From 71e8c8eba43a0fade6e4edfc739b331ba3cc658a Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Thu, 27 Jul 2017 09:03:47 -0400 Subject: [PATCH] Fail on swap enabled and deprecate experimental-fail-swap-on flag * Deprecate the old experimental-fail-swap-on * Add a new flag fail-swap-on and set it to true Before this change, we would not fail when swap is on. With this change we fail for everyone when swap is on, unless they explicitly set --fail-swap-on to false. --- cmd/kubelet/app/options/options.go | 5 +++-- cmd/kubelet/app/server.go | 2 +- hack/verify-flags/known-flags.txt | 1 + pkg/apis/componentconfig/types.go | 3 +-- pkg/apis/componentconfig/v1alpha1/types.go | 3 +-- .../v1alpha1/zz_generated.conversion.go | 4 ++-- pkg/kubelet/cm/container_manager_linux.go | 14 +++++--------- 7 files changed, 14 insertions(+), 18 deletions(-) diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go index 821078bb2be..e43f07147f7 100644 --- a/cmd/kubelet/app/options/options.go +++ b/cmd/kubelet/app/options/options.go @@ -144,8 +144,9 @@ func (f *KubeletFlags) AddFlags(fs *pflag.FlagSet) { // addFlags adds flags for a specific componentconfig.KubeletConfiguration to the specified FlagSet func (c *kubeletConfiguration) addFlags(fs *pflag.FlagSet) { - // TODO(#34726:1.8.0): Remove the opt-in for failing when swap is enabled. - fs.BoolVar(&c.ExperimentalFailSwapOn, "experimental-fail-swap-on", c.ExperimentalFailSwapOn, "Makes the Kubelet fail to start if swap is enabled on the node. This is a temporary opton to maintain legacy behavior, failing due to swap enabled will happen by default in v1.6.") + fs.BoolVar(&c.FailSwapOn, "fail-swap-on", true, "Makes the Kubelet fail to start if swap is enabled on the node. ") + fs.BoolVar(&c.FailSwapOn, "experimental-fail-swap-on", true, "DEPRECATED: please use --fail-swap-on instead.") + fs.MarkDeprecated("experimental-fail-swap-on", "This flag is deprecated and will be removed in future releases. please use --fail-swap-on instead.") fs.StringVar(&c.PodManifestPath, "pod-manifest-path", c.PodManifestPath, "Path to to the directory containing pod manifest files to run, or the path to a single pod manifest file. Files starting with dots will be ignored.") fs.DurationVar(&c.SyncFrequency.Duration, "sync-frequency", c.SyncFrequency.Duration, "Max period between synchronizing running containers and config") diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 6125d98f7b0..fed88021b7d 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -584,7 +584,7 @@ func run(s *options.KubeletServer, kubeDeps *kubelet.Dependencies) (err error) { }, ExperimentalQOSReserved: *experimentalQOSReserved, }, - s.ExperimentalFailSwapOn, + s.FailSwapOn, kubeDeps.Recorder) if err != nil { diff --git a/hack/verify-flags/known-flags.txt b/hack/verify-flags/known-flags.txt index 3d29834e7f2..a3d243b78bd 100644 --- a/hack/verify-flags/known-flags.txt +++ b/hack/verify-flags/known-flags.txt @@ -271,6 +271,7 @@ external-hostname external-ip external-name extra-peer-dirs +fail-swap-on failover-timeout failure-domains fake-clientset diff --git a/pkg/apis/componentconfig/types.go b/pkg/apis/componentconfig/types.go index 8ef2f099fe0..f3ff3497760 100644 --- a/pkg/apis/componentconfig/types.go +++ b/pkg/apis/componentconfig/types.go @@ -465,9 +465,8 @@ type KubeletConfiguration struct { // featureGates is a string of comma-separated key=value pairs that describe feature // gates for alpha/experimental features. FeatureGates string - // TODO(#34726:1.8.0): Remove the opt-in for failing when swap is enabled. // Tells the Kubelet to fail to start if swap is enabled on the node. - ExperimentalFailSwapOn bool + FailSwapOn bool // This flag, if set, enables a check prior to mount operations to verify that the required components // (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled // and fails the mount operation fails. diff --git a/pkg/apis/componentconfig/v1alpha1/types.go b/pkg/apis/componentconfig/v1alpha1/types.go index 7c65d07525e..77fd7d42518 100644 --- a/pkg/apis/componentconfig/v1alpha1/types.go +++ b/pkg/apis/componentconfig/v1alpha1/types.go @@ -530,9 +530,8 @@ type KubeletConfiguration struct { // featureGates is a string of comma-separated key=value pairs that describe feature // gates for alpha/experimental features. FeatureGates string `json:"featureGates,omitempty"` - // TODO(#34726:1.8.0): Remove the opt-in for failing when swap is enabled. // Tells the Kubelet to fail to start if swap is enabled on the node. - ExperimentalFailSwapOn bool `json:"experimentalFailSwapOn,omitempty"` + FailSwapOn bool `json:"failSwapOn,omitempty"` // This flag, if set, enables a check prior to mount operations to verify that the required components // (binaries, etc.) to mount the volume are available on the underlying node. If the check is enabled // and fails the mount operation fails. diff --git a/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go b/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go index a4098813f66..f5ee97915d8 100644 --- a/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go @@ -504,7 +504,7 @@ func autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfigu } out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) out.FeatureGates = in.FeatureGates - out.ExperimentalFailSwapOn = in.ExperimentalFailSwapOn + out.FailSwapOn = in.FailSwapOn out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes out.SystemReserved = *(*componentconfig.ConfigurationMap)(unsafe.Pointer(&in.SystemReserved)) @@ -686,7 +686,7 @@ func autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfigu } out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls)) out.FeatureGates = in.FeatureGates - out.ExperimentalFailSwapOn = in.ExperimentalFailSwapOn + out.FailSwapOn = in.FailSwapOn out.ExperimentalCheckNodeCapabilitiesBeforeMount = in.ExperimentalCheckNodeCapabilitiesBeforeMount out.KeepTerminatedPodVolumes = in.KeepTerminatedPodVolumes out.SystemReserved = *(*map[string]string)(unsafe.Pointer(&in.SystemReserved)) diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go index 5042badfc1d..fe22f48038e 100644 --- a/pkg/kubelet/cm/container_manager_linux.go +++ b/pkg/kubelet/cm/container_manager_linux.go @@ -204,18 +204,14 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I return nil, err } - // TODO(#34726:1.8.0): Remove the opt-in for failing when swap is enabled. - // Running with swap enabled should be considered an error, but in order to maintain legacy - // behavior we have to require an opt-in to this error for a period of time. - - // If there is more than one line (table headers) in /proc/swaps, swap is enabled and we should error out. + // Running with swap enabled should be considered an error, but in order to maintain legacy + // behavior we have to require an opt-in to this error for a period of time. + // If there is more than one line (table headers) in /proc/swaps, swap is enabled and we should + // error out unless --fail-swap-on is set to false. if len(buf) > 1 { if failSwapOn { - return nil, fmt.Errorf("Running with swap on is not supported, please disable swap! /proc/swaps contained: %v", buf) + return nil, fmt.Errorf("Running with swap on is not supported, please disable swap! or set --fail-swap-on flag to false. /proc/swaps contained: %v", buf) } - glog.Warningf("Running with swap on is not supported, please disable swap! " + - "This will be a fatal error by default starting in K8s v1.6! " + - "In the meantime, you can opt-in to making this a fatal error by enabling --experimental-fail-swap-on.") } var capacity = v1.ResourceList{} // It is safe to invoke `MachineInfo` on cAdvisor before logically initializing cAdvisor here because