Make topologymanagerpolicy configurable

kubernetes · Apr 3, 2020 · b5cde0a · b5cde0a
1 parent ec42233
commit b5cde0a
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 62 deletions.
diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -2069,6 +2069,10 @@ spec:
                 tlsPrivateKeyFile:
                   description: 'TODO: Remove unused TLSPrivateKeyFile'
                   type: string
+                topologyManagerPolicy:
+                  description: TopologyManagerPolicy determines the policy for the
+                    topology manager
+                  type: string
                 volumePluginDirectory:
                   description: The full path of the directory in which to search for
                     additional third party volume plugins (this path must be writeable,
@@ -2427,6 +2431,10 @@ spec:
                 tlsPrivateKeyFile:
                   description: 'TODO: Remove unused TLSPrivateKeyFile'
                   type: string
+                topologyManagerPolicy:
+                  description: TopologyManagerPolicy determines the policy for the
+                    topology manager
+                  type: string
                 volumePluginDirectory:
                   description: The full path of the directory in which to search for
                     additional third party volume plugins (this path must be writeable,

diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml
@@ -551,6 +551,10 @@ spec:
                 tlsPrivateKeyFile:
                   description: 'TODO: Remove unused TLSPrivateKeyFile'
                   type: string
+                topologyManagerPolicy:
+                  description: TopologyManagerPolicy determines the policy for the
+                    topology manager
+                  type: string
                 volumePluginDirectory:
                   description: The full path of the directory in which to search for
                     additional third party volume plugins (this path must be writeable,

diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go
@@ -196,6 +196,8 @@ type KubeletConfigSpec struct {
 	RegistryPullQPS *int32 `json:"registryPullQPS,omitempty" flag:"registry-qps"`
 	//RegistryBurst Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10)
 	RegistryBurst *int32 `json:"registryBurst,omitempty" flag:"registry-burst"`
+	//TopologyManagerPolicy determines the policy for the topology manager
+	TopologyManagerPolicy string `json:"topologyManagerPolicy,omitempty" flag:"topology-manager-policy"`
 
 	// rotateCertificates enables client certificate rotation.
 	RotateCertificates *bool `json:"rotateCertificates,omitempty" flag:"rotate-certificates"`

diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go
@@ -196,6 +196,8 @@ type KubeletConfigSpec struct {
 	RegistryPullQPS *int32 `json:"registryPullQPS,omitempty" flag:"registry-qps"`
 	//RegistryBurst Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10)
 	RegistryBurst *int32 `json:"registryBurst,omitempty" flag:"registry-burst"`
+	//TopologyManagerPolicy determines the policy for the topology manager
+	TopologyManagerPolicy string `json:"topologyManagerPolicy,omitempty" flag:"topology-manager-policy"`
 
 	// rotateCertificates enables client certificate rotation.
 	RotateCertificates *bool `json:"rotateCertificates,omitempty" flag:"rotate-certificates"`

diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
diff --git a/pkg/apis/kops/validation/legacy.go b/pkg/apis/kops/validation/legacy.go
@@ -451,68 +451,8 @@ func ValidateCluster(c *kops.Cluster, strict bool) field.ErrorList {
 	}
 
