From f45d9dc2f8339e649262ae760fabc1e8486ab2d9 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Mon, 23 May 2016 12:51:02 -0400 Subject: [PATCH] Convert service account token controller to use a work queue --- .../app/controllermanager.go | 4 +- .../app/options/options.go | 2 + .../controllermanager/controllermanager.go | 4 +- hack/verify-flags/known-flags.txt | 1 + .../componentconfig/deep_copy_generated.go | 1 + pkg/apis/componentconfig/types.generated.go | 1541 +++++++++-------- pkg/apis/componentconfig/types.go | 3 + .../serviceaccount/tokens_controller.go | 661 ++++--- .../serviceaccount/tokens_controller_test.go | 204 ++- test/integration/service_account_test.go | 5 +- 10 files changed, 1401 insertions(+), 1025 deletions(-) diff --git a/cmd/kube-controller-manager/app/controllermanager.go b/cmd/kube-controller-manager/app/controllermanager.go index d10e660eac..1353f2b293 100644 --- a/cmd/kube-controller-manager/app/controllermanager.go +++ b/cmd/kube-controller-manager/app/controllermanager.go @@ -439,13 +439,13 @@ func StartControllers(s *options.CMServer, kubeClient *client.Client, kubeconfig if err != nil { glog.Errorf("Error reading key for service account token controller: %v", err) } else { - serviceaccountcontroller.NewTokensController( + go serviceaccountcontroller.NewTokensController( clientset.NewForConfigOrDie(restclient.AddUserAgent(kubeconfig, "tokens-controller")), serviceaccountcontroller.TokensControllerOptions{ TokenGenerator: serviceaccount.JWTTokenGenerator(privateKey), RootCA: rootCA, }, - ).Run() + ).Run(int(s.ConcurrentSATokenSyncs), wait.NeverStop) time.Sleep(wait.Jitter(s.ControllerStartInterval.Duration, ControllerStartJitter)) } } diff --git a/cmd/kube-controller-manager/app/options/options.go b/cmd/kube-controller-manager/app/options/options.go index b862ba4db9..5944a5b639 100644 --- a/cmd/kube-controller-manager/app/options/options.go +++ b/cmd/kube-controller-manager/app/options/options.go @@ -53,6 +53,7 @@ func NewCMServer() *CMServer { ConcurrentResourceQuotaSyncs: 5, ConcurrentDeploymentSyncs: 5, ConcurrentNamespaceSyncs: 2, + ConcurrentSATokenSyncs: 5, LookupCacheSizeForRC: 4096, LookupCacheSizeForRS: 4096, LookupCacheSizeForDaemonSet: 1024, @@ -108,6 +109,7 @@ func (s *CMServer) AddFlags(fs *pflag.FlagSet) { fs.Int32Var(&s.ConcurrentResourceQuotaSyncs, "concurrent-resource-quota-syncs", s.ConcurrentResourceQuotaSyncs, "The number of resource quotas that are allowed to sync concurrently. Larger number = more responsive quota management, but more CPU (and network) load") fs.Int32Var(&s.ConcurrentDeploymentSyncs, "concurrent-deployment-syncs", s.ConcurrentDeploymentSyncs, "The number of deployment objects that are allowed to sync concurrently. Larger number = more responsive deployments, but more CPU (and network) load") fs.Int32Var(&s.ConcurrentNamespaceSyncs, "concurrent-namespace-syncs", s.ConcurrentNamespaceSyncs, "The number of namespace objects that are allowed to sync concurrently. Larger number = more responsive namespace termination, but more CPU (and network) load") + fs.Int32Var(&s.ConcurrentSATokenSyncs, "concurrent-serviceaccount-token-syncs", s.ConcurrentSATokenSyncs, "The number of service account token objects that are allowed to sync concurrently. Larger number = more responsive token generation, but more CPU (and network) load") fs.Int32Var(&s.LookupCacheSizeForRC, "replication-controller-lookup-cache-size", s.LookupCacheSizeForRC, "The the size of lookup cache for replication controllers. Larger number = more responsive replica management, but more MEM load.") fs.Int32Var(&s.LookupCacheSizeForRS, "replicaset-lookup-cache-size", s.LookupCacheSizeForRS, "The the size of lookup cache for replicatsets. Larger number = more responsive replica management, but more MEM load.") fs.Int32Var(&s.LookupCacheSizeForDaemonSet, "daemonset-lookup-cache-size", s.LookupCacheSizeForDaemonSet, "The the size of lookup cache for daemonsets. Larger number = more responsive daemonsets, but more MEM load.") diff --git a/contrib/mesos/pkg/controllermanager/controllermanager.go b/contrib/mesos/pkg/controllermanager/controllermanager.go index 757c1db384..ca9dc076a4 100644 --- a/contrib/mesos/pkg/controllermanager/controllermanager.go +++ b/contrib/mesos/pkg/controllermanager/controllermanager.go @@ -310,13 +310,13 @@ func (s *CMServer) Run(_ []string) error { if err != nil { glog.Errorf("Error reading key for service account token controller: %v", err) } else { - serviceaccountcontroller.NewTokensController( + go serviceaccountcontroller.NewTokensController( clientset.NewForConfigOrDie(restclient.AddUserAgent(kubeconfig, "tokens-controller")), serviceaccountcontroller.TokensControllerOptions{ TokenGenerator: serviceaccount.JWTTokenGenerator(privateKey), RootCA: rootCA, }, - ).Run() + ).Run(int(s.ConcurrentSATokenSyncs), wait.NeverStop) } } diff --git a/hack/verify-flags/known-flags.txt b/hack/verify-flags/known-flags.txt index 44185ce93b..2bc21c823b 100644 --- a/hack/verify-flags/known-flags.txt +++ b/hack/verify-flags/known-flags.txt @@ -65,6 +65,7 @@ concurrent-namespace-syncs concurrent-replicaset-syncs concurrent-service-syncs concurrent-resource-quota-syncs +concurrent-serviceaccount-token-syncs config-sync-period configure-cbr0 configure-cloud-routes diff --git a/pkg/apis/componentconfig/deep_copy_generated.go b/pkg/apis/componentconfig/deep_copy_generated.go index c18e2e5c31..e4f82bcb2a 100644 --- a/pkg/apis/componentconfig/deep_copy_generated.go +++ b/pkg/apis/componentconfig/deep_copy_generated.go @@ -70,6 +70,7 @@ func DeepCopy_componentconfig_KubeControllerManagerConfiguration(in KubeControll out.ConcurrentDaemonSetSyncs = in.ConcurrentDaemonSetSyncs out.ConcurrentJobSyncs = in.ConcurrentJobSyncs out.ConcurrentNamespaceSyncs = in.ConcurrentNamespaceSyncs + out.ConcurrentSATokenSyncs = in.ConcurrentSATokenSyncs out.LookupCacheSizeForRC = in.LookupCacheSizeForRC out.LookupCacheSizeForRS = in.LookupCacheSizeForRS out.LookupCacheSizeForDaemonSet = in.LookupCacheSizeForDaemonSet diff --git a/pkg/apis/componentconfig/types.generated.go b/pkg/apis/componentconfig/types.generated.go index b76ca11f99..d821232e4a 100644 --- a/pkg/apis/componentconfig/types.generated.go +++ b/pkg/apis/componentconfig/types.generated.go @@ -6518,16 +6518,16 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { yysep2 := !z.EncBinary() yy2arr2 := z.EncBasicHandle().StructToArray - var yyq2 [49]bool + var yyq2 [50]bool _, _, _ = yysep2, yyq2, yy2arr2 const yyr2 bool = false - yyq2[47] = x.Kind != "" - yyq2[48] = x.APIVersion != "" + yyq2[48] = x.Kind != "" + yyq2[49] = x.APIVersion != "" var yynn2 int if yyr2 || yy2arr2 { - r.EncodeArrayStart(49) + r.EncodeArrayStart(50) } else { - yynn2 = 47 + yynn2 = 48 for _, b := range yyq2 { if b { yynn2++ @@ -6770,17 +6770,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym40 if false { } else { - r.EncodeInt(int64(x.LookupCacheSizeForRC)) + r.EncodeInt(int64(x.ConcurrentSATokenSyncs)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("lookupCacheSizeForRC")) + r.EncodeString(codecSelferC_UTF81234, string("concurrentSATokenSyncs")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym41 := z.EncBinary() _ = yym41 if false { } else { - r.EncodeInt(int64(x.LookupCacheSizeForRC)) + r.EncodeInt(int64(x.ConcurrentSATokenSyncs)) } } if yyr2 || yy2arr2 { @@ -6789,17 +6789,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym43 if false { } else { - r.EncodeInt(int64(x.LookupCacheSizeForRS)) + r.EncodeInt(int64(x.LookupCacheSizeForRC)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("lookupCacheSizeForRS")) + r.EncodeString(codecSelferC_UTF81234, string("lookupCacheSizeForRC")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym44 := z.EncBinary() _ = yym44 if false { } else { - r.EncodeInt(int64(x.LookupCacheSizeForRS)) + r.EncodeInt(int64(x.LookupCacheSizeForRC)) } } if yyr2 || yy2arr2 { @@ -6807,6 +6807,25 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode yym46 := z.EncBinary() _ = yym46 if false { + } else { + r.EncodeInt(int64(x.LookupCacheSizeForRS)) + } + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("lookupCacheSizeForRS")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym47 := z.EncBinary() + _ = yym47 + if false { + } else { + r.EncodeInt(int64(x.LookupCacheSizeForRS)) + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yym49 := z.EncBinary() + _ = yym49 + if false { } else { r.EncodeInt(int64(x.LookupCacheSizeForDaemonSet)) } @@ -6814,8 +6833,8 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("lookupCacheSizeForDaemonSet")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym47 := z.EncBinary() - _ = yym47 + yym50 := z.EncBinary() + _ = yym50 if false { } else { r.EncodeInt(int64(x.LookupCacheSizeForDaemonSet)) @@ -6823,34 +6842,21 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy49 := &x.ServiceSyncPeriod - yym50 := z.EncBinary() - _ = yym50 + yy52 := &x.ServiceSyncPeriod + yym53 := z.EncBinary() + _ = yym53 if false { - } else if z.HasExtensions() && z.EncExt(yy49) { - } else if !yym50 && z.IsJSONHandle() { - z.EncJSONMarshal(yy49) + } else if z.HasExtensions() && z.EncExt(yy52) { + } else if !yym53 && z.IsJSONHandle() { + z.EncJSONMarshal(yy52) } else { - z.EncFallback(yy49) + z.EncFallback(yy52) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("serviceSyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy51 := &x.ServiceSyncPeriod - yym52 := z.EncBinary() - _ = yym52 - if false { - } else if z.HasExtensions() && z.EncExt(yy51) { - } else if !yym52 && z.IsJSONHandle() { - z.EncJSONMarshal(yy51) - } else { - z.EncFallback(yy51) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy54 := &x.NodeSyncPeriod + yy54 := &x.ServiceSyncPeriod yym55 := z.EncBinary() _ = yym55 if false { @@ -6860,24 +6866,24 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy54) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy57 := &x.NodeSyncPeriod + yym58 := z.EncBinary() + _ = yym58 + if false { + } else if z.HasExtensions() && z.EncExt(yy57) { + } else if !yym58 && z.IsJSONHandle() { + z.EncJSONMarshal(yy57) + } else { + z.EncFallback(yy57) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("nodeSyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy56 := &x.NodeSyncPeriod - yym57 := z.EncBinary() - _ = yym57 - if false { - } else if z.HasExtensions() && z.EncExt(yy56) { - } else if !yym57 && z.IsJSONHandle() { - z.EncJSONMarshal(yy56) - } else { - z.EncFallback(yy56) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy59 := &x.ResourceQuotaSyncPeriod + yy59 := &x.NodeSyncPeriod yym60 := z.EncBinary() _ = yym60 if false { @@ -6887,24 +6893,24 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy59) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy62 := &x.ResourceQuotaSyncPeriod + yym63 := z.EncBinary() + _ = yym63 + if false { + } else if z.HasExtensions() && z.EncExt(yy62) { + } else if !yym63 && z.IsJSONHandle() { + z.EncJSONMarshal(yy62) + } else { + z.EncFallback(yy62) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("resourceQuotaSyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy61 := &x.ResourceQuotaSyncPeriod - yym62 := z.EncBinary() - _ = yym62 - if false { - } else if z.HasExtensions() && z.EncExt(yy61) { - } else if !yym62 && z.IsJSONHandle() { - z.EncJSONMarshal(yy61) - } else { - z.EncFallback(yy61) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy64 := &x.NamespaceSyncPeriod + yy64 := &x.ResourceQuotaSyncPeriod yym65 := z.EncBinary() _ = yym65 if false { @@ -6914,24 +6920,24 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy64) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy67 := &x.NamespaceSyncPeriod + yym68 := z.EncBinary() + _ = yym68 + if false { + } else if z.HasExtensions() && z.EncExt(yy67) { + } else if !yym68 && z.IsJSONHandle() { + z.EncJSONMarshal(yy67) + } else { + z.EncFallback(yy67) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("namespaceSyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy66 := &x.NamespaceSyncPeriod - yym67 := z.EncBinary() - _ = yym67 - if false { - } else if z.HasExtensions() && z.EncExt(yy66) { - } else if !yym67 && z.IsJSONHandle() { - z.EncJSONMarshal(yy66) - } else { - z.EncFallback(yy66) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy69 := &x.PVClaimBinderSyncPeriod + yy69 := &x.NamespaceSyncPeriod yym70 := z.EncBinary() _ = yym70 if false { @@ -6941,24 +6947,24 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy69) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy72 := &x.PVClaimBinderSyncPeriod + yym73 := z.EncBinary() + _ = yym73 + if false { + } else if z.HasExtensions() && z.EncExt(yy72) { + } else if !yym73 && z.IsJSONHandle() { + z.EncJSONMarshal(yy72) + } else { + z.EncFallback(yy72) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("pvClaimBinderSyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy71 := &x.PVClaimBinderSyncPeriod - yym72 := z.EncBinary() - _ = yym72 - if false { - } else if