diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index 785ac3ca91c..727edd15edf 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -38,9 +38,6 @@ import ( "github.com/spf13/pflag" ) -// DefaultServiceNodePortRange is the default port range for NodePort services. -var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768} - // ServerRunOptions runs a kubernetes api server. type ServerRunOptions struct { GenericServerRunOptions *genericoptions.ServerRunOptions @@ -114,7 +111,7 @@ func NewServerRunOptions() *ServerRunOptions { EnableHttps: true, HTTPTimeout: time.Duration(5) * time.Second, }, - ServiceNodePortRange: DefaultServiceNodePortRange, + ServiceNodePortRange: kubeoptions.DefaultServiceNodePortRange, } // Overwrite the default for storage data format. s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf" diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go index e594e0e84b2..59320114c2d 100644 --- a/cmd/kube-apiserver/app/options/options_test.go +++ b/cmd/kube-apiserver/app/options/options_test.go @@ -90,7 +90,7 @@ func TestAddFlags(t *testing.T) { // This is a snapshot of expected options parsed by args. expected := &ServerRunOptions{ - ServiceNodePortRange: DefaultServiceNodePortRange, + ServiceNodePortRange: kubeoptions.DefaultServiceNodePortRange, MasterCount: 5, EndpointReconcilerType: string(reconcilers.MasterCountReconcilerType), AllowPrivileged: false, diff --git a/cmd/kubeadm/app/constants/BUILD b/cmd/kubeadm/app/constants/BUILD index 1e7597d46fa..4176128bb49 100644 --- a/cmd/kubeadm/app/constants/BUILD +++ b/cmd/kubeadm/app/constants/BUILD @@ -10,6 +10,7 @@ go_library( name = "go_default_library", srcs = ["constants.go"], deps = [ + "//pkg/controller/service:go_default_library", "//pkg/util/version:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", ], diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go index 5e947811999..6ffa35ad0e9 100644 --- a/cmd/kubeadm/app/constants/constants.go +++ b/cmd/kubeadm/app/constants/constants.go @@ -24,6 +24,7 @@ import ( "time" "k8s.io/api/core/v1" + "k8s.io/kubernetes/pkg/controller/service" "k8s.io/kubernetes/pkg/util/version" ) @@ -131,12 +132,7 @@ const ( DefaultTokenDuration = 24 * time.Hour // LabelNodeRoleMaster specifies that a node is a master - // It's copied over to kubeadm until it's merged in core: https://github.com/kubernetes/kubernetes/pull/39112 - LabelNodeRoleMaster = "node-role.kubernetes.io/master" - - // LabelNodeRoleExcludeBalancer specifies that the node should be - // exclude from load balancers created by a cloud provider. - LabelNodeRoleExcludeBalancer = "alpha.node-role.kubernetes.io/exclude-balancer" + LabelNodeRoleMaster = service.LabelNodeRoleMaster // MasterConfigurationConfigMap specifies in what ConfigMap in the kube-system namespace the `kubeadm init` configuration should be stored MasterConfigurationConfigMap = "kubeadm-config" diff --git a/cmd/kubelet/app/options/BUILD b/cmd/kubelet/app/options/BUILD index 079dfc02a36..5b3d9395188 100644 --- a/cmd/kubelet/app/options/BUILD +++ b/cmd/kubelet/app/options/BUILD @@ -19,6 +19,7 @@ go_library( "//pkg/kubelet/apis/kubeletconfig/scheme:go_default_library", "//pkg/kubelet/apis/kubeletconfig/v1alpha1:go_default_library", "//pkg/kubelet/apis/kubeletconfig/validation:go_default_library", + "//pkg/kubelet/config:go_default_library", "//pkg/util/taints:go_default_library", "//vendor/github.com/spf13/pflag:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", diff --git a/cmd/kubelet/app/options/container_runtime.go b/cmd/kubelet/app/options/container_runtime.go index fb2843062e3..00c46fe57b5 100644 --- a/cmd/kubelet/app/options/container_runtime.go +++ b/cmd/kubelet/app/options/container_runtime.go @@ -20,9 +20,8 @@ import ( "runtime" "time" - "github.com/spf13/pflag" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/kubernetes/pkg/kubelet/config" ) const ( @@ -39,68 +38,15 @@ var ( defaultPodSandboxImageVersion ) -type ContainerRuntimeOptions struct { - // Docker-specific options. - - // DockershimRootDirectory is the path to the dockershim root directory. Defaults