apiserver/pkg/server/storage"
"k8s.io/apiserver/pkg/storage/etcd3/preflight"
utilfeature "k8s.io/apiserver/pkg/util/feature"
apiserverflag "k8s.io/apiserver/pkg/util/flag"
"k8s.io/apiserver/pkg/util/webhook"
clientgoinformers "k8s.io/client-go/informers"
clientgoclientset "k8s.io/client-go/kubernetes"
certutil "k8s.io/client-go/util/cert"
cloudprovider "k8s.io/cloud-provider"
"k8s.io/klog"
aggregatorapiserver "k8s.io/kube-aggregator/pkg/apiserver"
aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"
openapi "k8s.io/kube-openapi/pkg/common"
@ -64,7 +63,6 @@ import (
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/capabilities"
serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount"
"k8s.io/kubernetes/pkg/features"
generatedopenapi "k8s.io/kubernetes/pkg/generated/openapi"
"k8s.io/kubernetes/pkg/kubeapiserver"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
@ -78,13 +76,12 @@ import (
"k8s.io/kubernetes/pkg/registry/cachesize"
rbacrest "k8s.io/kubernetes/pkg/registry/rbac/rest"
"k8s.io/kubernetes/pkg/serviceaccount"
"k8s.io/kubernetes/pkg/version"
"k8s.io/kubernetes/pkg/version/verflag"
"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap"
utilflag "k8s.io/kubernetes/pkg/util/flag"
_ "k8s.io/kubernetes/pkg/util/reflector/prometheus" // for reflector metric registration
_ "k8s.io/kubernetes/pkg/util/workqueue/prometheus" // for workqueue metric registration
"k8s.io/kubernetes/pkg/version"
"k8s.io/kubernetes/pkg/version/verflag"
"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/bootstrap"
)
const etcdRetryLimit = 60
@ -142,7 +139,7 @@ cluster's shared state through which all other components interact.`,
// Run runs the specified APIServer. This should never exit.
func Run(completeOptions completedServerRunOptions, stopCh <-chan struct{}) error {
// To help debugging, immediately log version
glog.Infof("Version: %+v", version.Get())
klog.Infof("Version: %+v", version.Get())
server, err := CreateServerChain(completeOptions, stopCh)
if err != nil {
@ -165,7 +162,8 @@ func CreateServerChain(completedOptions completedServerRunOptions, stopCh <-chan
}
// If additional API servers are added, they should be gated.
apiExtensionsConfig, err := createAPIExtensionsConfig(*kubeAPIServerConfig.GenericConfig, kubeAPIServerConfig.ExtraConfig.VersionedInformers, pluginInitializer, completedOptions.ServerRunOptions, completedOptions.MasterCount)
apiExtensionsConfig, err := createAPIExtensionsConfig(*kubeAPIServerConfig.GenericConfig, kubeAPIServerConfig.ExtraConfig.VersionedInformers, pluginInitializer, completedOptions.ServerRunOptions, completedOptions.MasterCount,
serviceResolver, webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, kubeAPIServerConfig.GenericConfig.LoopbackClientConfig))
if err != nil {
return nil, err
}
@ -317,50 +315,6 @@ func CreateKubeAPIServerConfig(
return
}
var (
issuer serviceaccount.TokenGenerator
apiAudiences []string
maxExpiration time.Duration
)
if s.ServiceAccountSigningKeyFile != "" ||
s.Authentication.ServiceAccounts.Issuer != "" ||
len(s.Authentication.APIAudiences) > 0 {
if !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) {
lastErr = fmt.Errorf("the TokenRequest feature is not enabled but --service-account-signing-key-file, --service-account-issuer and/or --service-account-api-audiences flags were passed")
return
}
if s.ServiceAccountSigningKeyFile == "" ||
s.Authentication.ServiceAccounts.Issuer == "" ||
len(s.Authentication.APIAudiences) == 0 ||
len(s.Authentication.ServiceAccounts.KeyFiles) == 0 {
lastErr = fmt.Errorf("service-account-signing-key-file, service-account-issuer, service-account-api-audiences and service-account-key-file should be specified together")
return
}
sk, err := certutil.PrivateKeyFromFile(s.ServiceAccountSigningKeyFile)
if err != nil {
lastErr = fmt.Errorf("failed to parse service-account-issuer-key-file: %v", err)
return
}
if s.Authentication.ServiceAccounts.MaxExpiration != 0 {
lowBound := time.Hour
upBound := time.Duration(1<<32) * time.Second
if s.Authentication.ServiceAccounts.MaxExpiration < lowBound ||
s.Authentication.ServiceAccounts.MaxExpiration > upBound {
lastErr = fmt.Errorf("the serviceaccount max expiration is out of range, must be between 1 hour to 2^32 seconds")
return
}
}
issuer, err = serviceaccount.JWTTokenGenerator(s.Authentication.ServiceAccounts.Issuer, sk)
if err != nil {
lastErr = fmt.Errorf("failed to build token generator: %v", err)
return
}
apiAudiences = s.Authentication.APIAudiences
maxExpiration = s.Authentication.ServiceAccounts.MaxExpiration
}
config = &master.Config{
GenericConfig: genericConfig,
ExtraConfig: master.ExtraConfig{
@ -392,9 +346,8 @@ func CreateKubeAPIServerConfig(
EndpointReconcilerType: reconcilers.Type(s.EndpointReconcilerType),
MasterCount: s.MasterCount,
ServiceAccountIssuer: issuer,
APIAudiences: apiAudiences,
ServiceAccountMaxExpiration: maxExpiration,
ServiceAccountIssuer: s.ServiceAccountIssuer,
ServiceAccountMaxExpiration: s.ServiceAccountTokenMaxExpiration,
VersionedInformers: versionedInformers,
},
@ -438,9 +391,6 @@ func buildGenericConfig(
if lastErr = s.Authentication.ApplyTo(genericConfig); lastErr != nil {
return
}
if lastErr = s.Audit.ApplyTo(genericConfig); lastErr != nil {
return
}
if lastErr = s.Features.ApplyTo(genericConfig); lastErr != nil {
return
}
@ -504,13 +454,29 @@ func buildGenericConfig(
genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName)
}
admissionConfig := &kubeapiserveradmission.AdmissionConfig{
admissionConfig := &kubeapiserveradmission.Config{
ExternalInformers: versionedInformers,
LoopbackClientConfig: genericConfig.LoopbackClientConfig,
CloudConfigFile: s.CloudProvider.CloudConfigFile,
}
serviceResolver = buildServiceResolver(s.EnableAggregatorRouting, genericConfig.LoopbackClientConfig.Host, versionedInformers)
authInfoResolverWrapper := webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, genericConfig.LoopbackClientConfig)
lastErr = s.Audit.ApplyTo(
genericConfig,
genericConfig.LoopbackClientConfig,
versionedInformers,
serveroptions.NewProcessInfo("kube-apiserver", "kube-system"),
&serveroptions.WebhookOptions{
AuthInfoResolverWrapper: authInfoResolverWrapper,
ServiceResolver: serviceResolver,
},
)
if lastErr != nil {
return
}
pluginInitializers, admissionPostStartHook, err = admissionConfig.New(proxyTransport, serviceResolver)
if err != nil {
lastErr = fmt.Errorf("failed to create admission plugin initializer: %v", err)
@ -584,7 +550,7 @@ func Complete(s *options.ServerRunOptions) (completedServerRunOptions, error) {
return options, fmt.Errorf("error finding host name: %v", err)
}
}
glog.Infof("external host was not specified, using %v", s.GenericServerRunOptions.ExternalHost)
klog.Infof("external host was not specified, using %v", s.GenericServerRunOptions.ExternalHost)
}
s.Authentication.ApplyAuthorization(s.Authorization)
@ -600,13 +566,34 @@ func Complete(s *options.ServerRunOptions) (completedServerRunOptions, error) {
if kubeauthenticator.IsValidServiceAccountKeyFile(s.SecureServing.ServerCert.CertKey.KeyFile) {
s.Authentication.ServiceAccounts.KeyFiles = []string{s.SecureServing.ServerCert.CertKey.KeyFile}
} else {
glog.Warning("No TLS key provided, service account token authentication disabled")
klog.Warning("No TLS key provided, service account token authentication disabled")
}
}
}
if s.ServiceAccountSigningKeyFile != "" && s.Authentication.ServiceAccounts.Issuer != "" {
sk, err := certutil.PrivateKeyFromFile(s.ServiceAccountSigningKeyFile)
if err != nil {
return options, fmt.Errorf("failed to parse service-account-issuer-key-file: %v", err)
}
if s.Authentication.ServiceAccounts.MaxExpiration != 0 {
lowBound := time.Hour
upBound := time.Duration(1<<32) * time.Second
if s.Authentication.ServiceAccounts.MaxExpiration < lowBound ||
s.Authentication.ServiceAccounts.MaxExpiration > upBound {
return options, fmt.Errorf("the serviceaccount max expiration must be between 1 hour to 2^32 seconds")
}
}
s.ServiceAccountIssuer, err = serviceaccount.JWTTokenGenerator(s.Authentication.ServiceAccounts.Issuer, sk)
if err != nil {
return options, fmt.Errorf("failed to build token generator: %v", err)
}
s.ServiceAccountTokenMaxExpiration = s.Authentication.ServiceAccounts.MaxExpiration
}
if s.Etcd.EnableWatchCache {
glog.V(2).Infof("Initializing cache sizes based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB)
klog.V(2).Infof("Initializing cache sizes based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB)
sizes := cachesize.NewHeuristicWatchCacheSizes(s.GenericServerRunOptions.TargetRAMMB)
if userSpecified, err := serveroptions.ParseWatchCacheSizes(s.Etcd.WatchCacheSizes); err == nil {
for resource, size := range userSpecified {

1
cmd/kube-controller-manager/OWNERS
View File

@ -2,6 +2,7 @@ approvers:
- deads2k
- lavalamp
- mikedanese
- sttts
reviewers:
- '249043822'
- a-robinson

