KEP-3619: Wiring up from RuntimeFeatures.SupplementalGroupsPolicy(CRI) to NodeFeatures.SupplementalGroupsPolicy(API)
KEP-3619: fix typos in pkg/kubelet/container/runtime.go
This commit is contained in:
Shingo Omura
@@ -556,6 +556,8 @@ type RuntimeStatus struct {
|
||||
Conditions []RuntimeCondition
|
||||
// Handlers is an array of current available handlers
|
||||
Handlers []RuntimeHandler
|
||||
// Features is the set of features implemented by the runtime
|
||||
Features *RuntimeFeatures
|
||||
}
|
||||
|
||||
// GetRuntimeCondition gets a specified runtime condition from the runtime status.
|
||||
@@ -579,7 +581,7 @@ func (r *RuntimeStatus) String() string {
|
||||
for _, h := range r.Handlers {
|
||||
sh = append(sh, h.String())
|
||||
}
|
||||
return fmt.Sprintf("Runtime Conditions: %s; Handlers: %s", strings.Join(ss, ", "), strings.Join(sh, ", "))
|
||||
return fmt.Sprintf("Runtime Conditions: %s; Handlers: %s, Features: %s", strings.Join(ss, ", "), strings.Join(sh, ", "), r.Features.String())
|
||||
}
|
||||
|
||||
// RuntimeHandler contains condition information for the runtime handler.
|
||||
@@ -617,6 +619,19 @@ func (c *RuntimeCondition) String() string {
|
||||
return fmt.Sprintf("%s=%t reason:%s message:%s", c.Type, c.Status, c.Reason, c.Message)
|
||||
}
|
||||
|
||||
// RuntimeFeatures contains the set of features implemented by the runtime
|
||||
type RuntimeFeatures struct {
|
||||
SupplementalGroupsPolicy bool
|
||||
}
|
||||
|
||||
// String formats the runtime condition into a human readable string.
|
||||
func (f *RuntimeFeatures) String() string {
|
||||
if f == nil {
|
||||
return "nil"
|
||||
}
|
||||
return fmt.Sprintf("SupplementalGroupsPolicy: %v", f.SupplementalGroupsPolicy)
|
||||
}
|
||||
|
||||
// Pods represents the list of pods
|
||||
type Pods []*Pod
|
||||
|
||||
|
||||
@@ -2883,6 +2883,7 @@ func (kl *Kubelet) updateRuntimeUp() {
|
||||
|
||||
kl.runtimeState.setRuntimeState(nil)
|
||||
kl.runtimeState.setRuntimeHandlers(s.Handlers)
|
||||
kl.runtimeState.setRuntimeFeatures(s.Features)
|
||||
kl.oneTimeInitializer.Do(kl.initializeRuntimeDependentModules)
|
||||
kl.runtimeState.setRuntimeSync(kl.clock.Now())
|
||||
}
|
||||
|
||||
@@ -737,6 +737,7 @@ func (kl *Kubelet) defaultNodeStatusFuncs() []func(context.Context, *v1.Node) er
|
||||
nodestatus.Images(kl.nodeStatusMaxImages, kl.imageManager.GetImageList),
|
||||
nodestatus.GoRuntime(),
|
||||
nodestatus.RuntimeHandlers(kl.runtimeState.runtimeHandlers),
|
||||
nodestatus.NodeFeatures(kl.runtimeState.runtimeFeatures),
|
||||
)
|
||||
|
||||
setters = append(setters,
|
||||
|
||||
@@ -208,7 +208,7 @@ func parsePodUIDFromLogsDirectory(name string) types.UID {
|
||||
}
|
||||
|
||||
// toKubeRuntimeStatus converts the runtimeapi.RuntimeStatus to kubecontainer.RuntimeStatus.
