kubeadm: set resolv-conf via the kubelet config file rather than cli flag
This commit is contained in:
SataQiu
parent
cb719f75aa
commit
28b9a4e0d6
@ -18,6 +18,7 @@ go_library(
|
|||||||
"//cmd/kubeadm/app/features:go_default_library",
|
"//cmd/kubeadm/app/features:go_default_library",
|
||||||
"//cmd/kubeadm/app/util:go_default_library",
|
"//cmd/kubeadm/app/util:go_default_library",
|
||||||
"//cmd/kubeadm/app/util/apiclient:go_default_library",
|
"//cmd/kubeadm/app/util/apiclient:go_default_library",
|
||||||
|
"//cmd/kubeadm/app/util/initsystem:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||||
|
|||||||
@ -21,7 +21,9 @@ import (
|
|||||||
|
|
||||||
"k8s.io/apimachinery/pkg/util/version"
|
"k8s.io/apimachinery/pkg/util/version"
|
||||||
clientset "k8s.io/client-go/kubernetes"
|
clientset "k8s.io/client-go/kubernetes"
|
||||||
|
"k8s.io/klog"
|
||||||
kubeletconfig "k8s.io/kubelet/config/v1beta1"
|
kubeletconfig "k8s.io/kubelet/config/v1beta1"
|
||||||
|
"k8s.io/kubernetes/cmd/kubeadm/app/util/initsystem"
|
||||||
utilpointer "k8s.io/utils/pointer"
|
utilpointer "k8s.io/utils/pointer"
|
||||||
|
|
||||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
@ -49,6 +51,9 @@ const (
|
|||||||
|
|
||||||
// kubeletHealthzBindAddress specifies the default healthz bind address
|
// kubeletHealthzBindAddress specifies the default healthz bind address
|
||||||
kubeletHealthzBindAddress = "127.0.0.1"
|
kubeletHealthzBindAddress = "127.0.0.1"
|
||||||
|
|
||||||
|
// kubeletSystemdResolverConfig specifies the default resolver config when systemd service is active
|
||||||
|
kubeletSystemdResolverConfig = "/run/systemd/resolve/resolv.conf"
|
||||||
)
|
)
|
||||||
|
|
||||||
// kubeletHandler is the handler instance for the kubelet component config
|
// kubeletHandler is the handler instance for the kubelet component config
|
||||||
@ -173,4 +178,27 @@ func (kc *kubeletConfig) Default(cfg *kubeadmapi.ClusterConfiguration, _ *kubead
|
|||||||
// We cannot show a warning for RotateCertificates==false and we must hardcode it to true.
|
// We cannot show a warning for RotateCertificates==false and we must hardcode it to true.
|
||||||
// There is no way to determine if the user has set this or not, given the field is a non-pointer.
|
// There is no way to determine if the user has set this or not, given the field is a non-pointer.
|
||||||
kc.config.RotateCertificates = kubeletRotateCertificates
|
kc.config.RotateCertificates = kubeletRotateCertificates
|
||||||
|
|
||||||
|
ok, err := isServiceActive("systemd-resolved")
|
||||||
|
if err != nil {
|
||||||
|
klog.Warningf("cannot determine if systemd-resolved is active: %v", err)
|
||||||
|
}
|
||||||
|
if ok {
|
||||||
|
if kc.config.ResolverConfig == "" {
|
||||||
|
kc.config.ResolverConfig = kubeletSystemdResolverConfig
|
||||||
|
} else {
|
||||||
|
if kc.config.ResolverConfig != kubeletSystemdResolverConfig {
|
||||||
|
warnDefaultComponentConfigValue(kind, "resolvConf", kubeletSystemdResolverConfig, kc.config.ResolverConfig)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// isServiceActive checks whether the given service exists and is running
|
||||||
|
func isServiceActive(name string) (bool, error) {
|
||||||
|
initSystem, err := initsystem.GetInitSystem()
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
return initSystem.ServiceIsActive(name), nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -26,7 +26,6 @@ import (
|
|||||||
"k8s.io/kubernetes/cmd/kubeadm/app/features"
|
"k8s.io/kubernetes/cmd/kubeadm/app/features"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/images"
|
"k8s.io/kubernetes/cmd/kubeadm/app/images"
|
||||||
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/util/initsystem"
|
|
||||||
utilsexec "k8s.io/utils/exec"
|
utilsexec "k8s.io/utils/exec"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
@ -39,7 +38,6 @@ type kubeletFlagsOpts struct {
|
|||||||
pauseImage string
|
pauseImage string
|
||||||
registerTaintsUsingFlags bool
|
registerTaintsUsingFlags bool
|
||||||
execer utilsexec.Interface
|
execer utilsexec.Interface
|
||||||
isServiceActiveFunc func(string) (bool, error)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetNodeNameAndHostname obtains the name for this Node using the following precedence
|
// GetNodeNameAndHostname obtains the name for this Node using the following precedence
|
||||||
@ -69,13 +67,6 @@ func WriteKubeletDynamicEnvFile(cfg *kubeadmapi.ClusterConfiguration, nodeReg *k
|
|||||||
pauseImage: images.GetPauseImage(cfg),
|
pauseImage: images.GetPauseImage(cfg),
|
||||||
registerTaintsUsingFlags: registerTaintsUsingFlags,
|
registerTaintsUsingFlags: registerTaintsUsingFlags,
|
||||||
execer: utilsexec.New(),
|
execer: utilsexec.New(),
|
||||||
isServiceActiveFunc: func(name string) (bool, error) {
|
|
||||||
initSystem, err := initsystem.GetInitSystem()
|
|
||||||
if err != nil {
|
|
||||||
return false, err
|
|
||||||
}
|
|
||||||
return initSystem.ServiceIsActive(name), nil
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
stringMap := buildKubeletArgMap(flagOpts)
|
stringMap := buildKubeletArgMap(flagOpts)
|
||||||