4
cmd/kube-controller-manager/app/BUILD
View File

@ -43,6 +43,7 @@ go_library(
"//pkg/controller/bootstrap:go_default_library",
"//pkg/controller/certificates/approver:go_default_library",
"//pkg/controller/certificates/cleaner:go_default_library",
"//pkg/controller/certificates/rootcacertpublisher:go_default_library",
"//pkg/controller/certificates/signer:go_default_library",
"//pkg/controller/clusterroleaggregation:go_default_library",
"//pkg/controller/cronjob:go_default_library",
@ -112,6 +113,7 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/util/uuid:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/healthz:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/mux:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flag:go_default_library",
@ -131,8 +133,8 @@ go_library(
"//staging/src/k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1:go_default_library",
"//staging/src/k8s.io/metrics/pkg/client/custom_metrics:go_default_library",
"//staging/src/k8s.io/metrics/pkg/client/external_metrics:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
"//vendor/k8s.io/utils/exec:go_default_library",
],
)

37
cmd/kube-controller-manager/app/certificates.go
View File

@ -24,15 +24,18 @@ import (
"fmt"
"os"
"github.com/golang/glog"
"k8s.io/klog"
"net/http"
"k8s.io/apimachinery/pkg/runtime/schema"
utilfeature "k8s.io/apiserver/pkg/util/feature"
kubeoptions "k8s.io/kubernetes/cmd/kube-controller-manager/app/options"
"k8s.io/kubernetes/pkg/controller/certificates/approver"
"k8s.io/kubernetes/pkg/controller/certificates/cleaner"
"k8s.io/kubernetes/pkg/controller/certificates/rootcacertpublisher"
"k8s.io/kubernetes/pkg/controller/certificates/signer"
"k8s.io/kubernetes/pkg/features"
)
func startCSRSigningController(ctx ControllerContext) (http.Handler, bool, error) {
@ -66,7 +69,7 @@ func startCSRSigningController(ctx ControllerContext) (http.Handler, bool, error
switch {
case (keyFileExists && keyUsesDefault) || (certFileExists && certUsesDefault):
glog.Warningf("You might be using flag defaulting for --cluster-signing-cert-file and" +
klog.Warningf("You might be using flag defaulting for --cluster-signing-cert-file and" +
" --cluster-signing-key-file. These defaults are deprecated and will be removed" +
" in a subsequent release. Please pass these options explicitly.")
case (!keyFileExists && keyUsesDefault) && (!certFileExists && certUsesDefault):
@ -120,3 +123,33 @@ func startCSRCleanerController(ctx ControllerContext) (http.Handler, bool, error
go cleaner.Run(1, ctx.Stop)
return nil, true, nil
}
func startRootCACertPublisher(ctx ControllerContext) (http.Handler, bool, error) {
if !utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) {
return nil, false, nil
}
var (
rootCA []byte
err error
)
if ctx.ComponentConfig.SAController.RootCAFile != "" {
if rootCA, err = readCA(ctx.ComponentConfig.SAController.RootCAFile); err != nil {
return nil, true, fmt.Errorf("error parsing root-ca-file at %s: %v", ctx.ComponentConfig.SAController.RootCAFile, err)
}
} else {
rootCA = ctx.ClientBuilder.ConfigOrDie("root-ca-cert-publisher").CAData
}
sac, err := rootcacertpublisher.NewPublisher(
ctx.InformerFactory.Core().V1().ConfigMaps(),
ctx.InformerFactory.Core().V1().Namespaces(),
ctx.ClientBuilder.ClientOrDie("root-ca-cert-publisher"),
rootCA,
)
if err != nil {
return nil, true, fmt.Errorf("error creating root CA certificate publisher: %v", err)
}
go sac.Run(1, ctx.Stop)
return nil, true, nil
}

4
cmd/kube-controller-manager/app/cloudproviders.go
View File

@ -19,7 +19,7 @@ package app
import (
"fmt"
"github.com/golang/glog"
"k8s.io/klog"
"k8s.io/client-go/informers"
cloudprovider "k8s.io/cloud-provider"
@ -50,7 +50,7 @@ func createCloudProvider(cloudProvider string, externalCloudVolumePlugin string,
if cloud != nil && cloud.HasClusterID() == false {
if allowUntaggedCloud == true {
glog.Warning("detected a cluster without a ClusterID. A ClusterID will be required in the future. Please tag your cluster to avoid any future issues")
klog.Warning("detected a cluster without a ClusterID. A ClusterID will be required in the future. Please tag your cluster to avoid any future issues")
} else {
return nil, loopMode, fmt.Errorf("no ClusterID Found. A ClusterID is required for the cloud provider to function properly. This check can be bypassed by setting the allow-untagged-cloud option")
}

70
cmd/kube-controller-manager/app/controllermanager.go
View File

@ -29,8 +29,8 @@ import (
"os"
"time"
"github.com/golang/glog"
"github.com/spf13/cobra"
"k8s.io/klog"
"k8s.io/apimachinery/pkg/runtime/schema"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@ -38,6 +38,7 @@ import (
"k8s.io/apimachinery/pkg/util/uuid"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apiserver/pkg/server"
"k8s.io/apiserver/pkg/server/healthz"
"k8s.io/apiserver/pkg/server/mux"
apiserverflag "k8s.io/apiserver/pkg/util/flag"
cacheddiscovery "k8s.io/client-go/discovery/cached"
@ -64,6 +65,8 @@ import (
const (
// Jitter used when starting controller managers
ControllerStartJitter = 1.0
// ConfigzName is the name used for register kube-controller manager /configz, same with GroupName.
ConfigzName = "kubecontrollermanager.config.k8s.io"
)
type ControllerLoopMode int
@ -77,7 +80,7 @@ const (
func NewControllerManagerCommand() *cobra.Command {
s, err := options.NewKubeControllerManagerOptions()
if err != nil {
glog.Fatalf("unable to initialize command options: %v", err)
klog.Fatalf("unable to initialize command options: %v", err)
}
cmd := &cobra.Command{
@ -140,26 +143,34 @@ func ResyncPeriod(c *config.CompletedConfig) func() time.Duration {
// Run runs the KubeControllerManagerOptions. This should never exit.
func Run(c *config.CompletedConfig, stopCh <-chan struct{}) error {
// To help debugging, immediately log version
glog.Infof("Version: %+v", version.Get())
klog.Infof("Version: %+v", version.Get())
if cfgz, err := configz.New("componentconfig"); err == nil {
if cfgz, err := configz.New(ConfigzName); err == nil {
cfgz.Set(c.ComponentConfig)
} else {
glog.Errorf("unable to register configz: %c", err)
klog.Errorf("unable to register configz: %c", err)
}
// Setup any healthz checks we will want to use.
var checks []healthz.HealthzChecker
var electionChecker *leaderelection.HealthzAdaptor
if c.ComponentConfig.Generic.LeaderElection.LeaderElect {
electionChecker = leaderelection.NewLeaderHealthzAdaptor(time.Second * 20)
checks = append(checks, electionChecker)
}
// Start the controller manager HTTP server
// unsecuredMux is the handler for these controller *after* authn/authz filters have been applied
var unsecuredMux *mux.PathRecorderMux
if c.SecureServing != nil {
unsecuredMux = genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging)
unsecuredMux = genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging, checks...)
handler := genericcontrollermanager.BuildHandlerChain(unsecuredMux, &c.Authorization, &c.Authentication)
if err := c.SecureServing.Serve(handler, 0, stopCh); err != nil {
return err
}
}
if c.InsecureServing != nil {
unsecuredMux = genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging)
unsecuredMux = genericcontrollermanager.NewBaseHandler(&c.ComponentConfig.Generic.Debugging, checks...)
insecureSuperuserAuthn := server.AuthenticationInfo{Authenticator: &server.InsecureSuperuser{}}
handler := genericcontrollermanager.BuildHandlerChain(unsecuredMux, nil, &insecureSuperuserAuthn)
if err := c.InsecureServing.Serve(handler, 0, stopCh); err != nil {
@ -176,7 +187,7 @@ func Run(c *config.CompletedConfig, stopCh <-chan struct{}) error {
if len(c.ComponentConfig.SAController.ServiceAccountKeyFile) == 0 {
// It'c possible another controller process is creating the tokens for us.
// If one isn't, we'll timeout and exit when our client builder is unable to create the tokens.
glog.Warningf("--use-service-account-credentials was specified without providing a --service-account-private-key-file")
klog.Warningf("--use-service-account-credentials was specified without providing a --service-account-private-key-file")
}
clientBuilder = controller.SAControllerClientBuilder{
ClientConfig: restclient.AnonymousClientConfig(c.Kubeconfig),
@ -189,12 +200,12 @@ func Run(c *config.CompletedConfig, stopCh <-chan struct{}) error {
}
controllerContext, err := CreateControllerContext(c, rootClientBuilder, clientBuilder, ctx.Done())
if err != nil {
glog.Fatalf("error building controller context: %v", err)
klog.Fatalf("error building controller context: %v", err)
}
saTokenControllerInitFunc := serviceAccountTokenControllerStarter{rootClientBuilder: rootClientBuilder}.startServiceAccountTokenController
if err := StartControllers(controllerContext, saTokenControllerInitFunc, NewControllerInitializers(controllerContext.LoopMode), unsecuredMux); err != nil {
glog.Fatalf("error starting controllers: %v", err)
klog.Fatalf("error starting controllers: %v", err)
}
controllerContext.InformerFactory.Start(controllerContext.Stop)
@ -224,7 +235,7 @@ func Run(c *config.CompletedConfig, stopCh <-chan struct{}) error {
EventRecorder: c.EventRecorder,
})
if err != nil {
glog.Fatalf("error creating lock: %v", err)
klog.Fatalf("error creating lock: %v", err)
}
leaderelection.RunOrDie(context.TODO(), leaderelection.LeaderElectionConfig{
@ -235,9 +246,11 @@ func Run(c *config.CompletedConfig, stopCh <-chan struct{}) error {
Callbacks: leaderelection.LeaderCallbacks{
OnStartedLeading: run,
OnStoppedLeading: func() {
glog.Fatalf("leaderelection lost")
klog.Fatalf("leaderelection lost")
},
},
WatchDog: electionChecker,
Name: "kube-controller-manager",
})
panic("unreachable")
}
@ -379,6 +392,7 @@ func NewControllerInitializers(loopMode ControllerLoopMode) map[string]InitFunc
controllers["pvc-protection"] = startPVCProtectionController
controllers["pv-protection"] = startPVProtectionController
controllers["ttl-after-finished"] = startTTLAfterFinishedController
controllers["root-ca-cert-publisher"] = startRootCACertPublisher
return controllers
}
@ -473,20 +487,20 @@ func StartControllers(ctx ControllerContext, startSATokenController InitFunc, co
for controllerName, initFn := range controllers {
if !ctx.IsControllerEnabled(controllerName) {
glog.Warningf("%q is disabled", controllerName)
klog.Warningf("%q is disabled", controllerName)
continue
}
time.Sleep(wait.Jitter(ctx.ComponentConfig.Generic.ControllerStartInterval.Duration, ControllerStartJitter))
glog.V(1).Infof("Starting %q", controllerName)
klog.V(1).Infof("Starting %q", controllerName)
debugHandler, started, err := initFn(ctx)
if err != nil {
glog.Errorf("Error starting %q", controllerName)
klog.Errorf("Error starting %q", controllerName)
return err
}
if !started {
glog.Warningf("Skipping %q", controllerName)
klog.Warningf("Skipping %q", controllerName)
continue
}
if debugHandler != nil && unsecuredMux != nil {
@ -494,7 +508,7 @@ func StartControllers(ctx ControllerContext, startSATokenController InitFunc, co
unsecuredMux.UnlistedHandle(basePath, http.StripPrefix(basePath, debugHandler))
unsecuredMux.UnlistedHandlePrefix(basePath+"/", http.StripPrefix(basePath, debugHandler))
}
glog.Infof("Started %q", controllerName)
klog.Infof("Started %q", controllerName)
}
return nil
@ -509,12 +523,12 @@ type serviceAccountTokenControllerStarter struct {
func (c serviceAccountTokenControllerStarter) startServiceAccountTokenController(ctx ControllerContext) (http.Handler, bool, error) {
if !ctx.IsControllerEnabled(saTokenControllerName) {
glog.Warningf("%q is disabled", saTokenControllerName)
klog.Warningf("%q is disabled", saTokenControllerName)
return nil, false, nil
}
if len(ctx.ComponentConfig.SAController.ServiceAccountKeyFile) == 0 {
glog.Warningf("%q is disabled because there is no private key", saTokenControllerName)
klog.Warningf("%q is disabled because there is no private key", saTokenControllerName)
return nil, false, nil
}
privateKey, err := certutil.PrivateKeyFromFile(ctx.ComponentConfig.SAController.ServiceAccountKeyFile)
@ -524,11 +538,7 @@ func (c serviceAccountTokenControllerStarter) startServiceAccountTokenController
var rootCA []byte
if ctx.ComponentConfig.SAController.RootCAFile != "" {
rootCA, err = ioutil.ReadFile(ctx.ComponentConfig.SAController.RootCAFile)
if err != nil {
return nil, true, fmt.Errorf("error reading root-ca-file at %s: %v", ctx.ComponentConfig.SAController.RootCAFile, err)
}
if _, err := certutil.ParseCertsPEM(rootCA); err != nil {
if rootCA, err = readCA(ctx.ComponentConfig.SAController.RootCAFile); err != nil {
return nil, true, fmt.Errorf("error parsing root-ca-file at %s: %v", ctx.ComponentConfig.SAController.RootCAFile, err)
}
} else {
@ -558,3 +568,15 @@ func (c serviceAccountTokenControllerStarter) startServiceAccountTokenController
return nil, true, nil
}
func readCA(file string) ([]byte, error) {
rootCA, err := ioutil.ReadFile(file)
if err != nil {
return nil, err
}
if _, err := certutil.ParseCertsPEM(rootCA); err != nil {
return nil, err
}
return rootCA, err
}