to - // /var/lib/dockershim if unset. Exposed for integration testing (e.g. in OpenShift). - DockershimRootDirectory string - // Enable dockershim only mode. - ExperimentalDockershim bool - // This flag, if set, disables use of a shared PID namespace for pods running in the docker CRI runtime. - // A shared PID namespace is the only option in non-docker runtimes and is required by the CRI. The ability to - // disable it for docker will be removed unless a compelling use case is discovered with widespread use. - // TODO: Remove once we no longer support disabling shared PID namespace (https://issues.k8s.io/41938) - DockerDisableSharedPID bool - // PodSandboxImage is the image whose network/ipc namespaces - // containers in each pod will use. - PodSandboxImage string - // DockerEndpoint is the path to the docker endpoint to communicate with. - DockerEndpoint string - // If no pulling progress is made before the deadline imagePullProgressDeadline, - // the image pulling will be cancelled. Defaults to 1m0s. - // +optional - ImagePullProgressDeadline metav1.Duration - - // Network plugin options. - - // networkPluginName is the name of the network plugin to be invoked for - // various events in kubelet/pod lifecycle - NetworkPluginName string - // NetworkPluginMTU is the MTU to be passed to the network plugin, - // and overrides the default MTU for cases where it cannot be automatically - // computed (such as IPSEC). - NetworkPluginMTU int32 - // NetworkPluginDir is the full path of the directory in which to search - // for network plugins (and, for backwards-compat, CNI config files) - NetworkPluginDir string - // CNIConfDir is the full path of the directory in which to search for - // CNI config files - CNIConfDir string - // CNIBinDir is the full path of the directory in which to search for - // CNI plugin binaries - CNIBinDir string - - // rkt-specific options. - - // rktPath is the path of rkt binary. Leave empty to use the first rkt in $PATH. - RktPath string - // rktApiEndpoint is the endpoint of the rkt API service to communicate with. - RktAPIEndpoint string - // rktStage1Image is the image to use as stage1. Local paths and - // http/https URLs are supported. - RktStage1Image string -} - // NewContainerRuntimeOptions will create a new ContainerRuntimeOptions with // default values. -func NewContainerRuntimeOptions() *ContainerRuntimeOptions { +func NewContainerRuntimeOptions() *config.ContainerRuntimeOptions { dockerEndpoint := "" if runtime.GOOS != "windows" { dockerEndpoint = "unix:///var/run/docker.sock" } - return &ContainerRuntimeOptions{ + return &config.ContainerRuntimeOptions{ DockerEndpoint: dockerEndpoint, DockershimRootDirectory: "/var/lib/dockershim", DockerDisableSharedPID: true, @@ -110,31 +56,3 @@ func NewContainerRuntimeOptions() *ContainerRuntimeOptions { ExperimentalDockershim: false, } } - -func (s *ContainerRuntimeOptions) AddFlags(fs *pflag.FlagSet) { - // Docker-specific settings. - fs.BoolVar(&s.ExperimentalDockershim, "experimental-dockershim", s.ExperimentalDockershim, "Enable dockershim only mode. In this mode, kubelet will only start dockershim without any other functionalities. This flag only serves test purpose, please do not use it unless you are conscious of what you are doing. [default=false]") - fs.MarkHidden("experimental-dockershim") - fs.StringVar(&s.DockershimRootDirectory, "experimental-dockershim-root-directory", s.DockershimRootDirectory, "Path to the dockershim root directory.") - fs.MarkHidden("experimental-dockershim-root-directory") - fs.BoolVar(&s.DockerDisableSharedPID, "docker-disable-shared-pid", s.DockerDisableSharedPID, "The Container Runtime Interface (CRI) defaults to using a shared PID namespace for containers in a pod when running with Docker 1.13.1 or higher. Setting this flag reverts to the previous behavior of isolated PID namespaces. This ability will be removed in a future Kubernetes release.") - fs.StringVar(&s.PodSandboxImage, "pod-infra-container-image", s.PodSandboxImage, "The image whose network/ipc namespaces containers in each pod will