Adds filtering of hosts to DialContexts.
The provided DialContext wraps existing clients' DialContext in an attempt to preserve any existing timeout configuration. In some cases, we may replace infinite timeouts with golang defaults. - scaleio: tcp connect/keepalive values changed from 0/15 to 30/30 - storageos: no change
This commit is contained in:
Matthew Cary
@@ -123,7 +123,7 @@ func (in *KubeControllerManagerConfiguration) DeepCopyInto(out *KubeControllerMa
|
||||
out.NamespaceController = in.NamespaceController
|
||||
out.NodeIPAMController = in.NodeIPAMController
|
||||
out.NodeLifecycleController = in.NodeLifecycleController
|
||||
out.PersistentVolumeBinderController = in.PersistentVolumeBinderController
|
||||
in.PersistentVolumeBinderController.DeepCopyInto(&out.PersistentVolumeBinderController)
|
||||
out.PodGCController = in.PodGCController
|
||||
out.ReplicaSetController = in.ReplicaSetController
|
||||
out.ReplicationController = in.ReplicationController
|
||||
|
||||
@@ -19,6 +19,7 @@ go_library(
|
||||
"//pkg/controller/volume/attachdetach/util:go_default_library",
|
||||
"//pkg/controller/volume/common:go_default_library",
|
||||
"//pkg/features:go_default_library",
|
||||
"//pkg/proxy/util:go_default_library",
|
||||
"//pkg/volume:go_default_library",
|
||||
"//pkg/volume/csimigration:go_default_library",
|
||||
"//pkg/volume/util:go_default_library",
|
||||
|
||||
@@ -55,6 +55,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/controller/volume/attachdetach/util"
|
||||
"k8s.io/kubernetes/pkg/controller/volume/common"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
proxyutil "k8s.io/kubernetes/pkg/proxy/util"
|
||||
"k8s.io/kubernetes/pkg/volume"
|
||||
"k8s.io/kubernetes/pkg/volume/csimigration"
|
||||
volumeutil "k8s.io/kubernetes/pkg/volume/util"
|
||||
@@ -117,21 +118,23 @@ func NewAttachDetachController(
|
||||
prober volume.DynamicPluginProber,
|
||||
disableReconciliationSync bool,
|
||||
reconcilerSyncDuration time.Duration,
|
||||
timerConfig TimerConfig) (AttachDetachController, error) {
|
||||
timerConfig TimerConfig,
|
||||
filteredDialOptions *proxyutil.FilteredDialOptions) (AttachDetachController, error) {
|
||||
|
||||
adc := &attachDetachController{
|
||||
kubeClient: kubeClient,
|
||||
pvcLister: pvcInformer.Lister(),
|
||||
pvcsSynced: pvcInformer.Informer().HasSynced,
|
||||
pvLister: pvInformer.Lister(),
|
||||
pvsSynced: pvInformer.Informer().HasSynced,
|
||||
podLister: podInformer.Lister(),
|
||||
podsSynced: podInformer.Informer().HasSynced,
|
||||
podIndexer: podInformer.Informer().GetIndexer(),
|
||||
nodeLister: nodeInformer.Lister(),
|
||||
nodesSynced: nodeInformer.Informer().HasSynced,
|
||||
cloud: cloud,
|
||||
pvcQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "pvcs"),
|
||||
kubeClient: kubeClient,
|
||||
pvcLister: pvcInformer.Lister(),
|
||||
pvcsSynced: pvcInformer.Informer().HasSynced,
|
||||
pvLister: pvInformer.Lister(),
|
||||
pvsSynced: pvInformer.Informer().HasSynced,
|
||||
podLister: podInformer.Lister(),
|
||||
podsSynced: podInformer.Informer().HasSynced,
|
||||
podIndexer: podInformer.Informer().GetIndexer(),
|
||||
nodeLister: nodeInformer.Lister(),
|
||||
nodesSynced: nodeInformer.Informer().HasSynced,
|
||||
cloud: cloud,
|
||||
pvcQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "pvcs"),
|
||||
filteredDialOptions: filteredDialOptions,
|
||||
}
|
||||
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.CSIMigration) &&
|
||||
@@ -313,6 +316,9 @@ type attachDetachController struct {
|
||||
|
||||
// intreeToCSITranslator translates from in-tree volume specs to CSI
|
||||
intreeToCSITranslator csimigration.InTreeToCSITranslator
|
||||
|
||||
// filteredDialOptions configures any dialing done by the controller.
