Skip to content

Commit

Permalink
GA of RuntimeClass feature gate and API
Browse files Browse the repository at this point in the history
  • Loading branch information
SergeyKanzhelev committed Nov 11, 2020
1 parent 0469db9 commit 06da0e5
Show file tree
Hide file tree
Showing 88 changed files with 4,377 additions and 305 deletions.
969 changes: 969 additions & 0 deletions api/openapi-spec/swagger.json

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions build/kazel_generated.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ tags_values_pkgs = {"openapi-gen": {
"staging/src/k8s.io/api/imagepolicy/v1alpha1",
"staging/src/k8s.io/api/networking/v1",
"staging/src/k8s.io/api/networking/v1beta1",
"staging/src/k8s.io/api/node/v1",
"staging/src/k8s.io/api/node/v1alpha1",
"staging/src/k8s.io/api/node/v1beta1",
"staging/src/k8s.io/api/policy/v1beta1",
Expand Down Expand Up @@ -151,6 +152,7 @@ tags_pkgs_values = {"openapi-gen": {
"staging/src/k8s.io/api/imagepolicy/v1alpha1": ["true"],
"staging/src/k8s.io/api/networking/v1": ["true"],
"staging/src/k8s.io/api/networking/v1beta1": ["true"],
"staging/src/k8s.io/api/node/v1": ["true"],
"staging/src/k8s.io/api/node/v1alpha1": ["true"],
"staging/src/k8s.io/api/node/v1beta1": ["true"],
"staging/src/k8s.io/api/policy/v1beta1": ["true"],
Expand Down
1 change: 1 addition & 0 deletions cmd/kube-apiserver/app/aggregator.go
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,7 @@ var apiVersionPriorities = map[schema.GroupVersion]priority{
{Group: "scheduling.k8s.io", Version: "v1alpha1"}: {group: 16600, version: 9},
{Group: "coordination.k8s.io", Version: "v1"}: {group: 16500, version: 15},
{Group: "coordination.k8s.io", Version: "v1beta1"}: {group: 16500, version: 9},
{Group: "node.k8s.io", Version: "v1"}: {group: 16300, version: 15},
{Group: "node.k8s.io", Version: "v1alpha1"}: {group: 16300, version: 1},
{Group: "node.k8s.io", Version: "v1beta1"}: {group: 16300, version: 9},
{Group: "discovery.k8s.io", Version: "v1beta1"}: {group: 16200, version: 12},
Expand Down
1 change: 1 addition & 0 deletions hack/.import-aliases
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
"k8s.io/api/networking/v1beta1": "networkingv1beta1",
"k8s.io/api/node/v1alpha1": "nodev1alpha1",
"k8s.io/api/node/v1beta1": "nodev1beta1",
"k8s.io/api/node/v1": "nodev1",
"k8s.io/api/policy/v1beta1": "policyv1beta1",
"k8s.io/api/rbac/v1": "rbacv1",
"k8s.io/api/rbac/v1alpha1": "rbacv1alpha1",
Expand Down
1 change: 1 addition & 0 deletions hack/lib/init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ events.k8s.io/v1beta1 \
imagepolicy.k8s.io/v1alpha1 \
networking.k8s.io/v1 \
networking.k8s.io/v1beta1 \
node.k8s.io/v1 \
node.k8s.io/v1alpha1 \
node.k8s.io/v1beta1 \
policy/v1beta1 \
Expand Down
16 changes: 0 additions & 16 deletions pkg/api/pod/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -488,11 +488,6 @@ func dropDisabledFields(

dropDisabledFSGroupFields(podSpec, oldPodSpec)

if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) && !runtimeClassInUse(oldPodSpec) {
// Set RuntimeClassName to nil only if feature is disabled and it is not used
podSpec.RuntimeClassName = nil
}

if !utilfeature.DefaultFeatureGate.Enabled(features.PodOverhead) && !overheadInUse(oldPodSpec) {
// Set Overhead to nil only if the feature is disabled and it is not used
podSpec.Overhead = nil
Expand Down Expand Up @@ -618,17 +613,6 @@ func subpathInUse(podSpec *api.PodSpec) bool {
return inUse
}

