Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ffdfe9f

Browse files
author
Kubernetes Submit Queue
authored
Merge pull request kubernetes#35119 from errordeveloper/tidy-up-kubeadm
Automatic merge from submit-queue Start tidying kubeadm up **What this PR does / why we need it**: This PR addresses kubernetes#33262 (comment). **Release note**: ```release-note NONE ```
2 parents 3c84164 + b7b0822 commit ffdfe9f

2 files changed

Lines changed: 85 additions & 73 deletions

File tree

cmd/kubeadm/app/master/addons.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ func createKubeProxyPodSpec(cfg *kubeadmapi.MasterConfiguration) api.PodSpec {
3838
Containers: []api.Container{{
3939
Name: kubeProxy,
4040
Image: images.GetCoreImage(images.KubeProxyImage, cfg, envParams["hyperkube_image"]),
41-
Command: append(getComponentCommand("proxy", cfg), "--kubeconfig=/run/kubeconfig"),
41+
Command: append(getProxyCommand(cfg), "--kubeconfig=/run/kubeconfig"),
4242
SecurityContext: &api.SecurityContext{Privileged: &privilegedTrue},
4343
VolumeMounts: []api.VolumeMount{
4444
{

cmd/kubeadm/app/master/manifests.go

Lines changed: 84 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -60,23 +60,23 @@ func WriteStaticPodManifests(cfg *kubeadmapi.MasterConfiguration) error {
6060
kubeAPIServer: componentPod(api.Container{
6161
Name: kubeAPIServer,
6262
Image: images.GetCoreImage(images.KubeAPIServerImage, cfg, envParams["hyperkube_image"]),
63-
Command: getComponentCommand(apiServer, cfg),
63+
Command: getAPIServerCommand(cfg),
6464
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
6565
LivenessProbe: componentProbe(8080, "/healthz"),
6666
Resources: componentResources("250m"),
6767
}, certsVolume(cfg), k8sVolume(cfg)),
6868
kubeControllerManager: componentPod(api.Container{
6969
Name: kubeControllerManager,
7070
Image: images.GetCoreImage(images.KubeControllerManagerImage, cfg, envParams["hyperkube_image"]),
71-
Command: getComponentCommand(controllerManager, cfg),
71+
Command: getControllerManagerCommand(cfg),
7272
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
7373
LivenessProbe: componentProbe(10252, "/healthz"),
7474
Resources: componentResources("200m"),
7575
}, certsVolume(cfg), k8sVolume(cfg)),
7676
kubeScheduler: componentPod(api.Container{
7777
Name: kubeScheduler,
7878
Image: images.GetCoreImage(images.KubeSchedulerImage, cfg, envParams["hyperkube_image"]),
79-
Command: getComponentCommand(scheduler, cfg),
79+
Command: getSchedulerCommand(cfg),
8080
LivenessProbe: componentProbe(10251, "/healthz"),
8181
Resources: componentResources("100m"),
8282
}),
@@ -221,88 +221,100 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod {
221221
}
222222
}
223223

224-
func getComponentCommand(component string, cfg *kubeadmapi.MasterConfiguration) (command []string) {
225-
baseFlags := map[string][]string{
226-
apiServer: {
227-
"--insecure-bind-address=127.0.0.1",
228-
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
229-
"--service-cluster-ip-range=" + cfg.Networking.ServiceSubnet,
230-
"--service-account-key-file=" + pkiDir + "/apiserver-key.pem",
231-
"--client-ca-file=" + pkiDir + "/ca.pem",
232-
"--tls-cert-file=" + pkiDir + "/apiserver.pem",
233-
"--tls-private-key-file=" + pkiDir + "/apiserver-key.pem",
234-
"--token-auth-file=" + pkiDir + "/tokens.csv",
235-
fmt.Sprintf("--secure-port=%d", cfg.API.BindPort),
236-
"--allow-privileged",
237-
},
238-
controllerManager: {
239-
"--address=127.0.0.1",
240-
"--leader-elect",
241-
"--master=127.0.0.1:8080",
242-
"--cluster-name=" + DefaultClusterName,
243-
"--root-ca-file=" + pkiDir + "/ca.pem",
244-
"--service-account-private-key-file=" + pkiDir + "/apiserver-key.pem",
245-
"--cluster-signing-cert-file=" + pkiDir + "/ca.pem",
246-
"--cluster-signing-key-file=" + pkiDir + "/ca-key.pem",
247-
"--insecure-experimental-approve-all-kubelet-csrs-for-group=system:kubelet-bootstrap",
248-
},
249-
scheduler: {
250-
"--address=127.0.0.1",
251-
"--leader-elect",
252-
"--master=127.0.0.1:8080",
253-
},
254-
proxy: {},
255-
}
256-
224+
func getComponentBaseCommand(component string) (command []string) {
257225
envParams := kubeadmapi.GetEnvParams()
258226
if envParams["hyperkube_image"] != "" {
259227
command = []string{"/hyperkube", component}
260228
} else {
261-
command = []string{"/usr/local/bin/kube-" + component}
229+
command = []string{"kube-" + component}
262230
}
263-
264231
command = append(command, envParams["component_loglevel"])
265-
command = append(command, baseFlags[component]...)
232+
return
233+
}
266234