z.HasExtensions() && z.EncExt(yy71) { - } else if !yym72 && z.IsJSONHandle() { - z.EncJSONMarshal(yy71) - } else { - z.EncFallback(yy71) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy74 := &x.MinResyncPeriod + yy74 := &x.PVClaimBinderSyncPeriod yym75 := z.EncBinary() _ = yym75 if false { @@ -6968,25 +6974,38 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy74) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy77 := &x.MinResyncPeriod + yym78 := z.EncBinary() + _ = yym78 + if false { + } else if z.HasExtensions() && z.EncExt(yy77) { + } else if !yym78 && z.IsJSONHandle() { + z.EncJSONMarshal(yy77) + } else { + z.EncFallback(yy77) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("minResyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy76 := &x.MinResyncPeriod - yym77 := z.EncBinary() - _ = yym77 + yy79 := &x.MinResyncPeriod + yym80 := z.EncBinary() + _ = yym80 if false { - } else if z.HasExtensions() && z.EncExt(yy76) { - } else if !yym77 && z.IsJSONHandle() { - z.EncJSONMarshal(yy76) + } else if z.HasExtensions() && z.EncExt(yy79) { + } else if !yym80 && z.IsJSONHandle() { + z.EncJSONMarshal(yy79) } else { - z.EncFallback(yy76) + z.EncFallback(yy79) } } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yym79 := z.EncBinary() - _ = yym79 + yym82 := z.EncBinary() + _ = yym82 if false { } else { r.EncodeInt(int64(x.TerminatedPodGCThreshold)) @@ -6995,8 +7014,8 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("terminatedPodGCThreshold")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym80 := z.EncBinary() - _ = yym80 + yym83 := z.EncBinary() + _ = yym83 if false { } else { r.EncodeInt(int64(x.TerminatedPodGCThreshold)) @@ -7004,34 +7023,21 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy82 := &x.HorizontalPodAutoscalerSyncPeriod - yym83 := z.EncBinary() - _ = yym83 + yy85 := &x.HorizontalPodAutoscalerSyncPeriod + yym86 := z.EncBinary() + _ = yym86 if false { - } else if z.HasExtensions() && z.EncExt(yy82) { - } else if !yym83 && z.IsJSONHandle() { - z.EncJSONMarshal(yy82) + } else if z.HasExtensions() && z.EncExt(yy85) { + } else if !yym86 && z.IsJSONHandle() { + z.EncJSONMarshal(yy85) } else { - z.EncFallback(yy82) + z.EncFallback(yy85) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("horizontalPodAutoscalerSyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy84 := &x.HorizontalPodAutoscalerSyncPeriod - yym85 := z.EncBinary() - _ = yym85 - if false { - } else if z.HasExtensions() && z.EncExt(yy84) { - } else if !yym85 && z.IsJSONHandle() { - z.EncJSONMarshal(yy84) - } else { - z.EncFallback(yy84) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy87 := &x.DeploymentControllerSyncPeriod + yy87 := &x.HorizontalPodAutoscalerSyncPeriod yym88 := z.EncBinary() _ = yym88 if false { @@ -7041,24 +7047,24 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy87) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy90 := &x.DeploymentControllerSyncPeriod + yym91 := z.EncBinary() + _ = yym91 + if false { + } else if z.HasExtensions() && z.EncExt(yy90) { + } else if !yym91 && z.IsJSONHandle() { + z.EncJSONMarshal(yy90) + } else { + z.EncFallback(yy90) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("deploymentControllerSyncPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy89 := &x.DeploymentControllerSyncPeriod - yym90 := z.EncBinary() - _ = yym90 - if false { - } else if z.HasExtensions() && z.EncExt(yy89) { - } else if !yym90 && z.IsJSONHandle() { - z.EncJSONMarshal(yy89) - } else { - z.EncFallback(yy89) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy92 := &x.PodEvictionTimeout + yy92 := &x.DeploymentControllerSyncPeriod yym93 := z.EncBinary() _ = yym93 if false { @@ -7068,38 +7074,32 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy92) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy95 := &x.PodEvictionTimeout + yym96 := z.EncBinary() + _ = yym96 + if false { + } else if z.HasExtensions() && z.EncExt(yy95) { + } else if !yym96 && z.IsJSONHandle() { + z.EncJSONMarshal(yy95) + } else { + z.EncFallback(yy95) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("podEvictionTimeout")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy94 := &x.PodEvictionTimeout - yym95 := z.EncBinary() - _ = yym95 - if false { - } else if z.HasExtensions() && z.EncExt(yy94) { - } else if !yym95 && z.IsJSONHandle() { - z.EncJSONMarshal(yy94) - } else { - z.EncFallback(yy94) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yym97 := z.EncBinary() - _ = yym97 - if false { - } else { - r.EncodeFloat32(float32(x.DeletingPodsQps)) - } - } else { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("deletingPodsQps")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy97 := &x.PodEvictionTimeout yym98 := z.EncBinary() _ = yym98 if false { + } else if z.HasExtensions() && z.EncExt(yy97) { + } else if !yym98 && z.IsJSONHandle() { + z.EncJSONMarshal(yy97) } else { - r.EncodeFloat32(float32(x.DeletingPodsQps)) + z.EncFallback(yy97) } } if yyr2 || yy2arr2 { @@ -7107,6 +7107,25 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode yym100 := z.EncBinary() _ = yym100 if false { + } else { + r.EncodeFloat32(float32(x.DeletingPodsQps)) + } + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("deletingPodsQps")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym101 := z.EncBinary() + _ = yym101 + if false { + } else { + r.EncodeFloat32(float32(x.DeletingPodsQps)) + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yym103 := z.EncBinary() + _ = yym103 + if false { } else { r.EncodeInt(int64(x.DeletingPodsBurst)) } @@ -7114,8 +7133,8 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("deletingPodsBurst")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym101 := z.EncBinary() - _ = yym101 + yym104 := z.EncBinary() + _ = yym104 if false { } else { r.EncodeInt(int64(x.DeletingPodsBurst)) @@ -7123,35 +7142,35 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy103 := &x.NodeMonitorGracePeriod - yym104 := z.EncBinary() - _ = yym104 + yy106 := &x.NodeMonitorGracePeriod + yym107 := z.EncBinary() + _ = yym107 if false { - } else if z.HasExtensions() && z.EncExt(yy103) { - } else if !yym104 && z.IsJSONHandle() { - z.EncJSONMarshal(yy103) + } else if z.HasExtensions() && z.EncExt(yy106) { + } else if !yym107 && z.IsJSONHandle() { + z.EncJSONMarshal(yy106) } else { - z.EncFallback(yy103) + z.EncFallback(yy106) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("nodeMonitorGracePeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy105 := &x.NodeMonitorGracePeriod - yym106 := z.EncBinary() - _ = yym106 + yy108 := &x.NodeMonitorGracePeriod + yym109 := z.EncBinary() + _ = yym109 if false { - } else if z.HasExtensions() && z.EncExt(yy105) { - } else if !yym106 && z.IsJSONHandle() { - z.EncJSONMarshal(yy105) + } else if z.HasExtensions() && z.EncExt(yy108) { + } else if !yym109 && z.IsJSONHandle() { + z.EncJSONMarshal(yy108) } else { - z.EncFallback(yy105) + z.EncFallback(yy108) } } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yym108 := z.EncBinary() - _ = yym108 + yym111 := z.EncBinary() + _ = yym111 if false { } else { r.EncodeInt(int64(x.RegisterRetryCount)) @@ -7160,8 +7179,8 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("registerRetryCount")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym109 := z.EncBinary() - _ = yym109 + yym112 := z.EncBinary() + _ = yym112 if false { } else { r.EncodeInt(int64(x.RegisterRetryCount)) @@ -7169,34 +7188,21 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy111 := &x.NodeStartupGracePeriod - yym112 := z.EncBinary() - _ = yym112 + yy114 := &x.NodeStartupGracePeriod + yym115 := z.EncBinary() + _ = yym115 if false { - } else if z.HasExtensions() && z.EncExt(yy111) { - } else if !yym112 && z.IsJSONHandle() { - z.EncJSONMarshal(yy111) + } else if z.HasExtensions() && z.EncExt(yy114) { + } else if !yym115 && z.IsJSONHandle() { + z.EncJSONMarshal(yy114) } else { - z.EncFallback(yy111) + z.EncFallback(yy114) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("nodeStartupGracePeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy113 := &x.NodeStartupGracePeriod - yym114 := z.EncBinary() - _ = yym114 - if false { - } else if z.HasExtensions() && z.EncExt(yy113) { - } else if !yym114 && z.IsJSONHandle() { - z.EncJSONMarshal(yy113) - } else { - z.EncFallback(yy113) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy116 := &x.NodeMonitorPeriod + yy116 := &x.NodeStartupGracePeriod yym117 := z.EncBinary() _ = yym117 if false { @@ -7206,38 +7212,32 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { z.EncFallback(yy116) } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy119 := &x.NodeMonitorPeriod + yym120 := z.EncBinary() + _ = yym120 + if false { + } else if z.HasExtensions() && z.EncExt(yy119) { + } else if !yym120 && z.IsJSONHandle() { + z.EncJSONMarshal(yy119) + } else { + z.EncFallback(yy119) + } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("nodeMonitorPeriod")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy118 := &x.NodeMonitorPeriod - yym119 := z.EncBinary() - _ = yym119 - if false { - } else if z.HasExtensions() && z.EncExt(yy118) { - } else if !yym119 && z.IsJSONHandle() { - z.EncJSONMarshal(yy118) - } else { - z.EncFallback(yy118) - } - } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yym121 := z.EncBinary() - _ = yym121 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ServiceAccountKeyFile)) - } - } else { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("serviceAccountKeyFile")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy121 := &x.NodeMonitorPeriod yym122 := z.EncBinary() _ = yym122 if false { + } else if z.HasExtensions() && z.EncExt(yy121) { + } else if !yym122 && z.IsJSONHandle() { + z.EncJSONMarshal(yy121) } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ServiceAccountKeyFile)) + z.EncFallback(yy121) } } if yyr2 || yy2arr2 { @@ -7246,17 +7246,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym124 if false { } else { - r.EncodeBool(bool(x.EnableProfiling)) + r.EncodeString(codecSelferC_UTF81234, string(x.ServiceAccountKeyFile)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("enableProfiling")) + r.EncodeString(codecSelferC_UTF81234, string("serviceAccountKeyFile")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym125 := z.EncBinary() _ = yym125 if false { } else { - r.EncodeBool(bool(x.EnableProfiling)) + r.EncodeString(codecSelferC_UTF81234, string(x.ServiceAccountKeyFile)) } } if yyr2 || yy2arr2 { @@ -7265,17 +7265,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym127 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ClusterName)) + r.EncodeBool(bool(x.EnableProfiling)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("clusterName")) + r.EncodeString(codecSelferC_UTF81234, string("enableProfiling")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym128 := z.EncBinary() _ = yym128 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ClusterName)) + r.EncodeBool(bool(x.EnableProfiling)) } } if yyr2 || yy2arr2 { @@ -7284,17 +7284,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym130 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ClusterCIDR)) + r.EncodeString(codecSelferC_UTF81234, string(x.ClusterName)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("clusterCIDR")) + r.EncodeString(codecSelferC_UTF81234, string("clusterName")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym131 := z.EncBinary() _ = yym131 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ClusterCIDR)) + r.EncodeString(codecSelferC_UTF81234, string(x.ClusterName)) } } if yyr2 || yy2arr2 { @@ -7303,17 +7303,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym133 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ServiceCIDR)) + r.EncodeString(codecSelferC_UTF81234, string(x.ClusterCIDR)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("serviceCIDR")) + r.EncodeString(codecSelferC_UTF81234, string("clusterCIDR")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym134 := z.EncBinary() _ = yym134 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ServiceCIDR)) + r.EncodeString(codecSelferC_UTF81234, string(x.ClusterCIDR)) } } if yyr2 || yy2arr2 { @@ -7322,17 +7322,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym136 if false { } else { - r.EncodeInt(int64(x.NodeCIDRMaskSize)) + r.EncodeString(codecSelferC_UTF81234, string(x.ServiceCIDR)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("nodeCIDRMaskSize")) + r.EncodeString(codecSelferC_UTF81234, string("serviceCIDR")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym137 := z.EncBinary() _ = yym137 if false { } else { - r.EncodeInt(int64(x.NodeCIDRMaskSize)) + r.EncodeString(codecSelferC_UTF81234, string(x.ServiceCIDR)) } } if yyr2 || yy2arr2 { @@ -7341,17 +7341,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym139 if false { } else { - r.EncodeBool(bool(x.AllocateNodeCIDRs)) + r.EncodeInt(int64(x.NodeCIDRMaskSize)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("allocateNodeCIDRs")) + r.EncodeString(codecSelferC_UTF81234, string("nodeCIDRMaskSize")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym140 := z.EncBinary() _ = yym140 if false { } else { - r.EncodeBool(bool(x.AllocateNodeCIDRs)) + r.EncodeInt(int64(x.NodeCIDRMaskSize)) } } if yyr2 || yy2arr2 { @@ -7360,17 +7360,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym142 if false { } else { - r.EncodeBool(bool(x.ConfigureCloudRoutes)) + r.EncodeBool(bool(x.AllocateNodeCIDRs)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("configureCloudRoutes")) + r.EncodeString(codecSelferC_UTF81234, string("allocateNodeCIDRs")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym143 := z.EncBinary() _ = yym143 if false { } else { - r.EncodeBool(bool(x.ConfigureCloudRoutes)) + r.EncodeBool(bool(x.AllocateNodeCIDRs)) } } if yyr2 || yy2arr2 { @@ -7379,17 +7379,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym145 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.RootCAFile)) + r.EncodeBool(bool(x.ConfigureCloudRoutes)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("rootCAFile")) + r.EncodeString(codecSelferC_UTF81234, string("configureCloudRoutes")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym146 := z.EncBinary() _ = yym146 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.RootCAFile)) + r.EncodeBool(bool(x.ConfigureCloudRoutes)) } } if yyr2 || yy2arr2 { @@ -7398,17 +7398,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym148 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ContentType)) + r.EncodeString(codecSelferC_UTF81234, string(x.RootCAFile)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("contentType")) + r.EncodeString(codecSelferC_UTF81234, string("rootCAFile")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym149 := z.EncBinary() _ = yym149 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.ContentType)) + r.EncodeString(codecSelferC_UTF81234, string(x.RootCAFile)) } } if yyr2 || yy2arr2 { @@ -7417,17 +7417,17 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym151 if false { } else { - r.EncodeFloat32(float32(x.KubeAPIQPS)) + r.EncodeString(codecSelferC_UTF81234, string(x.ContentType)) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("kubeAPIQPS")) + r.EncodeString(codecSelferC_UTF81234, string("contentType")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym152 := z.EncBinary() _ = yym152 if false { } else { - r.EncodeFloat32(float32(x.KubeAPIQPS)) + r.EncodeString(codecSelferC_UTF81234, string(x.ContentType)) } } if yyr2 || yy2arr2 { @@ -7435,6 +7435,25 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode yym154 := z.EncBinary() _ = yym154 if false { + } else { + r.EncodeFloat32(float32(x.KubeAPIQPS)) + } + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("kubeAPIQPS")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym155 := z.EncBinary() + _ = yym155 + if false { + } else { + r.EncodeFloat32(float32(x.KubeAPIQPS)) + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yym157 := z.EncBinary() + _ = yym157 + if false { } else { r.EncodeInt(int64(x.KubeAPIBurst)) } @@ -7442,8 +7461,8 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("kubeAPIBurst")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym155 := z.EncBinary() - _ = yym155 + yym158 := z.EncBinary() + _ = yym158 if false { } else { r.EncodeInt(int64(x.KubeAPIBurst)) @@ -7451,57 +7470,57 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy157 := &x.LeaderElection - yy157.CodecEncodeSelf(e) + yy160 := &x.LeaderElection + yy160.CodecEncodeSelf(e) } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("leaderElection")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy159 := &x.LeaderElection - yy159.CodecEncodeSelf(e) + yy162 := &x.LeaderElection + yy162.CodecEncodeSelf(e) } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy162 := &x.VolumeConfiguration - yy162.CodecEncodeSelf(e) + yy165 := &x.VolumeConfiguration + yy165.CodecEncodeSelf(e) } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("volumeConfiguration")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy164 := &x.VolumeConfiguration - yy164.CodecEncodeSelf(e) + yy167 := &x.VolumeConfiguration + yy167.CodecEncodeSelf(e) } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yy167 := &x.ControllerStartInterval - yym168 := z.EncBinary() - _ = yym168 + yy170 := &x.ControllerStartInterval + yym171 := z.EncBinary() + _ = yym171 if false { - } else if z.HasExtensions() && z.EncExt(yy167) { - } else if !yym168 && z.IsJSONHandle() { - z.EncJSONMarshal(yy167) + } else if z.HasExtensions() && z.EncExt(yy170) { + } else if !yym171 && z.IsJSONHandle() { + z.EncJSONMarshal(yy170) } else { - z.EncFallback(yy167) + z.EncFallback(yy170) } } else { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("controllerStartInterval")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy169 := &x.ControllerStartInterval - yym170 := z.EncBinary() - _ = yym170 + yy172 := &x.ControllerStartInterval + yym173 := z.EncBinary() + _ = yym173 if false { - } else if z.HasExtensions() && z.EncExt(yy169) { - } else if !yym170 && z.IsJSONHandle() { - z.EncJSONMarshal(yy169) + } else if z.HasExtensions() && z.EncExt(yy172) { + } else if !yym173 && z.IsJSONHandle() { + z.EncJSONMarshal(yy172) } else { - z.EncFallback(yy169) + z.EncFallback(yy172) } } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - yym172 := z.EncBinary() - _ = yym172 + yym175 := z.EncBinary() + _ = yym175 if false { } else { r.EncodeBool(bool(x.EnableGarbageCollector)) @@ -7510,38 +7529,13 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("enableGarbageCollector")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym173 := z.EncBinary() - _ = yym173 + yym176 := z.EncBinary() + _ = yym176 if false { } else { r.EncodeBool(bool(x.EnableGarbageCollector)) } } - if yyr2 || yy2arr2 { - z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq2[47] { - yym175 := z.EncBinary() - _ = yym175 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) - } - } else { - r.EncodeString(codecSelferC_UTF81234, "") - } - } else { - if yyq2[47] { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("kind")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym176 := z.EncBinary() - _ = yym176 - if false { - } else { - r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) - } - } - } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[48] { @@ -7549,7 +7543,7 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode _ = yym178 if false { } else { - r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion)) + r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) } } else { r.EncodeString(codecSelferC_UTF81234, "") @@ -7557,11 +7551,36 @@ func (x *KubeControllerManagerConfiguration) CodecEncodeSelf(e *codec1978.Encode } else { if yyq2[48] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("apiVersion")) + r.EncodeString(codecSelferC_UTF81234, string("kind")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym179 := z.EncBinary() _ = yym179 if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.Kind)) + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[49] { + yym181 := z.EncBinary() + _ = yym181 + if false { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion)) + } + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq2[49] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("apiVersion")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym182 := z.EncBinary() + _ = yym182 + if false { } else { r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion)) } @@ -7700,6 +7719,12 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromMap(l int, d *co } else { x.ConcurrentNamespaceSyncs = int32(r.DecodeInt(32)) } + case "concurrentSATokenSyncs": + if r.TryDecodeAsNil() { + x.ConcurrentSATokenSyncs = 0 + } else { + x.ConcurrentSATokenSyncs = int32(r.DecodeInt(32)) + } case "lookupCacheSizeForRC": if r.TryDecodeAsNil() { x.LookupCacheSizeForRC = 0 @@ -7722,90 +7747,90 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromMap(l int, d *co if r.TryDecodeAsNil() { x.ServiceSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv19 := &x.ServiceSyncPeriod - yym20 := z.DecBinary() - _ = yym20 + yyv20 := &x.ServiceSyncPeriod + yym21 := z.DecBinary() + _ = yym21 if false { - } else if z.HasExtensions() && z.DecExt(yyv19) { - } else if !yym20 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv19) + } else if z.HasExtensions() && z.DecExt(yyv20) { + } else if !yym21 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv20) } else { - z.DecFallback(yyv19, false) + z.DecFallback(yyv20, false) } } case "nodeSyncPeriod": if r.TryDecodeAsNil() { x.NodeSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv21 := &x.NodeSyncPeriod - yym22 := z.DecBinary() - _ = yym22 + yyv22 := &x.NodeSyncPeriod + yym23 := z.DecBinary() + _ = yym23 if false { - } else if z.HasExtensions() && z.DecExt(yyv21) { - } else if !yym22 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv21) + } else if z.HasExtensions() && z.DecExt(yyv22) { + } else if !yym23 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv22) } else { - z.DecFallback(yyv21, false) + z.DecFallback(yyv22, false) } } case "resourceQuotaSyncPeriod": if r.TryDecodeAsNil() { x.ResourceQuotaSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv23 := &x.ResourceQuotaSyncPeriod - yym24 := z.DecBinary() - _ = yym24 + yyv24 := &x.ResourceQuotaSyncPeriod + yym25 := z.DecBinary() + _ = yym25 if false { - } else if z.HasExtensions() && z.DecExt(yyv23) { - } else if !yym24 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv23) + } else if z.HasExtensions() && z.DecExt(yyv24) { + } else if !yym25 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv24) } else { - z.DecFallback(yyv23, false) + z.DecFallback(yyv24, false) } } case "namespaceSyncPeriod": if r.TryDecodeAsNil() { x.NamespaceSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv25 := &x.NamespaceSyncPeriod - yym26 := z.DecBinary() - _ = yym26 + yyv26 := &x.NamespaceSyncPeriod + yym27 := z.DecBinary() + _ = yym27 if false { - } else if z.HasExtensions() && z.DecExt(yyv25) { - } else if !yym26 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv25) + } else if z.HasExtensions() && z.DecExt(yyv26) { + } else if !yym27 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv26) } else { - z.DecFallback(yyv25, false) + z.DecFallback(yyv26, false) } } case "pvClaimBinderSyncPeriod": if r.TryDecodeAsNil() { x.PVClaimBinderSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv27 := &x.PVClaimBinderSyncPeriod - yym28 := z.DecBinary() - _ = yym28 + yyv28 := &x.PVClaimBinderSyncPeriod + yym29 := z.DecBinary() + _ = yym29 if false { - } else if z.HasExtensions() && z.DecExt(yyv27) { - } else if !yym28 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv27) + } else if z.HasExtensions() && z.DecExt(yyv28) { + } else if !yym29 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv28) } else { - z.DecFallback(yyv27, false) + z.DecFallback(yyv28, false) } } case "minResyncPeriod": if r.TryDecodeAsNil() { x.MinResyncPeriod = pkg1_unversioned.Duration{} } else { - yyv29 := &x.MinResyncPeriod - yym30 := z.DecBinary() - _ = yym30 + yyv30 := &x.MinResyncPeriod + yym31 := z.DecBinary() + _ = yym31 if false { - } else if z.HasExtensions() && z.DecExt(yyv29) { - } else if !yym30 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv29) + } else if z.HasExtensions() && z.DecExt(yyv30) { + } else if !yym31 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv30) } else { - z.DecFallback(yyv29, false) + z.DecFallback(yyv30, false) } } case "terminatedPodGCThreshold": @@ -7818,45 +7843,45 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromMap(l int, d *co if r.TryDecodeAsNil() { x.HorizontalPodAutoscalerSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv32 := &x.HorizontalPodAutoscalerSyncPeriod - yym33 := z.DecBinary() - _ = yym33 + yyv33 := &x.HorizontalPodAutoscalerSyncPeriod + yym34 := z.DecBinary() + _ = yym34 if false { - } else if z.HasExtensions() && z.DecExt(yyv32) { - } else if !yym33 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv32) + } else if z.HasExtensions() && z.DecExt(yyv33) { + } else if !yym34 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv33) } else { - z.DecFallback(yyv32, false) + z.DecFallback(yyv33, false) } } case "deploymentControllerSyncPeriod": if r.TryDecodeAsNil() { x.DeploymentControllerSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv34 := &x.DeploymentControllerSyncPeriod - yym35 := z.DecBinary() - _ = yym35 + yyv35 := &x.DeploymentControllerSyncPeriod + yym36 := z.DecBinary() + _ = yym36 if false { - } else if z.HasExtensions() && z.DecExt(yyv34) { - } else if !yym35 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv34) + } else if z.HasExtensions() && z.DecExt(yyv35) { + } else if !yym36 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv35) } else { - z.DecFallback(yyv34, false) + z.DecFallback(yyv35, false) } } case "podEvictionTimeout": if r.TryDecodeAsNil() { x.PodEvictionTimeout = pkg1_unversioned.Duration{} } else { - yyv36 := &x.PodEvictionTimeout - yym37 := z.DecBinary() - _ = yym37 + yyv37 := &x.PodEvictionTimeout + yym38 := z.DecBinary() + _ = yym38 if false { - } else if z.HasExtensions() && z.DecExt(yyv36) { - } else if !yym37 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv36) + } else if z.HasExtensions() && z.DecExt(yyv37) { + } else if !yym38 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv37) } else { - z.DecFallback(yyv36, false) + z.DecFallback(yyv37, false) } } case "deletingPodsQps": @@ -7875,15 +7900,15 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromMap(l int, d *co if r.TryDecodeAsNil() { x.NodeMonitorGracePeriod = pkg1_unversioned.Duration{} } else { - yyv40 := &x.NodeMonitorGracePeriod - yym41 := z.DecBinary() - _ = yym41 + yyv41 := &x.NodeMonitorGracePeriod + yym42 := z.DecBinary() + _ = yym42 if false { - } else if z.HasExtensions() && z.DecExt(yyv40) { - } else if !yym41 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv40) + } else if z.HasExtensions() && z.DecExt(yyv41) { + } else if !yym42 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv41) } else { - z.DecFallback(yyv40, false) + z.DecFallback(yyv41, false) } } case "registerRetryCount": @@ -7896,30 +7921,30 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromMap(l int, d *co if r.TryDecodeAsNil() { x.NodeStartupGracePeriod = pkg1_unversioned.Duration{} } else { - yyv43 := &x.NodeStartupGracePeriod - yym44 := z.DecBinary() - _ = yym44 + yyv44 := &x.NodeStartupGracePeriod + yym45 := z.DecBinary() + _ = yym45 if false { - } else if z.HasExtensions() && z.DecExt(yyv43) { - } else if !yym44 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv43) + } else if z.HasExtensions() && z.DecExt(yyv44) { + } else if !yym45 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv44) } else { - z.DecFallback(yyv43, false) + z.DecFallback(yyv44, false) } } case "nodeMonitorPeriod": if r.TryDecodeAsNil() { x.NodeMonitorPeriod = pkg1_unversioned.Duration{} } else { - yyv45 := &x.NodeMonitorPeriod - yym46 := z.DecBinary() - _ = yym46 + yyv46 := &x.NodeMonitorPeriod + yym47 := z.DecBinary() + _ = yym47 if false { - } else if z.HasExtensions() && z.DecExt(yyv45) { - } else if !yym46 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv45) + } else if z.HasExtensions() && z.DecExt(yyv46) { + } else if !yym47 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv46) } else { - z.DecFallback(yyv45, false) + z.DecFallback(yyv46, false) } } case "serviceAccountKeyFile": @@ -7998,29 +8023,29 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromMap(l int, d *co if r.TryDecodeAsNil() { x.LeaderElection = LeaderElectionConfiguration{} } else { - yyv59 := &x.LeaderElection - yyv59.CodecDecodeSelf(d) + yyv60 := &x.LeaderElection + yyv60.CodecDecodeSelf(d) } case "volumeConfiguration": if r.TryDecodeAsNil() { x.VolumeConfiguration = VolumeConfiguration{} } else { - yyv60 := &x.VolumeConfiguration - yyv60.CodecDecodeSelf(d) + yyv61 := &x.VolumeConfiguration + yyv61.CodecDecodeSelf(d) } case "controllerStartInterval": if r.TryDecodeAsNil() { x.ControllerStartInterval = pkg1_unversioned.Duration{} } else { - yyv61 := &x.ControllerStartInterval - yym62 := z.DecBinary() - _ = yym62 + yyv62 := &x.ControllerStartInterval + yym63 := z.DecBinary() + _ = yym63 if false { - } else if z.HasExtensions() && z.DecExt(yyv61) { - } else if !yym62 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv61) + } else if z.HasExtensions() && z.DecExt(yyv62) { + } else if !yym63 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv62) } else { - z.DecFallback(yyv61, false) + z.DecFallback(yyv62, false) } } case "enableGarbageCollector": @@ -8052,16 +8077,16 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yyj66 int - var yyb66 bool - var yyhl66 bool = l >= 0 - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + var yyj67 int + var yyb67 bool + var yyhl67 bool = l >= 0 + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8071,13 +8096,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.Port = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8087,13 +8112,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.Address = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8103,13 +8128,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.CloudProvider = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8119,13 +8144,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.CloudConfigFile = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8135,13 +8160,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentEndpointSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8151,13 +8176,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentRSSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8167,13 +8192,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentRCSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8183,13 +8208,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentResourceQuotaSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8199,13 +8224,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentDeploymentSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8215,13 +8240,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentDaemonSetSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8231,13 +8256,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentJobSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8247,13 +8272,29 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConcurrentNamespaceSyncs = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.ConcurrentSATokenSyncs = 0 + } else { + x.ConcurrentSATokenSyncs = int32(r.DecodeInt(32)) + } + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l + } else { + yyb67 = r.CheckBreak() + } + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8263,13 +8304,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.LookupCacheSizeForRC = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8279,13 +8320,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.LookupCacheSizeForRS = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8295,13 +8336,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.LookupCacheSizeForDaemonSet = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8309,32 +8350,7 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.ServiceSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv82 := &x.ServiceSyncPeriod - yym83 := z.DecBinary() - _ = yym83 - if false { - } else if z.HasExtensions() && z.DecExt(yyv82) { - } else if !yym83 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv82) - } else { - z.DecFallback(yyv82, false) - } - } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l - } else { - yyb66 = r.CheckBreak() - } - if yyb66 { - z.DecSendContainerState(codecSelfer_containerArrayEnd1234) - return - } - z.DecSendContainerState(codecSelfer_containerArrayElem1234) - if r.TryDecodeAsNil() { - x.NodeSyncPeriod = pkg1_unversioned.Duration{} - } else { - yyv84 := &x.NodeSyncPeriod + yyv84 := &x.ServiceSyncPeriod yym85 := z.DecBinary() _ = yym85 if false { @@ -8345,21 +8361,21 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv84, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } z.DecSendContainerState(codecSelfer_containerArrayElem1234) if r.TryDecodeAsNil() { - x.ResourceQuotaSyncPeriod = pkg1_unversioned.Duration{} + x.NodeSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv86 := &x.ResourceQuotaSyncPeriod + yyv86 := &x.NodeSyncPeriod yym87 := z.DecBinary() _ = yym87 if false { @@ -8370,21 +8386,21 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv86, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } z.DecSendContainerState(codecSelfer_containerArrayElem1234) if r.TryDecodeAsNil() { - x.NamespaceSyncPeriod = pkg1_unversioned.Duration{} + x.ResourceQuotaSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv88 := &x.NamespaceSyncPeriod + yyv88 := &x.ResourceQuotaSyncPeriod yym89 := z.DecBinary() _ = yym89 if false { @@ -8395,21 +8411,21 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv88, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } z.DecSendContainerState(codecSelfer_containerArrayElem1234) if r.TryDecodeAsNil() { - x.PVClaimBinderSyncPeriod = pkg1_unversioned.Duration{} + x.NamespaceSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv90 := &x.PVClaimBinderSyncPeriod + yyv90 := &x.NamespaceSyncPeriod yym91 := z.DecBinary() _ = yym91 if false { @@ -8420,21 +8436,21 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv90, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } z.DecSendContainerState(codecSelfer_containerArrayElem1234) if r.TryDecodeAsNil() { - x.MinResyncPeriod = pkg1_unversioned.Duration{} + x.PVClaimBinderSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv92 := &x.MinResyncPeriod + yyv92 := &x.PVClaimBinderSyncPeriod yym93 := z.DecBinary() _ = yym93 if false { @@ -8445,13 +8461,38 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv92, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.MinResyncPeriod = pkg1_unversioned.Duration{} + } else { + yyv94 := &x.MinResyncPeriod + yym95 := z.DecBinary() + _ = yym95 + if false { + } else if z.HasExtensions() && z.DecExt(yyv94) { + } else if !yym95 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv94) + } else { + z.DecFallback(yyv94, false) + } + } + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l + } else { + yyb67 = r.CheckBreak() + } + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8461,13 +8502,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.TerminatedPodGCThreshold = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8475,32 +8516,7 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.HorizontalPodAutoscalerSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv95 := &x.HorizontalPodAutoscalerSyncPeriod - yym96 := z.DecBinary() - _ = yym96 - if false { - } else if z.HasExtensions() && z.DecExt(yyv95) { - } else if !yym96 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv95) - } else { - z.DecFallback(yyv95, false) - } - } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l - } else { - yyb66 = r.CheckBreak() - } - if yyb66 { - z.DecSendContainerState(codecSelfer_containerArrayEnd1234) - return - } - z.DecSendContainerState(codecSelfer_containerArrayElem1234) - if r.TryDecodeAsNil() { - x.DeploymentControllerSyncPeriod = pkg1_unversioned.Duration{} - } else { - yyv97 := &x.DeploymentControllerSyncPeriod + yyv97 := &x.HorizontalPodAutoscalerSyncPeriod yym98 := z.DecBinary() _ = yym98 if false { @@ -8511,21 +8527,21 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv97, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } z.DecSendContainerState(codecSelfer_containerArrayElem1234) if r.TryDecodeAsNil() { - x.PodEvictionTimeout = pkg1_unversioned.Duration{} + x.DeploymentControllerSyncPeriod = pkg1_unversioned.Duration{} } else { - yyv99 := &x.PodEvictionTimeout + yyv99 := &x.DeploymentControllerSyncPeriod yym100 := z.DecBinary() _ = yym100 if false { @@ -8536,13 +8552,38 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv99, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.PodEvictionTimeout = pkg1_unversioned.Duration{} + } else { + yyv101 := &x.PodEvictionTimeout + yym102 := z.DecBinary() + _ = yym102 + if false { + } else if z.HasExtensions() && z.DecExt(yyv101) { + } else if !yym102 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv101) + } else { + z.DecFallback(yyv101, false) + } + } + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l + } else { + yyb67 = r.CheckBreak() + } + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8552,13 +8593,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.DeletingPodsQps = float32(r.DecodeFloat(true)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8568,13 +8609,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.DeletingPodsBurst = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8582,24 +8623,24 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.NodeMonitorGracePeriod = pkg1_unversioned.Duration{} } else { - yyv103 := &x.NodeMonitorGracePeriod - yym104 := z.DecBinary() - _ = yym104 + yyv105 := &x.NodeMonitorGracePeriod + yym106 := z.DecBinary() + _ = yym106 if false { - } else if z.HasExtensions() && z.DecExt(yyv103) { - } else if !yym104 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv103) + } else if z.HasExtensions() && z.DecExt(yyv105) { + } else if !yym106 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv105) } else { - z.DecFallback(yyv103, false) + z.DecFallback(yyv105, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8609,13 +8650,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.RegisterRetryCount = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8623,32 +8664,7 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.NodeStartupGracePeriod = pkg1_unversioned.Duration{} } else { - yyv106 := &x.NodeStartupGracePeriod - yym107 := z.DecBinary() - _ = yym107 - if false { - } else if z.HasExtensions() && z.DecExt(yyv106) { - } else if !yym107 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv106) - } else { - z.DecFallback(yyv106, false) - } - } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l - } else { - yyb66 = r.CheckBreak() - } - if yyb66 { - z.DecSendContainerState(codecSelfer_containerArrayEnd1234) - return - } - z.DecSendContainerState(codecSelfer_containerArrayElem1234) - if r.TryDecodeAsNil() { - x.NodeMonitorPeriod = pkg1_unversioned.Duration{} - } else { - yyv108 := &x.NodeMonitorPeriod + yyv108 := &x.NodeStartupGracePeriod yym109 := z.DecBinary() _ = yym109 if false { @@ -8659,13 +8675,38 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * z.DecFallback(yyv108, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.NodeMonitorPeriod = pkg1_unversioned.Duration{} + } else { + yyv110 := &x.NodeMonitorPeriod + yym111 := z.DecBinary() + _ = yym111 + if false { + } else if z.HasExtensions() && z.DecExt(yyv110) { + } else if !yym111 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv110) + } else { + z.DecFallback(yyv110, false) + } + } + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l + } else { + yyb67 = r.CheckBreak() + } + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8675,13 +8716,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ServiceAccountKeyFile = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8691,13 +8732,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.EnableProfiling = bool(r.DecodeBool()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8707,13 +8748,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ClusterName = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8723,13 +8764,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ClusterCIDR = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8739,13 +8780,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ServiceCIDR = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8755,13 +8796,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.NodeCIDRMaskSize = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8771,13 +8812,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.AllocateNodeCIDRs = bool(r.DecodeBool()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8787,13 +8828,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ConfigureCloudRoutes = bool(r.DecodeBool()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8803,13 +8844,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.RootCAFile = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8819,13 +8860,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.ContentType = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8835,13 +8876,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.KubeAPIQPS = float32(r.DecodeFloat(true)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8851,13 +8892,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.KubeAPIBurst = int32(r.DecodeInt(32)) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8865,16 +8906,16 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.LeaderElection = LeaderElectionConfiguration{} } else { - yyv122 := &x.LeaderElection - yyv122.CodecDecodeSelf(d) + yyv124 := &x.LeaderElection + yyv124.CodecDecodeSelf(d) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8882,16 +8923,16 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.VolumeConfiguration = VolumeConfiguration{} } else { - yyv123 := &x.VolumeConfiguration - yyv123.CodecDecodeSelf(d) + yyv125 := &x.VolumeConfiguration + yyv125.CodecDecodeSelf(d) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8899,24 +8940,24 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * if r.TryDecodeAsNil() { x.ControllerStartInterval = pkg1_unversioned.Duration{} } else { - yyv124 := &x.ControllerStartInterval - yym125 := z.DecBinary() - _ = yym125 + yyv126 := &x.ControllerStartInterval + yym127 := z.DecBinary() + _ = yym127 if false { - } else if z.HasExtensions() && z.DecExt(yyv124) { - } else if !yym125 && z.IsJSONHandle() { - z.DecJSONUnmarshal(yyv124) + } else if z.HasExtensions() && z.DecExt(yyv126) { + } else if !yym127 && z.IsJSONHandle() { + z.DecJSONUnmarshal(yyv126) } else { - z.DecFallback(yyv124, false) + z.DecFallback(yyv126, false) } } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8926,13 +8967,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.EnableGarbageCollector = bool(r.DecodeBool()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8942,13 +8983,13 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * } else { x.Kind = string(r.DecodeString()) } - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -8959,17 +9000,17 @@ func (x *KubeControllerManagerConfiguration) codecDecodeSelfFromArray(l int, d * x.APIVersion = string(r.DecodeString()) } for { - yyj66++ - if yyhl66 { - yyb66 = yyj66 > l + yyj67++ + if yyhl67 { + yyb67 = yyj67 > l } else { - yyb66 = r.CheckBreak() + yyb67 = r.CheckBreak() } - if yyb66 { + if yyb67 { break } z.DecSendContainerState(codecSelfer_containerArrayElem1234) - z.DecStructFieldNotFound(yyj66-1, "") + z.DecStructFieldNotFound(yyj67-1, "") } z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } diff --git a/pkg/apis/componentconfig/types.go b/pkg/apis/componentconfig/types.go index 6121048b47..0c7dfc9a33 100644 --- a/pkg/apis/componentconfig/types.go +++ b/pkg/apis/componentconfig/types.go @@ -471,6 +471,9 @@ type KubeControllerManagerConfiguration struct { // concurrentNamespaceSyncs is the number of namespace objects that are // allowed to sync concurrently. ConcurrentNamespaceSyncs int32 `json:"concurrentNamespaceSyncs"` + // concurrentSATokenSyncs is the number of service account token syncing operations + // that will be done concurrently. + ConcurrentSATokenSyncs int32 `json:"concurrentSATokenSyncs"` // lookupCacheSizeForRC is the size of lookup cache for replication controllers. // Larger number = more responsive replica management, but more MEM load. LookupCacheSizeForRC int32 `json:"lookupCacheSizeForRC"` diff --git a/pkg/controller/serviceaccount/tokens_controller.go b/pkg/controller/serviceaccount/tokens_controller.go index b660afc963..e7a25f2b6c 100644 --- a/pkg/controller/serviceaccount/tokens_controller.go +++ b/pkg/controller/serviceaccount/tokens_controller.go @@ -32,10 +32,13 @@ import ( "k8s.io/kubernetes/pkg/registry/secret" "k8s.io/kubernetes/pkg/runtime" "k8s.io/kubernetes/pkg/serviceaccount" + "k8s.io/kubernetes/pkg/types" + utilerrors "k8s.io/kubernetes/pkg/util/errors" "k8s.io/kubernetes/pkg/util/metrics" utilruntime "k8s.io/kubernetes/pkg/util/runtime" "k8s.io/kubernetes/pkg/util/sets" "k8s.io/kubernetes/pkg/util/wait" + "k8s.io/kubernetes/pkg/util/workqueue" "k8s.io/kubernetes/pkg/watch" ) @@ -58,21 +61,36 @@ type TokensControllerOptions struct { // SecretResync is the time.Duration at which to fully re-list secrets. // If zero, re-list will be delayed as long as possible SecretResync time.Duration - // This CA will be added in the secretes of service accounts + // This CA will be added in the secrets of service accounts RootCA []byte + + // MaxRetries controls the maximum number of times a particular key is retried before giving up + // If zero, a default max is used + MaxRetries int } // NewTokensController returns a new *TokensController. func NewTokensController(cl clientset.Interface, options TokensControllerOptions) *TokensController { + maxRetries := options.MaxRetries + if maxRetries == 0 { + maxRetries = 10 + } + e := &TokensController{ client: cl, token: options.TokenGenerator, rootCA: options.RootCA, + + syncServiceAccountQueue: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()), + syncSecretQueue: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()), + + maxRetries: maxRetries, } if cl != nil && cl.Core().GetRESTClient().GetRateLimiter() != nil { metrics.RegisterMetricAndTrackRateLimiterUsage("serviceaccount_controller", cl.Core().GetRESTClient().GetRateLimiter()) } - e.serviceAccounts, e.serviceAccountController = framework.NewIndexerInformer( + + e.serviceAccounts, e.serviceAccountController = framework.NewInformer( &cache.ListWatch{ ListFunc: func(options api.ListOptions) (runtime.Object, error) { return e.client.Core().ServiceAccounts(api.NamespaceAll).List(options) @@ -84,11 +102,10 @@ func NewTokensController(cl clientset.Interface, options TokensControllerOptions &api.ServiceAccount{}, options.ServiceAccountResync, framework.ResourceEventHandlerFuncs{ - AddFunc: e.serviceAccountAdded, - UpdateFunc: e.serviceAccountUpdated, - DeleteFunc: e.serviceAccountDeleted, + AddFunc: e.queueServiceAccountSync, + UpdateFunc: e.queueServiceAccountUpdateSync, + DeleteFunc: e.queueServiceAccountSync, }, - cache.Indexers{"namespace": cache.MetaNamespaceIndexFunc}, ) tokenSelector := fields.SelectorFromSet(map[string]string{api.SecretTypeField: string(api.SecretTypeServiceAccountToken)}) @@ -106,206 +123,277 @@ func NewTokensController(cl clientset.Interface, options TokensControllerOptions &api.Secret{}, options.SecretResync, framework.ResourceEventHandlerFuncs{ - AddFunc: e.secretAdded, - UpdateFunc: e.secretUpdated, - DeleteFunc: e.secretDeleted, + AddFunc: e.queueSecretSync, + UpdateFunc: e.queueSecretUpdateSync, + DeleteFunc: e.queueSecretSync, }, cache.Indexers{"namespace": cache.MetaNamespaceIndexFunc}, ) - e.serviceAccountsSynced = e.serviceAccountController.HasSynced - e.secretsSynced = e.secretController.HasSynced - return e } // TokensController manages ServiceAccountToken secrets for ServiceAccount objects type TokensController struct { - stopChan chan struct{} - client clientset.Interface token serviceaccount.TokenGenerator rootCA []byte - serviceAccounts cache.Indexer + serviceAccounts cache.Store secrets cache.Indexer // Since we join two objects, we'll watch both of them with controllers. serviceAccountController *framework.Controller secretController *framework.Controller - // These are here so tests can inject a 'return true'. - serviceAccountsSynced func() bool - secretsSynced func() bool + // syncServiceAccountQueue handles service account events: + // * ensures a referenced token exists for service accounts which still exist + // * ensures tokens are removed for service accounts which no longer exist + // key is "//" + syncServiceAccountQueue workqueue.RateLimitingInterface + + // syncSecretQueue handles secret events: + // * deletes tokens whose service account no longer exists + // * updates tokens with missing token or namespace data, or mismatched ca data + // * ensures service account secret references are removed for tokens which are deleted + // key is a secretQueueKey{} + syncSecretQueue workqueue.RateLimitingInterface + + maxRetries int } -// Runs controller loops and returns immediately -func (e *TokensController) Run() { - if e.stopChan == nil { - e.stopChan = make(chan struct{}) - go e.serviceAccountController.Run(e.stopChan) - go e.secretController.Run(e.stopChan) +// Runs controller blocks until stopCh is closed +func (e *TokensController) Run(workers int, stopCh <-chan struct{}) { + defer utilruntime.HandleCrash() + + // Start controllers (to fill stores, call informers, fill work queues) + go e.serviceAccountController.Run(stopCh) + go e.secretController.Run(stopCh) + + // Wait for stores to fill + for !e.serviceAccountController.HasSynced() || !e.secretController.HasSynced() { + time.Sleep(100 * time.Millisecond) + } + + // Spawn workers to process work queues + for i := 0; i < workers; i++ { + go wait.Until(e.syncServiceAccount, 0, stopCh) + go wait.Until(e.syncSecret, 0, stopCh) + } + + // Block until stop channel is closed + <-stopCh + + // Shut down queues + e.syncServiceAccountQueue.ShutDown() + e.syncSecretQueue.ShutDown() +} + +func (e *TokensController) queueServiceAccountSync(obj interface{}) { + if serviceAccount, ok := obj.(*api.ServiceAccount); ok { + e.syncServiceAccountQueue.Add(makeServiceAccountKey(serviceAccount)) } } -// Stop gracefully shuts down this controller -func (e *TokensController) Stop() { - if e.stopChan != nil { - close(e.stopChan) - e.stopChan = nil +func (e *TokensController) queueServiceAccountUpdateSync(oldObj interface{}, newObj interface{}) { + if serviceAccount, ok := newObj.(*api.ServiceAccount); ok { + e.syncServiceAccountQueue.Add(makeServiceAccountKey(serviceAccount)) } } -// serviceAccountAdded reacts to a ServiceAccount creation by creating a corresponding ServiceAccountToken Secret -func (e *TokensController) serviceAccountAdded(obj interface{}) { - serviceAccount := obj.(*api.ServiceAccount) - err := e.createSecretIfNeeded(serviceAccount) - if err != nil { - glog.Error(err) - } -} - -// serviceAccountUpdated reacts to a ServiceAccount update (or re-list) by ensuring a corresponding ServiceAccountToken Secret exists -func (e *TokensController) serviceAccountUpdated(oldObj interface{}, newObj interface{}) { - newServiceAccount := newObj.