Merge pull request #124577 from sttts/sttts-split-out-system-namespaces
prefactoring: generic controlplane: split out SystemNamespaces
This commit is contained in:
Kubernetes Prow Robot
@@ -22,6 +22,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
v1 "k8s.io/api/core/v1"
|
||||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||||
cliflag "k8s.io/component-base/cli/flag"
|
cliflag "k8s.io/component-base/cli/flag"
|
||||||
|
|
||||||
@@ -92,6 +93,8 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
s.Options.SystemNamespaces = append(s.Options.SystemNamespaces, v1.NamespaceNodeLease)
|
||||||
|
|
||||||
return &s
|
return &s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -291,6 +291,7 @@ func TestAddFlags(t *testing.T) {
|
|||||||
ConfigFile: "/var/run/kubernetes/tracing_config.yaml",
|
ConfigFile: "/var/run/kubernetes/tracing_config.yaml",
|
||||||
},
|
},
|
||||||
AggregatorRejectForwardingRedirects: true,
|
AggregatorRejectForwardingRedirects: true,
|
||||||
|
SystemNamespaces: []string{"kube-system", "kube-public", "default", "kube-node-lease"},
|
||||||
},
|
},
|
||||||
|
|
||||||
Extra: Extra{
|
Extra: Extra{
|
||||||
|
|||||||
@@ -239,6 +239,7 @@ func CreateKubeAPIServerConfig(opts options.CompletedOptions) (
|
|||||||
EventTTL: opts.EventTTL,
|
EventTTL: opts.EventTTL,
|
||||||
EnableLogsSupport: opts.EnableLogsHandler,
|
EnableLogsSupport: opts.EnableLogsHandler,
|
||||||
ProxyTransport: proxyTransport,
|
ProxyTransport: proxyTransport,
|
||||||
|
SystemNamespaces: opts.SystemNamespaces,
|
||||||
|
|
||||||
ServiceAccountIssuer: opts.ServiceAccountIssuer,
|
ServiceAccountIssuer: opts.ServiceAccountIssuer,
|
||||||
ServiceAccountMaxExpiration: opts.ServiceAccountTokenMaxExpiration,
|
ServiceAccountMaxExpiration: opts.ServiceAccountTokenMaxExpiration,
|
||||||
|
|||||||
@@ -76,6 +76,8 @@ type Extra struct {
|
|||||||
ServiceAccountJWKSURI string
|
ServiceAccountJWKSURI string
|
||||||
ServiceAccountPublicKeys []interface{}
|
ServiceAccountPublicKeys []interface{}
|
||||||
|
|
||||||
|
SystemNamespaces []string
|
||||||
|
|
||||||
VersionedInformers clientgoinformers.SharedInformerFactory
|
VersionedInformers clientgoinformers.SharedInformerFactory
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
peerreconcilers "k8s.io/apiserver/pkg/reconcilers"
|
peerreconcilers "k8s.io/apiserver/pkg/reconcilers"
|
||||||
genericoptions "k8s.io/apiserver/pkg/server/options"
|
genericoptions "k8s.io/apiserver/pkg/server/options"
|
||||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||||
@@ -83,6 +84,8 @@ type Options struct {
|
|||||||
ServiceAccountTokenMaxExpiration time.Duration
|
ServiceAccountTokenMaxExpiration time.Duration
|
||||||
|
|
||||||
ShowHiddenMetricsForVersion string
|
ShowHiddenMetricsForVersion string
|
||||||
|
|
||||||
|
SystemNamespaces []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// completedServerRunOptions is a private wrapper that enforces a call of Complete() before Run can be invoked.
|
// completedServerRunOptions is a private wrapper that enforces a call of Complete() before Run can be invoked.
|
||||||
@@ -115,6 +118,7 @@ func NewOptions() *Options {
|
|||||||
EnableLogsHandler: true,
|
EnableLogsHandler: true,
|
||||||
EventTTL: 1 * time.Hour,
|
EventTTL: 1 * time.Hour,
|
||||||
AggregatorRejectForwardingRedirects: true,
|
AggregatorRejectForwardingRedirects: true,
|
||||||
|
SystemNamespaces: []string{metav1.NamespaceSystem, metav1.NamespacePublic, metav1.NamespaceDefault},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Overwrite the default for storage data format.
|
// Overwrite the default for storage data format.
|
||||||
|
|||||||
@@ -277,6 +277,7 @@ func TestAddFlags(t *testing.T) {
|
|||||||
ConfigFile: "/var/run/kubernetes/tracing_config.yaml",
|
ConfigFile: "/var/run/kubernetes/tracing_config.yaml",
|
||||||
},
|
},
|
||||||
AggregatorRejectForwardingRedirects: true,
|
AggregatorRejectForwardingRedirects: true,
|
||||||
|
SystemNamespaces: []string{"kube-system", "kube-public", "default"},
|
||||||
}
|
}
|
||||||
|
|
||||||
expected.Authentication.OIDC.UsernameClaim = "sub"
|
expected.Authentication.OIDC.UsernameClaim = "sub"
|
||||||
|
|||||||
@@ -46,8 +46,7 @@ type Controller struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// NewController creates a new Controller to ensure system namespaces exist.
|
// NewController creates a new Controller to ensure system namespaces exist.
|
||||||
func NewController(clientset kubernetes.Interface, namespaceInformer coreinformers.NamespaceInformer) *Controller {
|
func NewController(systemNamespaces []string, clientset kubernetes.Interface, namespaceInformer coreinformers.NamespaceInformer) *Controller {
|
||||||
systemNamespaces := []string{metav1.NamespaceSystem, metav1.NamespacePublic, v1.NamespaceNodeLease, metav1.NamespaceDefault}
|
|
||||||
interval := 1 * time.Minute
|
interval := 1 * time.Minute
|
||||||
|
|
||||||
return &Controller{
|
return &Controller{
|
||||||
|
|||||||
@@ -30,8 +30,6 @@ import (
|
|||||||
|
|
||||||
// Test_Controller validates the garbage collection logic for the apiserverleasegc controller.
|
// Test_Controller validates the garbage collection logic for the apiserverleasegc controller.
|
||||||
func Test_Controller(t *testing.T) {
|
func Test_Controller(t *testing.T) {
|
||||||
systemNamespaces := []string{metav1.NamespaceSystem, metav1.NamespacePublic, v1.NamespaceNodeLease}
|
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
namespaces []string
|
namespaces []string
|
||||||
@@ -107,7 +105,8 @@ func Test_Controller(t *testing.T) {
|
|||||||
namespaceInformer.Informer().GetIndexer().Add(obj)
|
namespaceInformer.Informer().GetIndexer().Add(obj)
|
||||||
}
|
}
|
||||||
|
|
||||||
controller := NewController(clientset, namespaceInformer)
|
systemNamespaces := []string{metav1.NamespaceSystem, metav1.NamespacePublic, v1.NamespaceNodeLease, metav1.NamespaceDefault}
|
||||||
|
controller := NewController(systemNamespaces, clientset, namespaceInformer)
|
||||||
|
|
||||||
clientset.PrependReactor("create", "namespaces", func(action k8stesting.Action) (bool, runtime.Object, error) {
|
clientset.PrependReactor("create", "namespaces", func(action k8stesting.Action) (bool, runtime.Object, error) {
|
||||||
create := action.(k8stesting.CreateAction)
|
create := action.(k8stesting.CreateAction)
|
||||||
|
|||||||
@@ -465,7 +465,7 @@ func (c CompletedConfig) New(delegationTarget genericapiserver.DelegationTarget)
|
|||||||
}
|
}
|
||||||
|
|
||||||
m.GenericAPIServer.AddPostStartHookOrDie("start-system-namespaces-controller", func(hookContext genericapiserver.PostStartHookContext) error {
|
m.GenericAPIServer.AddPostStartHookOrDie("start-system-namespaces-controller", func(hookContext genericapiserver.PostStartHookContext) error {
|
||||||
go systemnamespaces.NewController(client, c.ControlPlane.Extra.VersionedInformers.Core().V1().Namespaces()).Run(hookContext.StopCh)
|
go systemnamespaces.NewController(c.ControlPlane.SystemNamespaces, client, c.ControlPlane.Extra.VersionedInformers.Core().V1().Namespaces()).Run(hookContext.StopCh)
|
||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user