DaemonSet: Respect ControllerRef #42173
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -134,7 +134,9 @@ func (s *CMServer) AddFlags(fs *pflag.FlagSet, allControllers []string, disabled | |
| fs.Int32Var(&s.ConcurrentSATokenSyncs, "concurrent-serviceaccount-token-syncs", s.ConcurrentSATokenSyncs, "The number of service account token objects that are allowed to sync concurrently. Larger number = more responsive token generation, but more CPU (and network) load") | ||
| fs.Int32Var(&s.LookupCacheSizeForRC, "replication-controller-lookup-cache-size", s.LookupCacheSizeForRC, "This flag is deprecated and will be removed in future releases. ReplicationController no longer requires a lookup cache.") | ||
| fs.Int32Var(&s.LookupCacheSizeForRS, "replicaset-lookup-cache-size", s.LookupCacheSizeForRS, "This flag is deprecated and will be removed in future releases. ReplicaSet no longer requires a lookup cache.") | ||
| // TODO: Remove the following flag 6 months after v1.6.0 is released. | ||
|
There was a problem hiding this comment. Copying from my comment in https://github.com/kubernetes/kubernetes/pull/42659/files#r104817545:
|
||
| fs.Int32Var(&s.LookupCacheSizeForDaemonSet, "daemonset-lookup-cache-size", s.LookupCacheSizeForDaemonSet, "This flag is deprecated and will be removed in future releases. DaemonSet no longer requires a lookup cache.") | ||
| fs.MarkDeprecated("daemonset-lookup-cache-size", "This flag is deprecated and will be removed in future releases. DaemonSet no longer requires a lookup cache.") | ||
| fs.DurationVar(&s.ServiceSyncPeriod.Duration, "service-sync-period", s.ServiceSyncPeriod.Duration, "The period for syncing services with their external load balancers") | ||
| fs.DurationVar(&s.NodeSyncPeriod.Duration, "node-sync-period", 0, ""+ | ||
| "This flag is deprecated and will be removed in future releases. See node-monitor-period for Node health checking or "+ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -400,8 +400,9 @@ func (r RealRSControl) PatchReplicaSet(namespace, name string, data []byte) erro | |
| type PodControlInterface interface { | ||
| // CreatePods creates new pods according to the spec. | ||
| CreatePods(namespace string, template *v1.PodTemplateSpec, object runtime.Object) error | ||
| // CreatePodsOnNode creates a new pod according to the spec on the specified node, | ||
| // and sets the ControllerRef. | ||
| CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error | ||
| // CreatePodsWithControllerRef creates new pods according to the spec, and sets object as the pod's controller. | ||
| CreatePodsWithControllerRef(namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error | ||
| // DeletePod deletes the pod identified by podID. | ||
|
|
@@ -466,11 +467,7 @@ func getPodsPrefix(controllerName string) string { | |
| return prefix | ||
| } | ||
|
|
||
| func validateControllerRef(controllerRef *metav1.OwnerReference) error { | ||
|
There was a problem hiding this comment. Is this validation running in the api server or only in controllers? There was a problem hiding this comment. This validation is only required for controllers. API server doesn't know if a request is sent by a controller thus cannot do the validation. If a TPR creates dependents, then its custom controller could do a similar check. |
||
| if controllerRef == nil { | ||
| return fmt.Errorf("controllerRef is nil") | ||
| } | ||
|
|
@@ -481,16 +478,30 @@ func (r RealPodControl) CreatePodsWithControllerRef(namespace string, template * | |
| return fmt.Errorf("controllerRef has empty Kind") | ||
| } | ||
| if controllerRef.Controller == nil || *controllerRef.Controller != true { | ||
|
There was a problem hiding this comment. Could you also verify that controllerRef.BlockOwnerDeletion is true, and set it to true in all controllee's creation/adoption? See the comments here. There was a problem hiding this comment. I will do this in a separate PR since the change will apply to all controllers. There was a problem hiding this comment. After looking more closely, it makes more sense to fix it here. I just needed to move the BlockOwnerDeletion check up into validateControllerRef(). There was a problem hiding this comment. Should we also validate that controllerRef's Name and UID isn't empty (i.e. There was a problem hiding this comment. I'll make a note to address that in a future PR. It will affect multiple controllers and may require updates to their unit tests, since not all tests bother to fill those in. In this PR, I am just moving this validation code to a common function so I can use it in two places without duplicating. |
||
| return fmt.Errorf("controllerRef.Controller is not set to true") | ||
| } | ||
| if controllerRef.BlockOwnerDeletion == nil || *controllerRef.BlockOwnerDeletion != true { | ||
| return fmt.Errorf("controllerRef.BlockOwnerDeletion is not set") | ||
| } | ||
| return nil | ||
| } | ||
|
|
||
| func (r RealPodControl) CreatePods(namespace string, template *v1.PodTemplateSpec, object runtime.Object) error { | ||
| return r.createPods("", namespace, template, object, nil) | ||
| } | ||
|
|
||
| func (r RealPodControl) CreatePodsWithControllerRef(namespace string, template *v1.PodTemplateSpec, controllerObject runtime.Object, controllerRef *metav1.OwnerReference) error { | ||
| if err := validateControllerRef(controllerRef); err != nil { | ||
| return err | ||
| } | ||
| return r.createPods("", namespace, template, controllerObject, controllerRef) | ||
| } | ||
|
|
||
| func (r RealPodControl) CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error { | ||
| if err := validateControllerRef(controllerRef); err != nil { | ||
| return err | ||
| } | ||
| return r.createPods(nodeName, namespace, template, object, controllerRef) | ||
| } | ||
|
|
||
| func (r RealPodControl) PatchPod(namespace, name string, data []byte) error { | ||
|
|
@@ -613,10 +624,11 @@ func (f *FakePodControl) CreatePodsWithControllerRef(namespace string, spec *v1. | |
| return nil | ||
| } | ||
|
|
||
| func (f *FakePodControl) CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error { | ||
| f.Lock() | ||
| defer f.Unlock() | ||
| f.Templates = append(f.Templates, *template) | ||
| f.ControllerRefs = append(f.ControllerRefs, *controllerRef) | ||
| if f.Err != nil { | ||
| return f.Err | ||
| } | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should call
fs.MarkDeprecated, and put a TODO for when to remove this flag(do this in other ControllerRef PRs too)
Edit: see https://kubernetes.io/docs/deprecation-policy/#deprecating-a-flag-or-cli, we can remove this flag 6 months after deprecating it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks I fixed it here and added it to my list of fixes for RC/RS that I will make in a separate PR.