(*api.ServiceAccount) - err := e.createSecretIfNeeded(newServiceAccount) - if err != nil { - glog.Error(err) - } -} - -// serviceAccountDeleted reacts to a ServiceAccount deletion by deleting all corresponding ServiceAccountToken Secrets -func (e *TokensController) serviceAccountDeleted(obj interface{}) { - serviceAccount, ok := obj.(*api.ServiceAccount) - if !ok { - // Unknown type. If we missed a ServiceAccount deletion, the - // corresponding secrets will be cleaned up during the Secret re-list +// complete optionally requeues key, then calls queue.Done(key) +func (e *TokensController) retryOrForget(queue workqueue.RateLimitingInterface, key interface{}, requeue bool) { + if !requeue { + queue.Forget(key) return } - secrets, err := e.listTokenSecrets(serviceAccount) + + requeueCount := queue.NumRequeues(key) + if requeueCount < e.maxRetries { + queue.AddRateLimited(key) + return + } + + glog.V(4).Infof("retried %d times: %#v", requeueCount, key) + queue.Forget(key) +} + +func (e *TokensController) queueSecretSync(obj interface{}) { + if secret, ok := obj.(*api.Secret); ok { + e.syncSecretQueue.Add(makeSecretQueueKey(secret)) + } +} + +func (e *TokensController) queueSecretUpdateSync(oldObj interface{}, newObj interface{}) { + if secret, ok := newObj.(*api.Secret); ok { + e.syncSecretQueue.Add(makeSecretQueueKey(secret)) + } +} + +func (e *TokensController) syncServiceAccount() { + key, quit := e.syncServiceAccountQueue.Get() + if quit { + return + } + defer e.syncServiceAccountQueue.Done(key) + + retry := false + defer func() { + e.retryOrForget(e.syncServiceAccountQueue, key, retry) + }() + + saInfo, err := parseServiceAccountKey(key) if err != nil { glog.Error(err) return } - for _, secret := range secrets { - glog.V(4).Infof("Deleting secret %s/%s because service account %s was deleted", secret.Namespace, secret.Name, serviceAccount.Name) - if err := e.deleteSecret(secret); err != nil { - glog.Errorf("Error deleting secret %s/%s: %v", secret.Namespace, secret.Name, err) + + sa, err := e.getServiceAccount(saInfo.namespace, saInfo.name, saInfo.uid, false) + switch { + case err != nil: + glog.Error(err) + retry = true + case sa == nil: + // service account no longer exists, so delete related tokens + glog.V(4).Infof("syncServiceAccount(%s/%s), service account deleted, removing tokens", saInfo.namespace, saInfo.name) + sa = &api.ServiceAccount{ObjectMeta: api.ObjectMeta{Namespace: saInfo.namespace, Name: saInfo.name, UID: saInfo.uid}} + if retriable, err := e.deleteTokens(sa); err != nil { + glog.Errorf("error deleting serviceaccount tokens for %s/%s: %v", saInfo.namespace, saInfo.name, err) + retry = retriable + } + default: + // ensure a token exists and is referenced by this service account + if retriable, err := e.ensureReferencedToken(sa); err != nil { + glog.Errorf("error synchronizing serviceaccount %s/%s: %v", saInfo.namespace, saInfo.name, err) + retry = retriable } } } -// secretAdded reacts to a Secret create by ensuring the referenced ServiceAccount exists, and by adding a token to the secret if needed -func (e *TokensController) secretAdded(obj interface{}) { - secret := obj.(*api.Secret) - serviceAccount, err := e.getServiceAccount(secret, true) +func (e *TokensController) syncSecret() { + key, quit := e.syncSecretQueue.Get() + if quit { + return + } + defer e.syncSecretQueue.Done(key) + + // Track whether or not we should retry this sync + retry := false + defer func() { + e.retryOrForget(e.syncSecretQueue, key, retry) + }() + + secretInfo, err := parseSecretQueueKey(key) if err != nil { glog.Error(err) return } - if serviceAccount == nil { - glog.V(2).Infof( - "Deleting new secret %s/%s because service account %s (uid=%s) was not found", - secret.Namespace, secret.Name, - secret.Annotations[api.ServiceAccountNameKey], secret.Annotations[api.ServiceAccountUIDKey]) - if err := e.deleteSecret(secret); err != nil { - glog.Errorf("Error deleting secret %s/%s: %v", secret.Namespace, secret.Name, err) - } - } else { - e.generateTokenIfNeeded(serviceAccount, secret) - } -} -// secretUpdated reacts to a Secret update (or re-list) by deleting the secret (if the referenced ServiceAccount does not exist) -func (e *TokensController) secretUpdated(oldObj interface{}, newObj interface{}) { - newSecret := newObj.(*api.Secret) - newServiceAccount, err := e.getServiceAccount(newSecret, true) - if err != nil { + secret, err := e.getSecret(secretInfo.namespace, secretInfo.name, secretInfo.uid, false) + switch { + case err != nil: glog.Error(err) - return - } - if newServiceAccount == nil { - glog.V(2).Infof( - "Deleting updated secret %s/%s because service account %s (uid=%s) was not found", - newSecret.Namespace, newSecret.Name, - newSecret.Annotations[api.ServiceAccountNameKey], newSecret.Annotations[api.ServiceAccountUIDKey]) - if err := e.deleteSecret(newSecret); err != nil { - glog.Errorf("Error deleting secret %s/%s: %v", newSecret.Namespace, newSecret.Name, err) + retry = true + case secret == nil: + // If the service account exists + if sa, saErr := e.getServiceAccount(secretInfo.namespace, secretInfo.saName, secretInfo.saUID, false); saErr == nil && sa != nil { + // secret no longer exists, so delete references to this secret from the service account + if err := client.RetryOnConflict(RemoveTokenBackoff, func() error { + return e.removeSecretReference(secretInfo.namespace, secretInfo.saName, secretInfo.saUID, secretInfo.name) + }); err != nil { + glog.Error(err) + } + } + default: + // Ensure service account exists + sa, saErr := e.getServiceAccount(secretInfo.namespace, secretInfo.saName, secretInfo.saUID, true) + switch { + case saErr != nil: + glog.Error(saErr) + retry = true + case sa == nil: + // Delete token + glog.V(4).Infof("syncSecret(%s/%s), service account does not exist, deleting token", secretInfo.namespace, secretInfo.name) + if retriable, err := e.deleteToken(secretInfo.namespace, secretInfo.name, secretInfo.uid); err != nil { + glog.Errorf("error deleting serviceaccount token %s/%s for service account %s: %v", secretInfo.namespace, secretInfo.name, secretInfo.saName, err) + retry = retriable + } + default: + // Update token if needed + if retriable, err := e.generateTokenIfNeeded(sa, secret); err != nil { + glog.Errorf("error populating serviceaccount token %s/%s for service account %s: %v", secretInfo.namespace, secretInfo.name, secretInfo.saName, err) + retry = retriable + } } - } else { - e.generateTokenIfNeeded(newServiceAccount, newSecret) } } -// secretDeleted reacts to a Secret being deleted by removing a reference from the corresponding ServiceAccount if needed -func (e *TokensController) secretDeleted(obj interface{}) { - secret, ok := obj.(*api.Secret) - if !ok { - // Unknown type. If we missed a Secret deletion, the corresponding ServiceAccount (if it exists) - // will get a secret recreated (if needed) during the ServiceAccount re-list - return - } - - serviceAccount, err := e.getServiceAccount(secret, false) +func (e *TokensController) deleteTokens(serviceAccount *api.ServiceAccount) ( /*retry*/ bool, error) { + tokens, err := e.listTokenSecrets(serviceAccount) if err != nil { - glog.Error(err) - return + // don't retry on cache lookup errors + return false, err } - if serviceAccount == nil { - return - } - - if err := client.RetryOnConflict(RemoveTokenBackoff, func() error { - return e.removeSecretReferenceIfNeeded(serviceAccount, secret.Name) - }); err != nil { - utilruntime.HandleError(err) + retry := false + errs := []error{} + for _, token := range tokens { + r, err := e.deleteToken(token.Namespace, token.Name, token.UID) + if err != nil { + errs = append(errs, err) + } + if r { + retry = true + } } + return retry, utilerrors.NewAggregate(errs) } -// createSecretIfNeeded makes sure at least one ServiceAccountToken secret exists, and is included in the serviceAccount's Secrets list -func (e *TokensController) createSecretIfNeeded(serviceAccount *api.ServiceAccount) error { - // If the service account references no secrets, short-circuit and create a new one - if len(serviceAccount.Secrets) == 0 { - return e.createSecret(serviceAccount) +func (e *TokensController) deleteToken(ns, name string, uid types.UID) ( /*retry*/ bool, error) { + var opts *api.DeleteOptions + if len(uid) > 0 { + opts = &api.DeleteOptions{Preconditions: &api.Preconditions{UID: &uid}} } + err := e.client.Core().Secrets(ns).Delete(name, opts) + // NotFound doesn't need a retry (it's already been deleted) + // Conflict doesn't need a retry (the UID precondition failed) + if err == nil || apierrors.IsNotFound(err) || apierrors.IsConflict(err) { + return false, nil + } + // Retry for any other error + return true, err +} - // We shouldn't try to validate secret references until the secrets store is synced - if !e.secretsSynced() { - return nil - } - - // If any existing token secrets are referenced by the service account, return - allSecrets, err := e.listTokenSecrets(serviceAccount) - if err != nil { - return err - } - referencedSecrets := getSecretReferences(serviceAccount) - for _, secret := range allSecrets { - if referencedSecrets.Has(secret.Name) { - return nil +// ensureReferencedToken makes sure at least one ServiceAccountToken secret exists, and is included in the serviceAccount's Secrets list +func (e *TokensController) ensureReferencedToken(serviceAccount *api.ServiceAccount) ( /* retry */ bool, error) { + if len(serviceAccount.Secrets) > 0 { + allSecrets, err := e.listTokenSecrets(serviceAccount) + if err != nil { + // Don't retry cache lookup errors + return false, err + } + referencedSecrets := getSecretReferences(serviceAccount) + for _, secret := range allSecrets { + if referencedSecrets.Has(secret.Name) { + // A service account token already exists, and is referenced, short-circuit + return false, nil + } } } - // Otherwise create a new token secret - return e.createSecret(serviceAccount) -} - -// createSecret creates a secret of type ServiceAccountToken for the given ServiceAccount -func (e *TokensController) createSecret(serviceAccount *api.ServiceAccount) error { // We don't want to update the cache's copy of the service account // so add the secret to a freshly retrieved copy of the service account serviceAccounts := e.client.Core().ServiceAccounts(serviceAccount.Namespace) liveServiceAccount, err := serviceAccounts.Get(serviceAccount.Name) if err != nil { - return err + // Retry for any error other than a NotFound + return !apierrors.IsNotFound(err), err } if liveServiceAccount.ResourceVersion != serviceAccount.ResourceVersion { // our view of the service account is not up to date // we'll get notified of an update event later and get to try again - // this only prevent interactions between successive runs of this controller's event handlers, but that is useful - glog.V(2).Infof("View of ServiceAccount %s/%s is not up to date, skipping token creation", serviceAccount.Namespace, serviceAccount.Name) - return nil + glog.V(2).Infof("serviceaccount %s/%s is not up to date, skipping token creation", serviceAccount.Namespace, serviceAccount.Name) + return false, nil } // Build the secret @@ -325,7 +413,8 @@ func (e *TokensController) createSecret(serviceAccount *api.ServiceAccount) erro // Generate the token token, err := e.token.GenerateToken(*serviceAccount, *secret) if err != nil { - return err + // retriable error + return true, err } secret.Data[api.ServiceAccountTokenKey] = []byte(token) secret.Data[api.ServiceAccountNamespaceKey] = []byte(serviceAccount.Namespace) @@ -334,41 +423,39 @@ func (e *TokensController) createSecret(serviceAccount *api.ServiceAccount) erro } // Save the secret - if createdToken, err := e.client.Core().Secrets(serviceAccount.Namespace).Create(secret); err != nil { - return err - } else { - // Manually add the new token to the cache store. - // This prevents the service account update (below) triggering another token creation, if the referenced token couldn't be found in the store - e.secrets.Add(createdToken) + createdToken, err := e.client.Core().Secrets(serviceAccount.Namespace).Create(secret) + if err != nil { + // retriable error + return true, err } + // Manually add the new token to the cache store. + // This prevents the service account update (below) triggering another token creation, if the referenced token couldn't be found in the store + e.secrets.Add(createdToken) liveServiceAccount.Secrets = append(liveServiceAccount.Secrets, api.ObjectReference{Name: secret.Name}) - _, err = serviceAccounts.Update(liveServiceAccount) - if err != nil { + if _, err = serviceAccounts.Update(liveServiceAccount); err != nil { // we weren't able to use the token, try to clean it up. - glog.V(2).Infof("Deleting secret %s/%s because reference couldn't be added (%v)", secret.Namespace, secret.Name, err) - if err := e.client.Core().Secrets(secret.Namespace).Delete(secret.Name, nil); err != nil { - glog.Error(err) // if we fail, just log it + glog.V(2).Infof("deleting secret %s/%s because reference couldn't be added (%v)", secret.Namespace, secret.Name, err) + deleteOpts := &api.DeleteOptions{Preconditions: &api.Preconditions{UID: &createdToken.UID}} + if deleteErr := e.client.Core().Secrets(createdToken.Namespace).Delete(createdToken.Name, deleteOpts); deleteErr != nil { + glog.Error(deleteErr) // if we fail, just log it } - } - if apierrors.IsConflict(err) { - // nothing to do. We got a conflict, that means that the service account was updated. We simply need to return because we'll get an update notification later - return nil + + if apierrors.IsConflict(err) || apierrors.IsNotFound(err) { + // if we got a Conflict error, the service account was updated by someone else, and we'll get an update notification later + // if we got a NotFound error, the service account no longer exists, and we don't need to create a token for it + return false, nil + } + // retry in all other cases + return true, err } - return err + // success! + return false, nil } -// generateTokenIfNeeded populates the token data for the given Secret if not already set -func (e *TokensController) generateTokenIfNeeded(serviceAccount *api.ServiceAccount, secret *api.Secret) error { - if secret.Annotations == nil { - secret.Annotations = map[string]string{} - } - if secret.Data == nil { - secret.Data = map[string][]byte{} - } - +func (e *TokensController) secretUpdateNeeded(secret *api.Secret) (bool, bool, bool) { caData := secret.Data[api.ServiceAccountRootCAKey] needsCA := len(e.rootCA) > 0 && bytes.Compare(caData, e.rootCA) != 0 @@ -377,60 +464,103 @@ func (e *TokensController) generateTokenIfNeeded(serviceAccount *api.ServiceAcco tokenData := secret.Data[api.ServiceAccountTokenKey] needsToken := len(tokenData) == 0 + return needsCA, needsNamespace, needsToken +} + +// generateTokenIfNeeded populates the token data for the given Secret if not already set +func (e *TokensController) generateTokenIfNeeded(serviceAccount *api.ServiceAccount, cachedSecret *api.Secret) ( /* retry */ bool, error) { + // Check the cached secret to see if changes are needed + if needsCA, needsNamespace, needsToken := e.secretUpdateNeeded(cachedSecret); !needsCA && !needsToken && !needsNamespace { + return false, nil + } + + // We don't want to update the cache's copy of the secret + // so add the token to a freshly retrieved copy of the secret + secrets := e.client.Core().Secrets(cachedSecret.Namespace) + liveSecret, err := secrets.Get(cachedSecret.Name) + if err != nil { + // Retry for any error other than a NotFound + return !apierrors.IsNotFound(err), err + } + if liveSecret.ResourceVersion != cachedSecret.ResourceVersion { + // our view of the secret is not up to date + // we'll get notified of an update event later and get to try again + glog.V(2).Infof("secret %s/%s is not up to date, skipping token population", liveSecret.Namespace, liveSecret.Name) + return false, nil + } + + needsCA, needsNamespace, needsToken := e.secretUpdateNeeded(liveSecret) if !needsCA && !needsToken && !needsNamespace { - return nil + return false, nil + } + + if liveSecret.Annotations == nil { + liveSecret.Annotations = map[string]string{} + } + if liveSecret.Data == nil { + liveSecret.Data = map[string][]byte{} } // Set the CA if needsCA { - secret.Data[api.ServiceAccountRootCAKey] = e.rootCA + liveSecret.Data[api.ServiceAccountRootCAKey] = e.rootCA } // Set the namespace if needsNamespace { - secret.Data[api.ServiceAccountNamespaceKey] = []byte(secret.Namespace) + liveSecret.Data[api.ServiceAccountNamespaceKey] = []byte(liveSecret.Namespace) } // Generate the token if needsToken { - token, err := e.token.GenerateToken(*serviceAccount, *secret) + token, err := e.token.GenerateToken(*serviceAccount, *liveSecret) if err != nil { - return err + return false, err } - secret.Data[api.ServiceAccountTokenKey] = []byte(token) + liveSecret.Data[api.ServiceAccountTokenKey] = []byte(token) } // Set annotations - secret.Annotations[api.ServiceAccountNameKey] = serviceAccount.Name - secret.Annotations[api.ServiceAccountUIDKey] = string(serviceAccount.UID) + liveSecret.Annotations[api.ServiceAccountNameKey] = serviceAccount.Name + liveSecret.Annotations[api.ServiceAccountUIDKey] = string(serviceAccount.UID) // Save the secret - if _, err := e.client.Core().Secrets(secret.Namespace).Update(secret); err != nil { - return err + _, err = secrets.Update(liveSecret) + if apierrors.IsConflict(err) || apierrors.IsNotFound(err) { + // if we got a Conflict error, the secret was updated by someone else, and we'll get an update notification later + // if we got a NotFound error, the secret no longer exists, and we don't need to populate a token + return false, nil } - return nil + if err != nil { + return true, err + } + return false, nil } -// deleteSecret deletes the given secret -func (e *TokensController) deleteSecret(secret *api.Secret) error { - return e.client.Core().Secrets(secret.Namespace).Delete(secret.Name, nil) -} - -// removeSecretReferenceIfNeeded updates the given ServiceAccount to remove a reference to the given secretName if needed. -// Returns whether an update was performed, and any error that occurred -func (e *TokensController) removeSecretReferenceIfNeeded(serviceAccount *api.ServiceAccount, secretName string) error { +// removeSecretReference updates the given ServiceAccount to remove a reference to the given secretName if needed. +func (e *TokensController) removeSecretReference(saNamespace string, saName string, saUID types.UID, secretName string) error { // We don't want to update the cache's copy of the service account // so remove the secret from a freshly retrieved copy of the service account - serviceAccounts := e.client.Core().ServiceAccounts(serviceAccount.Namespace) - serviceAccount, err := serviceAccounts.Get(serviceAccount.Name) + serviceAccounts := e.client.Core().ServiceAccounts(saNamespace) + serviceAccount, err := serviceAccounts.Get(saName) + // Ignore NotFound errors when attempting to remove a reference + if apierrors.IsNotFound(err) { + return nil + } if err != nil { return err } - // Double-check to see if the account still references the secret + // Short-circuit if the UID doesn't match + if len(saUID) > 0 && saUID != serviceAccount.UID { + return nil + } + + // Short-circuit if the secret is no longer referenced if !getSecretReferences(serviceAccount).Has(secretName) { return nil } + // Remove the secret secrets := []api.ObjectReference{} for _, s := range serviceAccount.Secrets { if s.Name != secretName { @@ -438,59 +568,90 @@ func (e *TokensController) removeSecretReferenceIfNeeded(serviceAccount *api.Ser } } serviceAccount.Secrets = secrets - _, err = serviceAccounts.Update(serviceAccount) - if err != nil { - return err + // Ignore NotFound errors when attempting to remove a reference + if apierrors.IsNotFound(err) { + return nil } - - return nil + return err } -// getServiceAccount returns the ServiceAccount referenced by the given secret. If the secret is not -// of type ServiceAccountToken, or if the referenced ServiceAccount does not exist, nil is returned -func (e *TokensController) getServiceAccount(secret *api.Secret, fetchOnCacheMiss bool) (*api.ServiceAccount, error) { - name, _ := serviceAccountNameAndUID(secret) - if len(name) == 0 { - return nil, nil - } - - key := &api.ServiceAccount{ObjectMeta: api.ObjectMeta{Namespace: secret.Namespace}} - namespaceAccounts, err := e.serviceAccounts.Index("namespace", key) +func (e *TokensController) getServiceAccount(ns string, name string, uid types.UID, fetchOnCacheMiss bool) (*api.ServiceAccount, error) { + // Look up in cache + obj, exists, err := e.serviceAccounts.GetByKey(makeCacheKey(ns, name)) if err != nil { return nil, err } - - for _, obj := range namespaceAccounts { - serviceAccount := obj.(*api.ServiceAccount) - - if serviceaccount.IsServiceAccountToken(secret, serviceAccount) { - return serviceAccount, nil + if exists { + sa, ok := obj.(*api.ServiceAccount) + if !ok { + return nil, fmt.Errorf("expected *api.ServiceAccount, got %#v", sa) + } + // Ensure UID matches if given + if len(uid) == 0 || uid == sa.UID { + return sa, nil } } - if fetchOnCacheMiss { - serviceAccount, err := e.client.Core().ServiceAccounts(secret.Namespace).Get(name) - if apierrors.IsNotFound(err) { - return nil, nil - } - if err != nil { - return nil, err - } + if !fetchOnCacheMiss { + return nil, nil + } - if serviceaccount.IsServiceAccountToken(secret, serviceAccount) { - return serviceAccount, nil + // Live lookup + sa, err := e.client.Core().ServiceAccounts(ns).Get(name) + if apierrors.IsNotFound(err) { + return nil, nil + } + if err != nil { + return nil, err + } + // Ensure UID matches if given + if len(uid) == 0 || uid == sa.UID { + return sa, nil + } + return nil, nil +} + +func (e *TokensController) getSecret(ns string, name string, uid types.UID, fetchOnCacheMiss bool) (*api.Secret, error) { + // Look up in cache + obj, exists, err := e.secrets.GetByKey(makeCacheKey(ns, name)) + if err != nil { + return nil, err + } + if exists { + secret, ok := obj.(*api.Secret) + if !ok { + return nil, fmt.Errorf("expected *api.Secret, got %#v", secret) + } + // Ensure UID matches if given + if len(uid) == 0 || uid == secret.UID { + return secret, nil } } + if !fetchOnCacheMiss { + return nil, nil + } + + // Live lookup + secret, err := e.client.Core().Secrets(ns).Get(name) + if apierrors.IsNotFound(err) { + return nil, nil + } + if err != nil { + return nil, err + } + // Ensure UID matches if given + if len(uid) == 0 || uid == secret.UID { + return secret, nil + } return nil, nil } // listTokenSecrets returns a list of all of the ServiceAccountToken secrets that // reference the given service account's name and uid func (e *TokensController) listTokenSecrets(serviceAccount *api.ServiceAccount) ([]*api.Secret, error) { - key := &api.Secret{ObjectMeta: api.ObjectMeta{Namespace: serviceAccount.Namespace}} - namespaceSecrets, err := e.secrets.Index("namespace", key) + namespaceSecrets, err := e.secrets.ByIndex("namespace", serviceAccount.Namespace) if err != nil { return nil, err } @@ -523,3 +684,63 @@ func getSecretReferences(serviceAccount *api.ServiceAccount) sets.String { } return references } + +// serviceAccountQueueKey holds information we need to sync a service account. +// It contains enough information to look up the cached service account, +// or delete owned tokens if the service account no longer exists. +type serviceAccountQueueKey struct { + namespace string + name string + uid types.UID +} + +func makeServiceAccountKey(sa *api.ServiceAccount) interface{} { + return serviceAccountQueueKey{ + namespace: sa.Namespace, + name: sa.Name, + uid: sa.UID, + } +} + +func parseServiceAccountKey(key interface{}) (serviceAccountQueueKey, error) { + queueKey, ok := key.(serviceAccountQueueKey) + if !ok || len(queueKey.namespace) == 0 || len(queueKey.name) == 0 || len(queueKey.uid) == 0 { + return serviceAccountQueueKey{}, fmt.Errorf("invalid serviceaccount key: %#v", key) + } + return queueKey, nil +} + +// secretQueueKey holds information we need to sync a service account token secret. +// It contains enough information to look up the cached service account, +// or delete the secret reference if the secret no longer exists. +type secretQueueKey struct { + namespace string + name string + uid types.UID + saName string + // optional, will be blank when syncing tokens missing the service account uid annotation + saUID types.UID +} + +func makeSecretQueueKey(secret *api.Secret) interface{} { + return secretQueueKey{ + namespace: secret.Namespace, + name: secret.Name, + uid: secret.UID, + saName: secret.Annotations[api.ServiceAccountNameKey], + saUID: types.UID(secret.Annotations[api.ServiceAccountUIDKey]), + } +} + +func parseSecretQueueKey(key interface{}) (secretQueueKey, error) { + queueKey, ok := key.