|
||||
func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeapi.RuntimeHandler) *kubecontainer.RuntimeStatus {
|
||||
func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeapi.RuntimeHandler, features *runtimeapi.RuntimeFeatures) *kubecontainer.RuntimeStatus {
|
||||
conditions := []kubecontainer.RuntimeCondition{}
|
||||
for _, c := range status.GetConditions() {
|
||||
conditions = append(conditions, kubecontainer.RuntimeCondition{
|
||||
@@ -232,7 +232,13 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeap
|
||||
SupportsUserNamespaces: supportsUserns,
|
||||
}
|
||||
}
|
||||
return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers}
|
||||
var retFeatures *kubecontainer.RuntimeFeatures
|
||||
if features != nil {
|
||||
retFeatures = &kubecontainer.RuntimeFeatures{
|
||||
SupplementalGroupsPolicy: features.SupplementalGroupsPolicy,
|
||||
}
|
||||
}
|
||||
return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers, Features: retFeatures}
|
||||
}
|
||||
|
||||
func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) {
|
||||
|
||||
@@ -347,7 +347,7 @@ func (m *kubeGenericRuntimeManager) Status(ctx context.Context) (*kubecontainer.
|
||||
if resp.GetStatus() == nil {
|
||||
return nil, errors.New("runtime status is nil")
|
||||
}
|
||||
return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers()), nil
|
||||
return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers(), resp.GetFeatures()), nil
|
||||
}
|
||||
|
||||
// GetPods returns a list of containers grouped by pods. The boolean parameter
|
||||
|
||||
@@ -482,6 +482,23 @@ func GoRuntime() Setter {
|
||||
}
|
||||
}
|
||||
|
||||
// NodeFeatures returns a Setter that sets NodeFeatures on the node.
|
||||
func NodeFeatures(featuresGetter func() *kubecontainer.RuntimeFeatures) Setter {
|
||||
return func(ctx context.Context, node *v1.Node) error {
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.SupplementalGroupsPolicy) {
|
||||
return nil
|
||||
}
|
||||
features := featuresGetter()
|
||||
if features == nil {
|
||||
return nil
|
||||
}
|
||||
node.Status.Features = &v1.NodeFeatures{
|
||||
SupplementalGroupsPolicy: &features.SupplementalGroupsPolicy,
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
// RuntimeHandlers returns a Setter that sets RuntimeHandlers on the node.
|
||||
func RuntimeHandlers(fn func() []kubecontainer.RuntimeHandler) Setter {
|
||||
return func(ctx context.Context, node *v1.Node) error {
|
||||
|
||||
@@ -36,6 +36,7 @@ type runtimeState struct {
|
||||
cidr string
|
||||
healthChecks []*healthCheck
|
||||
rtHandlers []kubecontainer.RuntimeHandler
|
||||
rtFeatures *kubecontainer.RuntimeFeatures
|
||||
}
|
||||
|
||||
// A health check function should be efficient and not rely on external
|
||||
@@ -83,6 +84,18 @@ func (s *runtimeState) runtimeHandlers() []kubecontainer.RuntimeHandler {
|
||||
return s.rtHandlers
|
||||
}
|
||||
|
||||
func (s *runtimeState) setRuntimeFeatures(features *kubecontainer.RuntimeFeatures) {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
s.rtFeatures = features
|
||||
}
|
||||
|
||||
func (s *runtimeState) runtimeFeatures() *kubecontainer.RuntimeFeatures {
|
||||
s.RLock()
|
||||
defer s.RUnlock()
|
||||
return s.rtFeatures
|
||||
}
|
||||
|
||||
func (s *runtimeState) setStorageState(err error) {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
|
||||
@@ -106,6 +106,10 @@ func dropDisabledFields(node *api.Node, oldNode *api.Node) {
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
|
||||
node.Status.RuntimeHandlers = nil
|
||||
}
|
||||
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.SupplementalGroupsPolicy) {
|
||||
node.Status.Features = nil
|
||||
}
|
||||
}
|
||||
|
||||
// nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used)
|
||||
|
||||
Reference in New Issue
Block a user