From bbb48fd0686cb2d964d1f2425f45d314b1133d6e Mon Sep 17 00:00:00 2001 From: stewart-yu Date: Wed, 16 May 2018 16:16:31 +0800 Subject: [PATCH] [kube-controller manager]get rid of GenericControllerManagerOptions sub-struct --- .../app/options/csrsigningcontroller.go | 10 + cmd/controller-manager/app/options/options.go | 383 ------------------ .../app/options/options.go | 373 +++++++++++++++-- .../app/options/options_test.go | 310 +++++++------- 4 files changed, 500 insertions(+), 576 deletions(-) delete mode 100644 cmd/controller-manager/app/options/options.go diff --git a/cmd/controller-manager/app/options/csrsigningcontroller.go b/cmd/controller-manager/app/options/csrsigningcontroller.go index f307c503f7..bf55c9df89 100644 --- a/cmd/controller-manager/app/options/csrsigningcontroller.go +++ b/cmd/controller-manager/app/options/csrsigningcontroller.go @@ -22,6 +22,16 @@ import ( "k8s.io/kubernetes/pkg/apis/componentconfig" ) +const ( + // These defaults are deprecated and exported so that we can warn if + // they are being used. + + // DefaultClusterSigningCertFile is deprecated. Do not use. + DefaultClusterSigningCertFile = "/etc/kubernetes/ca/ca.pem" + // DefaultClusterSigningKeyFile is deprecated. Do not use. + DefaultClusterSigningKeyFile = "/etc/kubernetes/ca/ca.key" +) + // CSRSigningControllerOptions holds the CSRSigningController options. type CSRSigningControllerOptions struct { ClusterSigningDuration metav1.Duration diff --git a/cmd/controller-manager/app/options/options.go b/cmd/controller-manager/app/options/options.go deleted file mode 100644 index 567a795b87..0000000000 --- a/cmd/controller-manager/app/options/options.go +++ /dev/null @@ -1,383 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package options - -import ( - "net" - - "github.com/golang/glog" - - "github.com/spf13/pflag" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - apiserveroptions "k8s.io/apiserver/pkg/server/options" - "k8s.io/client-go/kubernetes" - clientset "k8s.io/client-go/kubernetes" - v1core "k8s.io/client-go/kubernetes/typed/core/v1" - restclient "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/client-go/tools/record" - genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/apis/componentconfig" - componentconfigv1alpha1 "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" -) - -// GenericControllerManagerOptions is the common structure for a controller manager. It works with NewGenericControllerManagerOptions -// and AddDefaultControllerFlags to create the common components of kube-controller-manager and cloud-controller-manager. -type GenericControllerManagerOptions struct { - CloudProvider *CloudProviderOptions - Debugging *DebuggingOptions - GenericComponent *GenericComponentConfigOptions - KubeCloudShared *KubeCloudSharedOptions - - AttachDetachController *AttachDetachControllerOptions - CSRSigningController *CSRSigningControllerOptions - DaemonSetController *DaemonSetControllerOptions - DeploymentController *DeploymentControllerOptions - DeprecatedFlags *DeprecatedControllerOptions - EndPointController *EndPointControllerOptions - GarbageCollectorController *GarbageCollectorControllerOptions - HPAController *HPAControllerOptions - JobController *JobControllerOptions - NamespaceController *NamespaceControllerOptions - NodeIpamController *NodeIpamControllerOptions - NodeLifecycleController *NodeLifecycleControllerOptions - PersistentVolumeBinderController *PersistentVolumeBinderControllerOptions - PodGCController *PodGCControllerOptions - ReplicaSetController *ReplicaSetControllerOptions - ReplicationController *ReplicationControllerOptions - ResourceQuotaController *ResourceQuotaControllerOptions - SAController *SAControllerOptions - ServiceController *ServiceControllerOptions - - Controllers []string - ExternalCloudVolumePlugin string - - SecureServing *apiserveroptions.SecureServingOptions - // TODO: remove insecure serving mode - InsecureServing *InsecureServingOptions - Authentication *apiserveroptions.DelegatingAuthenticationOptions - Authorization *apiserveroptions.DelegatingAuthorizationOptions - - Master string - Kubeconfig string -} - -const ( - // These defaults are deprecated and exported so that we can warn if - // they are being used. - - // DefaultClusterSigningCertFile is deprecated. Do not use. - DefaultClusterSigningCertFile = "/etc/kubernetes/ca/ca.pem" - // DefaultClusterSigningKeyFile is deprecated. Do not use. - DefaultClusterSigningKeyFile = "/etc/kubernetes/ca/ca.key" -) - -// NewGenericControllerManagerOptions returns common/default configuration values for both -// the kube-controller-manager and the cloud-contoller-manager. Any common changes should -// be made here. Any individual changes should be made in that controller. -func NewGenericControllerManagerOptions(componentConfig componentconfig.KubeControllerManagerConfiguration) *GenericControllerManagerOptions { - o := &GenericControllerManagerOptions{ - CloudProvider: &CloudProviderOptions{}, - Debugging: &DebuggingOptions{}, - GenericComponent: &GenericComponentConfigOptions{ - MinResyncPeriod: componentConfig.GenericComponent.MinResyncPeriod, - ContentType: componentConfig.GenericComponent.ContentType, - KubeAPIQPS: componentConfig.GenericComponent.KubeAPIQPS, - KubeAPIBurst: componentConfig.GenericComponent.KubeAPIBurst, - ControllerStartInterval: componentConfig.GenericComponent.ControllerStartInterval, - LeaderElection: componentConfig.GenericComponent.LeaderElection, - }, - KubeCloudShared: &KubeCloudSharedOptions{ - Port: componentConfig.KubeCloudShared.Port, - Address: componentConfig.KubeCloudShared.Address, - RouteReconciliationPeriod: componentConfig.KubeCloudShared.RouteReconciliationPeriod, - NodeMonitorPeriod: componentConfig.KubeCloudShared.NodeMonitorPeriod, - ClusterName: componentConfig.KubeCloudShared.ClusterName, - ConfigureCloudRoutes: componentConfig.KubeCloudShared.ConfigureCloudRoutes, - }, - AttachDetachController: &AttachDetachControllerOptions{ - ReconcilerSyncLoopPeriod: componentConfig.AttachDetachController.ReconcilerSyncLoopPeriod, - }, - CSRSigningController: &CSRSigningControllerOptions{ - ClusterSigningCertFile: componentConfig.CSRSigningController.ClusterSigningCertFile, - ClusterSigningKeyFile: componentConfig.CSRSigningController.ClusterSigningKeyFile, - ClusterSigningDuration: componentConfig.CSRSigningController.ClusterSigningDuration, - }, - DaemonSetController: &DaemonSetControllerOptions{ - ConcurrentDaemonSetSyncs: componentConfig.DaemonSetController.ConcurrentDaemonSetSyncs, - }, - DeploymentController: &DeploymentControllerOptions{ - ConcurrentDeploymentSyncs: componentConfig.DeploymentController.ConcurrentDeploymentSyncs, - DeploymentControllerSyncPeriod: componentConfig.DeploymentController.DeploymentControllerSyncPeriod, - }, - DeprecatedFlags: &DeprecatedControllerOptions{ - RegisterRetryCount: componentConfig.DeprecatedController.RegisterRetryCount, - }, - EndPointController: &EndPointControllerOptions{ - ConcurrentEndpointSyncs: componentConfig.EndPointController.ConcurrentEndpointSyncs, - }, - GarbageCollectorController: &GarbageCollectorControllerOptions{ - ConcurrentGCSyncs: componentConfig.GarbageCollectorController.ConcurrentGCSyncs, - EnableGarbageCollector: componentConfig.GarbageCollectorController.EnableGarbageCollector, - }, - HPAController: &HPAControllerOptions{ - HorizontalPodAutoscalerSyncPeriod: componentConfig.HPAController.HorizontalPodAutoscalerSyncPeriod, - HorizontalPodAutoscalerUpscaleForbiddenWindow: componentConfig.HPAController.HorizontalPodAutoscalerUpscaleForbiddenWindow, - HorizontalPodAutoscalerDownscaleForbiddenWindow: componentConfig.HPAController.HorizontalPodAutoscalerDownscaleForbiddenWindow, - HorizontalPodAutoscalerTolerance: componentConfig.HPAController.HorizontalPodAutoscalerTolerance, - HorizontalPodAutoscalerUseRESTClients: componentConfig.HPAController.HorizontalPodAutoscalerUseRESTClients, - }, - JobController: &JobControllerOptions{ - ConcurrentJobSyncs: componentConfig.JobController.ConcurrentJobSyncs, - }, - NamespaceController: &NamespaceControllerOptions{ - NamespaceSyncPeriod: componentConfig.NamespaceController.NamespaceSyncPeriod, - ConcurrentNamespaceSyncs: componentConfig.NamespaceController.ConcurrentNamespaceSyncs, - }, - NodeIpamController: &NodeIpamControllerOptions{ - NodeCIDRMaskSize: componentConfig.NodeIpamController.NodeCIDRMaskSize, - }, - NodeLifecycleController: &NodeLifecycleControllerOptions{ - EnableTaintManager: componentConfig.NodeLifecycleController.EnableTaintManager, - NodeMonitorGracePeriod: componentConfig.NodeLifecycleController.NodeMonitorGracePeriod, - NodeStartupGracePeriod: componentConfig.NodeLifecycleController.NodeStartupGracePeriod, - PodEvictionTimeout: componentConfig.NodeLifecycleController.PodEvictionTimeout, - }, - PersistentVolumeBinderController: &PersistentVolumeBinderControllerOptions{ - PVClaimBinderSyncPeriod: componentConfig.PersistentVolumeBinderController.PVClaimBinderSyncPeriod, - VolumeConfiguration: componentConfig.PersistentVolumeBinderController.VolumeConfiguration, - }, - PodGCController: &PodGCControllerOptions{ - TerminatedPodGCThreshold: componentConfig.PodGCController.TerminatedPodGCThreshold, - }, - ReplicaSetController: &ReplicaSetControllerOptions{ - ConcurrentRSSyncs: componentConfig.ReplicaSetController.ConcurrentRSSyncs, - }, - ReplicationController: &ReplicationControllerOptions{ - ConcurrentRCSyncs: componentConfig.ReplicationController.ConcurrentRCSyncs, - }, - ResourceQuotaController: &ResourceQuotaControllerOptions{ - ResourceQuotaSyncPeriod: componentConfig.ResourceQuotaController.ResourceQuotaSyncPeriod, - ConcurrentResourceQuotaSyncs: componentConfig.ResourceQuotaController.ConcurrentResourceQuotaSyncs, - }, - SAController: &SAControllerOptions{ - ConcurrentSATokenSyncs: componentConfig.SAController.ConcurrentSATokenSyncs, - }, - ServiceController: &ServiceControllerOptions{ - ConcurrentServiceSyncs: componentConfig.ServiceController.ConcurrentServiceSyncs, - }, - Controllers: componentConfig.Controllers, - SecureServing: apiserveroptions.NewSecureServingOptions(), - InsecureServing: &InsecureServingOptions{ - BindAddress: net.ParseIP(componentConfig.KubeCloudShared.Address), - BindPort: int(componentConfig.KubeCloudShared.Port), - BindNetwork: "tcp", - }, - Authentication: nil, // TODO: enable with apiserveroptions.NewDelegatingAuthenticationOptions() - Authorization: nil, // TODO: enable with apiserveroptions.NewDelegatingAuthorizationOptions() - } - - // disable secure serving for now - // TODO: enable HTTPS by default - o.SecureServing.BindPort = 0 - - return o -} - -// NewDefaultControllerManagerComponentConfig returns default kube-controller manager configuration object. -func NewDefaultControllerManagerComponentConfig(insecurePort int32) componentconfig.KubeControllerManagerConfiguration { - scheme := runtime.NewScheme() - componentconfigv1alpha1.AddToScheme(scheme) - versioned := componentconfigv1alpha1.KubeControllerManagerConfiguration{} - scheme.Default(&versioned) - internal := componentconfig.KubeControllerManagerConfiguration{} - scheme.Convert(&versioned, &internal, nil) - internal.KubeCloudShared.Port = insecurePort - return internal -} - -// AddFlags adds common/default flags for both the kube and cloud Controller Manager Server to the -// specified FlagSet. Any common changes should be made here. Any individual changes should be made in that controller. -func (o *GenericControllerManagerOptions) AddFlags(fs *pflag.FlagSet) { - - fs.StringVar(&o.Master, "master", o.Master, "The address of the Kubernetes API server (overrides any value in kubeconfig).") - fs.StringVar(&o.Kubeconfig, "kubeconfig", o.Kubeconfig, "Path to kubeconfig file with authorization and master location information.") - o.CloudProvider.AddFlags(fs) - o.Debugging.AddFlags(fs) - o.GenericComponent.AddFlags(fs) - o.KubeCloudShared.AddFlags(fs) - o.ServiceController.AddFlags(fs) - o.SecureServing.AddFlags(fs) - o.InsecureServing.AddFlags(fs) - o.Authentication.AddFlags(fs) - o.Authorization.AddFlags(fs) -} - -// ApplyTo fills up controller manager config with options and userAgent -func (o *GenericControllerManagerOptions) ApplyTo(c *genericcontrollermanager.Config, userAgent string) error { - if err := o.CloudProvider.ApplyTo(&c.ComponentConfig.CloudProvider); err != nil { - return err - } - if err := o.Debugging.ApplyTo(&c.ComponentConfig.Debugging); err != nil { - return err - } - if err := o.GenericComponent.ApplyTo(&c.ComponentConfig.GenericComponent); err != nil { - return err - } - if err := o.KubeCloudShared.ApplyTo(&c.ComponentConfig.KubeCloudShared); err != nil { - return err - } - if err := o.AttachDetachController.ApplyTo(&c.ComponentConfig.AttachDetachController); err != nil { - return err - } - if err := o.CSRSigningController.ApplyTo(&c.ComponentConfig.CSRSigningController); err != nil { - return err - } - if err := o.DaemonSetController.ApplyTo(&c.ComponentConfig.DaemonSetController); err != nil { - return err - } - if err := o.DeploymentController.ApplyTo(&c.ComponentConfig.DeploymentController); err != nil { - return err - } - if err := o.DeprecatedFlags.ApplyTo(&c.ComponentConfig.DeprecatedController); err != nil { - return err - } - if err := o.EndPointController.ApplyTo(&c.ComponentConfig.EndPointController); err != nil { - return err - } - if err := o.GarbageCollectorController.ApplyTo(&c.ComponentConfig.GarbageCollectorController); err != nil { - return err - } - if err := o.HPAController.ApplyTo(&c.ComponentConfig.HPAController); err != nil { - return err - } - if err := o.JobController.ApplyTo(&c.ComponentConfig.JobController); err != nil { - return err - } - if err := o.NamespaceController.ApplyTo(&c.ComponentConfig.NamespaceController); err != nil { - return err - } - if err := o.NodeIpamController.ApplyTo(&c.ComponentConfig.NodeIpamController); err != nil { - return err - } - if err := o.NodeLifecycleController.ApplyTo(&c.ComponentConfig.NodeLifecycleController); err != nil { - return err - } - if err := o.PersistentVolumeBinderController.ApplyTo(&c.ComponentConfig.PersistentVolumeBinderController); err != nil { - return err - } - if err := o.PodGCController.ApplyTo(&c.ComponentConfig.PodGCController); err != nil { - return err - } - if err := o.ReplicaSetController.ApplyTo(&c.ComponentConfig.ReplicaSetController); err != nil { - return err - } - if err := o.ReplicationController.ApplyTo(&c.ComponentConfig.ReplicationController); err != nil { - return err - } - if err := o.ResourceQuotaController.ApplyTo(&c.ComponentConfig.ResourceQuotaController); err != nil { - return err - } - if err := o.SAController.ApplyTo(&c.ComponentConfig.SAController); err != nil { - return err - } - if err := o.ServiceController.ApplyTo(&c.ComponentConfig.ServiceController); err != nil { - return err - } - if err := o.SecureServing.ApplyTo(&c.SecureServing); err != nil { - return err - } - if err := o.InsecureServing.ApplyTo(&c.InsecureServing); err != nil { - return err - } - if err := o.Authentication.ApplyTo(&c.Authentication, c.SecureServing, nil); err != nil { - return err - } - if err := o.Authorization.ApplyTo(&c.Authorization); err != nil { - return err - } - - // sync back to component config - // TODO: find more elegant way than synching back the values. - c.ComponentConfig.KubeCloudShared.Port = int32(o.InsecureServing.BindPort) - c.ComponentConfig.KubeCloudShared.Address = o.InsecureServing.BindAddress.String() - - var err error - c.Kubeconfig, err = clientcmd.BuildConfigFromFlags(o.Master, o.Kubeconfig) - if err != nil { - return err - } - c.Kubeconfig.ContentConfig.ContentType = o.GenericComponent.ContentType - c.Kubeconfig.QPS = o.GenericComponent.KubeAPIQPS - c.Kubeconfig.Burst = int(o.GenericComponent.KubeAPIBurst) - - c.Client, err = clientset.NewForConfig(restclient.AddUserAgent(c.Kubeconfig, userAgent)) - if err != nil { - return err - } - - c.LeaderElectionClient = clientset.NewForConfigOrDie(restclient.AddUserAgent(c.Kubeconfig, "leader-election")) - - c.EventRecorder = createRecorder(c.Client, userAgent) - - return nil -} - -// Validate checks GenericControllerManagerOptions and return a slice of found errors. -func (o *GenericControllerManagerOptions) Validate() []error { - errors := []error{} - errors = append(errors, o.CloudProvider.Validate()...) - errors = append(errors, o.Debugging.Validate()...) - errors = append(errors, o.GenericComponent.Validate()...) - errors = append(errors, o.KubeCloudShared.Validate()...) - errors = append(errors, o.AttachDetachController.Validate()...) - errors = append(errors, o.CSRSigningController.Validate()...) - errors = append(errors, o.DaemonSetController.Validate()...) - errors = append(errors, o.DeploymentController.Validate()...) - errors = append(errors, o.DeprecatedFlags.Validate()...) - errors = append(errors, o.EndPointController.Validate()...) - errors = append(errors, o.GarbageCollectorController.Validate()...) - errors = append(errors, o.HPAController.Validate()...) - errors = append(errors, o.JobController.Validate()...) - errors = append(errors, o.NamespaceController.Validate()...) - errors = append(errors, o.NodeIpamController.Validate()...) - errors = append(errors, o.NodeLifecycleController.Validate()...) - errors = append(errors, o.PersistentVolumeBinderController.Validate()...) - errors = append(errors, o.PodGCController.Validate()...) - errors = append(errors, o.ReplicaSetController.Validate()...) - errors = append(errors, o.ReplicationController.Validate()...) - errors = append(errors, o.ResourceQuotaController.Validate()...) - errors = append(errors, o.SAController.Validate()...) - errors = append(errors, o.ServiceController.Validate()...) - errors = append(errors, o.SecureServing.Validate()...) - errors = append(errors, o.InsecureServing.Validate()...) - errors = append(errors, o.Authentication.Validate()...) - errors = append(errors, o.Authorization.Validate()...) - - // TODO: validate component config, master and kubeconfig - - return errors -} - -func createRecorder(kubeClient kubernetes.Interface, userAgent string) record.EventRecorder { - eventBroadcaster := record.NewBroadcaster() - eventBroadcaster.StartLogging(glog.Infof) - eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")}) - return eventBroadcaster.NewRecorder(legacyscheme.Scheme, v1.EventSource{Component: userAgent}) -} diff --git a/cmd/kube-controller-manager/app/options/options.go b/cmd/kube-controller-manager/app/options/options.go index b4bb98a79c..2841dba49e 100644 --- a/cmd/kube-controller-manager/app/options/options.go +++ b/cmd/kube-controller-manager/app/options/options.go @@ -20,77 +20,236 @@ package options import ( "fmt" + "net" "strings" + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" + apiserveroptions "k8s.io/apiserver/pkg/server/options" utilfeature "k8s.io/apiserver/pkg/util/feature" + "k8s.io/client-go/kubernetes" + clientset "k8s.io/client-go/kubernetes" + v1core "k8s.io/client-go/kubernetes/typed/core/v1" + restclient "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + "k8s.io/client-go/tools/record" cmoptions "k8s.io/kubernetes/cmd/controller-manager/app/options" kubecontrollerconfig "k8s.io/kubernetes/cmd/kube-controller-manager/app/config" + "k8s.io/kubernetes/pkg/api/legacyscheme" "k8s.io/kubernetes/pkg/apis/componentconfig" + componentconfigv1alpha1 "k8s.io/kubernetes/pkg/apis/componentconfig/v1alpha1" "k8s.io/kubernetes/pkg/controller/garbagecollector" "k8s.io/kubernetes/pkg/master/ports" - // add the kubernetes feature gates _ "k8s.io/kubernetes/pkg/features" + "github.com/golang/glog" "github.com/spf13/pflag" ) -// KubeControllerManagerOptions is the main context object for the controller manager. +// KubeControllerManagerOptions is the main context object for the kube-controller manager. type KubeControllerManagerOptions struct { - Generic *cmoptions.GenericControllerManagerOptions + CloudProvider *cmoptions.CloudProviderOptions + Debugging *cmoptions.DebuggingOptions + GenericComponent *cmoptions.GenericComponentConfigOptions + KubeCloudShared *cmoptions.KubeCloudSharedOptions + + AttachDetachController *cmoptions.AttachDetachControllerOptions + CSRSigningController *cmoptions.CSRSigningControllerOptions + DaemonSetController *cmoptions.DaemonSetControllerOptions + DeploymentController *cmoptions.DeploymentControllerOptions + DeprecatedFlags *cmoptions.DeprecatedControllerOptions + EndPointController *cmoptions.EndPointControllerOptions + GarbageCollectorController *cmoptions.GarbageCollectorControllerOptions + HPAController *cmoptions.HPAControllerOptions + JobController *cmoptions.JobControllerOptions + NamespaceController *cmoptions.NamespaceControllerOptions + NodeIpamController *cmoptions.NodeIpamControllerOptions + NodeLifecycleController *cmoptions.NodeLifecycleControllerOptions + PersistentVolumeBinderController *cmoptions.PersistentVolumeBinderControllerOptions + PodGCController *cmoptions.PodGCControllerOptions + ReplicaSetController *cmoptions.ReplicaSetControllerOptions + ReplicationController *cmoptions.ReplicationControllerOptions + ResourceQuotaController *cmoptions.ResourceQuotaControllerOptions + SAController *cmoptions.SAControllerOptions + ServiceController *cmoptions.ServiceControllerOptions + + Controllers []string + ExternalCloudVolumePlugin string + + SecureServing *apiserveroptions.SecureServingOptions + // TODO: remove insecure serving mode + InsecureServing *cmoptions.InsecureServingOptions + Authentication *apiserveroptions.DelegatingAuthenticationOptions + Authorization *apiserveroptions.DelegatingAuthorizationOptions + + Master string + Kubeconfig string } // NewKubeControllerManagerOptions creates a new KubeControllerManagerOptions with a default config. func NewKubeControllerManagerOptions() *KubeControllerManagerOptions { - componentConfig := cmoptions.NewDefaultControllerManagerComponentConfig(ports.InsecureKubeControllerManagerPort) + componentConfig := NewDefaultComponentConfig(ports.InsecureKubeControllerManagerPort) s := KubeControllerManagerOptions{ - // The common/default are kept in 'cmd/kube-controller-manager/app/options/util.go'. - // Please make common changes there but put anything kube-controller specific here. - Generic: cmoptions.NewGenericControllerManagerOptions(componentConfig), + CloudProvider: &cmoptions.CloudProviderOptions{}, + Debugging: &cmoptions.DebuggingOptions{}, + GenericComponent: cmoptions.NewGenericComponentConfigOptions(componentConfig.GenericComponent), + KubeCloudShared: cmoptions.NewKubeCloudSharedOptions(componentConfig.KubeCloudShared), + AttachDetachController: &cmoptions.AttachDetachControllerOptions{ + ReconcilerSyncLoopPeriod: componentConfig.AttachDetachController.ReconcilerSyncLoopPeriod, + }, + CSRSigningController: &cmoptions.CSRSigningControllerOptions{ + ClusterSigningCertFile: componentConfig.CSRSigningController.ClusterSigningCertFile, + ClusterSigningKeyFile: componentConfig.CSRSigningController.ClusterSigningKeyFile, + ClusterSigningDuration: componentConfig.CSRSigningController.ClusterSigningDuration, + }, + DaemonSetController: &cmoptions.DaemonSetControllerOptions{ + ConcurrentDaemonSetSyncs: componentConfig.DaemonSetController.ConcurrentDaemonSetSyncs, + }, + DeploymentController: &cmoptions.DeploymentControllerOptions{ + ConcurrentDeploymentSyncs: componentConfig.DeploymentController.ConcurrentDeploymentSyncs, + DeploymentControllerSyncPeriod: componentConfig.DeploymentController.DeploymentControllerSyncPeriod, + }, + DeprecatedFlags: &cmoptions.DeprecatedControllerOptions{ + RegisterRetryCount: componentConfig.DeprecatedController.RegisterRetryCount, + }, + EndPointController: &cmoptions.EndPointControllerOptions{ + ConcurrentEndpointSyncs: componentConfig.EndPointController.ConcurrentEndpointSyncs, + }, + GarbageCollectorController: &cmoptions.GarbageCollectorControllerOptions{ + ConcurrentGCSyncs: componentConfig.GarbageCollectorController.ConcurrentGCSyncs, + EnableGarbageCollector: componentConfig.GarbageCollectorController.EnableGarbageCollector, + }, + HPAController: &cmoptions.HPAControllerOptions{ + HorizontalPodAutoscalerSyncPeriod: componentConfig.HPAController.HorizontalPodAutoscalerSyncPeriod, + HorizontalPodAutoscalerUpscaleForbiddenWindow: componentConfig.HPAController.HorizontalPodAutoscalerUpscaleForbiddenWindow, + HorizontalPodAutoscalerDownscaleForbiddenWindow: componentConfig.HPAController.HorizontalPodAutoscalerDownscaleForbiddenWindow, + HorizontalPodAutoscalerTolerance: componentConfig.HPAController.HorizontalPodAutoscalerTolerance, + HorizontalPodAutoscalerUseRESTClients: componentConfig.HPAController.HorizontalPodAutoscalerUseRESTClients, + }, + JobController: &cmoptions.JobControllerOptions{ + ConcurrentJobSyncs: componentConfig.JobController.ConcurrentJobSyncs, + }, + NamespaceController: &cmoptions.NamespaceControllerOptions{ + NamespaceSyncPeriod: componentConfig.NamespaceController.NamespaceSyncPeriod, + ConcurrentNamespaceSyncs: componentConfig.NamespaceController.ConcurrentNamespaceSyncs, + }, + NodeIpamController: &cmoptions.NodeIpamControllerOptions{ + NodeCIDRMaskSize: componentConfig.NodeIpamController.NodeCIDRMaskSize, + }, + NodeLifecycleController: &cmoptions.NodeLifecycleControllerOptions{ + EnableTaintManager: componentConfig.NodeLifecycleController.EnableTaintManager, + NodeMonitorGracePeriod: componentConfig.NodeLifecycleController.NodeMonitorGracePeriod, + NodeStartupGracePeriod: componentConfig.NodeLifecycleController.NodeStartupGracePeriod, + PodEvictionTimeout: componentConfig.NodeLifecycleController.PodEvictionTimeout, + }, + PersistentVolumeBinderController: &cmoptions.PersistentVolumeBinderControllerOptions{ + PVClaimBinderSyncPeriod: componentConfig.PersistentVolumeBinderController.PVClaimBinderSyncPeriod, + VolumeConfiguration: componentConfig.PersistentVolumeBinderController.VolumeConfiguration, + }, + PodGCController: &cmoptions.PodGCControllerOptions{ + TerminatedPodGCThreshold: componentConfig.PodGCController.TerminatedPodGCThreshold, + }, + ReplicaSetController: &cmoptions.ReplicaSetControllerOptions{ + ConcurrentRSSyncs: componentConfig.ReplicaSetController.ConcurrentRSSyncs, + }, + ReplicationController: &cmoptions.ReplicationControllerOptions{ + ConcurrentRCSyncs: componentConfig.ReplicationController.ConcurrentRCSyncs, + }, + ResourceQuotaController: &cmoptions.ResourceQuotaControllerOptions{ + ResourceQuotaSyncPeriod: componentConfig.ResourceQuotaController.ResourceQuotaSyncPeriod, + ConcurrentResourceQuotaSyncs: componentConfig.ResourceQuotaController.ConcurrentResourceQuotaSyncs, + }, + SAController: &cmoptions.SAControllerOptions{ + ConcurrentSATokenSyncs: componentConfig.SAController.ConcurrentSATokenSyncs, + }, + ServiceController: &cmoptions.ServiceControllerOptions{ + ConcurrentServiceSyncs: componentConfig.ServiceController.ConcurrentServiceSyncs, + }, + Controllers: componentConfig.Controllers, + SecureServing: apiserveroptions.NewSecureServingOptions(), + InsecureServing: &cmoptions.InsecureServingOptions{ + BindAddress: net.ParseIP(componentConfig.KubeCloudShared.Address), + BindPort: int(componentConfig.KubeCloudShared.Port), + BindNetwork: "tcp", + }, + Authentication: nil, // TODO: enable with apiserveroptions.NewDelegatingAuthenticationOptions() + Authorization: nil, // TODO: enable with apiserveroptions.NewDelegatingAuthorizationOptions() } - s.Generic.SecureServing.ServerCert.CertDirectory = "/var/run/kubernetes" - s.Generic.SecureServing.ServerCert.PairName = "kube-controller-manager" + s.SecureServing.ServerCert.CertDirectory = "/var/run/kubernetes" + s.SecureServing.ServerCert.PairName = "kube-controller-manager" + + // disable secure serving for now + // TODO: enable HTTPS by default + s.SecureServing.BindPort = 0 gcIgnoredResources := make([]componentconfig.GroupResource, 0, len(garbagecollector.DefaultIgnoredResources())) for r := range garbagecollector.DefaultIgnoredResources() { gcIgnoredResources = append(gcIgnoredResources, componentconfig.GroupResource{Group: r.Group, Resource: r.Resource}) } - s.Generic.GarbageCollectorController.GCIgnoredResources = gcIgnoredResources + s.GarbageCollectorController.GCIgnoredResources = gcIgnoredResources return &s } +// NewDefaultComponentConfig returns kube-controller manager configuration object. +func NewDefaultComponentConfig(insecurePort int32) componentconfig.KubeControllerManagerConfiguration { + scheme := runtime.NewScheme() + componentconfigv1alpha1.AddToScheme(scheme) + componentconfig.AddToScheme(scheme) + + versioned := componentconfigv1alpha1.KubeControllerManagerConfiguration{} + scheme.Default(&versioned) + + internal := componentconfig.KubeControllerManagerConfiguration{} + scheme.Convert(&versioned, &internal, nil) + internal.KubeCloudShared.Port = insecurePort + return internal +} + // AddFlags adds flags for a specific KubeControllerManagerOptions to the specified FlagSet func (s *KubeControllerManagerOptions) AddFlags(fs *pflag.FlagSet, allControllers []string, disabledByDefaultControllers []string) { - s.Generic.AddFlags(fs) - s.Generic.AttachDetachController.AddFlags(fs) - s.Generic.CSRSigningController.AddFlags(fs) - s.Generic.DeploymentController.AddFlags(fs) - s.Generic.DaemonSetController.AddFlags(fs) - s.Generic.DeprecatedFlags.AddFlags(fs) - s.Generic.EndPointController.AddFlags(fs) - s.Generic.GarbageCollectorController.AddFlags(fs) - s.Generic.HPAController.AddFlags(fs) - s.Generic.JobController.AddFlags(fs) - s.Generic.NamespaceController.AddFlags(fs) - s.Generic.NodeIpamController.AddFlags(fs) - s.Generic.NodeLifecycleController.AddFlags(fs) - s.Generic.PersistentVolumeBinderController.AddFlags(fs) - s.Generic.PodGCController.AddFlags(fs) - s.Generic.ReplicaSetController.AddFlags(fs) - s.Generic.ReplicationController.AddFlags(fs) - s.Generic.ResourceQuotaController.AddFlags(fs) - s.Generic.SAController.AddFlags(fs) + s.CloudProvider.AddFlags(fs) + s.Debugging.AddFlags(fs) + s.GenericComponent.AddFlags(fs) + s.KubeCloudShared.AddFlags(fs) + s.ServiceController.AddFlags(fs) - fs.StringSliceVar(&s.Generic.Controllers, "controllers", s.Generic.Controllers, fmt.Sprintf(""+ + s.SecureServing.AddFlags(fs) + s.InsecureServing.AddFlags(fs) + s.Authentication.AddFlags(fs) + s.Authorization.AddFlags(fs) + + s.AttachDetachController.AddFlags(fs) + s.CSRSigningController.AddFlags(fs) + s.DeploymentController.AddFlags(fs) + s.DaemonSetController.AddFlags(fs) + s.DeprecatedFlags.AddFlags(fs) + s.EndPointController.AddFlags(fs) + s.GarbageCollectorController.AddFlags(fs) + s.HPAController.AddFlags(fs) + s.JobController.AddFlags(fs) + s.NamespaceController.AddFlags(fs) + s.NodeIpamController.AddFlags(fs) + s.NodeLifecycleController.AddFlags(fs) + s.PersistentVolumeBinderController.AddFlags(fs) + s.PodGCController.AddFlags(fs) + s.ReplicaSetController.AddFlags(fs) + s.ReplicationController.AddFlags(fs) + s.ResourceQuotaController.AddFlags(fs) + s.SAController.AddFlags(fs) + + fs.StringVar(&s.Master, "master", s.Master, "The address of the Kubernetes API server (overrides any value in kubeconfig).") + fs.StringVar(&s.Kubeconfig, "kubeconfig", s.Kubeconfig, "Path to kubeconfig file with authorization and master location information.") + fs.StringSliceVar(&s.Controllers, "controllers", s.Controllers, fmt.Sprintf(""+ "A list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller "+ "named 'foo', '-foo' disables the controller named 'foo'.\nAll controllers: %s\nDisabled-by-default controllers: %s", strings.Join(allControllers, ", "), strings.Join(disabledByDefaultControllers, ", "))) - fs.StringVar(&s.Generic.ExternalCloudVolumePlugin, "external-cloud-volume-plugin", s.Generic.ExternalCloudVolumePlugin, "The plugin to use when cloud provider is set to external. Can be empty, should only be set when cloud-provider is external. Currently used to allow node and volume controllers to work for in tree cloud providers.") + fs.StringVar(&s.ExternalCloudVolumePlugin, "external-cloud-volume-plugin", s.ExternalCloudVolumePlugin, "The plugin to use when cloud provider is set to external. Can be empty, should only be set when cloud-provider is external. Currently used to allow node and volume controllers to work for in tree cloud providers.") var dummy string fs.MarkDeprecated("insecure-experimental-approve-all-kubelet-csrs-for-group", "This flag does nothing.") fs.StringVar(&dummy, "insecure-experimental-approve-all-kubelet-csrs-for-group", "", "This flag does nothing.") @@ -98,11 +257,114 @@ func (s *KubeControllerManagerOptions) AddFlags(fs *pflag.FlagSet, allController } // ApplyTo fills up controller manager config with options. -func (s *KubeControllerManagerOptions) ApplyTo(c *kubecontrollerconfig.Config) error { - err := s.Generic.ApplyTo(&c.Generic, "controller-manager") +func (s *KubeControllerManagerOptions) ApplyTo(c *kubecontrollerconfig.Config, userAgent string) error { + if err := s.CloudProvider.ApplyTo(&c.ComponentConfig.CloudProvider); err != nil { + return err + } + if err := s.Debugging.ApplyTo(&c.ComponentConfig.Debugging); err != nil { + return err + } + if err := s.GenericComponent.ApplyTo(&c.ComponentConfig.GenericComponent); err != nil { + return err + } + if err := s.KubeCloudShared.ApplyTo(&c.ComponentConfig.KubeCloudShared); err != nil { + return err + } + if err := s.AttachDetachController.ApplyTo(&c.ComponentConfig.AttachDetachController); err != nil { + return err + } + if err := s.CSRSigningController.ApplyTo(&c.ComponentConfig.CSRSigningController); err != nil { + return err + } + if err := s.DaemonSetController.ApplyTo(&c.ComponentConfig.DaemonSetController); err != nil { + return err + } + if err := s.DeploymentController.ApplyTo(&c.ComponentConfig.DeploymentController); err != nil { + return err + } + if err := s.DeprecatedFlags.ApplyTo(&c.ComponentConfig.DeprecatedController); err != nil { + return err + } + if err := s.EndPointController.ApplyTo(&c.ComponentConfig.EndPointController); err != nil { + return err + } + if err := s.GarbageCollectorController.ApplyTo(&c.ComponentConfig.GarbageCollectorController); err != nil { + return err + } + if err := s.HPAController.ApplyTo(&c.ComponentConfig.HPAController); err != nil { + return err + } + if err := s.JobController.ApplyTo(&c.ComponentConfig.JobController); err != nil { + return err + } + if err := s.NamespaceController.ApplyTo(&c.ComponentConfig.NamespaceController); err != nil { + return err + } + if err := s.NodeIpamController.ApplyTo(&c.ComponentConfig.NodeIpamController); err != nil { + return err + } + if err := s.NodeLifecycleController.ApplyTo(&c.ComponentConfig.NodeLifecycleController); err != nil { + return err + } + if err := s.PersistentVolumeBinderController.ApplyTo(&c.ComponentConfig.PersistentVolumeBinderController); err != nil { + return err + } + if err := s.PodGCController.ApplyTo(&c.ComponentConfig.PodGCController); err != nil { + return err + } + if err := s.ReplicaSetController.ApplyTo(&c.ComponentConfig.ReplicaSetController); err != nil { + return err + } + if err := s.ReplicationController.ApplyTo(&c.ComponentConfig.ReplicationController); err != nil { + return err + } + if err := s.ResourceQuotaController.ApplyTo(&c.ComponentConfig.ResourceQuotaController); err != nil { + return err + } + if err := s.SAController.ApplyTo(&c.ComponentConfig.SAController); err != nil { + return err + } + if err := s.ServiceController.ApplyTo(&c.ComponentConfig.ServiceController); err != nil { + return err + } + if err := s.SecureServing.ApplyTo(&c.SecureServing); err != nil { + return err + } + if err := s.InsecureServing.ApplyTo(&c.InsecureServing); err != nil { + return err + } + if err := s.Authentication.ApplyTo(&c.Authentication, c.SecureServing, nil); err != nil { + return err + } + if err := s.Authorization.ApplyTo(&c.Authorization); err != nil { + return err + } - c.Generic.ComponentConfig.Controllers = s.Generic.Controllers - c.Generic.ComponentConfig.ExternalCloudVolumePlugin = s.Generic.ExternalCloudVolumePlugin + // sync back to component config + // TODO: find more elegant way than synching back the values. + c.ComponentConfig.KubeCloudShared.Port = int32(s.InsecureServing.BindPort) + c.ComponentConfig.KubeCloudShared.Address = s.InsecureServing.BindAddress.String() + + var err error + c.Kubeconfig, err = clientcmd.BuildConfigFromFlags(s.Master, s.Kubeconfig) + if err != nil { + return err + } + c.Kubeconfig.ContentConfig.ContentType = s.GenericComponent.ContentType + c.Kubeconfig.QPS = s.GenericComponent.KubeAPIQPS + c.Kubeconfig.Burst = int(s.GenericComponent.KubeAPIBurst) + + c.Client, err = clientset.NewForConfig(restclient.AddUserAgent(c.Kubeconfig, userAgent)) + if err != nil { + return err + } + + c.LeaderElectionClient = clientset.NewForConfigOrDie(restclient.AddUserAgent(c.Kubeconfig, "leader-election")) + + c.EventRecorder = createRecorder(c.Client, userAgent) + + c.ComponentConfig.Controllers = s.Controllers + c.ComponentConfig.ExternalCloudVolumePlugin = s.ExternalCloudVolumePlugin return err } @@ -111,8 +373,38 @@ func (s *KubeControllerManagerOptions) ApplyTo(c *kubecontrollerconfig.Config) e func (s *KubeControllerManagerOptions) Validate(allControllers []string, disabledByDefaultControllers []string) error { var errs []error + errs = append(errs, s.CloudProvider.Validate()...) + errs = append(errs, s.Debugging.Validate()...) + errs = append(errs, s.GenericComponent.Validate()...) + errs = append(errs, s.KubeCloudShared.Validate()...) + errs = append(errs, s.AttachDetachController.Validate()...) + errs = append(errs, s.CSRSigningController.Validate()...) + errs = append(errs, s.DaemonSetController.Validate()...) + errs = append(errs, s.DeploymentController.Validate()...) + errs = append(errs, s.DeprecatedFlags.Validate()...) + errs = append(errs, s.EndPointController.Validate()...) + errs = append(errs, s.GarbageCollectorController.Validate()...) + errs = append(errs, s.HPAController.Validate()...) + errs = append(errs, s.JobController.Validate()...) + errs = append(errs, s.NamespaceController.Validate()...) + errs = append(errs, s.NodeIpamController.Validate()...) + errs = append(errs, s.NodeLifecycleController.Validate()...) + errs = append(errs, s.PersistentVolumeBinderController.Validate()...) + errs = append(errs, s.PodGCController.Validate()...) + errs = append(errs, s.ReplicaSetController.Validate()...) + errs = append(errs, s.ReplicationController.Validate()...) + errs = append(errs, s.ResourceQuotaController.Validate()...) + errs = append(errs, s.SAController.Validate()...) + errs = append(errs, s.ServiceController.Validate()...) + errs = append(errs, s.SecureServing.Validate()...) + errs = append(errs, s.InsecureServing.Validate()...) + errs = append(errs, s.Authentication.Validate()...) + errs = append(errs, s.Authorization.Validate()...) + + // TODO: validate component config, master and kubeconfig + allControllersSet := sets.NewString(allControllers...) - for _, controller := range s.Generic.Controllers { + for _, controller := range s.Controllers { if controller == "*" { continue } @@ -135,9 +427,16 @@ func (s KubeControllerManagerOptions) Config(allControllers []string, disabledBy } c := &kubecontrollerconfig.Config{} - if err := s.ApplyTo(c); err != nil { + if err := s.ApplyTo(c, "kube-controller-manager"); err != nil { return nil, err } return c, nil } + +func createRecorder(kubeClient kubernetes.Interface, userAgent string) record.EventRecorder { + eventBroadcaster := record.NewBroadcaster() + eventBroadcaster.StartLogging(glog.Infof) + eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")}) + return eventBroadcaster.NewRecorder(legacyscheme.Scheme, v1.EventSource{Component: userAgent}) +} diff --git a/cmd/kube-controller-manager/app/options/options_test.go b/cmd/kube-controller-manager/app/options/options_test.go index 2b4a86ee8f..0e69b91b85 100644 --- a/cmd/kube-controller-manager/app/options/options_test.go +++ b/cmd/kube-controller-manager/app/options/options_test.go @@ -113,169 +113,167 @@ func TestAddFlags(t *testing.T) { f.Parse(args) // Sort GCIgnoredResources because it's built from a map, which means the // insertion order is random. - sort.Sort(sortedGCIgnoredResources(s.Generic.GarbageCollectorController.GCIgnoredResources)) + sort.Sort(sortedGCIgnoredResources(s.GarbageCollectorController.GCIgnoredResources)) expected := &KubeControllerManagerOptions{ - Generic: &cmoptions.GenericControllerManagerOptions{ - CloudProvider: &cmoptions.CloudProviderOptions{ - Name: "gce", - CloudConfigFile: "/cloud-config", - }, - Debugging: &cmoptions.DebuggingOptions{ - EnableProfiling: false, - EnableContentionProfiling: true, - }, - GenericComponent: &cmoptions.GenericComponentConfigOptions{ - MinResyncPeriod: metav1.Duration{Duration: 8 * time.Hour}, - ContentType: "application/json", - KubeAPIQPS: 50.0, - KubeAPIBurst: 100, - ControllerStartInterval: metav1.Duration{Duration: 2 * time.Minute}, - LeaderElection: componentconfig.LeaderElectionConfiguration{ - ResourceLock: "configmap", - LeaderElect: false, - LeaseDuration: metav1.Duration{Duration: 30 * time.Second}, - RenewDeadline: metav1.Duration{Duration: 15 * time.Second}, - RetryPeriod: metav1.Duration{Duration: 5 * time.Second}, - }, - }, - KubeCloudShared: &cmoptions.KubeCloudSharedOptions{ - Port: 10252, // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config + AllocateNodeCIDRs: true, - Address: "0.0.0.0", // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config - UseServiceAccountCredentials: true, - RouteReconciliationPeriod: metav1.Duration{Duration: 30 * time.Second}, - NodeMonitorPeriod: metav1.Duration{Duration: 10 * time.Second}, - ClusterName: "k8s", - ClusterCIDR: "1.2.3.4/24", - AllocateNodeCIDRs: true, - CIDRAllocatorType: "CloudAllocator", - ConfigureCloudRoutes: false, - ServiceAccountKeyFile: "/service-account-private-key", - }, - AttachDetachController: &cmoptions.AttachDetachControllerOptions{ - ReconcilerSyncLoopPeriod: metav1.Duration{Duration: 30 * time.Second}, - DisableAttachDetachReconcilerSync: true, - }, - CSRSigningController: &cmoptions.CSRSigningControllerOptions{ - ClusterSigningCertFile: "/cluster-signing-cert", - ClusterSigningKeyFile: "/cluster-signing-key", - ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour}, - }, - DaemonSetController: &cmoptions.DaemonSetControllerOptions{ - ConcurrentDaemonSetSyncs: 2, - }, - DeploymentController: &cmoptions.DeploymentControllerOptions{ - ConcurrentDeploymentSyncs: 10, - DeploymentControllerSyncPeriod: metav1.Duration{Duration: 45 * time.Second}, - }, - DeprecatedFlags: &cmoptions.DeprecatedControllerOptions{ - DeletingPodsQPS: 0.1, - RegisterRetryCount: 10, - }, - EndPointController: &cmoptions.EndPointControllerOptions{ - ConcurrentEndpointSyncs: 10, - }, - GarbageCollectorController: &cmoptions.GarbageCollectorControllerOptions{ - ConcurrentGCSyncs: 30, - GCIgnoredResources: []componentconfig.GroupResource{ - {Group: "extensions", Resource: "replicationcontrollers"}, - {Group: "", Resource: "bindings"}, - {Group: "", Resource: "componentstatuses"}, - {Group: "", Resource: "events"}, - {Group: "authentication.k8s.io", Resource: "tokenreviews"}, - {Group: "authorization.k8s.io", Resource: "subjectaccessreviews"}, - {Group: "authorization.k8s.io", Resource: "selfsubjectaccessreviews"}, - {Group: "authorization.k8s.io", Resource: "localsubjectaccessreviews"}, - {Group: "authorization.k8s.io", Resource: "selfsubjectrulesreviews"}, - {Group: "apiregistration.k8s.io", Resource: "apiservices"}, - {Group: "apiextensions.k8s.io", Resource: "customresourcedefinitions"}, - }, - EnableGarbageCollector: false, - }, - HPAController: &cmoptions.HPAControllerOptions{ - HorizontalPodAutoscalerSyncPeriod: metav1.Duration{Duration: 45 * time.Second}, - HorizontalPodAutoscalerUpscaleForbiddenWindow: metav1.Duration{Duration: 1 * time.Minute}, - HorizontalPodAutoscalerDownscaleForbiddenWindow: metav1.Duration{Duration: 2 * time.Minute}, - HorizontalPodAutoscalerTolerance: 0.1, - HorizontalPodAutoscalerUseRESTClients: true, - }, - JobController: &cmoptions.JobControllerOptions{ - ConcurrentJobSyncs: 5, - }, - NamespaceController: &cmoptions.NamespaceControllerOptions{ - NamespaceSyncPeriod: metav1.Duration{Duration: 10 * time.Minute}, - ConcurrentNamespaceSyncs: 20, - }, - NodeIpamController: &cmoptions.NodeIpamControllerOptions{ - NodeCIDRMaskSize: 48, - }, - NodeLifecycleController: &cmoptions.NodeLifecycleControllerOptions{ - EnableTaintManager: false, - NodeEvictionRate: 0.2, - SecondaryNodeEvictionRate: 0.05, - NodeMonitorGracePeriod: metav1.Duration{Duration: 30 * time.Second}, - NodeStartupGracePeriod: metav1.Duration{Duration: 30 * time.Second}, - PodEvictionTimeout: metav1.Duration{Duration: 2 * time.Minute}, - LargeClusterSizeThreshold: 100, - UnhealthyZoneThreshold: 0.6, - }, - PersistentVolumeBinderController: &cmoptions.PersistentVolumeBinderControllerOptions{ - PVClaimBinderSyncPeriod: metav1.Duration{Duration: 30 * time.Second}, - VolumeConfiguration: componentconfig.VolumeConfiguration{ - EnableDynamicProvisioning: false, - EnableHostPathProvisioning: true, - FlexVolumePluginDir: "/flex-volume-plugin", - PersistentVolumeRecyclerConfiguration: componentconfig.PersistentVolumeRecyclerConfiguration{ - MaximumRetry: 3, - MinimumTimeoutNFS: 200, - IncrementTimeoutNFS: 45, - MinimumTimeoutHostPath: 45, - IncrementTimeoutHostPath: 45, - }, - }, - }, - PodGCController: &cmoptions.PodGCControllerOptions{ - TerminatedPodGCThreshold: 12000, - }, - ReplicaSetController: &cmoptions.ReplicaSetControllerOptions{ - ConcurrentRSSyncs: 10, - }, - ReplicationController: &cmoptions.ReplicationControllerOptions{ - ConcurrentRCSyncs: 10, - }, - ResourceQuotaController: &cmoptions.ResourceQuotaControllerOptions{ - ResourceQuotaSyncPeriod: metav1.Duration{Duration: 10 * time.Minute}, - ConcurrentResourceQuotaSyncs: 10, - }, - SAController: &cmoptions.SAControllerOptions{ - ConcurrentSATokenSyncs: 10, - }, - ServiceController: &cmoptions.ServiceControllerOptions{ - ConcurrentServiceSyncs: 2, - }, - Controllers: []string{"foo", "bar"}, - SecureServing: &apiserveroptions.SecureServingOptions{ - BindPort: 10001, - BindAddress: net.ParseIP("192.168.4.21"), - ServerCert: apiserveroptions.GeneratableKeyCert{ - CertDirectory: "/a/b/c", - PairName: "kube-controller-manager", - }, - HTTP2MaxStreamsPerConnection: 47, - }, - InsecureServing: &cmoptions.InsecureServingOptions{ - BindAddress: net.ParseIP("192.168.4.10"), - BindPort: int(10000), - BindNetwork: "tcp", - }, - Kubeconfig: "/kubeconfig", - Master: "192.168.4.20", + CloudProvider: &cmoptions.CloudProviderOptions{ + Name: "gce", + CloudConfigFile: "/cloud-config", }, + Debugging: &cmoptions.DebuggingOptions{ + EnableProfiling: false, + EnableContentionProfiling: true, + }, + GenericComponent: &cmoptions.GenericComponentConfigOptions{ + MinResyncPeriod: metav1.Duration{Duration: 8 * time.Hour}, + ContentType: "application/json", + KubeAPIQPS: 50.0, + KubeAPIBurst: 100, + ControllerStartInterval: metav1.Duration{Duration: 2 * time.Minute}, + LeaderElection: componentconfig.LeaderElectionConfiguration{ + ResourceLock: "configmap", + LeaderElect: false, + LeaseDuration: metav1.Duration{Duration: 30 * time.Second}, + RenewDeadline: metav1.Duration{Duration: 15 * time.Second}, + RetryPeriod: metav1.Duration{Duration: 5 * time.Second}, + }, + }, + KubeCloudShared: &cmoptions.KubeCloudSharedOptions{ + Port: 10252, // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config + AllocateNodeCIDRs: true, + Address: "0.0.0.0", // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config + UseServiceAccountCredentials: true, + RouteReconciliationPeriod: metav1.Duration{Duration: 30 * time.Second}, + NodeMonitorPeriod: metav1.Duration{Duration: 10 * time.Second}, + ClusterName: "k8s", + ClusterCIDR: "1.2.3.4/24", + AllocateNodeCIDRs: true, + CIDRAllocatorType: "CloudAllocator", + ConfigureCloudRoutes: false, + ServiceAccountKeyFile: "/service-account-private-key", + }, + AttachDetachController: &cmoptions.AttachDetachControllerOptions{ + ReconcilerSyncLoopPeriod: metav1.Duration{Duration: 30 * time.Second}, + DisableAttachDetachReconcilerSync: true, + }, + CSRSigningController: &cmoptions.CSRSigningControllerOptions{ + ClusterSigningCertFile: "/cluster-signing-cert", + ClusterSigningKeyFile: "/cluster-signing-key", + ClusterSigningDuration: metav1.Duration{Duration: 10 * time.Hour}, + }, + DaemonSetController: &cmoptions.DaemonSetControllerOptions{ + ConcurrentDaemonSetSyncs: 2, + }, + DeploymentController: &cmoptions.DeploymentControllerOptions{ + ConcurrentDeploymentSyncs: 10, + DeploymentControllerSyncPeriod: metav1.Duration{Duration: 45 * time.Second}, + }, + DeprecatedFlags: &cmoptions.DeprecatedControllerOptions{ + DeletingPodsQPS: 0.1, + RegisterRetryCount: 10, + }, + EndPointController: &cmoptions.EndPointControllerOptions{ + ConcurrentEndpointSyncs: 10, + }, + GarbageCollectorController: &cmoptions.GarbageCollectorControllerOptions{ + ConcurrentGCSyncs: 30, + GCIgnoredResources: []componentconfig.GroupResource{ + {Group: "extensions", Resource: "replicationcontrollers"}, + {Group: "", Resource: "bindings"}, + {Group: "", Resource: "componentstatuses"}, + {Group: "", Resource: "events"}, + {Group: "authentication.k8s.io", Resource: "tokenreviews"}, + {Group: "authorization.k8s.io", Resource: "subjectaccessreviews"}, + {Group: "authorization.k8s.io", Resource: "selfsubjectaccessreviews"}, + {Group: "authorization.k8s.io", Resource: "localsubjectaccessreviews"}, + {Group: "authorization.k8s.io", Resource: "selfsubjectrulesreviews"}, + {Group: "apiregistration.k8s.io", Resource: "apiservices"}, + {Group: "apiextensions.k8s.io", Resource: "customresourcedefinitions"}, + }, + EnableGarbageCollector: false, + }, + HPAController: &cmoptions.HPAControllerOptions{ + HorizontalPodAutoscalerSyncPeriod: metav1.Duration{Duration: 45 * time.Second}, + HorizontalPodAutoscalerUpscaleForbiddenWindow: metav1.Duration{Duration: 1 * time.Minute}, + HorizontalPodAutoscalerDownscaleForbiddenWindow: metav1.Duration{Duration: 2 * time.Minute}, + HorizontalPodAutoscalerTolerance: 0.1, + HorizontalPodAutoscalerUseRESTClients: true, + }, + JobController: &cmoptions.JobControllerOptions{ + ConcurrentJobSyncs: 5, + }, + NamespaceController: &cmoptions.NamespaceControllerOptions{ + NamespaceSyncPeriod: metav1.Duration{Duration: 10 * time.Minute}, + ConcurrentNamespaceSyncs: 20, + }, + NodeIpamController: &cmoptions.NodeIpamControllerOptions{ + NodeCIDRMaskSize: 48, + }, + NodeLifecycleController: &cmoptions.NodeLifecycleControllerOptions{ + EnableTaintManager: false, + NodeEvictionRate: 0.2, + SecondaryNodeEvictionRate: 0.05, + NodeMonitorGracePeriod: metav1.Duration{Duration: 30 * time.Second}, + NodeStartupGracePeriod: metav1.Duration{Duration: 30 * time.Second}, + PodEvictionTimeout: metav1.Duration{Duration: 2 * time.Minute}, + LargeClusterSizeThreshold: 100, + UnhealthyZoneThreshold: 0.6, + }, + PersistentVolumeBinderController: &cmoptions.PersistentVolumeBinderControllerOptions{ + PVClaimBinderSyncPeriod: metav1.Duration{Duration: 30 * time.Second}, + VolumeConfiguration: componentconfig.VolumeConfiguration{ + EnableDynamicProvisioning: false, + EnableHostPathProvisioning: true, + FlexVolumePluginDir: "/flex-volume-plugin", + PersistentVolumeRecyclerConfiguration: componentconfig.PersistentVolumeRecyclerConfiguration{ + MaximumRetry: 3, + MinimumTimeoutNFS: 200, + IncrementTimeoutNFS: 45, + MinimumTimeoutHostPath: 45, + IncrementTimeoutHostPath: 45, + }, + }, + }, + PodGCController: &cmoptions.PodGCControllerOptions{ + TerminatedPodGCThreshold: 12000, + }, + ReplicaSetController: &cmoptions.ReplicaSetControllerOptions{ + ConcurrentRSSyncs: 10, + }, + ReplicationController: &cmoptions.ReplicationControllerOptions{ + ConcurrentRCSyncs: 10, + }, + ResourceQuotaController: &cmoptions.ResourceQuotaControllerOptions{ + ResourceQuotaSyncPeriod: metav1.Duration{Duration: 10 * time.Minute}, + ConcurrentResourceQuotaSyncs: 10, + }, + SAController: &cmoptions.SAControllerOptions{ + ConcurrentSATokenSyncs: 10, + }, + ServiceController: &cmoptions.ServiceControllerOptions{ + ConcurrentServiceSyncs: 2, + }, + Controllers: []string{"foo", "bar"}, + SecureServing: &apiserveroptions.SecureServingOptions{ + BindPort: 10001, + BindAddress: net.ParseIP("192.168.4.21"), + ServerCert: apiserveroptions.GeneratableKeyCert{ + CertDirectory: "/a/b/c", + PairName: "kube-controller-manager", + }, + HTTP2MaxStreamsPerConnection: 47, + }, + InsecureServing: &cmoptions.InsecureServingOptions{ + BindAddress: net.ParseIP("192.168.4.10"), + BindPort: int(10000), + BindNetwork: "tcp", + }, + Kubeconfig: "/kubeconfig", + Master: "192.168.4.20", } // Sort GCIgnoredResources because it's built from a map, which means the // insertion order is random. - sort.Sort(sortedGCIgnoredResources(expected.Generic.GarbageCollectorController.GCIgnoredResources)) + sort.Sort(sortedGCIgnoredResources(expected.GarbageCollectorController.GCIgnoredResources)) if !reflect.DeepEqual(expected, s) { t.Errorf("Got different run options than expected.\nDifference detected on:\n%s", diff.ObjectReflectDiff(expected, s))