(secretQueueKey) + if !ok || len(queueKey.namespace) == 0 || len(queueKey.name) == 0 || len(queueKey.uid) == 0 || len(queueKey.saName) == 0 { + return secretQueueKey{}, fmt.Errorf("invalid secret key: %#v", key) + } + return queueKey, nil +} + +// produce the same key format as cache.MetaNamespaceKeyFunc +func makeCacheKey(namespace, name string) string { + return namespace + "/" + name +} diff --git a/pkg/controller/serviceaccount/tokens_controller_test.go b/pkg/controller/serviceaccount/tokens_controller_test.go index 4f2ff6fb53..4fad277527 100644 --- a/pkg/controller/serviceaccount/tokens_controller_test.go +++ b/pkg/controller/serviceaccount/tokens_controller_test.go @@ -17,10 +17,15 @@ limitations under the License. package serviceaccount import ( + "errors" "reflect" "testing" + "time" + + "github.com/golang/glog" "k8s.io/kubernetes/pkg/api" + apierrors "k8s.io/kubernetes/pkg/api/errors" "k8s.io/kubernetes/pkg/api/unversioned" "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/fake" "k8s.io/kubernetes/pkg/client/testing/core" @@ -63,7 +68,12 @@ func tokenSecretReferences() []api.ObjectReference { // addTokenSecretReference adds a reference to the ServiceAccountToken that will be created func addTokenSecretReference(refs []api.ObjectReference) []api.ObjectReference { - return append(refs, api.ObjectReference{Name: "default-token-fplln"}) + return addNamedTokenSecretReference(refs, "default-token-fplln") +} + +// addNamedTokenSecretReference adds a reference to the named ServiceAccountToken +func addNamedTokenSecretReference(refs []api.ObjectReference, name string) []api.ObjectReference { + return append(refs, api.ObjectReference{Name: name}) } // serviceAccount returns a service account with the given secret refs @@ -104,10 +114,15 @@ func opaqueSecret() *api.Secret { // createdTokenSecret returns the ServiceAccountToken secret posted when creating a new token secret. // Named "default-token-fplln", since that is the first generated name after rand.Seed(1) -func createdTokenSecret() *api.Secret { +func createdTokenSecret(overrideName ...string) *api.Secret { + return namedCreatedTokenSecret("default-token-fplln") +} + +// namedTokenSecret returns the ServiceAccountToken secret posted when creating a new token secret with the given name. +func namedCreatedTokenSecret(name string) *api.Secret { return &api.Secret{ ObjectMeta: api.ObjectMeta{ - Name: "default-token-fplln", + Name: name, Namespace: "default", Annotations: map[string]string{ api.ServiceAccountNameKey: "default", @@ -180,12 +195,20 @@ func serviceAccountTokenSecretWithNamespaceData(data []byte) *api.Secret { return secret } +type reaction struct { + verb string + resource string + reactor func(t *testing.T) core.ReactionFunc +} + func TestTokenCreation(t *testing.T) { testcases := map[string]struct { ClientObjects []runtime.Object - SecretsSyncPending bool - ServiceAccountsSyncPending bool + IsAsync bool + MaxRetries int + + Reactors []reaction ExistingServiceAccount *api.ServiceAccount ExistingSecrets []*api.Secret @@ -209,16 +232,66 @@ func TestTokenCreation(t *testing.T) { core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, - "new serviceaccount with no secrets with unsynced secret store": { + "new serviceaccount with no secrets encountering create error": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, - - SecretsSyncPending: true, + MaxRetries: 10, + IsAsync: true, + Reactors: []reaction{{ + verb: "create", + resource: "secrets", + reactor: func(t *testing.T) core.ReactionFunc { + i := 0 + return func(core.Action) (bool, runtime.Object, error) { + i++ + if i < 3 { + return true, nil, apierrors.NewForbidden(api.Resource("secrets"), "foo", errors.New("No can do")) + } + return false, nil, nil + } + }, + }}, AddedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []core.Action{ + // Attempt 1 core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, "default"), core.NewCreateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, createdTokenSecret()), - core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), + + // Attempt 2 + core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, "default"), + core.NewCreateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, namedCreatedTokenSecret("default-token-gziey")), + + // Attempt 3 + core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, "default"), + core.NewCreateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, namedCreatedTokenSecret("default-token-oh43e")), + core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, serviceAccount(addNamedTokenSecretReference(emptySecretReferences(), "default-token-oh43e"))), + }, + }, + "new serviceaccount with no secrets encountering unending create error": { + ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, + MaxRetries: 2, + IsAsync: true, + Reactors: []reaction{{ + verb: "create", + resource: "secrets", + reactor: func(t *testing.T) core.ReactionFunc { + return func(core.Action) (bool, runtime.Object, error) { + return true, nil, apierrors.NewForbidden(api.Resource("secrets"), "foo", errors.New("No can do")) + } + }, + }}, + + AddedServiceAccount: serviceAccount(emptySecretReferences()), + ExpectedActions: []core.Action{ + // Attempt + core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, "default"), + core.NewCreateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, createdTokenSecret()), + // Retry 1 + core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, "default"), + core.NewCreateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, namedCreatedTokenSecret("default-token-gziey")), + // Retry 2 + core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, "default"), + core.NewCreateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, namedCreatedTokenSecret("default-token-oh43e")), }, }, "new serviceaccount with missing secrets": { @@ -231,14 +304,6 @@ func TestTokenCreation(t *testing.T) { core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))), }, }, - "new serviceaccount with missing secrets with unsynced secret store": { - ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, - - SecretsSyncPending: true, - - AddedServiceAccount: serviceAccount(missingSecretReferences()), - ExpectedActions: []core.Action{}, - }, "new serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()}, @@ -275,18 +340,6 @@ func TestTokenCreation(t *testing.T) { core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, - "updated serviceaccount with no secrets with unsynced secret store": { - ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, - - SecretsSyncPending: true, - - UpdatedServiceAccount: serviceAccount(emptySecretReferences()), - ExpectedActions: []core.Action{ - core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, "default"), - core.NewCreateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, createdTokenSecret()), - core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), - }, - }, "updated serviceaccount with missing secrets": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, @@ -297,14 +350,6 @@ func TestTokenCreation(t *testing.T) { core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))), }, }, - "updated serviceaccount with missing secrets with unsynced secret store": { - ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, - - SecretsSyncPending: true, - - UpdatedServiceAccount: serviceAccount(missingSecretReferences()), - ExpectedActions: []core.Action{}, - }, "updated serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()}, @@ -375,6 +420,7 @@ func TestTokenCreation(t *testing.T) { AddedSecret: serviceAccountTokenSecretWithoutTokenData(), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -384,6 +430,7 @@ func TestTokenCreation(t *testing.T) { AddedSecret: serviceAccountTokenSecretWithoutCAData(), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -393,6 +440,7 @@ func TestTokenCreation(t *testing.T) { AddedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -402,6 +450,7 @@ func TestTokenCreation(t *testing.T) { AddedSecret: serviceAccountTokenSecretWithoutNamespaceData(), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -436,6 +485,7 @@ func TestTokenCreation(t *testing.T) { UpdatedSecret: serviceAccountTokenSecretWithoutTokenData(), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -445,6 +495,7 @@ func TestTokenCreation(t *testing.T) { UpdatedSecret: serviceAccountTokenSecretWithoutCAData(), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -454,6 +505,7 @@ func TestTokenCreation(t *testing.T) { UpdatedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -463,6 +515,7 @@ func TestTokenCreation(t *testing.T) { UpdatedSecret: serviceAccountTokenSecretWithoutNamespaceData(), ExpectedActions: []core.Action{ + core.NewGetAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, "token-secret-1"), core.NewUpdateAction(unversioned.GroupVersionResource{Resource: "secrets"}, api.NamespaceDefault, serviceAccountTokenSecret()), }, }, @@ -501,6 +554,7 @@ func TestTokenCreation(t *testing.T) { } for k, tc := range testcases { + glog.Infof(k) // Re-seed to reset name generation utilrand.Seed(1) @@ -508,12 +562,11 @@ func TestTokenCreation(t *testing.T) { generator := &testGenerator{Token: "ABC"} client := fake.NewSimpleClientset(tc.ClientObjects...) + for _, reactor := range tc.Reactors { + client.Fake.PrependReactor(reactor.verb, reactor.resource, reactor.reactor(t)) + } - controller := NewTokensController(client, TokensControllerOptions{TokenGenerator: generator, RootCA: []byte("CA Data")}) - - // Tell the token controller whether its stores have been synced - controller.serviceAccountsSynced = func() bool { return !tc.ServiceAccountsSyncPending } - controller.secretsSynced = func() bool { return !tc.SecretsSyncPending } + controller := NewTokensController(client, TokensControllerOptions{TokenGenerator: generator, RootCA: []byte("CA Data"), MaxRetries: tc.MaxRetries}) if tc.ExistingServiceAccount != nil { controller.serviceAccounts.Add(tc.ExistingServiceAccount) @@ -523,22 +576,72 @@ func TestTokenCreation(t *testing.T) { } if tc.AddedServiceAccount != nil { - controller.serviceAccountAdded(tc.AddedServiceAccount) + controller.serviceAccounts.Add(tc.AddedServiceAccount) + controller.queueServiceAccountSync(tc.AddedServiceAccount) } if tc.UpdatedServiceAccount != nil { - controller.serviceAccountUpdated(nil, tc.UpdatedServiceAccount) + controller.serviceAccounts.Add(tc.UpdatedServiceAccount) + controller.queueServiceAccountUpdateSync(nil, tc.UpdatedServiceAccount) } if tc.DeletedServiceAccount != nil { - controller.serviceAccountDeleted(tc.DeletedServiceAccount) + controller.serviceAccounts.Delete(tc.DeletedServiceAccount) + controller.queueServiceAccountSync(tc.DeletedServiceAccount) } if tc.AddedSecret != nil { - controller.secretAdded(tc.AddedSecret) + controller.secrets.Add(tc.AddedSecret) + controller.queueSecretSync(tc.AddedSecret) } if tc.UpdatedSecret != nil { - controller.secretUpdated(nil, tc.UpdatedSecret) + controller.secrets.Add(tc.UpdatedSecret) + controller.queueSecretUpdateSync(nil, tc.UpdatedSecret) } if tc.DeletedSecret != nil { - controller.secretDeleted(tc.DeletedSecret) + controller.secrets.Delete(tc.DeletedSecret) + controller.queueSecretSync(tc.DeletedSecret) + } + + // This is the longest we'll wait for async tests + timeout := time.Now().Add(30 * time.Second) + waitedForAdditionalActions := false + + for { + if controller.syncServiceAccountQueue.Len() > 0 { + controller.syncServiceAccount() + } + if controller.syncSecretQueue.Len() > 0 { + controller.syncSecret() + } + + // The queues still have things to work on + if controller.syncServiceAccountQueue.Len() > 0 || controller.syncSecretQueue.Len() > 0 { + continue + } + + // If we expect this test to work asynchronously... + if tc.IsAsync { + // if we're still missing expected actions within our test timeout + if len(client.Actions()) < len(tc.ExpectedActions) && time.Now().Before(timeout) { + // wait for the expected actions (without hotlooping) + time.Sleep(time.Millisecond) + continue + } + + // if we exactly match our expected actions, wait a bit to make sure no other additional actions show up + if len(client.Actions()) == len(tc.ExpectedActions) && !waitedForAdditionalActions { + time.Sleep(time.Second) + waitedForAdditionalActions = true + continue + } + } + + break + } + + if controller.syncServiceAccountQueue.Len() > 0 { + t.Errorf("%s: unexpected items in service account queue: %d", k, controller.syncServiceAccountQueue.Len()) + } + if controller.syncSecretQueue.Len() > 0 { + t.Errorf("%s: unexpected items in secret queue: %d", k, controller.syncSecretQueue.Len()) } actions := client.Actions() @@ -556,7 +659,10 @@ func TestTokenCreation(t *testing.T) { } if len(tc.ExpectedActions) > len(actions) { - t.Errorf("%s: %d additional expected actions:%+v", k, len(tc.ExpectedActions)-len(actions), tc.ExpectedActions[len(actions):]) + t.Errorf("%s: %d additional expected actions", k, len(tc.ExpectedActions)-len(actions)) + for _, a := range tc.ExpectedActions[len(actions):] { + t.Logf(" %+v", a) + } } } } diff --git a/test/integration/service_account_test.go b/test/integration/service_account_test.go index 63d2712590..e05c315e0e 100644 --- a/test/integration/service_account_test.go +++ b/test/integration/service_account_test.go @@ -415,15 +415,16 @@ func startServiceAccountTestServer(t *testing.T) (*clientset.Clientset, restclie } // Start the service account and service account token controllers + stopCh := make(chan struct{}) tokenController := serviceaccountcontroller.NewTokensController(rootClientset, serviceaccountcontroller.TokensControllerOptions{TokenGenerator: serviceaccount.JWTTokenGenerator(serviceAccountKey)}) - tokenController.Run() + go tokenController.Run(1, stopCh) serviceAccountController := serviceaccountcontroller.NewServiceAccountsController(rootClientset, serviceaccountcontroller.DefaultServiceAccountsControllerOptions()) serviceAccountController.Run() // Start the admission plugin reflectors serviceAccountAdmission.Run() stop := func() { - tokenController.Stop() + close(stopCh) serviceAccountController.Stop() serviceAccountAdmission.Stop() apiServer.Close()