restart kubelet on ca bundle change

openshift · Dec 9, 2020 · 9812af9 · 9812af9
1 parent 74d9cb5
commit 9812af9
Show file tree

Hide file tree

Showing 5 changed files with 363 additions and 0 deletions.
diff --git a/cmd/kubelet/app/patch_restart_on_file_change.go b/cmd/kubelet/app/patch_restart_on_file_change.go
@@ -0,0 +1,50 @@
+package app
+
+import (
+	"context"
+	"io/ioutil"
+	"os"
+	"sync"
+	"time"
+
+	"github.com/openshift/library-go/pkg/controller/fileobserver"
+)
+
+func startRestartOnFileChanges(ctx context.Context) context.Context {
+	// When the kubeconfig content change, commit suicide to reload its content.
+	observer, err := fileobserver.NewObserver(1 * time.Second)
+	if err != nil {
+		// coding error. the library needs fixing to stop returning an error
+		panic(err)
+	}
+
+	// Make a context that is cancelled when the parent is closed (this happens on signals)
+	// The cancel for the subcontext is called when the files change.
+	wrappedContext, cancel := context.WithCancel(ctx)
+
+	files := []string{
+		"/etc/kubernetes/kubelet-ca.crt",
+	}
+	fileContent := map[string][]byte{}
+	for _, file := range files {
+		// ignore error because it means the file isn't present and we'll restart when it gets data.
+		initialContent, _ := ioutil.ReadFile(file)
+		fileContent[file] = initialContent
+	}
+
+	var once sync.Once
+	observer.AddReactor(
+		fileobserver.TerminateOnChangeReactor(func() {
+			once.Do(func() {
+				cancel()
+				time.Sleep(60 * time.Second) // delay to allow a fairly clean shutdown if possible.  I pulled one minute from no-where.
+				os.Exit(0)
+			})
+
+		}),
+		fileContent,
+		files...)
+	observer.Run(wrappedContext.Done())
+
+	return wrappedContext
+}
diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go
@@ -259,6 +259,11 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
 			// set up signal context here in order to be reused by kubelet and docker shim
 			ctx := genericapiserver.SetupSignalContext()
 
+			// start a watch on certain files that need to trigger a kubelet restart.  This wraps the context
+			// so that there is a chance to more cleanly shutdown on a requested exit.  The grace here is hardcoded, but open
+			// to changes.
+			ctx = startRestartOnFileChanges(ctx)
+
 			// run the kubelet
 			klog.V(5).Infof("KubeletConfiguration: %#v", kubeletServer.KubeletConfiguration)
 			if err := Run(ctx, kubeletServer, kubeletDeps, utilfeature.DefaultFeatureGate); err != nil {

diff --git a/vendor/github.com/openshift/library-go/pkg/controller/fileobserver/OWNERS b/vendor/github.com/openshift/library-go/pkg/controller/fileobserver/OWNERS
diff --git a/vendor/github.com/openshift/library-go/pkg/controller/fileobserver/observer.go b/vendor/github.com/openshift/library-go/pkg/controller/fileobserver/observer.go
diff --git a/vendor/github.com/openshift/library-go/pkg/controller/fileobserver/observer_polling.go b/vendor/github.com/openshift/library-go/pkg/controller/fileobserver/observer_polling.go