use.") - fs.StringVar(&s.DockerEndpoint, "docker-endpoint", s.DockerEndpoint, "Use this for the docker endpoint to communicate with") - fs.DurationVar(&s.ImagePullProgressDeadline.Duration, "image-pull-progress-deadline", s.ImagePullProgressDeadline.Duration, "If no pulling progress is made before this deadline, the image pulling will be cancelled.") - - // Network plugin settings. Shared by both docker and rkt. - fs.StringVar(&s.NetworkPluginName, "network-plugin", s.NetworkPluginName, " The name of the network plugin to be invoked for various events in kubelet/pod lifecycle") - //TODO(#46410): Remove the network-plugin-dir flag. - fs.StringVar(&s.NetworkPluginDir, "network-plugin-dir", s.NetworkPluginDir, " The full path of the directory in which to search for network plugins or CNI config") - fs.MarkDeprecated("network-plugin-dir", "Use --cni-bin-dir instead. This flag will be removed in a future version.") - fs.StringVar(&s.CNIConfDir, "cni-conf-dir", s.CNIConfDir, " The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d") - fs.StringVar(&s.CNIBinDir, "cni-bin-dir", s.CNIBinDir, " The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin") - fs.Int32Var(&s.NetworkPluginMTU, "network-plugin-mtu", s.NetworkPluginMTU, " The MTU to be passed to the network plugin, to override the default. Set to 0 to use the default 1460 MTU.") - - // Rkt-specific settings. - fs.StringVar(&s.RktPath, "rkt-path", s.RktPath, "Path of rkt binary. Leave empty to use the first rkt in $PATH. Only used if --container-runtime='rkt'.") - fs.StringVar(&s.RktAPIEndpoint, "rkt-api-endpoint", s.RktAPIEndpoint, "The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'.") - fs.StringVar(&s.RktStage1Image, "rkt-stage1-image", s.RktStage1Image, "image to use as stage1. Local paths and http/https URLs are supported. If empty, the 'stage1.aci' in the same directory as '--rkt-path' will be used.") - fs.MarkDeprecated("rkt-stage1-image", "Will be removed in a future version. The default stage1 image will be specified by the rkt configurations, see https://github.com/coreos/rkt/blob/master/Documentation/configuration.md for more details.") - -} diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go index 0cf139c4196..539e3785b16 100644 --- a/cmd/kubelet/app/options/options.go +++ b/cmd/kubelet/app/options/options.go @@ -34,16 +34,10 @@ import ( kubeletscheme "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/scheme" "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/v1alpha1" kubeletconfigvalidation "k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig/validation" + "k8s.io/kubernetes/pkg/kubelet/config" utiltaints "k8s.io/kubernetes/pkg/util/taints" ) -const ( - DefaultKubeletPodsDirName = "pods" - DefaultKubeletVolumesDirName = "volumes" - DefaultKubeletPluginsDirName = "plugins" - DefaultKubeletContainersDirName = "containers" -) - // A configuration field should go in KubeletFlags instead of KubeletConfiguration if any of these are true: // - its value will never, or cannot safely be changed during the lifetime of a node // - its value cannot be safely shared between nodes at the same time (e.g. a hostname) @@ -79,7 +73,7 @@ type KubeletFlags struct { ProviderID string // Container-runtime-specific options. - ContainerRuntimeOptions + config.ContainerRuntimeOptions // certDirectory is the directory where the TLS certs are located (by // default /var/run/kubernetes). If tlsCertFile and tlsPrivateKeyFile diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 8238ce7110e..099b5f50da3 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -766,7 +766,7 @@ func startKubelet(k kubelet.Bootstrap, podCfg *config.PodConfig, kubeCfg *kubele func CreateAndInitKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *kubelet.Dependencies, - crOptions *options.ContainerRuntimeOptions, + crOptions *config.ContainerRuntimeOptions, hostnameOverride string, nodeIP string, providerID string, diff --git a/hack/verify-generated-swagger-docs.sh b/hack/verify-generated-swagger-docs.sh index e787aae35bc..ef93c4e0613 100755 --- a/hack/verify-generated-swagger-docs.sh +++ b/hack/verify-generated-swagger-docs.sh @@ -55,7 +55,7 @@ cp -a "${DIFFROOT}"/* "${TMP_DIFFROOT}/" "${KUBE_ROOT}/hack/update-generated-swagger-docs.sh" echo "diffing ${DIFFROOT} against freshly generated swagger type documentation" ret=0 -diff -Naupr -I 'Auto generated by' "${DIFFROOT}" "${TMP_DIFFROOT}" || ret=$? +diff --exclude=".import-restrictions" -Naupr -I 'Auto generated by' "${DIFFROOT}" "${TMP_DIFFROOT}" || ret=$? cp -a "${TMP_DIFFROOT}"/* "${DIFFROOT}/" if [[ $ret -eq 0 ]] then diff --git a/pkg/.import-restrictions b/pkg/.import-restrictions new file mode 100644 index 00000000000..77cc61216cd --- /dev/null +++ b/pkg/.import-restrictions @@ -0,0 +1,13 @@ +{ + "Rules": [ + { + "SelectorRegexp": "k8s[.]io/kubernetes", + "AllowedPrefixes": [ + "" + ], + "ForbiddenPrefixes": [ + "k8s.io/kubernetes/cmd" + ] + } + ] +} diff --git a/pkg/api/testing/.import-restrictions b/pkg/api/testing/.import-restrictions new file mode 100644 index 00000000000..d2624cf48bd --- /dev/null +++ b/pkg/api/testing/.import-restrictions @@ -0,0 +1,12 @@ +{ + "Rules": [ + { + "SelectorRegexp": "k8s[.]io/kubernetes/cmd", + "AllowedPrefixes": [ + "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" + ], + "ForbiddenPrefixes": [ + ] + } + ] +} \ No newline at end of file diff --git a/pkg/controller/certificates/BUILD b/pkg/controller/certificates/BUILD index fbc86657cdd..786c1d32671 100644 --- a/pkg/controller/certificates/BUILD +++ b/pkg/controller/certificates/BUILD @@ -10,10 +10,7 @@ go_library( "certificate_controller.go", "certificate_controller_utils.go", ], - visibility = [ - ":__subpackages__", - "//cmd/gke-certificates-controller:__subpackages__", - ], + visibility = ["//visibility:public"], deps = [ "//pkg/controller:go_default_library", "//vendor/github.com/golang/glog:go_default_library", diff --git a/pkg/controller/service/BUILD b/pkg/controller/service/BUILD index 43d3495d439..4a0d2f17a19 100644 --- a/pkg/controller/service/BUILD +++ b/pkg/controller/service/BUILD @@ -13,7 +13,6 @@ go_library( "service_controller.go", ], deps = [ - "//cmd/kubeadm/app/constants:go_default_library", "//pkg/api/v1/helper:go_default_library", "//pkg/cloudprovider:go_default_library", "//pkg/controller:go_default_library", diff --git a/pkg/controller/service/service_controller.go b/pkg/controller/service/service_controller.go index b0429bad605..0f7c1f686b8 100644 --- a/pkg/controller/service/service_controller.go +++ b/pkg/controller/service/service_controller.go @@ -37,7 +37,6 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" "k8s.io/client-go/util/workqueue" - "k8s.io/kubernetes/cmd/kubeadm/app/constants" v1helper "k8s.io/kubernetes/pkg/api/v1/helper" "k8s.io/kubernetes/pkg/cloudprovider" "k8s.io/kubernetes/pkg/controller" @@ -63,6 +62,14 @@ const ( notRetryable = false doNotRetry = time.Duration(0) + + // LabelNodeRoleMaster specifies that a node is a master + // It's copied over to kubeadm until it's merged in core: https://github.com/kubernetes/kubernetes/pull/39112 + LabelNodeRoleMaster = "node-role.kubernetes.io/master" + + // LabelNodeRoleExcludeBalancer specifies that the node should be + // exclude from load balancers created by a cloud provider. + LabelNodeRoleExcludeBalancer = "alpha.node.role.kubernetes.io/exclude-balancer" ) type cachedService struct { @@ -595,11 +602,11 @@ func getNodeConditionPredicate() corelisters.NodeConditionPredicate { // As of 1.6, we will taint the master, but not necessarily mark it unschedulable. // Recognize nodes labeled as master, and filter them also, as we were doing previously. - if _, hasMasterRoleLabel := node.Labels[constants.LabelNodeRoleMaster]; hasMasterRoleLabel { + if _, hasMasterRoleLabel := node.Labels[LabelNodeRoleMaster]; hasMasterRoleLabel { return false } - if _, hasExcludeBalancerLabel := node.Labels[constants.LabelNodeRoleExcludeBalancer]; hasExcludeBalancerLabel { + if _, hasExcludeBalancerLabel := node.Labels[LabelNodeRoleExcludeBalancer]; hasExcludeBalancerLabel { return false } diff --git a/pkg/kubeapiserver/options/BUILD b/pkg/kubeapiserver/options/BUILD index 83d1a3793bf..d337d2fab6f 