argList := kubeadmutil.BuildArgumentListFromMap(stringMap, nodeReg.KubeletExtraArgs)
|
argList := kubeadmutil.BuildArgumentListFromMap(stringMap, nodeReg.KubeletExtraArgs)
|
||||||
|
|||||||
@ -89,14 +89,6 @@ var (
|
|||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
func serviceIsActiveFunc(_ string) (bool, error) {
|
|
||||||
return true, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func serviceIsNotActiveFunc(_ string) (bool, error) {
|
|
||||||
return false, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestBuildKubeletArgMap(t *testing.T) {
|
func TestBuildKubeletArgMap(t *testing.T) {
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
@ -117,8 +109,7 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
execer: errCgroupExecer,
|
execer: errCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"network-plugin": "cni",
|
"network-plugin": "cni",
|
||||||
@ -131,8 +122,7 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
CRISocket: "/var/run/dockershim.sock",
|
CRISocket: "/var/run/dockershim.sock",
|
||||||
Name: "override-name",
|
Name: "override-name",
|
||||||
},
|
},
|
||||||
execer: errCgroupExecer,
|
execer: errCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"network-plugin": "cni",
|
"network-plugin": "cni",
|
||||||
@ -146,8 +136,7 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
CRISocket: "/var/run/dockershim.sock",
|
CRISocket: "/var/run/dockershim.sock",
|
||||||
KubeletExtraArgs: map[string]string{"hostname-override": "override-name"},
|
KubeletExtraArgs: map[string]string{"hostname-override": "override-name"},
|
||||||
},
|
},
|
||||||
execer: errCgroupExecer,
|
execer: errCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"network-plugin": "cni",
|
"network-plugin": "cni",
|
||||||
@ -160,8 +149,7 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
||||||
CRISocket: "/var/run/dockershim.sock",
|
CRISocket: "/var/run/dockershim.sock",
|
||||||
},
|
},
|
||||||
execer: systemdCgroupExecer,
|
execer: systemdCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"network-plugin": "cni",
|
"network-plugin": "cni",
|
||||||
@ -174,8 +162,7 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
||||||
CRISocket: "/var/run/dockershim.sock",
|
CRISocket: "/var/run/dockershim.sock",
|
||||||
},
|
},
|
||||||
execer: cgroupfsCgroupExecer,
|
execer: cgroupfsCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"network-plugin": "cni",
|
"network-plugin": "cni",
|
||||||
@ -188,8 +175,7 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
||||||
CRISocket: "/var/run/containerd.sock",
|
CRISocket: "/var/run/containerd.sock",
|
||||||
},
|
},
|
||||||
execer: cgroupfsCgroupExecer,
|
execer: cgroupfsCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"container-runtime": "remote",
|
"container-runtime": "remote",
|
||||||
@ -216,7 +202,6 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
},
|
},
|
||||||
registerTaintsUsingFlags: true,
|
registerTaintsUsingFlags: true,
|
||||||
execer: cgroupfsCgroupExecer,
|
execer: cgroupfsCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"container-runtime": "remote",
|
"container-runtime": "remote",
|
||||||
@ -224,30 +209,14 @@ func TestBuildKubeletArgMap(t *testing.T) {
|
|||||||
"register-with-taints": "foo=bar:baz,key=val:eff",
|
"register-with-taints": "foo=bar:baz,key=val:eff",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
|
||||||
name: "systemd-resolved running",
|
|
||||||
opts: kubeletFlagsOpts{
|
|
||||||
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
|
||||||
CRISocket: "/var/run/containerd.sock",
|
|
||||||
},
|
|
||||||
execer: cgroupfsCgroupExecer,
|
|
||||||
isServiceActiveFunc: serviceIsActiveFunc,
|
|
||||||
},
|
|
||||||
expected: map[string]string{
|
|
||||||
"container-runtime": "remote",
|
|
||||||
"container-runtime-endpoint": "/var/run/containerd.sock",
|
|
||||||
"resolv-conf": "/run/systemd/resolve/resolv.conf",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
name: "pause image is set",
|
name: "pause image is set",
|
||||||
opts: kubeletFlagsOpts{
|
opts: kubeletFlagsOpts{
|
||||||
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
nodeRegOpts: &kubeadmapi.NodeRegistrationOptions{
|
||||||
CRISocket: "/var/run/dockershim.sock",
|
CRISocket: "/var/run/dockershim.sock",
|
||||||
},
|
},
|
||||||
pauseImage: "gcr.io/pause:3.2",
|
pauseImage: "gcr.io/pause:3.2",
|
||||||
execer: cgroupfsCgroupExecer,
|
execer: cgroupfsCgroupExecer,
|
||||||
isServiceActiveFunc: serviceIsNotActiveFunc,
|
|
||||||
},
|
},
|
||||||
expected: map[string]string{
|
expected: map[string]string{
|
||||||
"network-plugin": "cni",
|
"network-plugin": "cni",
|
||||||
|
|||||||
@ -39,13 +39,5 @@ func buildKubeletArgMap(opts kubeletFlagsOpts) map[string]string {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ok, err := opts.isServiceActiveFunc("systemd-resolved")
|
|
||||||
if err != nil {
|
|
||||||
klog.Warningf("cannot determine if systemd-resolved is active: %v\n", err)
|
|
||||||
}
|
|
||||||
if ok {
|
|
||||||
kubeletFlags["resolv-conf"] = "/run/systemd/resolve/resolv.conf"
|
|
||||||
}
|
|
||||||
|
|
||||||
return kubeletFlags
|
return kubeletFlags
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user