-
Notifications
You must be signed in to change notification settings - Fork 39.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubelet config: Validate new config against future feature gates #63409
Kubelet config: Validate new config against future feature gates #63409
Conversation
@@ -43,9 +43,16 @@ const ( | |||
configTrialDuration = 10 * time.Minute | |||
) | |||
|
|||
type TransformFunc func(kc *kubeletconfig.KubeletConfiguration) error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not 100% sure if this is the pattern I want, because it looks like a generic utility but we have a very specific use-case: enforce flag precedence so the final config combination is validated before choosing a config.
At the very least, we should warn people in a comment, and maybe change the name to something less generic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternatively, we could make it something generic, and use it in the e2e tests. https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/util.go#L106 is essentially the same function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's more about how it's used in the controller; it's an extension point that we only want to use as a last resort.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though I don't see how we get away from it as long as we have to enforce flag precedence.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we'll go with this for now. I added a warning to the comment above the field on the controller and to the NewController constructor.
d7721eb
to
cc02d3c
Compare
[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process @dashpole @dchen1107 @liggitt @mtaufen Pull Request Labels
|
@@ -31,6 +31,11 @@ import ( | |||
func ValidateKubeletConfiguration(kc *kubeletconfig.KubeletConfiguration) error { | |||
allErrors := []error{} | |||
|
|||
// Make a local copy of the global feature gates and combine it with the gates set by this configuration. | |||
// This allows us to validate the config against the set of gates it will actually run against. | |||
localFeatureGate := utilfeature.DefaultFeatureGate.DeepCopy() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are we starting with a copy of the global gates? wouldn't kc.FeatureGates be the merged args+config at this point?
edit: hmm, because we don't want to overwrite the global here, and don't have a good way to construct a new default one from scratch
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup, exactly
TODO: After this merges, double check validation in case concurrent PRs add more feature gate checks (e.g. #63912). |
934caf8
to
97aa235
Compare
This fixes an issue with KubeletConfiguration validation, where the feature gates set by the new config were not taken into account. Also fixes a validation issue with dynamic Kubelet config, where flag precedence was not enforced prior to dynamic config validation in the controller; this prevented rejection of dynamic configs that don't merge well with values set via legacy flags.
97aa235
to
647e903
Compare
/lgtm |
@dashpole yes, the feature-gates flag will go away in favor of componentconfig. The transform func will probably be around until we can stop enforcing flag precedence, which is likely a-long-time™. |
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dashpole, dchen1107, mtaufen The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Automatic merge from submit-queue (batch tested with PRs 63881, 64046, 63409, 63402, 63221). If you want to cherry-pick this change to another branch, please follow the instructions here. |
This fixes an issue with KubeletConfiguration validation, where the
feature gates set by the new config were not taken into account.
Also fixes a validation issue with dynamic Kubelet config, where flag
precedence was not enforced prior to dynamic config validation in the
controller; this prevented rejection of dynamic configs that don't merge
well with values set via legacy flags.
Fixes #63305