Commit Graph

236 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
7adb7c1d06
Merge pull request #109612 from pandaamanda/remove_DeprecatedControllerOptions
refactor: remove deprecated `deleting-pods-qps` `deleting-pods-burst` `register-retry-count`  flags
2022-05-04 02:34:54 -07:00
Kubernetes Prow Robot
2d1f12942f
Merge pull request #108476 from ialidzhikov/cleanup/experimental-cluster-signing-duration
kube-controller-manager: Remove the deprecated `--experimental-cluster-signing-duration` flag
2022-05-03 18:23:31 -07:00
熊中谅10171568
c4579165f1 refactor: remove deprecated flags
refactor: remove deprecated deleting-pods-qps deleting-pods-burst register-retry-count flags
2022-04-22 20:28:12 +08:00
SataQiu
9ac1b4b68f remove unused option deployment-controller-sync-period for deployment controller 2022-03-30 20:00:53 +08:00
ialidzhikov
9c7c7cca24 kube-controller-manager: Cleanup MarkDeprecared call for already removed flag
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2022-03-05 12:53:44 +02:00
ialidzhikov
a444eb60d7 kube-controller-manager: Remove the deprecated --experimental-cluster-signing-duration flag
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2022-03-03 08:47:49 +02:00
Jian Zeng
c73d96ac87
refactor: remove the insecure flags in controller-manager
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
2021-12-08 10:50:12 +08:00
Patrick Ohly
4df70dfd41 component-base: initialize logging as soon as possible
In various places log messages where emitted as part of validation or even
before it (for example, cli.PrintFlags). Those log messages did not use the
final logging configuration, for example text output instead of JSON or not the
final verbosity. The last point became more obvious after moving the setup of
verbosity into logs.Options.Apply because PrintFlags never printed anything
anymore.

In order to force applications to deal with logging as soon as possible, the
Options.Validate and Options.Apply methods are now private. Applications should
use the new Options.ValidateAndApply directly after parsing.
2021-11-03 11:55:54 +01:00
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Kubernetes Prow Robot
7ab3e3c8c3
Merge pull request #102981 from SataQiu/add-ephemeral-config-v1alpha1
Add --concurrent-ephemeralvolume-syncs flag for kube-controller-manager
2021-08-05 20:55:12 -07:00
SataQiu
7fa0b9b6c1 add --concurrent-ephemeralvolume-syncs flag for kube-controller-manager 2021-07-25 21:36:57 +08:00
Pingan2017
bf9f3dc7b3 deprecate unused option deployment-controller-sync-period for deployment controller 2021-07-07 15:40:12 +08:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:15 -04:00
Marek Siarkowicz
4ebc0c94a4 Remove legacy metrics client from podautoscaler 2021-06-04 23:06:32 +02:00
Kubernetes Prow Robot
7563d3092e
Merge pull request #96216 from knight42/refactor/disable-insecure-port-in-ctrler-mgr
refactor: disable insecure serving in controller-manager
2021-05-10 13:49:36 -07:00
Jian Zeng
e481d99965
refactor: disable insecure serving in controller-manager
Now the following flags have no effect and would be removed in v1.24:
* `--port`
* `--address`

The insecure port flags `--port` may only be set to 0 now.

Signed-off-by: Jian Zeng <zengjian.zj@bytedance.com>
2021-05-03 00:01:49 +08:00
wangyx1992
fd51e654af cleanup: fix errors in wrapped format and log capitalization in controller
Signed-off-by: wangyx1992 <wang.yixiang@zte.com.cn>
2021-04-22 15:40:54 +08:00
Kubernetes Prow Robot
dc2020eb9d
Merge pull request #100959 from p0lyn0mial/upstream-delegated-authn-timeout
DelegatingAuthenticationOptions: TokenReview request timeout
2021-04-14 18:20:09 -07:00
Lukasz Szaszkiewicz
a7bc51212a Revert "KCM: specifies the upper-bound timeout limit for outgoing requests"
This reverts commit 662cc70c70.
2021-04-14 14:06:01 +02:00
Lukasz Szaszkiewicz
d690d71d27 DelegatingAuthenticationOptions TokenReview request timeout
it turns out that setting a timeout on HTTP client affect watch requests made by the delegated authentication component.
with a 10 second timeout watch requests are being re-established exactly after 10 seconds even though the default request timeout for them is ~5 minutes.