16
cmd/kube-controller-manager/app/core.go
View File

@ -26,7 +26,7 @@ import (
"strings"
"time"
"github.com/golang/glog"
"k8s.io/klog"
"net/http"
@ -73,7 +73,7 @@ func startServiceController(ctx ControllerContext) (http.Handler, bool, error) {
)
if err != nil {
// This error shouldn't fail. It lives like this as a legacy.
glog.Errorf("Failed to start service controller: %v", err)
klog.Errorf("Failed to start service controller: %v", err)
return nil, false, nil
}
go serviceController.Run(ctx.Stop, int(ctx.ComponentConfig.ServiceController.ConcurrentServiceSyncs))
@ -92,14 +92,14 @@ func startNodeIpamController(ctx ControllerContext) (http.Handler, bool, error)
if len(strings.TrimSpace(ctx.ComponentConfig.KubeCloudShared.ClusterCIDR)) != 0 {
_, clusterCIDR, err = net.ParseCIDR(ctx.ComponentConfig.KubeCloudShared.ClusterCIDR)
if err != nil {
glog.Warningf("Unsuccessful parsing of cluster CIDR %v: %v", ctx.ComponentConfig.KubeCloudShared.ClusterCIDR, err)
klog.Warningf("Unsuccessful parsing of cluster CIDR %v: %v", ctx.ComponentConfig.KubeCloudShared.ClusterCIDR, err)
}
}
if len(strings.TrimSpace(ctx.ComponentConfig.NodeIPAMController.ServiceCIDR)) != 0 {
_, serviceCIDR, err = net.ParseCIDR(ctx.ComponentConfig.NodeIPAMController.ServiceCIDR)
if err != nil {
glog.Warningf("Unsuccessful parsing of service CIDR %v: %v", ctx.ComponentConfig.NodeIPAMController.ServiceCIDR, err)
klog.Warningf("Unsuccessful parsing of service CIDR %v: %v", ctx.ComponentConfig.NodeIPAMController.ServiceCIDR, err)
}
}
@ -148,21 +148,21 @@ func startNodeLifecycleController(ctx ControllerContext) (http.Handler, bool, er
func startRouteController(ctx ControllerContext) (http.Handler, bool, error) {
if !ctx.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs || !ctx.ComponentConfig.KubeCloudShared.ConfigureCloudRoutes {
glog.Infof("Will not configure cloud provider routes for allocate-node-cidrs: %v, configure-cloud-routes: %v.", ctx.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs, ctx.ComponentConfig.KubeCloudShared.ConfigureCloudRoutes)
klog.Infof("Will not configure cloud provider routes for allocate-node-cidrs: %v, configure-cloud-routes: %v.", ctx.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs, ctx.ComponentConfig.KubeCloudShared.ConfigureCloudRoutes)
return nil, false, nil
}
if ctx.Cloud == nil {
glog.Warning("configure-cloud-routes is set, but no cloud provider specified. Will not configure cloud provider routes.")
klog.Warning("configure-cloud-routes is set, but no cloud provider specified. Will not configure cloud provider routes.")
return nil, false, nil
}
routes, ok := ctx.Cloud.Routes()
if !ok {
glog.Warning("configure-cloud-routes is set, but cloud provider does not support routes. Will not configure cloud provider routes.")
klog.Warning("configure-cloud-routes is set, but cloud provider does not support routes. Will not configure cloud provider routes.")
return nil, false, nil
}
_, clusterCIDR, err := net.ParseCIDR(ctx.ComponentConfig.KubeCloudShared.ClusterCIDR)
if err != nil {
glog.Warningf("Unsuccessful parsing of cluster CIDR %v: %v", ctx.ComponentConfig.KubeCloudShared.ClusterCIDR, err)
klog.Warningf("Unsuccessful parsing of cluster CIDR %v: %v", ctx.ComponentConfig.KubeCloudShared.ClusterCIDR, err)
}
routeController := routecontroller.New(routes, ctx.ClientBuilder.ClientOrDie("route-controller"), ctx.InformerFactory.Core().V1().Nodes(), ctx.ComponentConfig.KubeCloudShared.ClusterName, clusterCIDR)
go routeController.Run(ctx.Stop, ctx.ComponentConfig.KubeCloudShared.RouteReconciliationPeriod.Duration)

2
cmd/kube-controller-manager/app/options/BUILD
View File

@ -53,8 +53,8 @@ go_library(
"//staging/src/k8s.io/client-go/tools/clientcmd:go_default_library",
"//staging/src/k8s.io/client-go/tools/record:go_default_library",
"//staging/src/k8s.io/kube-controller-manager/config/v1alpha1:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

4
cmd/kube-controller-manager/app/options/options.go
View File

@ -45,7 +45,7 @@ import (
// add the kubernetes feature gates
_ "k8s.io/kubernetes/pkg/features"
"github.com/golang/glog"
"k8s.io/klog"
)
const (
@ -438,7 +438,7 @@ func (s KubeControllerManagerOptions) Config(allControllers []string, disabledBy
func createRecorder(kubeClient clientset.Interface, userAgent string) record.EventRecorder {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartLogging(klog.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")})
// TODO: remove dependency on the legacyscheme
return eventBroadcaster.NewRecorder(legacyscheme.Scheme, v1.EventSource{Component: userAgent})

6
cmd/kube-controller-manager/app/plugins.go
View File

@ -23,7 +23,7 @@ import (
"fmt"
"github.com/golang/glog"
"k8s.io/klog"
// Cloud providers
cloudprovider "k8s.io/cloud-provider"
@ -133,7 +133,7 @@ func ProbeControllerVolumePlugins(cloud cloudprovider.Interface, config kubectrl
ProvisioningEnabled: config.EnableHostPathProvisioning,
}
if err := AttemptToLoadRecycler(config.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathHostPath, &hostPathConfig); err != nil {
glog.Fatalf("Could not create hostpath recycler pod from file %s: %+v", config.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathHostPath, err)
klog.Fatalf("Could not create hostpath recycler pod from file %s: %+v", config.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathHostPath, err)
}
allPlugins = append(allPlugins, host_path.ProbeVolumePlugins(hostPathConfig)...)
@ -143,7 +143,7 @@ func ProbeControllerVolumePlugins(cloud cloudprovider.Interface, config kubectrl
RecyclerPodTemplate: volume.NewPersistentVolumeRecyclerPodTemplate(),
}
if err := AttemptToLoadRecycler(config.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathNFS, &nfsConfig); err != nil {
glog.Fatalf("Could not create NFS recycler pod from file %s: %+v", config.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathNFS, err)
klog.Fatalf("Could not create NFS recycler pod from file %s: %+v", config.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathNFS, err)
}
allPlugins = append(allPlugins, nfs.ProbeVolumePlugins(nfsConfig)...)
allPlugins = append(allPlugins, glusterfs.ProbeVolumePlugins()...)