|
||||
filteredDialOptions *proxyutil.FilteredDialOptions
|
||||
}
|
||||
|
||||
func (adc *attachDetachController) Run(stopCh <-chan struct{}) {
|
||||
@@ -813,6 +819,10 @@ func (adc *attachDetachController) GetSubpather() subpath.Interface {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (adc *attachDetachController) GetFilteredDialOptions() *proxyutil.FilteredDialOptions {
|
||||
return adc.filteredDialOptions
|
||||
}
|
||||
|
||||
func (adc *attachDetachController) GetCSIDriverLister() storagelistersv1.CSIDriverLister {
|
||||
return adc.csiDriverLister
|
||||
}
|
||||
|
||||
@@ -55,6 +55,7 @@ func Test_NewAttachDetachController_Positive(t *testing.T) {
|
||||
false,
|
||||
5*time.Second,
|
||||
DefaultTimerConfig,
|
||||
nil, /* filteredDialOptions */
|
||||
)
|
||||
|
||||
// Assert
|
||||
@@ -175,7 +176,9 @@ func attachDetachRecoveryTestCase(t *testing.T, extraPods1 []*v1.Pod, extraPods2
|
||||
prober,
|
||||
false,
|
||||
1*time.Second,
|
||||
DefaultTimerConfig)
|
||||
DefaultTimerConfig,
|
||||
nil, /* filteredDialOptions */
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("Run failed with error. Expected: <no error> Actual: <%v>", err)
|
||||
|
||||
@@ -9,6 +9,7 @@ go_library(
|
||||
deps = [
|
||||
"//pkg/apis/core/v1/helper:go_default_library",
|
||||
"//pkg/controller/volume/events:go_default_library",
|
||||
"//pkg/proxy/util:go_default_library",
|
||||
"//pkg/volume:go_default_library",
|
||||
"//pkg/volume/csimigration:go_default_library",
|
||||
"//pkg/volume/util:go_default_library",
|
||||
|
||||
@@ -47,6 +47,7 @@ import (
|
||||
cloudprovider "k8s.io/cloud-provider"
|
||||
v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
|
||||
"k8s.io/kubernetes/pkg/controller/volume/events"
|
||||
proxyutil "k8s.io/kubernetes/pkg/proxy/util"
|
||||
"k8s.io/kubernetes/pkg/volume"
|
||||
"k8s.io/kubernetes/pkg/volume/csimigration"
|
||||
"k8s.io/kubernetes/pkg/volume/util"
|
||||
@@ -104,6 +105,8 @@ type expandController struct {
|
||||
translator CSINameTranslator
|
||||
|
||||
csiMigratedPluginManager csimigration.PluginManager
|
||||
|
||||
filteredDialOptions *proxyutil.FilteredDialOptions
|
||||
}
|
||||
|
||||
// NewExpandController expands the pvs
|
||||
@@ -115,7 +118,8 @@ func NewExpandController(
|
||||
cloud cloudprovider.Interface,
|
||||
plugins []volume.VolumePlugin,
|
||||
translator CSINameTranslator,
|
||||
csiMigratedPluginManager csimigration.PluginManager) (ExpandController, error) {
|
||||
csiMigratedPluginManager csimigration.PluginManager,
|
||||
filteredDialOptions *proxyutil.FilteredDialOptions) (ExpandController, error) {
|
||||
|
||||
expc := &expandController{
|
||||
kubeClient: kubeClient,
|
||||
@@ -129,6 +133,7 @@ func NewExpandController(
|
||||
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "volume_expand"),
|
||||
translator: translator,
|
||||
