From 7d53ad1fb0fcd49f71abc47d37cff597ab826d03 Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Thu, 21 Mar 2019 14:14:49 -0400 Subject: [PATCH] Kubelet should request protobuf from the apiserver The kubelet was not asking for application/vnd.kubernetes.protobuf on list and get calls. It looks like we lost that code when we moved to cert rotation. Clean up the client initialization path and make sure that all non-dynamic clients use protobuf by default. --- cmd/kubelet/app/BUILD | 1 + cmd/kubelet/app/server.go | 25 +++++++++++++++++-- .../k8s.io/apimachinery/pkg/runtime/types.go | 5 ++-- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/cmd/kubelet/app/BUILD b/cmd/kubelet/app/BUILD index a837a646d6..5e9cf6fc81 100644 --- a/cmd/kubelet/app/BUILD +++ b/cmd/kubelet/app/BUILD @@ -113,6 +113,7 @@ go_library( "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 69f0e35d0a..420c585fda 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -30,6 +30,7 @@ import ( "path" "path/filepath" "strconv" + "strings" "time" "github.com/coreos/go-systemd/daemon" @@ -40,6 +41,7 @@ import ( v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/sets" @@ -757,6 +759,11 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName) return nil, nil, err } + // use the correct content type for cert rotation, but don't set QPS + setContentTypeForClient(certConfig, s.ContentType) + + kubeClientConfigOverrides(s, clientConfig) + clientCertificateManager, err := buildClientCertificateManager(certConfig, clientConfig, s.CertDirectory, nodeName) if err != nil { return nil, nil, err @@ -764,7 +771,6 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName) // the rotating transport will use the cert from the cert manager instead of these files transportConfig := restclient.AnonymousClientConfig(clientConfig) - kubeClientConfigOverrides(s, transportConfig) // we set exitAfter to five minutes because we use this client configuration to request new certs - if we are unable // to request new certs, we will be unable to continue normal operation. Exiting the process allows a wrapper @@ -836,7 +842,7 @@ func buildClientCertificateManager(certConfig, clientConfig *restclient.Config, } func kubeClientConfigOverrides(s *options.KubeletServer, clientConfig *restclient.Config) { - clientConfig.ContentType = s.ContentType + setContentTypeForClient(clientConfig, s.ContentType) // Override kubeconfig qps/burst settings from flags clientConfig.QPS = float32(s.KubeAPIQPS) clientConfig.Burst = int(s.KubeAPIBurst) @@ -930,6 +936,21 @@ func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletCo return tlsOptions, nil } +// setContentTypeForClient sets the appropritae content type into the rest config +// and handles defaulting AcceptContentTypes based on that input. +func setContentTypeForClient(cfg *restclient.Config, contentType string) { + if len(contentType) == 0 { + return + } + cfg.ContentType = contentType + switch contentType { + case runtime.ContentTypeProtobuf: + cfg.AcceptContentTypes = strings.Join([]string{runtime.ContentTypeProtobuf, runtime.ContentTypeJSON}, ",") + default: + // otherwise let the rest client perform defaulting + } +} + // RunKubelet is responsible for setting up and running a kubelet. It is used in three different applications: // 1 Integration tests // 2 Kubelet binary diff --git a/staging/src/k8s.io/apimachinery/pkg/runtime/types.go b/staging/src/k8s.io/apimachinery/pkg/runtime/types.go index eb284eac27..3d3ebe5f9d 100644 --- a/staging/src/k8s.io/apimachinery/pkg/runtime/types.go +++ b/staging/src/k8s.io/apimachinery/pkg/runtime/types.go @@ -41,9 +41,8 @@ type TypeMeta struct { } const ( - ContentTypeJSON string = "application/json" - ContentTypeYAML string = "application/yaml" - + ContentTypeJSON string = "application/json" + ContentTypeYAML string = "application/yaml" ContentTypeProtobuf string = "application/vnd.kubernetes.protobuf" )