4
cmd/kube-controller-manager/app/policy.go
View File

@ -26,7 +26,7 @@ import (
"net/http"
"github.com/golang/glog"
"k8s.io/klog"
)
func startDisruptionController(ctx ControllerContext) (http.Handler, bool, error) {
@ -35,7 +35,7 @@ func startDisruptionController(ctx ControllerContext) (http.Handler, bool, error
var resource = "poddisruptionbudgets"
if !ctx.AvailableResources[schema.GroupVersionResource{Group: group, Version: version, Resource: resource}] {
glog.Infof(
klog.Infof(
"Refusing to start disruption because resource %q in group %q is not available.",
resource, group+"/"+version)
return nil, false, nil

2
cmd/kube-proxy/app/BUILD
View File

@ -61,10 +61,10 @@ go_library(
"//staging/src/k8s.io/client-go/tools/clientcmd/api:go_default_library",
"//staging/src/k8s.io/client-go/tools/record:go_default_library",
"//staging/src/k8s.io/kube-proxy/config/v1alpha1:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
"//vendor/k8s.io/utils/exec:go_default_library",
"//vendor/k8s.io/utils/pointer:go_default_library",
] + select({

12
cmd/kube-proxy/app/conntrack.go
View File

@ -22,7 +22,7 @@ import (
"strconv"
"strings"
"github.com/golang/glog"
"k8s.io/klog"
"k8s.io/kubernetes/pkg/util/mount"
"k8s.io/kubernetes/pkg/util/sysctl"
@ -49,7 +49,7 @@ func (rct realConntracker) SetMax(max int) error {
if err := rct.setIntSysCtl("nf_conntrack_max", max); err != nil {
return err
}
glog.Infof("Setting nf_conntrack_max to %d", max)
klog.Infof("Setting nf_conntrack_max to %d", max)
// Linux does not support writing to /sys/module/nf_conntrack/parameters/hashsize
// when the writer process is not in the initial network namespace
@ -80,7 +80,7 @@ func (rct realConntracker) SetMax(max int) error {
return readOnlySysFSError
}
// TODO: generify this and sysctl to a new sysfs.WriteInt()
glog.Infof("Setting conntrack hashsize to %d", max/4)
klog.Infof("Setting conntrack hashsize to %d", max/4)
return writeIntStringFile("/sys/module/nf_conntrack/parameters/hashsize", max/4)
}
@ -97,7 +97,7 @@ func (realConntracker) setIntSysCtl(name string, value int) error {
sys := sysctl.New()
if val, _ := sys.GetSysctl(entry); val != value {
glog.Infof("Set sysctl '%v' to %v", entry, value)
klog.Infof("Set sysctl '%v' to %v", entry, value)
if err := sys.SetSysctl(entry, value); err != nil {
return err
}
@ -112,7 +112,7 @@ func isSysFSWritable() (bool, error) {
m := mount.New("" /* default mount path */)
mountPoints, err := m.List()
if err != nil {
glog.Errorf("failed to list mount points: %v", err)
klog.Errorf("failed to list mount points: %v", err)
return false, err
}
@ -124,7 +124,7 @@ func isSysFSWritable() (bool, error) {
if len(mountPoint.Opts) > 0 && mountPoint.Opts[0] == permWritable {
return true, nil
}
glog.Errorf("sysfs is not writable: %+v (mount options are %v)",
klog.Errorf("sysfs is not writable: %+v (mount options are %v)",
mountPoint, mountPoint.Opts)
return false, readOnlySysFSError
}

32
cmd/kube-proxy/app/server.go
View File

@ -72,10 +72,10 @@ import (
"k8s.io/utils/exec"
utilpointer "k8s.io/utils/pointer"
"github.com/golang/glog"
"github.com/prometheus/client_golang/prometheus"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"k8s.io/klog"
)
const (
@ -191,7 +191,7 @@ func NewOptions() *Options {
// Complete completes all the required options.
func (o *Options) Complete() error {
if len(o.ConfigFile) == 0 && len(o.WriteConfigTo) == 0 {
glog.Warning("WARNING: all flags other than --config, --write-config-to, and --cleanup are deprecated. Please begin using a config file ASAP.")
klog.Warning("WARNING: all flags other than --config, --write-config-to, and --cleanup are deprecated. Please begin using a config file ASAP.")
o.applyDeprecatedHealthzPortToConfig()
}
@ -280,7 +280,7 @@ func (o *Options) writeConfigFile() error {
return err
}
glog.Infof("Wrote configuration to: %s\n", o.WriteConfigTo)
klog.Infof("Wrote configuration to: %s\n", o.WriteConfigTo)
return nil
}
@ -365,23 +365,23 @@ with the apiserver API to configure the proxy.`,
utilflag.PrintFlags(cmd.Flags())
if err := initForOS(opts.WindowsService); err != nil {
glog.Fatalf("failed OS init: %v", err)
klog.Fatalf("failed OS init: %v", err)
}
if err := opts.Complete(); err != nil {
glog.Fatalf("failed complete: %v", err)
klog.Fatalf("failed complete: %v", err)
}
if err := opts.Validate(args); err != nil {
glog.Fatalf("failed validate: %v", err)
klog.Fatalf("failed validate: %v", err)
}
glog.Fatal(opts.Run())
klog.Fatal(opts.Run())
},
}
var err error
opts.config, err = opts.ApplyDefaults(opts.config)
if err != nil {
glog.Fatalf("unable to create flag defaults: %v", err)
klog.Fatalf("unable to create flag defaults: %v", err)
}
opts.AddFlags(cmd.Flags())
@ -426,7 +426,7 @@ func createClients(config apimachineryconfig.ClientConnectionConfiguration, mast
var err error
if len(config.Kubeconfig) == 0 && len(masterOverride) == 0 {
glog.Info("Neither kubeconfig file nor master URL was specified. Falling back to in-cluster config.")
klog.Info("Neither kubeconfig file nor master URL was specified. Falling back to in-cluster config.")
kubeConfig, err = rest.InClusterConfig()
} else {
// This creates a client, first loading any specified kubeconfig
@ -461,7 +461,7 @@ func createClients(config apimachineryconfig.ClientConnectionConfiguration, mast
// Run runs the specified ProxyServer. This should never exit (unless CleanupAndExit is set).
func (s *ProxyServer) Run() error {
// To help debugging, immediately log version
glog.Infof("Version: %+v", version.Get())
klog.Infof("Version: %+v", version.Get())
// remove iptables rules and exit
if s.CleanupAndExit {
encounteredError := userspace.CleanupLeftovers(s.IptInterface)
@ -478,16 +478,16 @@ func (s *ProxyServer) Run() error {
if s.OOMScoreAdj != nil {
oomAdjuster = oom.NewOOMAdjuster()
if err := oomAdjuster.ApplyOOMScoreAdj(0, int(*s.OOMScoreAdj)); err != nil {
glog.V(2).Info(err)
klog.V(2).Info(err)
}
}
if len(s.ResourceContainer) != 0 {
// Run in its own container.
if err := resourcecontainer.RunInResourceContainer(s.ResourceContainer); err != nil {
glog.Warningf("Failed to start in resource-only container %q: %v", s.ResourceContainer, err)
klog.Warningf("Failed to start in resource-only container %q: %v", s.ResourceContainer, err)
} else {
glog.V(2).Infof("Running in resource-only container %q", s.ResourceContainer)
klog.V(2).Infof("Running in resource-only container %q", s.ResourceContainer)
}
}
@ -595,7 +595,7 @@ func getConntrackMax(config kubeproxyconfig.KubeProxyConntrackConfiguration) (in
if config.MaxPerCore != nil && *config.MaxPerCore > 0 {
return -1, fmt.Errorf("invalid config: Conntrack Max and Conntrack MaxPerCore are mutually exclusive")
}
glog.V(3).Infof("getConntrackMax: using absolute conntrack-max (deprecated)")
klog.V(3).Infof("getConntrackMax: using absolute conntrack-max (deprecated)")
return int(*config.Max), nil
}
if config.MaxPerCore != nil && *config.MaxPerCore > 0 {
@ -605,10 +605,10 @@ func getConntrackMax(config kubeproxyconfig.KubeProxyConntrackConfiguration) (in
}
scaled := int(*config.MaxPerCore) * goruntime.NumCPU()
if scaled > floor {
glog.V(3).Infof("getConntrackMax: using scaled conntrack-max-per-core")
klog.V(3).Infof("getConntrackMax: using scaled conntrack-max-per-core")
return scaled, nil
}
glog.V(3).Infof("getConntrackMax: using conntrack-min")
klog.V(3).Infof("getConntrackMax: using conntrack-min")
return floor, nil
}
return 0, nil