csiMigratedPluginManager: csiMigratedPluginManager,
|
||||
filteredDialOptions: filteredDialOptions,
|
||||
}
|
||||
|
||||
if err := expc.volumePluginMgr.InitPlugins(plugins, nil, expc); err != nil {
|
||||
@@ -449,3 +454,7 @@ func (expc *expandController) GetSubpather() subpath.Interface {
|
||||
// not needed for expand controller
|
||||
return nil
|
||||
}
|
||||
|
||||
func (expc *expandController) GetFilteredDialOptions() *proxyutil.FilteredDialOptions {
|
||||
return expc.filteredDialOptions
|
||||
}
|
||||
|
||||
@@ -126,7 +126,7 @@ func TestSyncHandler(t *testing.T) {
|
||||
informerFactory.Storage().V1().StorageClasses().Informer().GetIndexer().Add(tc.storageClass)
|
||||
}
|
||||
translator := csitrans.New()
|
||||
expc, err := NewExpandController(fakeKubeClient, pvcInformer, pvInformer, storageClassInformer, nil, allPlugins, translator, csimigration.NewPluginManager(translator))
|
||||
expc, err := NewExpandController(fakeKubeClient, pvcInformer, pvInformer, storageClassInformer, nil, allPlugins, translator, csimigration.NewPluginManager(translator), nil)
|
||||
if err != nil {
|
||||
t.Fatalf("error creating expand controller : %v", err)
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ go_library(
|
||||
"//pkg/controller/volume/persistentvolume/metrics:go_default_library",
|
||||
"//pkg/controller/volume/persistentvolume/util:go_default_library",
|
||||
"//pkg/features:go_default_library",
|
||||
"//pkg/proxy/util:go_default_library",
|
||||
"//pkg/util/goroutinemap:go_default_library",
|
||||
"//pkg/util/goroutinemap/exponentialbackoff:go_default_library",
|
||||
"//pkg/volume:go_default_library",
|
||||
|
||||
@@ -28,6 +28,12 @@ type PersistentVolumeBinderControllerConfiguration struct {
|
||||
PVClaimBinderSyncPeriod metav1.Duration
|
||||
// volumeConfiguration holds configuration for volume related features.
|
||||
VolumeConfiguration VolumeConfiguration
|
||||
// VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the
|
||||
// controller from plugins.
|
||||
VolumeHostCIDRDenylist []string
|
||||
// VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc)
|
||||
// should be allowed from plugins.
|
||||
VolumeHostAllowLocalLoopback bool
|
||||
}
|
||||
|
||||
// VolumeConfiguration contains *all* enumerated flags meant to configure all volume
|
||||
|
||||
@@ -39,6 +39,11 @@ func RecommendedDefaultPersistentVolumeBinderControllerConfiguration(obj *kubect
|
||||
obj.PVClaimBinderSyncPeriod = metav1.Duration{Duration: 15 * time.Second}
|
||||
}
|
||||
|
||||
if obj.VolumeHostAllowLocalLoopback == nil {
|
||||
trueValue := true
|
||||
obj.VolumeHostAllowLocalLoopback = &trueValue
|
||||
}
|
||||
|
||||
// Use the default VolumeConfiguration options.
|
||||
RecommendedDefaultVolumeConfiguration(&obj.VolumeConfiguration)
|
||||
}
|
||||
|
||||
@@ -21,6 +21,8 @@ limitations under the License.