100644 --- a/pkg/kubeapiserver/options/BUILD +++ b/pkg/kubeapiserver/options/BUILD @@ -13,6 +13,7 @@ go_library( "authentication.go", "authorization.go", "cloudprovider.go", + "options.go", "serving.go", "storage_versions.go", ], diff --git a/pkg/kubeapiserver/options/options.go b/pkg/kubeapiserver/options/options.go new file mode 100644 index 00000000000..acc1c91f9f2 --- /dev/null +++ b/pkg/kubeapiserver/options/options.go @@ -0,0 +1,24 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package options + +import ( + utilnet "k8s.io/apimachinery/pkg/util/net" +) + +// DefaultServiceNodePortRange is the default port range for NodePort services. +var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768} diff --git a/pkg/kubelet/BUILD b/pkg/kubelet/BUILD index fe059937264..90c794bf7f1 100644 --- a/pkg/kubelet/BUILD +++ b/pkg/kubelet/BUILD @@ -29,7 +29,6 @@ go_library( "volume_host.go", ], deps = [ - "//cmd/kubelet/app/options:go_default_library", "//pkg/api:go_default_library", "//pkg/api/v1:go_default_library", "//pkg/api/v1/helper:go_default_library", diff --git a/pkg/kubelet/config/BUILD b/pkg/kubelet/config/BUILD index defc45f72d3..df074727cb9 100644 --- a/pkg/kubelet/config/BUILD +++ b/pkg/kubelet/config/BUILD @@ -12,9 +12,11 @@ go_library( "apiserver.go", "common.go", "config.go", + "defaults.go", "doc.go", "file.go", "file_unsupported.go", + "flags.go", "http.go", "sources.go", ] + select({ @@ -36,6 +38,7 @@ go_library( "//pkg/util/config:go_default_library", "//pkg/util/hash:go_default_library", "//vendor/github.com/golang/glog:go_default_library", + "//vendor/github.com/spf13/pflag:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/fields:go_default_library", diff --git a/pkg/kubelet/config/defaults.go b/pkg/kubelet/config/defaults.go new file mode 100644 index 00000000000..b000b60b11f --- /dev/null +++ b/pkg/kubelet/config/defaults.go @@ -0,0 +1,24 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +const ( + DefaultKubeletPodsDirName = "pods" + DefaultKubeletVolumesDirName = "volumes" + DefaultKubeletPluginsDirName = "plugins" + DefaultKubeletContainersDirName = "containers" +) diff --git a/pkg/kubelet/config/flags.go b/pkg/kubelet/config/flags.go new file mode 100644 index 00000000000..e63b2322547 --- /dev/null +++ b/pkg/kubelet/config/flags.go @@ -0,0 +1,103 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + "github.com/spf13/pflag" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type ContainerRuntimeOptions struct { + // Docker-specific options. + + // DockershimRootDirectory is the path to the dockershim root directory. Defaults to + // /var/lib/dockershim if unset. Exposed for integration testing (e.g. in OpenShift). + DockershimRootDirectory string + // Enable dockershim only mode. + ExperimentalDockershim bool + // This flag, if set, disables use of a shared PID namespace for pods running in the docker CRI runtime. + // A shared PID namespace is the only option in non-docker runtimes and is required by the CRI. The ability to + // disable it for docker will be removed unless a compelling use case is discovered with widespread use. + // TODO: Remove once we no longer support disabling shared PID namespace (https://issues.k8s.io/41938) + DockerDisableSharedPID bool + // PodSandboxImage is the image whose network/ipc namespaces + // containers in each pod will use. + PodSandboxImage string + // DockerEndpoint is the path to the docker endpoint to communicate with. + DockerEndpoint string + // If no pulling progress is made before the deadline imagePullProgressDeadline, + // the image pulling will be cancelled. Defaults to 1m0s. + // +optional + ImagePullProgressDeadline metav1.Duration + + // Network plugin options. + + // networkPluginName is the name of the network plugin to be invoked for + // various events in kubelet/pod lifecycle + NetworkPluginName string + // NetworkPluginMTU is the MTU to be passed to the network plugin, + // and overrides the default MTU for cases where it cannot be automatically + // computed (such as IPSEC). + NetworkPluginMTU int32 + // NetworkPluginDir