267-
if component == apiServer {
268-
// Use first address we are given
269-
if len(cfg.API.AdvertiseAddresses) > 0 {
270-
command = append(command, fmt.Sprintf("--advertise-address=%s", cfg.API.AdvertiseAddresses[0]))
271-
}
272-
// Check if the user decided to use an external etcd cluster
273-
if len(cfg.Etcd.Endpoints) > 0 {
274-
command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(cfg.Etcd.Endpoints, ",")))
275-
} else {
276-
command = append(command, "--etcd-servers=http://127.0.0.1:2379")
277-
}
235+
func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration) (command []string) {
236+
command = append(getComponentBaseCommand(apiServer),
237+
"--insecure-bind-address=127.0.0.1",
238+
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
239+
"--service-cluster-ip-range="+cfg.Networking.ServiceSubnet,
240+
"--service-account-key-file="+pkiDir+"/apiserver-key.pem",
241+
"--client-ca-file="+pkiDir+"/ca.pem",
242+
"--tls-cert-file="+pkiDir+"/apiserver.pem",
243+
"--tls-private-key-file="+pkiDir+"/apiserver-key.pem",
244+
"--token-auth-file="+pkiDir+"/tokens.csv",
245+
fmt.Sprintf("--secure-port=%d", cfg.API.BindPort),
246+
"--allow-privileged",
247+
)
278248

279-
// Is etcd secured?
280-
if cfg.Etcd.CAFile != "" {
281-
command = append(command, fmt.Sprintf("--etcd-cafile=%s", cfg.Etcd.CAFile))
282-
}
283-
if cfg.Etcd.CertFile != "" && cfg.Etcd.KeyFile != "" {
284-
etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", cfg.Etcd.CertFile)
285-
etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", cfg.Etcd.KeyFile)
286-
command = append(command, etcdClientFileArg, etcdKeyFileArg)
287-
}
249+
// Use first address we are given
250+
if len(cfg.API.AdvertiseAddresses) > 0 {
251+
command = append(command, fmt.Sprintf("--advertise-address=%s", cfg.API.AdvertiseAddresses[0]))
288252
}
289253

290-
if component == controllerManager {
291-
if cfg.CloudProvider != "" {
292-
command = append(command, "--cloud-provider="+cfg.CloudProvider)
254+
// Check if the user decided to use an external etcd cluster
255+
if len(cfg.Etcd.Endpoints) > 0 {
256+
command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(cfg.Etcd.Endpoints, ",")))
257+
} else {
258+
command = append(command, "--etcd-servers=http://127.0.0.1:2379")
259+
}
293260

294-
// Only append the --cloud-config option if there's a such file
295-
// TODO(phase1+) this won't work unless it's in one of the few directories we bind-mount
296-
if _, err := os.Stat(DefaultCloudConfigPath); err == nil {
297-
command = append(command, "--cloud-config="+DefaultCloudConfigPath)
298-
}
299-
}
300-
// Let the controller-manager allocate Node CIDRs for the Pod network.
301-
// Each node will get a subspace of the address CIDR provided with --pod-network-cidr.
302-
if cfg.Networking.PodSubnet != "" {
303-
command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+cfg.Networking.PodSubnet)
261+
// Is etcd secured?
262+
if cfg.Etcd.CAFile != "" {
263+
command = append(command, fmt.Sprintf("--etcd-cafile=%s", cfg.Etcd.CAFile))
264+
}
265+
if cfg.Etcd.CertFile != "" && cfg.Etcd.KeyFile != "" {
266+
etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", cfg.Etcd.CertFile)
267+
etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", cfg.Etcd.KeyFile)
268+
command = append(command, etcdClientFileArg, etcdKeyFileArg)
269+
}
270+
271+
return
272+
}
273+
274+
func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration) (command []string) {
275+
command = append(getComponentBaseCommand(controllerManager),
276+
"--address=127.0.0.1",
277+
"--leader-elect",
278+
"--master=127.0.0.1:8080",
279+
"--cluster-name="+DefaultClusterName,
280+
"--root-ca-file="+pkiDir+"/ca.pem",
281+
"--service-account-private-key-file="+pkiDir+"/apiserver-key.pem",
282+
"--cluster-signing-cert-file="+pkiDir+"/ca.pem",
283+
"--cluster-signing-key-file="+pkiDir+"/ca-key.pem",
284+
"--insecure-experimental-approve-all-kubelet-csrs-for-group=system:kubelet-bootstrap",
285+
)
286+
287+
if cfg.CloudProvider != "" {
288+
command = append(command, "--cloud-provider="+cfg.CloudProvider)
289+
290+
// Only append the --cloud-config option if there's a such file
291+
// TODO(phase1+) this won't work unless it's in one of the few directories we bind-mount
292+
if _, err := os.Stat(DefaultCloudConfigPath); err == nil {
293+
command = append(command, "--cloud-config="+DefaultCloudConfigPath)
304294
}
305295
}
306296

297+
// Let the controller-manager allocate Node CIDRs for the Pod network.
298+
// Each node will get a subspace of the address CIDR provided with --pod-network-cidr.
299+
if cfg.Networking.PodSubnet != "" {
300+
command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+cfg.Networking.PodSubnet)
301+
}
302+
303+
return
304+
}
305+
306+
func getSchedulerCommand(cfg *kubeadmapi.MasterConfiguration) (command []string) {
307+
command = append(getComponentBaseCommand(scheduler),
308+
"--address=127.0.0.1",
309+
"--leader-elect",
310+
"--master=127.0.0.1:8080",
311+
)
312+
313+
return
314+
}
315+
316+
func getProxyCommand(cfg *kubeadmapi.MasterConfiguration) (command []string) {
317+
command = getComponentBaseCommand(proxy)
318+
307319
return
308320
}

0 commit comments

Comments
 (0)