github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ac90fd0a79
kubernetes/cluster/addons
History
Kubernetes Submit Queue 53d14e9a4c Merge pull request #43609 from Random-Liu/update-npd-rbac 
Automatic merge from submit-queue

Update NPD rbac.

I recently enabled NPD in gke.

However, I found that in gke e2e test (https://k8s-testgrid.appspot.com/google-gke#gci-gke), npd on the node could not talk with apiserver, and reported full of following errors:
```
E0324 05:08:26.745545    1328 manager.go:160] failed to update node conditions: the server does not allow access to the requested resource (patch nodes gke-bootstrap-e2e-default-pool-fd91d792-mqh4)
E0324 05:08:37.719423    1328 manager.go:160] failed to update node conditions: the server does not allow access to the requested resource (patch nodes gke-bootstrap-e2e-default-pool-fd91d792-mqh4)
E0324 05:08:47.719694    1328 manager.go:160] failed to update node conditions: the server does not allow access to the requested resource (patch nodes gke-bootstrap-e2e-default-pool-fd91d792-mqh4)
```

I created a GKE cluster (v1.7.0-alpha.0.1483+1e879c69ecf09e) myself, and found that addon manager could not create npd binding with the following error:
```
error: error validating "/etc/kubernetes/addons/node-problem-detector/standalone/npd-binding.yaml": error validating data: couldn't find type: v1alpha1.ClusterRoleBinding; if you choose to ignore these errors, turn validation off with --validate=false
```

I found that rbac was updated to beta, but npd was missed because it was merged after 9e6a3496b4 (diff-b05c70853d9a772b310db71a61297841).

I updated rbac to beta in the master manifest and npd on the node could talk with apiserver immediately.
We must get this in 1.6 to make NPD working. @dchen1107 

@dchen1107 @fabioy @liggitt
2017-03-24 11:27:42 -07:00
..
addon-manager Bump addon-manager to v6.4-beta.1 2017-03-08 16:08:39 -08:00
calico-policy-controller Adds the new addon-manager labels on cluster addon templates 2017-02-24 16:53:12 -08:00
cluster-loadbalancing Merge pull request #42212 from timstclair/defaultbackend 2017-03-01 15:30:40 -08:00
cluster-monitoring Bumped Heapster to v1.3.0 2017-03-17 15:45:52 +01:00
dashboard Update dashboard to version 1.6 2017-03-16 16:15:48 +01:00
dns Fix typo in kubedns-controller.yaml.sed 2017-03-09 14:01:07 +01:00
dns-horizontal-autoscaler Bump cluster-proportional-autoscaler to 1.1.1-r2 2017-03-10 16:37:35 -08:00
e2e-rbac-bindings Adds the new addon-manager labels on cluster addon templates 2017-02-24 16:53:12 -08:00
etcd-empty-dir-cleanup Bump etcd-empty-dir-cleanup to 3.0.14.0 2017-02-22 13:22:04 -08:00
fluentd-elasticsearch Merge pull request #43379 from crassirostris/fluentd-gcp-docs 2017-03-23 02:08:56 -07:00
fluentd-gcp Merge pull request #43379 from crassirostris/fluentd-gcp-docs 2017-03-23 02:08:56 -07:00
node-problem-detector Update NPD rbac. 2017-03-23 23:07:55 -07:00
podsecuritypolicies default policy 2016-05-11 18:07:36 -04:00
python-image Always --pull in docker build to ensure recent base images 2017-01-10 16:21:05 -08:00
rbac Give apiserver full access to kubelet API 2017-03-17 18:05:19 -04:00
registry Adds the new addon-manager labels on cluster addon templates 2017-02-24 16:53:12 -08:00
storage-class Rename default storageclasses 2017-03-16 09:14:12 +01:00
BUILD Build release tarballs in bazel and add make bazel-release rule 2017-01-13 16:17:44 -08:00
README.md Updates READMEs regarding the new behavior of addon-manager 2017-02-24 16:42:41 -08:00

README.md

Cluster add-ons

Overview

Cluster add-ons are resources like Services and Deployments (with pods) that are shipped with the Kubernetes binaries and are considered an inherent part of the Kubernetes clusters.

There are currently two classes of add-ons:

  • Add-ons that will be reconciled.
  • Add-ons that will be created if they don't exist.

More details could be found in addon-manager/README.md.

Cooperating Horizontal / Vertical Auto-Scaling with "reconcile class addons"

"Reconcile" class addons will be periodically reconciled to the original state given by the initial config. In order to make Horizontal / Vertical Auto-scaling functional, the related fields in config should be left unset. More specifically, leave replicas in ReplicationController / Deployment / ReplicaSet unset for Horizontal Scaling, leave resources for container unset for Vertical Scaling. The periodic reconcile won't clobbered these fields, hence they could be managed by Horizontal / Vertical Auto-scaler.

Add-on naming

The suggested naming for most of the resources is <basename> (with no version number). Though resources like Pod, ReplicationController and DaemonSet are exceptional. It would be hard to update Pod because many fields in Pod are immutable. For ReplicationController and DaemonSet, in-place update may not trigger the underlying pods to be re-created. You probably need to change their names during update to trigger a complete deletion and creation.

Analytics