 	// Kubelet
-	if c.Spec.Kubelet != nil {
-		kubeletPath := fieldSpec.Child("kubelet")
-
-		{
-			// Flag removed in 1.6
-			if c.Spec.Kubelet.APIServers != "" {
-				allErrs = append(allErrs, field.Invalid(
-					kubeletPath.Child("apiServers"),
-					c.Spec.Kubelet.APIServers,
-					"api-servers flag was removed in 1.6"))
-			}
-		}
-
-		if kubernetesRelease.GTE(semver.MustParse("1.10.0")) {
-			// Flag removed in 1.10
-			if c.Spec.Kubelet.RequireKubeconfig != nil {
-				allErrs = append(allErrs, field.Invalid(
-					kubeletPath.Child("requireKubeconfig"),
-					*c.Spec.Kubelet.RequireKubeconfig,
-					"require-kubeconfig flag was removed in 1.10.  (Please be sure you are not using a cluster config from `kops get cluster --full`)"))
-			}
-		}
-
-		if c.Spec.Kubelet.BootstrapKubeconfig != "" {
-			if c.Spec.KubeAPIServer == nil {
-				allErrs = append(allErrs, field.Required(fieldSpec.Child("kubeAPIServer"), "bootstrap token require the NodeRestriction admissions controller"))
-			}
-		}
-
-		if c.Spec.Kubelet.APIServers != "" && !isValidAPIServersURL(c.Spec.Kubelet.APIServers) {
-			allErrs = append(allErrs, field.Invalid(kubeletPath.Child("apiServers"), c.Spec.Kubelet.APIServers, "Not a valid apiServer URL"))
-		}
-	}
-
-	// MasterKubelet
-	if c.Spec.MasterKubelet != nil {
-		masterKubeletPath := fieldSpec.Child("masterKubelet")
-
-		{
-			// Flag removed in 1.6
-			if c.Spec.MasterKubelet.APIServers != "" {
-				allErrs = append(allErrs, field.Invalid(
-					masterKubeletPath.Child("apiServers"),
-					c.Spec.MasterKubelet.APIServers,
-					"api-servers flag was removed in 1.6"))
-			}
-		}
-
-		if kubernetesRelease.GTE(semver.MustParse("1.10.0")) {
-			// Flag removed in 1.10
-			if c.Spec.MasterKubelet.RequireKubeconfig != nil {
-				allErrs = append(allErrs, field.Invalid(
-					masterKubeletPath.Child("requireKubeconfig"),
-					*c.Spec.MasterKubelet.RequireKubeconfig,
-					"require-kubeconfig flag was removed in 1.10.  (Please be sure you are not using a cluster config from `kops get cluster --full`)"))
-			}
-		}
-
-		if c.Spec.MasterKubelet.APIServers != "" && !isValidAPIServersURL(c.Spec.MasterKubelet.APIServers) {
-			allErrs = append(allErrs, field.Invalid(masterKubeletPath.Child("apiServers"), c.Spec.MasterKubelet.APIServers, "Not a valid apiServers URL"))
-		}
-	}
+	allErrs = append(allErrs, validateKubelet(c.Spec.Kubelet, c, fieldSpec.Child("kubelet"))...)
+	allErrs = append(allErrs, validateKubelet(c.Spec.MasterKubelet, c, fieldSpec.Child("masterKubelet"))...)
 
 	// Topology support
 	if c.Spec.Topology != nil {
@@ -731,3 +671,43 @@ func DeepValidate(c *kops.Cluster, groups []*kops.InstanceGroup, strict bool) er
 
 	return nil
 }
+
+func validateKubelet(k *kops.KubeletConfigSpec, c *kops.Cluster, kubeletPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+
+	if k != nil {
+
+		{
+			// Flag removed in 1.6
+			if k.APIServers != "" {
+				allErrs = append(allErrs, field.Forbidden(
+					kubeletPath.Child("apiServers"),
+					"api-servers flag was removed in 1.6"))
+			}
+		}
+
+		if c.IsKubernetesGTE("1.10") {
+			// Flag removed in 1.10
+			if k.RequireKubeconfig != nil {
+				allErrs = append(allErrs, field.Forbidden(
+					kubeletPath.Child("requireKubeconfig"),
+					"require-kubeconfig flag was removed in 1.10.  (Please be sure you are not using a cluster config from `kops get cluster --full`)"))
+			}
+		}
+
+		if k.BootstrapKubeconfig != "" {
+			if c.Spec.KubeAPIServer == nil {
+				allErrs = append(allErrs, field.Required(kubeletPath.Root().Child("spec").Child("kubeAPIServer"), "bootstrap token require the NodeRestriction admissions controller"))
+			}
+		}
+
+		if k.TopologyManagerPolicy != "" {
+			allErrs = append(allErrs, IsValidValue(kubeletPath.Child("topologyManagerPolicy"), &k.TopologyManagerPolicy, []string{"none", "best-effort", "restricted", "single-numa-node"})...)
+			if !c.IsKubernetesGTE("1.18") {
+				allErrs = append(allErrs, field.Forbidden(kubeletPath.Child("topologyManagerPolicy"), "topologyManagerPolicy requires at least Kubernetes 1.18"))
+			}
+		}
+
+	}
+	return allErrs
+}