is the full path of the directory in which to search + // for network plugins (and, for backwards-compat, CNI config files) + NetworkPluginDir string + // CNIConfDir is the full path of the directory in which to search for + // CNI config files + CNIConfDir string + // CNIBinDir is the full path of the directory in which to search for + // CNI plugin binaries + CNIBinDir string + + // rkt-specific options. + + // rktPath is the path of rkt binary. Leave empty to use the first rkt in $PATH. + RktPath string + // rktApiEndpoint is the endpoint of the rkt API service to communicate with. + RktAPIEndpoint string + // rktStage1Image is the image to use as stage1. Local paths and + // http/https URLs are supported. + RktStage1Image string +} + +func (s *ContainerRuntimeOptions) AddFlags(fs *pflag.FlagSet) { + // Docker-specific settings. + fs.BoolVar(&s.ExperimentalDockershim, "experimental-dockershim", s.ExperimentalDockershim, "Enable dockershim only mode. In this mode, kubelet will only start dockershim without any other functionalities. This flag only serves test purpose, please do not use it unless you are conscious of what you are doing. [default=false]") + fs.MarkHidden("experimental-dockershim") + fs.StringVar(&s.DockershimRootDirectory, "experimental-dockershim-root-directory", s.DockershimRootDirectory, "Path to the dockershim root directory.") + fs.MarkHidden("experimental-dockershim-root-directory") + fs.BoolVar(&s.DockerDisableSharedPID, "docker-disable-shared-pid", s.DockerDisableSharedPID, "The Container Runtime Interface (CRI) defaults to using a shared PID namespace for containers in a pod when running with Docker 1.13.1 or higher. Setting this flag reverts to the previous behavior of isolated PID namespaces. This ability will be removed in a future Kubernetes release.") + fs.StringVar(&s.PodSandboxImage, "pod-infra-container-image", s.PodSandboxImage, "The image whose network/ipc namespaces containers in each pod will use.") + fs.StringVar(&s.DockerEndpoint, "docker-endpoint", s.DockerEndpoint, "Use this for the docker endpoint to communicate with") + fs.DurationVar(&s.ImagePullProgressDeadline.Duration, "image-pull-progress-deadline", s.ImagePullProgressDeadline.Duration, "If no pulling progress is made before this deadline, the image pulling will be cancelled.") + + // Network plugin settings. Shared by both docker and rkt. + fs.StringVar(&s.NetworkPluginName, "network-plugin", s.NetworkPluginName, " The name of the network plugin to be invoked for various events in kubelet/pod lifecycle") + //TODO(#46410): Remove the network-plugin-dir flag. + fs.StringVar(&s.NetworkPluginDir, "network-plugin-dir", s.NetworkPluginDir, " The full path of the directory in which to search for network plugins or CNI config") + fs.MarkDeprecated("network-plugin-dir", "Use --cni-bin-dir instead. This flag will be removed in a future version.") + fs.StringVar(&s.CNIConfDir, "cni-conf-dir", s.CNIConfDir, " The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d") + fs.StringVar(&s.CNIBinDir, "cni-bin-dir", s.CNIBinDir, " The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin") + fs.Int32Var(&s.NetworkPluginMTU, "network-plugin-mtu", s.NetworkPluginMTU, " The MTU to be passed to the network plugin, to override the default. Set to 0 to use the default 1460 MTU.") + + // Rkt-specific settings. + fs.StringVar(&s.RktPath, "rkt-path", s.RktPath, "Path of rkt binary. Leave empty to use the first rkt in $PATH. Only used if --container-runtime='rkt'.") + fs.StringVar(&s.RktAPIEndpoint, "rkt-api-endpoint", s.RktAPIEndpoint, "The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'.") + fs.StringVar(&s.RktStage1Image, "rkt-stage1-image", s.RktStage1Image, "image to use as stage1. Local paths and http/https URLs are supported. If empty, the 'stage1.aci' in the same directory as '--rkt-path' will be used.") + fs.MarkDeprecated("rkt-stage1-image", "Will be removed in a future version. The default stage1 image will be specified by the rkt configurations, see https://github.com/coreos/rkt/blob/master/Documentation/configuration.md for