-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DaemonSet: Respect ControllerRef #42173
Changes from all commits
8f3a56f
2217363
421e0bb
1099811
c288f52
ab5a82d
97c363a
182753f
e2deb17
fac372d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -134,7 +134,9 @@ func (s *CMServer) AddFlags(fs *pflag.FlagSet, allControllers []string, disabled | |
fs.Int32Var(&s.ConcurrentSATokenSyncs, "concurrent-serviceaccount-token-syncs", s.ConcurrentSATokenSyncs, "The number of service account token objects that are allowed to sync concurrently. Larger number = more responsive token generation, but more CPU (and network) load") | ||
fs.Int32Var(&s.LookupCacheSizeForRC, "replication-controller-lookup-cache-size", s.LookupCacheSizeForRC, "This flag is deprecated and will be removed in future releases. ReplicationController no longer requires a lookup cache.") | ||
fs.Int32Var(&s.LookupCacheSizeForRS, "replicaset-lookup-cache-size", s.LookupCacheSizeForRS, "This flag is deprecated and will be removed in future releases. ReplicaSet no longer requires a lookup cache.") | ||
fs.Int32Var(&s.LookupCacheSizeForDaemonSet, "daemonset-lookup-cache-size", s.LookupCacheSizeForDaemonSet, "The the size of lookup cache for daemonsets. Larger number = more responsive daemonsets, but more MEM load.") | ||
// TODO: Remove the following flag 6 months after v1.6.0 is released. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Copying from my comment in https://github.com/kubernetes/kubernetes/pull/42659/files#r104817545:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. |
||
fs.Int32Var(&s.LookupCacheSizeForDaemonSet, "daemonset-lookup-cache-size", s.LookupCacheSizeForDaemonSet, "This flag is deprecated and will be removed in future releases. DaemonSet no longer requires a lookup cache.") | ||
fs.MarkDeprecated("daemonset-lookup-cache-size", "This flag is deprecated and will be removed in future releases. DaemonSet no longer requires a lookup cache.") | ||
fs.DurationVar(&s.ServiceSyncPeriod.Duration, "service-sync-period", s.ServiceSyncPeriod.Duration, "The period for syncing services with their external load balancers") | ||
fs.DurationVar(&s.NodeSyncPeriod.Duration, "node-sync-period", 0, ""+ | ||
"This flag is deprecated and will be removed in future releases. See node-monitor-period for Node health checking or "+ | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -400,8 +400,9 @@ func (r RealRSControl) PatchReplicaSet(namespace, name string, data []byte) erro | |
type PodControlInterface interface { | ||
// CreatePods creates new pods according to the spec. | ||
CreatePods(namespace string, template *v1.PodTemplateSpec, object runtime.Object) error | ||
// CreatePodsOnNode creates a new pod according to the spec on the specified node. | ||
CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object) error | ||
// CreatePodsOnNode creates a new pod according to the spec on the specified node, | ||
// and sets the ControllerRef. | ||
CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error | ||
// CreatePodsWithControllerRef creates new pods according to the spec, and sets object as the pod's controller. | ||
CreatePodsWithControllerRef(namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error | ||
// DeletePod deletes the pod identified by podID. | ||
|
@@ -466,11 +467,7 @@ func getPodsPrefix(controllerName string) string { | |
return prefix | ||
} | ||
|
||
func (r RealPodControl) CreatePods(namespace string, template *v1.PodTemplateSpec, object runtime.Object) error { | ||
return r.createPods("", namespace, template, object, nil) | ||
} | ||
|
||
func (r RealPodControl) CreatePodsWithControllerRef(namespace string, template *v1.PodTemplateSpec, controllerObject runtime.Object, controllerRef *metav1.OwnerReference) error { | ||
func validateControllerRef(controllerRef *metav1.OwnerReference) error { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this validation running in the api server or only in controllers? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Only in controllers. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This validation is only required for controllers. API server doesn't know if a request is sent by a controller thus cannot do the validation. If a TPR creates dependents, then its custom controller could do a similar check. |
||
if controllerRef == nil { | ||
return fmt.Errorf("controllerRef is nil") | ||
} | ||
|
@@ -481,16 +478,30 @@ func (r RealPodControl) CreatePodsWithControllerRef(namespace string, template * | |
return fmt.Errorf("controllerRef has empty Kind") | ||
} | ||
if controllerRef.Controller == nil || *controllerRef.Controller != true { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you also verify that controllerRef.BlockOwnerDeletion is true, and set it to true in all controllee's creation/adoption? See the comments here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I will do this in a separate PR since the change will apply to all controllers. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. After looking more closely, it makes more sense to fix it here. I just needed to move the BlockOwnerDeletion check up into validateControllerRef(). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should we also validate that controllerRef's Name and UID isn't empty (i.e. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'll make a note to address that in a future PR. It will affect multiple controllers and may require updates to their unit tests, since not all tests bother to fill those in. In this PR, I am just moving this validation code to a common function so I can use it in two places without duplicating. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. sounds good |
||
return fmt.Errorf("controllerRef.Controller is not set") | ||
return fmt.Errorf("controllerRef.Controller is not set to true") | ||
} | ||
if controllerRef.BlockOwnerDeletion == nil || *controllerRef.BlockOwnerDeletion != true { | ||
return fmt.Errorf("controllerRef.BlockOwnerDeletion is not set") | ||
} | ||
return nil | ||
} | ||
|
||
func (r RealPodControl) CreatePods(namespace string, template *v1.PodTemplateSpec, object runtime.Object) error { | ||
return r.createPods("", namespace, template, object, nil) | ||
} | ||
|
||
func (r RealPodControl) CreatePodsWithControllerRef(namespace string, template *v1.PodTemplateSpec, controllerObject runtime.Object, controllerRef *metav1.OwnerReference) error { | ||
if err := validateControllerRef(controllerRef); err != nil { | ||
return err | ||
} | ||
return r.createPods("", namespace, template, controllerObject, controllerRef) | ||
} | ||
|
||
func (r RealPodControl) CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object) error { | ||
return r.createPods(nodeName, namespace, template, object, nil) | ||
func (r RealPodControl) CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error { | ||
if err := validateControllerRef(controllerRef); err != nil { | ||
return err | ||
} | ||
return r.createPods(nodeName, namespace, template, object, controllerRef) | ||
} | ||
|
||
func (r RealPodControl) PatchPod(namespace, name string, data []byte) error { | ||
|
@@ -613,10 +624,11 @@ func (f *FakePodControl) CreatePodsWithControllerRef(namespace string, spec *v1. | |
return nil | ||
} | ||
|
||
func (f *FakePodControl) CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object) error { | ||
func (f *FakePodControl) CreatePodsOnNode(nodeName, namespace string, template *v1.PodTemplateSpec, object runtime.Object, controllerRef *metav1.OwnerReference) error { | ||
f.Lock() | ||
defer f.Unlock() | ||
f.Templates = append(f.Templates, *template) | ||
f.ControllerRefs = append(f.ControllerRefs, *controllerRef) | ||
if f.Err != nil { | ||
return f.Err | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should call
fs.MarkDeprecated
, and put a TODO for when to remove this flag(do this in other ControllerRef PRs too)
Edit: see https://kubernetes.io/docs/deprecation-policy/#deprecating-a-flag-or-cli, we can remove this flag 6 months after deprecating it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks I fixed it here and added it to my list of fixes for RC/RS that I will make in a separate PR.