22
cmd/kube-proxy/app/server_others.go
View File

@ -48,7 +48,7 @@ import (
utilsysctl "k8s.io/kubernetes/pkg/util/sysctl"
"k8s.io/utils/exec"
"github.com/golang/glog"
"k8s.io/klog"
)
// NewProxyServer returns a new ProxyServer.
@ -75,7 +75,7 @@ func newProxyServer(
protocol := utiliptables.ProtocolIpv4
if net.ParseIP(config.BindAddress).To4() == nil {
glog.V(0).Infof("IPv6 bind address (%s), assume IPv6 operation", config.BindAddress)
klog.V(0).Infof("IPv6 bind address (%s), assume IPv6 operation", config.BindAddress)
protocol = utiliptables.ProtocolIpv6
}
@ -145,7 +145,7 @@ func newProxyServer(
nodeIP = utilnode.GetNodeIP(client, hostname)
}
if proxyMode == proxyModeIPTables {
glog.V(0).Info("Using iptables Proxier.")
klog.V(0).Info("Using iptables Proxier.")
if config.IPTables.MasqueradeBit == nil {
// MasqueradeBit must be specified or defaulted.
return nil, fmt.Errorf("unable to read IPTables MasqueradeBit from config")
@ -175,7 +175,7 @@ func newProxyServer(
serviceEventHandler = proxierIPTables
endpointsEventHandler = proxierIPTables
// No turning back. Remove artifacts that might still exist from the userspace Proxier.
glog.V(0).Info("Tearing down inactive rules.")
klog.V(0).Info("Tearing down inactive rules.")
// TODO this has side effects that should only happen when Run() is invoked.
userspace.CleanupLeftovers(iptInterface)
// IPVS Proxier will generate some iptables rules, need to clean them before switching to other proxy mode.
@ -186,7 +186,7 @@ func newProxyServer(
ipvs.CleanupLeftovers(ipvsInterface, iptInterface, ipsetInterface, cleanupIPVS)
}
} else if proxyMode == proxyModeIPVS {
glog.V(0).Info("Using ipvs Proxier.")
klog.V(0).Info("Using ipvs Proxier.")
proxierIPVS, err := ipvs.NewProxier(
iptInterface,
ipvsInterface,
@ -213,12 +213,12 @@ func newProxyServer(
proxier = proxierIPVS
serviceEventHandler = proxierIPVS
endpointsEventHandler = proxierIPVS
glog.V(0).Info("Tearing down inactive rules.")
klog.V(0).Info("Tearing down inactive rules.")
// TODO this has side effects that should only happen when Run() is invoked.
userspace.CleanupLeftovers(iptInterface)
iptables.CleanupLeftovers(iptInterface)
} else {
glog.V(0).Info("Using userspace Proxier.")
klog.V(0).Info("Using userspace Proxier.")
// This is a proxy.LoadBalancer which NewProxier needs but has methods we don't need for
// our config.EndpointsConfigHandler.
loadBalancer := userspace.NewLoadBalancerRR()
@ -244,7 +244,7 @@ func newProxyServer(
proxier = proxierUserspace
// Remove artifacts from the iptables and ipvs Proxier, if not on Windows.
glog.V(0).Info("Tearing down inactive rules.")
klog.V(0).Info("Tearing down inactive rules.")
// TODO this has side effects that should only happen when Run() is invoked.
iptables.CleanupLeftovers(iptInterface)
// IPVS Proxier will generate some iptables rules, need to clean them before switching to other proxy mode.
@ -292,7 +292,7 @@ func getProxyMode(proxyMode string, iptver iptables.IPTablesVersioner, khandle i
case proxyModeIPVS:
return tryIPVSProxy(iptver, khandle, ipsetver, kcompat)
}
glog.Warningf("Flag proxy-mode=%q unknown, assuming iptables proxy", proxyMode)
klog.Warningf("Flag proxy-mode=%q unknown, assuming iptables proxy", proxyMode)
return tryIPTablesProxy(iptver, kcompat)
}
@ -309,7 +309,7 @@ func tryIPVSProxy(iptver iptables.IPTablesVersioner, khandle ipvs.KernelHandler,
}
// Try to fallback to iptables before falling back to userspace
glog.V(1).Infof("Can't use ipvs proxier, trying iptables proxier")
klog.V(1).Infof("Can't use ipvs proxier, trying iptables proxier")
return tryIPTablesProxy(iptver, kcompat)
}
@ -324,6 +324,6 @@ func tryIPTablesProxy(iptver iptables.IPTablesVersioner, kcompat iptables.Kernel
return proxyModeIPTables
}
// Fallback.
glog.V(1).Infof("Can't use iptables proxy, using userspace proxier")
klog.V(1).Infof("Can't use iptables proxy, using userspace proxier")
return proxyModeUserspace
}

12
cmd/kube-proxy/app/server_windows.go
View File

@ -42,7 +42,7 @@ import (
utilnode "k8s.io/kubernetes/pkg/util/node"
"k8s.io/utils/exec"
"github.com/golang/glog"
"k8s.io/klog"
)
// NewProxyServer returns a new ProxyServer.
@ -99,7 +99,7 @@ func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExi
proxyMode := getProxyMode(string(config.Mode), winkernel.WindowsKernelCompatTester{})
if proxyMode == proxyModeKernelspace {
glog.V(0).Info("Using Kernelspace Proxier.")
klog.V(0).Info("Using Kernelspace Proxier.")
proxierKernelspace, err := winkernel.NewProxier(
config.IPTables.SyncPeriod.Duration,
config.IPTables.MinSyncPeriod.Duration,
@ -118,7 +118,7 @@ func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExi
endpointsEventHandler = proxierKernelspace
serviceEventHandler = proxierKernelspace
} else {
glog.V(0).Info("Using userspace Proxier.")
klog.V(0).Info("Using userspace Proxier.")
execer := exec.New()
var netshInterface utilnetsh.Interface
netshInterface = utilnetsh.New(execer)
@ -143,7 +143,7 @@ func newProxyServer(config *proxyconfigapi.KubeProxyConfiguration, cleanupAndExi
}
proxier = proxierUserspace
serviceEventHandler = proxierUserspace
glog.V(0).Info("Tearing down pure-winkernel proxy rules.")
klog.V(0).Info("Tearing down pure-winkernel proxy rules.")
winkernel.CleanupLeftovers()
}
@ -182,13 +182,13 @@ func tryWinKernelSpaceProxy(kcompat winkernel.KernelCompatTester) string {
// guaranteed false on error, error only necessary for debugging
useWinKerelProxy, err := winkernel.CanUseWinKernelProxier(kcompat)
if err != nil {
glog.Errorf("Can't determine whether to use windows kernel proxy, using userspace proxier: %v", err)
klog.Errorf("Can't determine whether to use windows kernel proxy, using userspace proxier: %v", err)
return proxyModeUserspace
}
if useWinKerelProxy {
return proxyModeKernelspace
}
// Fallback.
glog.V(1).Infof("Can't use winkernel proxy, using userspace proxier")
klog.V(1).Infof("Can't use winkernel proxy, using userspace proxier")
return proxyModeUserspace
}

5
cmd/kube-scheduler/app/BUILD
View File

@ -39,12 +39,14 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/server/mux:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/routes:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flag:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/globalflag:go_default_library",
"//staging/src/k8s.io/client-go/informers/storage/v1:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
"//staging/src/k8s.io/client-go/tools/leaderelection:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)
@ -61,6 +63,7 @@ filegroup(
":package-srcs",
"//cmd/kube-scheduler/app/config:all-srcs",
"//cmd/kube-scheduler/app/options:all-srcs",
"//cmd/kube-scheduler/app/testing:all-srcs",
],
tags = ["automanaged"],
)

1
cmd/kube-scheduler/app/config/BUILD
View File

@ -12,6 +12,7 @@ go_library(
"//staging/src/k8s.io/client-go/informers/core/v1:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
"//staging/src/k8s.io/client-go/rest:go_default_library",
"//staging/src/k8s.io/client-go/tools/leaderelection:go_default_library",
"//staging/src/k8s.io/client-go/tools/record:go_default_library",
],

6
cmd/kube-scheduler/app/config/config.go
View File

@ -22,6 +22,7 @@ import (
coreinformers "k8s.io/client-go/informers/core/v1"
clientset "k8s.io/client-go/kubernetes"
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
restclient "k8s.io/client-go/rest"
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/record"
kubeschedulerconfig "k8s.io/kubernetes/pkg/scheduler/apis/config"
@ -32,6 +33,9 @@ type Config struct {
// config is the scheduler server's configuration object.
ComponentConfig kubeschedulerconfig.KubeSchedulerConfiguration
// LoopbackClientConfig is a config for a privileged loopback connection
LoopbackClientConfig *restclient.Config
InsecureServing *apiserver.DeprecatedInsecureServingInfo // nil will disable serving on an insecure port
InsecureMetricsServing *apiserver.DeprecatedInsecureServingInfo // non-nil if metrics should be served independently
Authentication apiserver.AuthenticationInfo
@ -70,5 +74,7 @@ func (c *Config) Complete() CompletedConfig {
c.InsecureMetricsServing.Name = "metrics"
}
apiserver.AuthorizeClientBearerToken(c.LoopbackClientConfig, &c.Authentication, &c.Authorization)
return CompletedConfig{&cc}
}

4
cmd/kube-scheduler/app/options/BUILD
View File

@ -14,6 +14,7 @@ go_library(
"//cmd/kube-scheduler/app/config:go_default_library",
"//pkg/api/legacyscheme:go_default_library",
"//pkg/client/leaderelectionconfig:go_default_library",
"//pkg/master/ports:go_default_library",
"//pkg/scheduler/apis/config:go_default_library",
"//pkg/scheduler/apis/config/scheme:go_default_library",
"//pkg/scheduler/apis/config/v1alpha1:go_default_library",
@ -28,6 +29,7 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flag:go_default_library",
"//staging/src/k8s.io/client-go/informers:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
@ -38,8 +40,8 @@ go_library(
"//staging/src/k8s.io/client-go/tools/leaderelection/resourcelock:go_default_library",
"//staging/src/k8s.io/client-go/tools/record:go_default_library",
"//staging/src/k8s.io/kube-scheduler/config/v1alpha1:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

