kubeadm: set pod-infra-container-image for the kubelet #70603
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
area/kubeadm
sig/cluster-lifecycle
|
/priority critical-urgent (copying prio from bug kubernetes/kubeadm#1003) |
k8s-ci-robot
added
priority/critical-urgent
|
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @mruepp |
|
@chuckha: GitHub didn't allow me to request PR reviews from the following users: mruepp. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
docker images after an init: docker images after a join: |
| @@ -250,6 +250,9 @@ const ( | |||
| // PauseVersion indicates the default pause image version for kubeadm | |||
| PauseVersion = "3.1" | |||
|
|
|||
| // DefaultPauseImageVersion indicates the default version for the pause image | |||
| DefaultPauseImageVersion = "3.1" | |||
There was a problem hiding this comment.
seems to be duplicate of the above PauseVersion constant.
There was a problem hiding this comment.
lol yes, it does 🤦♂️
| cfg: &kubeadmapi.ClusterConfiguration{ | ||
| ImageRepository: "test.repo", | ||
| }, | ||
| expected: "test.repo/pause:" + constants.DefaultPauseImageVersion, |
There was a problem hiding this comment.
probably should be PauseVersion. same as GetPauseImage().
| @@ -93,7 +91,7 @@ func getInitConfigurationFromCluster(kubeconfigDir string, client clientset.Inte | |||
| // Also, the config map really should be KubeadmConfigConfigMap... | |||
| configMap, err := client.CoreV1().ConfigMaps(metav1.NamespaceSystem).Get(constants.KubeadmConfigConfigMap, metav1.GetOptions{}) | |||
| if err != nil { | |||
| return nil, err | |||
| return nil, errors.Wrap(err, "failed to get config map") | |||
There was a problem hiding this comment.
these Wrap calls are possibly outside of the scope of the PR?
but SGTM still.
There was a problem hiding this comment.
Oh yeah, I added these because when I wanted them when I was debugging. not strictly necessary, but imo an improvement
There was a problem hiding this comment.
I will never complain about this...
| @@ -96,7 +97,8 @@ func runKubeletStart(c workflow.RunData) error { | |||
| // Write env file with flags for the kubelet to use. We do not need to write the --register-with-taints for the master, | |||
| // as we handle that ourselves in the markmaster phase | |||
| // TODO: Maybe we want to do that some time in the future, in order to remove some logic from the markmaster phase? | |||
| if err := kubeletphase.WriteKubeletDynamicEnvFile(&data.Cfg().NodeRegistration, data.Cfg().FeatureGates, false, data.KubeletDir()); err != nil { | |||
| pauseImage := images.GetPauseImage(data.Cfg().ClusterConfiguration.ImageRepository) | |||
| if err := kubeletphase.WriteKubeletDynamicEnvFile(&data.Cfg().NodeRegistration, data.Cfg().FeatureGates, pauseImage, false, data.KubeletDir()); err != nil { | |||
There was a problem hiding this comment.
something that @rosti suggested in the original PR was that we should pass ClusterConfiguration instead of feature gates and pause image to WriteKubeletDynamicEnvFile:
https://github.com/kubernetes/kubernetes/pull/66798/files#r206508620
There was a problem hiding this comment.
In fact, we can replace the first three parameters with InitConfiguration here and move the GetPauseImage call to WriteKubeletDynamicEnvFile. This will have the benefit of tidying up the code and removing duplicate logic between here and postupgrade.go
| @@ -56,6 +57,7 @@ func WriteKubeletDynamicEnvFile(nodeRegOpts *kubeadmapi.NodeRegistrationOptions, | |||
| flagOpts := kubeletFlagsOpts{ | |||
| nodeRegOpts: nodeRegOpts, | |||
| featureGates: featureGates, | |||
| pauseImage: pauseImage, | |||
There was a problem hiding this comment.
i guess we can keep featureGates and pauseImage as part of kubeletFlagsOpts, but obtain them from a ClusterConfiguration argument.
cmd/kubeadm/app/cmd/join.go
Outdated
| @@ -532,11 +533,20 @@ func (j *Join) BootstrapKubelet(tlsBootstrapCfg *clientcmdapi.Config) error { | |||
| return err | |||
| } | |||
|
|
|||
| imageRegistry := kubeadmapiv1beta1.DefaultImageRepository | |||
There was a problem hiding this comment.
Yes, I know that "registry" is a more accurate term here, but I think, that we should be consistent with the reset of kubeadm and use the term "repository" here.
There was a problem hiding this comment.
hah, ok, that's reasonable, I will continue down the repository road
cmd/kubeadm/app/images/images.go
Outdated
| @@ -53,16 +53,19 @@ func GetEtcdImage(cfg *kubeadmapi.ClusterConfiguration) string { | |||
| return GetGenericImage(cfg.ImageRepository, constants.Etcd, etcdImageTag) | |||
| } | |||
|
|
|||
| // GetPauseImage returns the image for the "pause" container | |||
| func GetPauseImage(registry string) string { | |||
There was a problem hiding this comment.