this is because if multiple timeouts were set, the stdlib picks the smaller timeout to be applied, leaving other useless.
for more details see a937729c2c/src/net/http/client.go (L364)

instead of setting a timeout on the HTTP client we should use context for cancellation.
2021-04-13 16:53:59 +02:00
Kubernetes Prow Robot
c94a2f75e6
Merge pull request #99358 from p0lyn0mial/kcm-timeout
KCM: specifies the upper-bound timeout limit for outgoing requests
2021-04-08 14:28:07 -07:00
Indeed
68ebe29529 fix leader migration options not applied
to kube-controller-manager or cloud-controller-manager
2021-03-09 14:46:52 -08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Lukasz Szaszkiewicz
662cc70c70 KCM: specifies the upper-bound timeout limit for outgoing requests
Previously no timeout was set.
Requests without explicit timeout might potentially hang forever and lead to starvation of the application.
2021-02-23 13:08:19 +01:00
Kubernetes Prow Robot
d2659101bf
Merge pull request #98325 from deads2k/update-default-authorizer
Update delegated authorization options default to eliminate unnecessary SARs
2021-02-02 11:38:28 -08:00
David Eads
62230d3c46 update delegated authz defaults in kube binaries 2021-01-26 12:53:24 -05:00
Jakub Przychodzeń
87924e53f0 [kube-controller-manager] Lower timeout for leaderelection resourcelock
Migrate how resource lock and leader election config is generated to new way, hidding kubeClient. This also halfs kubeClient timeout, making it an useful value.

If timeout is equal to RenewDeadline and we hit client timeout on request, there will be no retry, as RenewDeadline part will cancel the context and lose leader election. So setting a timeout to value at least equal to RenewDeadline is pointless.

Setting it as half of RenewDeadline is a heuristic to resolve this missing retry problem without adding additional parameter.
2021-01-14 10:49:42 +01:00
Kubernetes Prow Robot
e38b1b94f8
Merge pull request #96399 from andrewsykim/service-config
move service controller config to k8s.io/cloud-provider/controllers/service/config
2020-11-12 11:21:57 -08:00
Alay Patel
38bb53555e update violation_exceptions.list and make generated 2020-11-10 17:32:06 -05:00
Alay Patel
8d7dd4415e add cronjob_controllerv2.go 2020-11-10 17:32:06 -05:00
Andrew Sy Kim
b1e0decce1 move service controller config to k8s.io/cloud-provider/controllers/service/config
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-11-10 14:59:44 -05:00
Lukasz Szaszkiewicz
7340c3498a DelegatingAuthenticationOptions: allows for setting a timeout for the TokenReview client that is used by for the webhook authenticator
Previously no timeout was set. Requests without explicit timeout might potentially hang forever and lead to starvation of the application.
When no timeout was specified a default one will be applied.
2020-11-04 13:40:33 +01:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
2020-11-01 10:18:25 -05:00
cici37
9465d95ea6 Move CCM to staging k8s.io/cloud-provider 2020-10-29 20:50:23 -07:00
Lukasz Szaszkiewicz
2160cbc53f DelegatingAuthorizationOptions: exposes and sets a default timeout for SubjectAccessReview client
previously no timeout was set. Requests without explicit timeout might potentially hang forever and lead to starvation of the application.
2020-10-26 17:11:59 +01:00
cici37
ae8ce0d190 Move cmd/controller-manager to k8s.io/controller-manager and cloud specific configs to k8s.io/cloud-provider. 2020-10-08 13:23:16 -07:00
Matthew Cary
f2e23afcf1 Adds filtering of hosts to DialContexts.
The provided DialContext wraps existing clients' DialContext in an attempt to
preserve any existing timeout configuration. In some cases, we may replace
infinite timeouts with golang defaults.

- scaleio: tcp connect/keepalive values changed from 0/15 to 30/30
- storageos: no change
2020-09-18 00:07:32 +00:00
Daniel Smith
a86afc12df update scripts 2020-09-02 10:49:40 -07:00
Daniel Smith
75f835aa08 move port definitions to a common location 2020-09-02 10:48:25 -07:00
Kubernetes Prow Robot
05f6812c2d
Merge pull request #90822 from deads2k/csr-separate-signer-flags-02
allow setting different certificates for kube-controller-managed CSR signers
2020-07-18 03:10:50 -07:00
Kubernetes Prow Robot
4efed03276
Merge pull request #91637 from robscott/endpointslice-mirroring
Adding new EndpointSlice Mirroring Controller
2020-07-10 10:19:48 -07:00
David Eads
e88fecf26b allow setting different certificates for kube-controller-managed CSR signers 2020-07-09 08:14:55 -04:00
Rob Scott
e701cb0205
Enabling the EndpointSliceMirroring controller, adding related config 2020-07-06 12:43:34 -07:00
Kubernetes Prow Robot
e7a949f966
Merge pull request #91521 from SataQiu/add-log-flags-20200528
Add '--logging-format' flag to kube-controller-manager
2020-07-01 20:28:01 -07:00
Kobayashi Daisuke
4ecbec75a6 Run update-bazel.sh 2020-06-22 10:49:15 +09:00
Kobayashi Daisuke
4ae11dac2e Replace StartLogging(klog.Infof) with StartStructuredLogging(0) 2020-06-15 17:48:35 +09:00
Kubernetes Prow Robot
c0455a1853
Merge pull request #91154 from liggitt/signer-duration
Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration
2020-06-04 17:59:45 -07:00
SataQiu
17f3cd48a5 add '--logging-format' flag to kube-controller-manager
Signed-off-by: SataQiu <1527062125@qq.com>
2020-05-28 16:54:23 +08:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:27 -04:00