12
cmd/kube-scheduler/app/options/insecure_serving.go
View File

@ -31,8 +31,8 @@ import (
// CombinedInsecureServingOptions sets up to two insecure listeners for healthz and metrics. The flags
// override the ComponentConfig and DeprecatedInsecureServingOptions values for both.
type CombinedInsecureServingOptions struct {
Healthz *apiserveroptions.DeprecatedInsecureServingOptions
Metrics *apiserveroptions.DeprecatedInsecureServingOptions
Healthz *apiserveroptions.DeprecatedInsecureServingOptionsWithLoopback
Metrics *apiserveroptions.DeprecatedInsecureServingOptionsWithLoopback
BindPort int // overrides the structs above on ApplyTo, ignored on ApplyToFromLoadedConfig
BindAddress string // overrides the structs above on ApplyTo, ignored on ApplyToFromLoadedConfig
@ -60,11 +60,11 @@ func (o *CombinedInsecureServingOptions) applyTo(c *schedulerappconfig.Config, c
return err
}
if err := o.Healthz.ApplyTo(&c.InsecureServing); err != nil {
if err := o.Healthz.ApplyTo(&c.InsecureServing, &c.LoopbackClientConfig); err != nil {
return err
}
if o.Metrics != nil && (c.ComponentConfig.MetricsBindAddress != c.ComponentConfig.HealthzBindAddress || o.Healthz == nil) {
if err := o.Metrics.ApplyTo(&c.InsecureMetricsServing); err != nil {
if err := o.Metrics.ApplyTo(&c.InsecureMetricsServing, &c.LoopbackClientConfig); err != nil {
return err
}
}
@ -108,7 +108,7 @@ func (o *CombinedInsecureServingOptions) ApplyToFromLoadedConfig(c *schedulerapp
return o.applyTo(c, componentConfig)
}
func updateAddressFromDeprecatedInsecureServingOptions(addr *string, is *apiserveroptions.DeprecatedInsecureServingOptions) error {
func updateAddressFromDeprecatedInsecureServingOptions(addr *string, is *apiserveroptions.DeprecatedInsecureServingOptionsWithLoopback) error {
if is == nil {
*addr = ""
} else {
@ -124,7 +124,7 @@ func updateAddressFromDeprecatedInsecureServingOptions(addr *string, is *apiserv
return nil
}
func updateDeprecatedInsecureServingOptionsFromAddress(is *apiserveroptions.DeprecatedInsecureServingOptions, addr string) error {
func updateDeprecatedInsecureServingOptionsFromAddress(is *apiserveroptions.DeprecatedInsecureServingOptionsWithLoopback, addr string) error {
if is == nil {
return nil
}

28
cmd/kube-scheduler/app/options/insecure_serving_test.go
View File

@ -46,8 +46,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindPort: 0,
},
},
@ -61,7 +61,7 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindPort: 0,
},
},
@ -79,7 +79,7 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindPort: 0,
},
},
@ -97,8 +97,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindPort: 0,
},
},
@ -118,8 +118,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1235",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindPort: 0,
},
},
@ -141,8 +141,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindPort: 1236,
BindAddress: "1.2.3.4",
},
@ -163,8 +163,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindAddress: "2.3.4.5",
BindPort: 1234,
},
@ -185,8 +185,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{}).WithLoopback(),
BindAddress: "2.3.4.5",
BindPort: 0,
},

76
cmd/kube-scheduler/app/options/options.go
View File

@ -23,15 +23,13 @@ import (
"strconv"
"time"
"github.com/golang/glog"
"github.com/spf13/pflag"
corev1 "k8s.io/api/core/v1"
apimachineryconfig "k8s.io/apimachinery/pkg/apis/config"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/uuid"
apiserveroptions "k8s.io/apiserver/pkg/server/options"
utilfeature "k8s.io/apiserver/pkg/util/feature"
apiserverflag "k8s.io/apiserver/pkg/util/flag"
"k8s.io/client-go/informers"
clientset "k8s.io/client-go/kubernetes"
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
@ -41,10 +39,12 @@ import (
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
"k8s.io/client-go/tools/record"
"k8s.io/klog"
kubeschedulerconfigv1alpha1 "k8s.io/kube-scheduler/config/v1alpha1"
schedulerappconfig "k8s.io/kubernetes/cmd/kube-scheduler/app/config"
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/client/leaderelectionconfig"
"k8s.io/kubernetes/pkg/master/ports"
kubeschedulerconfig "k8s.io/kubernetes/pkg/scheduler/apis/config"
kubeschedulerscheme "k8s.io/kubernetes/pkg/scheduler/apis/config/scheme"
"k8s.io/kubernetes/pkg/scheduler/apis/config/validation"
@ -56,7 +56,7 @@ type Options struct {
// The default values. These are overridden if ConfigFile is set or by values in InsecureServing.
ComponentConfig kubeschedulerconfig.KubeSchedulerConfiguration
SecureServing *apiserveroptions.SecureServingOptions
SecureServing *apiserveroptions.SecureServingOptionsWithLoopback
CombinedInsecureServing *CombinedInsecureServingOptions
Authentication *apiserveroptions.DelegatingAuthenticationOptions
Authorization *apiserveroptions.DelegatingAuthorizationOptions
@ -85,25 +85,34 @@ func NewOptions() (*Options, error) {
o := &Options{
ComponentConfig: *cfg,
SecureServing: nil, // TODO: enable with apiserveroptions.NewSecureServingOptions()
SecureServing: apiserveroptions.NewSecureServingOptions().WithLoopback(),
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{
Healthz: (&apiserveroptions.DeprecatedInsecureServingOptions{
BindNetwork: "tcp",
},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{
}).WithLoopback(),
Metrics: (&apiserveroptions.DeprecatedInsecureServingOptions{
BindNetwork: "tcp",
},
}).WithLoopback(),
BindPort: hport,
BindAddress: hhost,
},
Authentication: nil, // TODO: enable with apiserveroptions.NewDelegatingAuthenticationOptions()
Authorization: nil, // TODO: enable with apiserveroptions.NewDelegatingAuthorizationOptions()
Authentication: apiserveroptions.NewDelegatingAuthenticationOptions(),
Authorization: apiserveroptions.NewDelegatingAuthorizationOptions(),
Deprecated: &DeprecatedOptions{
UseLegacyPolicyConfig: false,
PolicyConfigMapNamespace: metav1.NamespaceSystem,
},
}
o.Authentication.RemoteKubeConfigFileOptional = true
o.Authorization.RemoteKubeConfigFileOptional = true
o.Authorization.AlwaysAllowPaths = []string{"/healthz"}
// Set the PairName but leave certificate directory blank to generate in-memory by default
o.SecureServing.ServerCert.CertDirectory = ""
o.SecureServing.ServerCert.PairName = "kube-scheduler"
o.SecureServing.BindPort = ports.KubeSchedulerPort
return o, nil
}
@ -129,20 +138,23 @@ func newDefaultComponentConfig() (*kubeschedulerconfig.KubeSchedulerConfiguratio
return &cfg, nil
}
// AddFlags adds flags for the scheduler options.
func (o *Options) AddFlags(fs *pflag.FlagSet) {
// Flags returns flags for a specific scheduler by section name
func (o *Options) Flags() (nfs apiserverflag.NamedFlagSets) {
fs := nfs.FlagSet("misc")
fs.StringVar(&o.ConfigFile, "config", o.ConfigFile, "The path to the configuration file. Flags override values in this file.")
fs.StringVar(&o.WriteConfigTo, "write-config-to", o.WriteConfigTo, "If set, write the configuration values to this file and exit.")
fs.StringVar(&o.Master, "master", o.Master, "The address of the Kubernetes API server (overrides any value in kubeconfig)")
o.SecureServing.AddFlags(fs)
o.CombinedInsecureServing.AddFlags(fs)
o.Authentication.AddFlags(fs)
o.Authorization.AddFlags(fs)
o.Deprecated.AddFlags(fs, &o.ComponentConfig)
o.SecureServing.AddFlags(nfs.FlagSet("secure serving"))
o.CombinedInsecureServing.AddFlags(nfs.FlagSet("insecure serving"))
o.Authentication.AddFlags(nfs.FlagSet("authentication"))
o.Authorization.AddFlags(nfs.FlagSet("authorization"))
o.Deprecated.AddFlags(nfs.FlagSet("deprecated"), &o.ComponentConfig)
leaderelectionconfig.BindFlags(&o.ComponentConfig.LeaderElection.LeaderElectionConfiguration, fs)
utilfeature.DefaultFeatureGate.AddFlag(fs)
leaderelectionconfig.BindFlags(&o.ComponentConfig.LeaderElection.LeaderElectionConfiguration, nfs.FlagSet("leader election"))
utilfeature.DefaultFeatureGate.AddFlag(nfs.FlagSet("feature gate"))
return nfs
}
// ApplyTo applies the scheduler options to the given scheduler app configuration.
@ -173,13 +185,19 @@ func (o *Options) ApplyTo(c *schedulerappconfig.Config) error {
}
}
if err := o.SecureServing.ApplyTo(&c.SecureServing); err != nil {
if err := o.SecureServing.ApplyTo(&c.SecureServing, &c.LoopbackClientConfig); err != nil {
return err
}
if err := o.Authentication.ApplyTo(&c.Authentication, c.SecureServing, nil); err != nil {
return err
if o.SecureServing != nil && (o.SecureServing.BindPort != 0 || o.SecureServing.Listener != nil) {
if err := o.Authentication.ApplyTo(&c.Authentication, c.SecureServing, nil); err != nil {
return err
}
if err := o.Authorization.ApplyTo(&c.Authorization); err != nil {
return err
}
}
return o.Authorization.ApplyTo(&c.Authorization)
return nil
}
// Validate validates all the required options.
@ -200,6 +218,12 @@ func (o *Options) Validate() []error {
// Config return a scheduler config object
func (o *Options) Config() (*schedulerappconfig.Config, error) {
if o.SecureServing != nil {
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
return nil, fmt.Errorf("error creating self-signed certificates: %v", err)
}
}
c := &schedulerappconfig.Config{}
if err := o.ApplyTo(c); err != nil {
return nil, err
@ -262,6 +286,8 @@ func makeLeaderElectionConfig(config kubeschedulerconfig.KubeSchedulerLeaderElec
LeaseDuration: config.LeaseDuration.Duration,
RenewDeadline: config.RenewDeadline.Duration,
RetryPeriod: config.RetryPeriod.Duration,
WatchDog: leaderelection.NewLeaderHealthzAdaptor(time.Second * 20),
Name: "kube-scheduler",
}, nil
}
@ -269,7 +295,7 @@ func makeLeaderElectionConfig(config kubeschedulerconfig.KubeSchedulerLeaderElec
// TODO remove masterOverride when CLI flags are removed.
func createClients(config apimachineryconfig.ClientConnectionConfiguration, masterOverride string, timeout time.Duration) (clientset.Interface, clientset.Interface, v1core.EventsGetter, error) {
if len(config.Kubeconfig) == 0 && len(masterOverride) == 0 {
glog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
klog.Warningf("Neither --kubeconfig nor --master was specified. Using default API client. This might not work.")
}
// This creates a client, first loading any specified kubeconfig