more details.") + +} diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 7855caa5a24..67c6b6521a4 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -57,7 +57,6 @@ import ( "k8s.io/client-go/util/certificate" "k8s.io/client-go/util/flowcontrol" "k8s.io/client-go/util/integer" - "k8s.io/kubernetes/cmd/kubelet/app/options" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/cloudprovider" "k8s.io/kubernetes/pkg/features" @@ -197,7 +196,7 @@ type Bootstrap interface { // Builder creates and initializes a Kubelet instance type Builder func(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *Dependencies, - crOptions *options.ContainerRuntimeOptions, + crOptions *config.ContainerRuntimeOptions, hostnameOverride string, nodeIP string, providerID string, @@ -318,7 +317,7 @@ func getRuntimeAndImageServices(remoteRuntimeEndpoint string, remoteImageEndpoin // No initialization of Kubelet and its modules should happen here. func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration, kubeDeps *Dependencies, - crOptions *options.ContainerRuntimeOptions, + crOptions *config.ContainerRuntimeOptions, hostnameOverride string, nodeIP string, providerID string, diff --git a/pkg/kubelet/kubelet_getters.go b/pkg/kubelet/kubelet_getters.go index 7737229507e..525f94cb717 100644 --- a/pkg/kubelet/kubelet_getters.go +++ b/pkg/kubelet/kubelet_getters.go @@ -27,8 +27,8 @@ import ( "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" - "k8s.io/kubernetes/cmd/kubelet/app/options" "k8s.io/kubernetes/pkg/kubelet/cm" + "k8s.io/kubernetes/pkg/kubelet/config" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" utilfile "k8s.io/kubernetes/pkg/util/file" utilnode "k8s.io/kubernetes/pkg/util/node" @@ -46,7 +46,7 @@ func (kl *Kubelet) getRootDir() string { // getPodsDir returns the full path to the directory under which pod // directories are created. func (kl *Kubelet) getPodsDir() string { - return filepath.Join(kl.getRootDir(), options.DefaultKubeletPodsDirName) + return filepath.Join(kl.getRootDir(), config.DefaultKubeletPodsDirName) } // getPluginsDir returns the full path to the directory under which plugin @@ -54,7 +54,7 @@ func (kl *Kubelet) getPodsDir() string { // they need to persist. Plugins should create subdirectories under this named // after their own names. func (kl *Kubelet) getPluginsDir() string { - return filepath.Join(kl.getRootDir(), options.DefaultKubeletPluginsDirName) + return filepath.Join(kl.getRootDir(), config.DefaultKubeletPluginsDirName) } // getPluginDir returns a data directory name for a given plugin name. @@ -80,7 +80,7 @@ func (kl *Kubelet) getPodDir(podUID types.UID) string { // which volumes are created for the specified pod. This directory may not // exist if the pod does not exist. func (kl *Kubelet) getPodVolumesDir(podUID types.UID) string { - return filepath.Join(kl.getPodDir(podUID), options.DefaultKubeletVolumesDirName) + return filepath.Join(kl.getPodDir(podUID), config.DefaultKubeletVolumesDirName) } // getPodVolumeDir returns the full path to the directory which represents the @@ -94,7 +94,7 @@ func (kl *Kubelet) getPodVolumeDir(podUID types.UID, pluginName string, volumeNa // which plugins may store data for the specified pod. This directory may not // exist if the pod does not exist. func (kl *Kubelet) getPodPluginsDir(podUID types.UID) string { - return filepath.Join(kl.getPodDir(podUID), options.DefaultKubeletPluginsDirName) + return filepath.Join(kl.getPodDir(podUID), config.DefaultKubeletPluginsDirName) } // getPodPluginDir returns a data directory name for a given plugin name for a @@ -108,7 +108,7 @@ func (kl *Kubelet) getPodPluginDir(podUID types.UID, pluginName string) string { // which container data is held for the specified pod. This directory may not // exist if the pod or container does not exist. func (kl *Kubelet) getPodContainerDir(podUID types.UID, ctrName string) string { - return filepath.Join(kl.getPodDir(podUID), options.DefaultKubeletContainersDirName, ctrName) + return filepath.Join(kl.getPodDir(podUID), config.DefaultKubeletContainersDirName, ctrName) } // GetPods