My vision for the funcs in the images files is for them to take ClusterConfiguration and then figure out from there how to generate the image string. This way we can keep future changes to the way we generate the images to this file only.
I know, that this will look like an overkill for GetPauseImage, but I think, that this may have benefits in the future and will keep things consistent with the rest of the bunch here.
| @@ -96,7 +97,8 @@ func runKubeletStart(c workflow.RunData) error { | |||
| // Write env file with flags for the kubelet to use. We do not need to write the --register-with-taints for the master, | |||
| // as we handle that ourselves in the markmaster phase | |||
| // TODO: Maybe we want to do that some time in the future, in order to remove some logic from the markmaster phase? | |||
| if err := kubeletphase.WriteKubeletDynamicEnvFile(&data.Cfg().NodeRegistration, data.Cfg().FeatureGates, false, data.KubeletDir()); err != nil { | |||
| pauseImage := images.GetPauseImage(data.Cfg().ClusterConfiguration.ImageRepository) | |||
| if err := kubeletphase.WriteKubeletDynamicEnvFile(&data.Cfg().NodeRegistration, data.Cfg().FeatureGates, pauseImage, false, data.KubeletDir()); err != nil { | |||
There was a problem hiding this comment.
In fact, we can replace the first three parameters with InitConfiguration here and move the GetPauseImage call to WriteKubeletDynamicEnvFile. This will have the benefit of tidying up the code and removing duplicate logic between here and postupgrade.go
chuckha
force-pushed
the
pod-infra-container-image
branch
3 times, most recently
from
2900bb5
to
36f65e3
Compare
|
I'm not sure why github is still showing me the outdated comments but I think this is ready for another review @rosti @neolit123. |
images_test needs an update. |
| } | ||
| for _, tc := range testcases { | ||
| t.Run(tc.name, func(t *testing.T) { | ||
| actual := GetPauseImage(tc.cfg.ImageRepository) |
chuckha
force-pushed
the
pod-infra-container-image
branch
from
36f65e3
to
570457c
Compare
|
/retest |
|
/assign @timothysc |
k8s-ci-robot
added
the
needs-rebase
chuckha
force-pushed
the
pod-infra-container-image
branch
from
570457c
to
650714d
Compare
k8s-ci-robot
removed
the
needs-rebase
|
/test pull-kubernetes-integration |
1 similar comment
|
/test pull-kubernetes-integration |
|
/retest |
|
/test pull-kubernetes-e2e-kops-aws |
k8s-ci-robot
added
the
needs-rebase
chuckha
force-pushed
the
pod-infra-container-image
branch
from
650714d
to
8a5d21b
Compare
k8s-ci-robot
removed
the
needs-rebase
The kubelet allows you to set `--pod-infra-container-image` (also called `PodSandboxImage` in the kubelet config), which can be a custom location to the "pause" image in the case of Docker. Other CRIs are not supported. Set the CLI flag for the Docker case in flags.go using WriteKubeletDynamicEnvFile().
chuckha
force-pushed
the
pod-infra-container-image
branch
from
8a5d21b
to
9a37f2d
Compare
|
/retest |
1 similar comment
|
/retest |
| @@ -93,7 +91,7 @@ func getInitConfigurationFromCluster(kubeconfigDir string, client clientset.Inte | |||
| // Also, the config map really should be KubeadmConfigConfigMap... | |||
| configMap, err := client.CoreV1().ConfigMaps(metav1.NamespaceSystem).Get(constants.KubeadmConfigConfigMap, metav1.GetOptions{}) | |||
| if err != nil { | |||
| return nil, err | |||
| return nil, errors.Wrap(err, "failed to get config map") | |||
There was a problem hiding this comment.
I will never complain about this...
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chuckha, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
@chuckha I would revise the release notes to denote the behavior on the kubelet as well. |
|
@timothysc updated |
|
not support contained CRI? |
Currently, this option is only for Docker. If you use any other CRI you have to check with its documentation and pass an equivalent option manually. |
The kubelet allows you to set
--pod-infra-container-image(also called
PodSandboxImagein the kubelet config),which can be a custom location to the "pause" image in the case
of Docker. Other CRIs are not supported.
Set the CLI flag for the Docker case in flags.go using
WriteKubeletDynamicEnvFile().
This PR also cleans up some unwrapped errors.
What type of PR is this?
What this PR does / why we need it:
This PR properly allows image repository to be passed to the kubelet for the sandbox image.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes kubernetes/kubeadm#1003
Special notes for your reviewer:
Does this PR introduce a user-facing change?: