Kubelet should request protobuf from the apiserver

The kubelet was not asking for application/vnd.kubernetes.protobuf
on list and get calls. It looks like we lost that code when we
moved to cert rotation. Clean up the client initialization path
and make sure that all non-dynamic clients use protobuf by default.
This commit is contained in:
Clayton Coleman
2019-03-21 14:14:49 -04:00
parent e739b55374
commit 7d53ad1fb0
3 changed files with 26 additions and 5 deletions

View File

@@ -113,6 +113,7 @@ go_library(
"//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",

View File

@@ -30,6 +30,7 @@ import (
"path" "path"
"path/filepath" "path/filepath"
"strconv" "strconv"
"strings"
"time" "time"
"github.com/coreos/go-systemd/daemon" "github.com/coreos/go-systemd/daemon"
@@ -40,6 +41,7 @@ import (
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
utilruntime "k8s.io/apimachinery/pkg/util/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
@@ -757,6 +759,11 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName)
return nil, nil, err return nil, nil, err
} }
// use the correct content type for cert rotation, but don't set QPS
setContentTypeForClient(certConfig, s.ContentType)
kubeClientConfigOverrides(s, clientConfig)
clientCertificateManager, err := buildClientCertificateManager(certConfig, clientConfig, s.CertDirectory, nodeName) clientCertificateManager, err := buildClientCertificateManager(certConfig, clientConfig, s.CertDirectory, nodeName)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@@ -764,7 +771,6 @@ func buildKubeletClientConfig(s *options.KubeletServer, nodeName types.NodeName)
// the rotating transport will use the cert from the cert manager instead of these files // the rotating transport will use the cert from the cert manager instead of these files
transportConfig := restclient.AnonymousClientConfig(clientConfig) transportConfig := restclient.AnonymousClientConfig(clientConfig)
kubeClientConfigOverrides(s, transportConfig)
// we set exitAfter to five minutes because we use this client configuration to request new certs - if we are unable // we set exitAfter to five minutes because we use this client configuration to request new certs - if we are unable
// to request new certs, we will be unable to continue normal operation. Exiting the process allows a wrapper // to request new certs, we will be unable to continue normal operation. Exiting the process allows a wrapper
@@ -836,7 +842,7 @@ func buildClientCertificateManager(certConfig, clientConfig *restclient.Config,
} }
func kubeClientConfigOverrides(s *options.KubeletServer, clientConfig *restclient.Config) { func kubeClientConfigOverrides(s *options.KubeletServer, clientConfig *restclient.Config) {
clientConfig.ContentType = s.ContentType setContentTypeForClient(clientConfig, s.ContentType)
// Override kubeconfig qps/burst settings from flags // Override kubeconfig qps/burst settings from flags
clientConfig.QPS = float32(s.KubeAPIQPS) clientConfig.QPS = float32(s.KubeAPIQPS)
clientConfig.Burst = int(s.KubeAPIBurst) clientConfig.Burst = int(s.KubeAPIBurst)
@@ -930,6 +936,21 @@ func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletCo
return tlsOptions, nil return tlsOptions, nil
} }
// setContentTypeForClient sets the appropritae content type into the rest config
// and handles defaulting AcceptContentTypes based on that input.
func setContentTypeForClient(cfg *restclient.Config, contentType string) {
if len(contentType) == 0 {
return
}
cfg.ContentType = contentType
switch contentType {
case runtime.ContentTypeProtobuf:
cfg.AcceptContentTypes = strings.Join([]string{runtime.ContentTypeProtobuf, runtime.ContentTypeJSON}, ",")
default:
// otherwise let the rest client perform defaulting
}
}
// RunKubelet is responsible for setting up and running a kubelet. It is used in three different applications: // RunKubelet is responsible for setting up and running a kubelet. It is used in three different applications:
// 1 Integration tests // 1 Integration tests
// 2 Kubelet binary // 2 Kubelet binary

View File

@@ -43,7 +43,6 @@ type TypeMeta struct {
const ( const (
ContentTypeJSON string = "application/json" ContentTypeJSON string = "application/json"
ContentTypeYAML string = "application/yaml" ContentTypeYAML string = "application/yaml"
ContentTypeProtobuf string = "application/vnd.kubernetes.protobuf" ContentTypeProtobuf string = "application/vnd.kubernetes.protobuf"
) )