returns all pods bound to the kubelet and their spec, and the mirror diff --git a/pkg/kubelet/volumemanager/reconciler/BUILD b/pkg/kubelet/volumemanager/reconciler/BUILD index 97065574636..b4a1d36b0a2 100644 --- a/pkg/kubelet/volumemanager/reconciler/BUILD +++ b/pkg/kubelet/volumemanager/reconciler/BUILD @@ -10,7 +10,7 @@ go_library( name = "go_default_library", srcs = ["reconciler.go"], deps = [ - "//cmd/kubelet/app/options:go_default_library", + "//pkg/kubelet/config:go_default_library", "//pkg/kubelet/volumemanager/cache:go_default_library", "//pkg/util/file:go_default_library", "//pkg/util/goroutinemap/exponentialbackoff:go_default_library", diff --git a/pkg/kubelet/volumemanager/reconciler/reconciler.go b/pkg/kubelet/volumemanager/reconciler/reconciler.go index 73ac4da99c8..81642fb6a29 100644 --- a/pkg/kubelet/volumemanager/reconciler/reconciler.go +++ b/pkg/kubelet/volumemanager/reconciler/reconciler.go @@ -31,7 +31,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" - "k8s.io/kubernetes/cmd/kubelet/app/options" + "k8s.io/kubernetes/pkg/kubelet/config" "k8s.io/kubernetes/pkg/kubelet/volumemanager/cache" utilfile "k8s.io/kubernetes/pkg/util/file" "k8s.io/kubernetes/pkg/util/goroutinemap/exponentialbackoff" @@ -574,7 +574,7 @@ func getVolumesFromPodDir(podDir string) ([]podVolume, error) { } podName := podsDirInfo[i].Name() podDir := path.Join(podDir, podName) - volumesDir := path.Join(podDir, options.DefaultKubeletVolumesDirName) + volumesDir := path.Join(podDir, config.DefaultKubeletVolumesDirName) volumesDirInfo, err := ioutil.ReadDir(volumesDir) if err != nil { glog.Errorf("Could not read volume directory %q: %v", volumesDir, err) diff --git a/pkg/kubemark/.import-restrictions b/pkg/kubemark/.import-restrictions new file mode 100644 index 00000000000..79aca70ba8b --- /dev/null +++ b/pkg/kubemark/.import-restrictions @@ -0,0 +1,13 @@ +{ + "Rules": [ + { + "SelectorRegexp": "k8s[.]io/kubernetes/cmd", + "AllowedPrefixes": [ + "k8s.io/kubernetes/cmd/kube-proxy/app", + "k8s.io/kubernetes/cmd/kubelet/app" + ], + "ForbiddenPrefixes": [ + ] + } + ] +} \ No newline at end of file diff --git a/pkg/master/BUILD b/pkg/master/BUILD index d700f117f7f..8ca5d681518 100644 --- a/pkg/master/BUILD +++ b/pkg/master/BUILD @@ -17,7 +17,6 @@ go_library( "services.go", ], deps = [ - "//cmd/kube-apiserver/app/options:go_default_library", "//pkg/api:go_default_library", "//pkg/api/install:go_default_library", "//pkg/apis/admission/install:go_default_library", @@ -38,6 +37,7 @@ go_library( "//pkg/apis/settings/install:go_default_library", "//pkg/apis/storage/install:go_default_library", "//pkg/client/clientset_generated/internalclientset/typed/core/internalversion:go_default_library", + "//pkg/kubeapiserver/options:go_default_library", "//pkg/kubelet/client:go_default_library", "//pkg/master/reconcilers:go_default_library", "//pkg/master/tunneler:go_default_library", diff --git a/pkg/master/master.go b/pkg/master/master.go index 6e3dfe248c4..b5a559dfd05 100644 --- a/pkg/master/master.go +++ b/pkg/master/master.go @@ -53,10 +53,10 @@ import ( serverstorage "k8s.io/apiserver/pkg/server/storage" storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/kubernetes/cmd/kube-apiserver/app/options" "k8s.io/kubernetes/pkg/api" kapi "k8s.io/kubernetes/pkg/api" coreclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion" + kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options" kubeletclient "k8s.io/kubernetes/pkg/kubelet/client" "k8s.io/kubernetes/pkg/master/reconcilers" "k8s.io/kubernetes/pkg/master/tunneler" @@ -265,7 +265,7 @@ func (cfg *Config) Complete(informers informers.SharedInformerFactory) Completed // We should probably allow this for clouds that don't require NodePort to do load-balancing (GCE) // but then that breaks the strict nestedness of ServiceType. // Review post-v1 - c.ExtraConfig.ServiceNodePortRange = options.DefaultServiceNodePortRange + c.ExtraConfig.ServiceNodePortRange = kubeoptions.DefaultServiceNodePortRange glog.Infof("Node port range unspecified. Defaulting to %v.", c.ExtraConfig.ServiceNodePortRange) }