75
cmd/kube-scheduler/app/options/options_test.go
View File

@ -32,6 +32,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/diff"
apiserverconfig "k8s.io/apiserver/pkg/apis/config"
apiserveroptions "k8s.io/apiserver/pkg/server/options"
kubeschedulerconfig "k8s.io/kubernetes/pkg/scheduler/apis/config"
)
@ -175,6 +176,29 @@ users:
}
return *cfg
}(),
SecureServing: (&apiserveroptions.SecureServingOptions{
ServerCert: apiserveroptions.GeneratableKeyCert{
CertDirectory: "/a/b/c",
PairName: "kube-scheduler",
},
HTTP2MaxStreamsPerConnection: 47,
}).WithLoopback(),
Authentication: &apiserveroptions.DelegatingAuthenticationOptions{
CacheTTL: 10 * time.Second,
ClientCert: apiserveroptions.ClientCertAuthenticationOptions{},
RequestHeader: apiserveroptions.RequestHeaderAuthenticationOptions{
UsernameHeaders: []string{"x-remote-user"},
GroupHeaders: []string{"x-remote-group"},
ExtraHeaderPrefixes: []string{"x-remote-extra-"},
},
RemoteKubeConfigFileOptional: true,
},
Authorization: &apiserveroptions.DelegatingAuthorizationOptions{
AllowCacheTTL: 10 * time.Second,
DenyCacheTTL: 10 * time.Second,
RemoteKubeConfigFileOptional: true,
AlwaysAllowPaths: []string{"/healthz"}, // note: this does not match /healthz/ or /healthz/*
},
},
expectedUsername: "config",
expectedConfig: kubeschedulerconfig.KubeSchedulerConfiguration{
@ -233,6 +257,29 @@ users:
cfg.ClientConnection.Kubeconfig = flagKubeconfig
return *cfg
}(),
SecureServing: (&apiserveroptions.SecureServingOptions{
ServerCert: apiserveroptions.GeneratableKeyCert{
CertDirectory: "/a/b/c",
PairName: "kube-scheduler",
},
HTTP2MaxStreamsPerConnection: 47,
}).WithLoopback(),
Authentication: &apiserveroptions.DelegatingAuthenticationOptions{
CacheTTL: 10 * time.Second,
ClientCert: apiserveroptions.ClientCertAuthenticationOptions{},
RequestHeader: apiserveroptions.RequestHeaderAuthenticationOptions{
UsernameHeaders: []string{"x-remote-user"},
GroupHeaders: []string{"x-remote-group"},
ExtraHeaderPrefixes: []string{"x-remote-extra-"},
},
RemoteKubeConfigFileOptional: true,
},
Authorization: &apiserveroptions.DelegatingAuthorizationOptions{
AllowCacheTTL: 10 * time.Second,
DenyCacheTTL: 10 * time.Second,
RemoteKubeConfigFileOptional: true,
AlwaysAllowPaths: []string{"/healthz"}, // note: this does not match /healthz/ or /healthz/*
},
},
expectedUsername: "flag",
expectedConfig: kubeschedulerconfig.KubeSchedulerConfiguration{
@ -264,8 +311,32 @@ users:
},
},
{
name: "overridden master",
options: &Options{Master: insecureserver.URL},
name: "overridden master",
options: &Options{
Master: insecureserver.URL,
SecureServing: (&apiserveroptions.SecureServingOptions{
ServerCert: apiserveroptions.GeneratableKeyCert{
CertDirectory: "/a/b/c",
PairName: "kube-scheduler",
},
HTTP2MaxStreamsPerConnection: 47,
}).WithLoopback(),
Authentication: &apiserveroptions.DelegatingAuthenticationOptions{
CacheTTL: 10 * time.Second,
RequestHeader: apiserveroptions.RequestHeaderAuthenticationOptions{
UsernameHeaders: []string{"x-remote-user"},
GroupHeaders: []string{"x-remote-group"},
ExtraHeaderPrefixes: []string{"x-remote-extra-"},
},
RemoteKubeConfigFileOptional: true,
},
Authorization: &apiserveroptions.DelegatingAuthorizationOptions{
AllowCacheTTL: 10 * time.Second,
DenyCacheTTL: 10 * time.Second,
RemoteKubeConfigFileOptional: true,
AlwaysAllowPaths: []string{"/healthz"}, // note: this does not match /healthz/ or /healthz/*
},
},
expectedUsername: "none, http",
},
{

101
cmd/kube-scheduler/app/server.go
View File

@ -39,6 +39,8 @@ import (
"k8s.io/apiserver/pkg/server/mux"
"k8s.io/apiserver/pkg/server/routes"
utilfeature "k8s.io/apiserver/pkg/util/feature"
apiserverflag "k8s.io/apiserver/pkg/util/flag"
"k8s.io/apiserver/pkg/util/globalflag"
storageinformers "k8s.io/client-go/informers/storage/v1"
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/leaderelection"
@ -59,16 +61,16 @@ import (
"k8s.io/kubernetes/pkg/version"
"k8s.io/kubernetes/pkg/version/verflag"
"github.com/golang/glog"
"github.com/prometheus/client_golang/prometheus"
"github.com/spf13/cobra"
"k8s.io/klog"
)
// NewSchedulerCommand creates a *cobra.Command object with default parameters
func NewSchedulerCommand() *cobra.Command {
opts, err := options.NewOptions()
if err != nil {
glog.Fatalf("unable to initialize command options: %v", err)
klog.Fatalf("unable to initialize command options: %v", err)
}
cmd := &cobra.Command{
@ -81,21 +83,38 @@ constraints, affinity and anti-affinity specifications, data locality, inter-wor
interference, deadlines, and so on. Workload-specific requirements will be exposed
through the API as necessary.`,
Run: func(cmd *cobra.Command, args []string) {
if err := run(cmd, args, opts); err != nil {
if err := runCommand(cmd, args, opts); err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}
},
}
fs := cmd.Flags()
namedFlagSets := opts.Flags()
verflag.AddFlags(namedFlagSets.FlagSet("global"))
globalflag.AddGlobalFlags(namedFlagSets.FlagSet("global"), cmd.Name())
for _, f := range namedFlagSets.FlagSets {
fs.AddFlagSet(f)
}
opts.AddFlags(cmd.Flags())
usageFmt := "Usage:\n %s\n"
cols, _, _ := apiserverflag.TerminalSize(cmd.OutOrStdout())
cmd.SetUsageFunc(func(cmd *cobra.Command) error {
fmt.Fprintf(cmd.OutOrStderr(), usageFmt, cmd.UseLine())
apiserverflag.PrintSections(cmd.OutOrStderr(), namedFlagSets, cols)
return nil
})
cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine())
apiserverflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols)
})
cmd.MarkFlagFilename("config", "yaml", "yml", "json")
return cmd
}
// run runs the scheduler.
func run(cmd *cobra.Command, args []string, opts *options.Options) error {
// runCommand runs the scheduler.
func runCommand(cmd *cobra.Command, args []string, opts *options.Options) error {
verflag.PrintAndExitIfRequested()
utilflag.PrintFlags(cmd.Flags())
@ -113,7 +132,7 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
fmt.Fprintf(os.Stderr, "%v\n", err)
os.Exit(1)
}
glog.Infof("Wrote configuration to: %s\n", opts.WriteConfigTo)
klog.Infof("Wrote configuration to: %s\n", opts.WriteConfigTo)
}
c, err := opts.Config()
@ -128,7 +147,7 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
cc := c.Complete()
// To help debugging, immediately log version
glog.Infof("Version: %+v", version.Get())
klog.Infof("Version: %+v", version.Get())
// Apply algorithms based on feature gates.
// TODO: make configurable?
@ -136,36 +155,42 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
// Configz registration.
if cz, err := configz.New("componentconfig"); err == nil {
cz.Set(c.ComponentConfig)
cz.Set(cc.ComponentConfig)
} else {
return fmt.Errorf("unable to register configz: %s", err)
}
return Run(cc, stopCh)
}
// Run executes the scheduler based on the given configuration. It only return on error or when stopCh is closed.
func Run(cc schedulerserverconfig.CompletedConfig, stopCh <-chan struct{}) error {
var storageClassInformer storageinformers.StorageClassInformer
if utilfeature.DefaultFeatureGate.Enabled(features.VolumeScheduling) {
storageClassInformer = c.InformerFactory.Storage().V1().StorageClasses()
storageClassInformer = cc.InformerFactory.Storage().V1().StorageClasses()
}
// Create the scheduler.
sched, err := scheduler.New(c.Client,
c.InformerFactory.Core().V1().Nodes(),
c.PodInformer,
c.InformerFactory.Core().V1().PersistentVolumes(),
c.InformerFactory.Core().V1().PersistentVolumeClaims(),
c.InformerFactory.Core().V1().ReplicationControllers(),
c.InformerFactory.Apps().V1().ReplicaSets(),
c.InformerFactory.Apps().V1().StatefulSets(),
c.InformerFactory.Core().V1().Services(),
c.InformerFactory.Policy().V1beta1().PodDisruptionBudgets(),
sched, err := scheduler.New(cc.Client,
cc.InformerFactory.Core().V1().Nodes(),
cc.PodInformer,
cc.InformerFactory.Core().V1().PersistentVolumes(),
cc.InformerFactory.Core().V1().PersistentVolumeClaims(),
cc.InformerFactory.Core().V1().ReplicationControllers(),
cc.InformerFactory.Apps().V1().ReplicaSets(),
cc.InformerFactory.Apps().V1().StatefulSets(),
cc.InformerFactory.Core().V1().Services(),
cc.InformerFactory.Policy().V1beta1().PodDisruptionBudgets(),
storageClassInformer,
c.Recorder,
c.ComponentConfig.AlgorithmSource,
scheduler.WithName(c.ComponentConfig.SchedulerName),
scheduler.WithHardPodAffinitySymmetricWeight(c.ComponentConfig.HardPodAffinitySymmetricWeight),
scheduler.WithEquivalenceClassCacheEnabled(c.ComponentConfig.EnableContentionProfiling),
scheduler.WithPreemptionDisabled(c.ComponentConfig.DisablePreemption),
scheduler.WithPercentageOfNodesToScore(c.ComponentConfig.PercentageOfNodesToScore),
scheduler.WithBindTimeoutSeconds(*c.ComponentConfig.BindTimeoutSeconds))
cc.Recorder,
cc.ComponentConfig.AlgorithmSource,
stopCh,
scheduler.WithName(cc.ComponentConfig.SchedulerName),
scheduler.WithHardPodAffinitySymmetricWeight(cc.ComponentConfig.HardPodAffinitySymmetricWeight),
scheduler.WithEquivalenceClassCacheEnabled(cc.ComponentConfig.EnableContentionProfiling),
scheduler.WithPreemptionDisabled(cc.ComponentConfig.DisablePreemption),
scheduler.WithPercentageOfNodesToScore(cc.ComponentConfig.PercentageOfNodesToScore),
scheduler.WithBindTimeoutSeconds(*cc.ComponentConfig.BindTimeoutSeconds))
if err != nil {
return err
}
@ -175,10 +200,16 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
cc.Broadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: cc.EventClient.Events("")})
}
// Setup healthz checks.
var checks []healthz.HealthzChecker
if cc.ComponentConfig.LeaderElection.LeaderElect {
checks = append(checks, cc.LeaderElection.WatchDog)
}
// Start up the healthz server.
if cc.InsecureServing != nil {
separateMetrics := cc.InsecureMetricsServing != nil
handler := buildHandlerChain(newHealthzHandler(&cc.ComponentConfig, separateMetrics), nil, nil)
handler := buildHandlerChain(newHealthzHandler(&cc.ComponentConfig, separateMetrics, checks...), nil, nil)
if err := cc.InsecureServing.Serve(handler, 0, stopCh); err != nil {
return fmt.Errorf("failed to start healthz server: %v", err)
}
@ -190,7 +221,7 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
}
}
if cc.SecureServing != nil {
handler := buildHandlerChain(newHealthzHandler(&cc.ComponentConfig, false), cc.Authentication.Authenticator, cc.Authorization.Authorizer)
handler := buildHandlerChain(newHealthzHandler(&cc.ComponentConfig, false, checks...), cc.Authentication.Authenticator, cc.Authorization.Authorizer)
if err := cc.SecureServing.Serve(handler, 0, stopCh); err != nil {
// fail early for secure handlers, removing the old error loop from above
return fmt.Errorf("failed to start healthz server: %v", err)
@ -205,7 +236,7 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
cc.InformerFactory.WaitForCacheSync(stopCh)
controller.WaitForCacheSync("scheduler", stopCh, cc.PodInformer.Informer().HasSynced)
// Prepare a reusable run function.
// Prepare a reusable runCommand function.
run := func(ctx context.Context) {
sched.Run()
<-ctx.Done()
@ -222,7 +253,7 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
}
}()
// If leader election is enabled, run via LeaderElector until done and exit.
// If leader election is enabled, runCommand via LeaderElector until done and exit.
if cc.LeaderElection != nil {
cc.LeaderElection.Callbacks = leaderelection.LeaderCallbacks{
OnStartedLeading: run,
@ -240,7 +271,7 @@ func run(cmd *cobra.Command, args []string, opts *options.Options) error {
return fmt.Errorf("lost lease")
}
// Leader election is disabled, so run inline until done.
// Leader election is disabled, so runCommand inline until done.
run(ctx)
return fmt.Errorf("finished without leader elect")
}
@ -288,9 +319,9 @@ func newMetricsHandler(config *kubeschedulerconfig.KubeSchedulerConfiguration) h
// newHealthzServer creates a healthz server from the config, and will also
// embed the metrics handler if the healthz and metrics address configurations
// are the same.
func newHealthzHandler(config *kubeschedulerconfig.KubeSchedulerConfiguration, separateMetrics bool) http.Handler {
func newHealthzHandler(config *kubeschedulerconfig.KubeSchedulerConfiguration, separateMetrics bool, checks ...healthz.HealthzChecker) http.Handler {
pathRecorderMux := mux.NewPathRecorderMux("kube-scheduler")
healthz.InstallHandler(pathRecorderMux)
healthz.InstallHandler(pathRecorderMux, checks...)
if !separateMetrics {
installMetricHandler(pathRecorderMux)
}