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
unsafe "unsafe"
|
||||
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
conversion "k8s.io/apimachinery/pkg/conversion"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
@@ -105,6 +107,10 @@ func autoConvert_v1alpha1_PersistentVolumeBinderControllerConfiguration_To_confi
|
||||
if err := Convert_v1alpha1_VolumeConfiguration_To_config_VolumeConfiguration(&in.VolumeConfiguration, &out.VolumeConfiguration, s); err != nil {
|
||||
return err
|
||||
}
|
||||
out.VolumeHostCIDRDenylist = *(*[]string)(unsafe.Pointer(&in.VolumeHostCIDRDenylist))
|
||||
if err := v1.Convert_Pointer_bool_To_bool(&in.VolumeHostAllowLocalLoopback, &out.VolumeHostAllowLocalLoopback, s); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -113,6 +119,10 @@ func autoConvert_config_PersistentVolumeBinderControllerConfiguration_To_v1alpha
|
||||
if err := Convert_config_VolumeConfiguration_To_v1alpha1_VolumeConfiguration(&in.VolumeConfiguration, &out.VolumeConfiguration, s); err != nil {
|
||||
return err
|
||||
}
|
||||
out.VolumeHostCIDRDenylist = *(*[]string)(unsafe.Pointer(&in.VolumeHostCIDRDenylist))
|
||||
if err := v1.Convert_bool_To_Pointer_bool(&in.VolumeHostAllowLocalLoopback, &out.VolumeHostAllowLocalLoopback, s); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -25,6 +25,11 @@ func (in *PersistentVolumeBinderControllerConfiguration) DeepCopyInto(out *Persi
|
||||
*out = *in
|
||||
out.PVClaimBinderSyncPeriod = in.PVClaimBinderSyncPeriod
|
||||
out.VolumeConfiguration = in.VolumeConfiguration
|
||||
if in.VolumeHostCIDRDenylist != nil {
|
||||
in, out := &in.VolumeHostCIDRDenylist, &out.VolumeHostCIDRDenylist
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -45,6 +45,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/controller/volume/persistentvolume/metrics"
|
||||
pvutil "k8s.io/kubernetes/pkg/controller/volume/persistentvolume/util"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
proxyutil "k8s.io/kubernetes/pkg/proxy/util"
|
||||
"k8s.io/kubernetes/pkg/util/goroutinemap"
|
||||
"k8s.io/kubernetes/pkg/util/goroutinemap/exponentialbackoff"
|
||||
vol "k8s.io/kubernetes/pkg/volume"
|
||||
@@ -235,6 +236,9 @@ type PersistentVolumeController struct {
|
||||
|
||||
translator CSINameTranslator
|
||||
csiMigratedPluginManager CSIMigratedPluginManager
|
||||
|
||||
// filteredDialOptions configures any dialing done by the controller.
|
||||
filteredDialOptions *proxyutil.FilteredDialOptions
|
||||
}
|
||||
|
||||
// syncClaim is the main controller method to decide what to do with a claim.
|
||||
|
||||
@@ -44,6 +44,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/controller/volume/common"
|
||||
"k8s.io/kubernetes/pkg/controller/volume/persistentvolume/metrics"
|
||||
pvutil "k8s.io/kubernetes/pkg/controller/volume/persistentvolume/util"
|
||||
proxyutil "k8s.io/kubernetes/pkg/proxy/util"
|
||||
"k8s.io/kubernetes/pkg/util/goroutinemap"
|
||||
vol "k8s.io/kubernetes/pkg/volume"
|
||||
"k8s.io/kubernetes/pkg/volume/csimigration"
|
||||
@@ -70,6 +71,7 @@ type ControllerParameters struct {
|
||||
NodeInformer coreinformers.NodeInformer
|
||||
EventRecorder record.EventRecorder
|
||||
EnableDynamicProvisioning bool
|
||||
FilteredDialOptions *proxyutil.FilteredDialOptions
|
||||
}
|
||||
|
||||
// NewController creates a new PersistentVolume controller
|
||||
@@ -142,6 +144,8 @@ func NewController(p ControllerParameters) (*PersistentVolumeController, error)
|
||||
controller.translator = csiTranslator
|
||||
controller.csiMigratedPluginManager = csimigration.NewPluginManager(csiTranslator)
|
||||
|
||||
controller.filteredDialOptions = p.FilteredDialOptions
|
||||
|
||||
return controller, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -30,6 +30,7 @@ import (
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/tools/record"
|
||||
cloudprovider "k8s.io/cloud-provider"
|
||||
proxyutil "k8s.io/kubernetes/pkg/proxy/util"
|
||||
vol "k8s.io/kubernetes/pkg/volume"
|
||||
"k8s.io/kubernetes/pkg/volume/util/subpath"
|
||||
)
|
||||
@@ -138,3 +139,7 @@ func (ctrl *PersistentVolumeController) GetSubpather() subpath.Interface {
|
||||
// No volume plugin needs Subpaths in PV controller.
|
||||
return nil
|
||||
}
|
||||
|
||||
func (ctrl *PersistentVolumeController) GetFilteredDialOptions() *proxyutil.FilteredDialOptions {
|
||||
return ctrl.filteredDialOptions
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user