32
cmd/kube-scheduler/app/testing/BUILD Normal file
View File

@ -0,0 +1,32 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["testserver.go"],
importpath = "k8s.io/kubernetes/cmd/kube-scheduler/app/testing",
visibility = ["//visibility:public"],
deps = [
"//cmd/kube-scheduler/app:go_default_library",
"//cmd/kube-scheduler/app/config:go_default_library",
"//cmd/kube-scheduler/app/options:go_default_library",
"//pkg/scheduler/algorithmprovider/defaults:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//staging/src/k8s.io/client-go/rest:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

186
cmd/kube-scheduler/app/testing/testserver.go Normal file
View File

@ -0,0 +1,186 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package testing
import (
"fmt"
"io/ioutil"
"net"
"os"
"time"
"github.com/spf13/pflag"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes"
restclient "k8s.io/client-go/rest"
"k8s.io/kubernetes/cmd/kube-scheduler/app"
kubeschedulerconfig "k8s.io/kubernetes/cmd/kube-scheduler/app/config"
"k8s.io/kubernetes/cmd/kube-scheduler/app/options"
// import DefaultProvider
_ "k8s.io/kubernetes/pkg/scheduler/algorithmprovider/defaults"
)
// TearDownFunc is to be called to tear down a test server.
type TearDownFunc func()
// TestServer return values supplied by kube-test-ApiServer
type TestServer struct {
LoopbackClientConfig *restclient.Config // Rest client config using the magic token
Options *options.Options
Config *kubeschedulerconfig.Config
TearDownFn TearDownFunc // TearDown function
TmpDir string // Temp Dir used, by the apiserver
}
// Logger allows t.Testing and b.Testing to be passed to StartTestServer and StartTestServerOrDie
type Logger interface {
Errorf(format string, args ...interface{})
Fatalf(format string, args ...interface{})
Logf(format string, args ...interface{})
}
// StartTestServer starts a kube-scheduler. A rest client config and a tear-down func,
// and location of the tmpdir are returned.
//
// Note: we return a tear-down func instead of a stop channel because the later will leak temporary
// files that because Golang testing's call to os.Exit will not give a stop channel go routine
// enough time to remove temporary files.
func StartTestServer(t Logger, customFlags []string) (result TestServer, err error) {
stopCh := make(chan struct{})
tearDown := func() {
close(stopCh)
if len(result.TmpDir) != 0 {
os.RemoveAll(result.TmpDir)
}
}
defer func() {
if result.TearDownFn == nil {
tearDown()
}
}()
result.TmpDir, err = ioutil.TempDir("", "kube-scheduler")
if err != nil {
return result, fmt.Errorf("failed to create temp dir: %v", err)
}
fs := pflag.NewFlagSet("test", pflag.PanicOnError)
s, err := options.NewOptions()
if err != nil {
return TestServer{}, err
}
namedFlagSets := s.Flags()
for _, f := range namedFlagSets.FlagSets {
fs.AddFlagSet(f)
}
fs.Parse(customFlags)
if s.SecureServing.BindPort != 0 {
s.SecureServing.Listener, s.SecureServing.BindPort, err = createListenerOnFreePort()
if err != nil {
return result, fmt.Errorf("failed to create listener: %v", err)
}
s.SecureServing.ServerCert.CertDirectory = result.TmpDir
t.Logf("kube-scheduler will listen securely on port %d...", s.SecureServing.BindPort)
}
if s.CombinedInsecureServing.BindPort != 0 {
listener, port, err := createListenerOnFreePort()
if err != nil {
return result, fmt.Errorf("failed to create listener: %v", err)
}
s.CombinedInsecureServing.BindPort = port
s.CombinedInsecureServing.Healthz.Listener = listener
s.CombinedInsecureServing.Metrics.Listener = listener
t.Logf("kube-scheduler will listen insecurely on port %d...", s.CombinedInsecureServing.BindPort)
}
config, err := s.Config()
if err != nil {
return result, fmt.Errorf("failed to create config from options: %v", err)
}
errCh := make(chan error)
go func(stopCh <-chan struct{}) {
if err := app.Run(config.Complete(), stopCh); err != nil {
errCh <- err
}
}(stopCh)
t.Logf("Waiting for /healthz to be ok...")
client, err := kubernetes.NewForConfig(config.LoopbackClientConfig)
if err != nil {
return result, fmt.Errorf("failed to create a client: %v", err)
}
err = wait.Poll(100*time.Millisecond, 30*time.Second, func() (bool, error) {
select {
case err := <-errCh:
return false, err
default:
}
result := client.CoreV1().RESTClient().Get().AbsPath("/healthz").Do()
status := 0
result.StatusCode(&status)
if status == 200 {
return true, nil
}
return false, nil
})
if err != nil {
return result, fmt.Errorf("failed to wait for /healthz to return ok: %v", err)
}
// from here the caller must call tearDown
result.LoopbackClientConfig = config.LoopbackClientConfig
result.Options = s
result.Config = config
result.TearDownFn = tearDown
return result, nil
}
// StartTestServerOrDie calls StartTestServer t.Fatal if it does not succeed.
func StartTestServerOrDie(t Logger, flags []string) *TestServer {
result, err := StartTestServer(t, flags)
if err == nil {
return &result
}
t.Fatalf("failed to launch server: %v", err)
return nil
}
func createListenerOnFreePort() (net.Listener, int, error) {
ln, err := net.Listen("tcp", ":0")
if err != nil {
return nil, 0, err
}
// get port
tcpAddr, ok := ln.Addr().(*net.TCPAddr)
if !ok {
ln.Close()
return nil, 0, fmt.Errorf("invalid listen address: %q", ln.Addr().String())
}
return ln, tcpAddr.Port, nil
}

Some files were not shown because too many files have changed in this diff Show More