// runtimeClassInUse returns true if the pod spec is non-nil and has a RuntimeClassName set
func runtimeClassInUse(podSpec *api.PodSpec) bool {
if podSpec == nil {
return false
}
if podSpec.RuntimeClassName != nil {
return true
}
return false
}

// overheadInUse returns true if the pod spec is non-nil and has Overhead set
func overheadInUse(podSpec *api.PodSpec) bool {
if podSpec == nil {
Expand Down
89 changes: 0 additions & 89 deletions pkg/api/pod/util_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -717,95 +717,6 @@ func TestDropSubPath(t *testing.T) {
}
}

func TestDropRuntimeClass(t *testing.T) {
runtimeClassName := "some_container_engine"
podWithoutRuntimeClass := func() *api.Pod {
return &api.Pod{
Spec: api.PodSpec{
RuntimeClassName: nil,
},
}
}
podWithRuntimeClass := func() *api.Pod {
return &api.Pod{
Spec: api.PodSpec{
RuntimeClassName: &runtimeClassName,
},
}
}

podInfo := []struct {
description string
hasPodRuntimeClassName bool
pod func() *api.Pod
}{
{
description: "pod Without RuntimeClassName",
hasPodRuntimeClassName: false,
pod: podWithoutRuntimeClass,
},
{
description: "pod With RuntimeClassName",
hasPodRuntimeClassName: true,
pod: podWithRuntimeClass,
},
{
description: "is nil",
hasPodRuntimeClassName: false,
pod: func() *api.Pod { return nil },
},
}

for _, enabled := range []bool{true, false} {
for _, oldPodInfo := range podInfo {
for _, newPodInfo := range podInfo {
oldPodHasRuntimeClassName, oldPod := oldPodInfo.hasPodRuntimeClassName, oldPodInfo.pod()
newPodHasRuntimeClassName, newPod := newPodInfo.hasPodRuntimeClassName, newPodInfo.pod()
if newPod == nil {
continue
}

t.Run(fmt.Sprintf("feature enabled=%v, old pod %v, new pod %v", enabled, oldPodInfo.description, newPodInfo.description), func(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.RuntimeClass, enabled)()

var oldPodSpec *api.PodSpec
if oldPod != nil {
oldPodSpec = &oldPod.Spec
}
dropDisabledFields(&newPod.Spec, nil, oldPodSpec, nil)

// old pod should never be changed
if !reflect.DeepEqual(oldPod, oldPodInfo.pod()) {
t.Errorf("old pod changed: %v", diff.ObjectReflectDiff(oldPod, oldPodInfo.pod()))
}

switch {
case enabled || oldPodHasRuntimeClassName:
// new pod should not be changed if the feature is enabled, or if the old pod had RuntimeClass
if !reflect.DeepEqual(newPod, newPodInfo.pod()) {
t.Errorf("new pod changed: %v", diff.ObjectReflectDiff(newPod, newPodInfo.pod()))
}
case newPodHasRuntimeClassName:
// new pod should be changed
if reflect.DeepEqual(newPod, newPodInfo.pod()) {
t.Errorf("new pod was not changed")
}
// new pod should not have RuntimeClass
if !reflect.DeepEqual(newPod, podWithoutRuntimeClass()) {
t.Errorf("new pod had PodRuntimeClassName: %v", diff.ObjectReflectDiff(newPod, podWithoutRuntimeClass()))
}
default:
// new pod should not need to be changed
if !reflect.DeepEqual(newPod, newPodInfo.pod()) {
t.Errorf("new pod changed: %v", diff.ObjectReflectDiff(newPod, newPodInfo.pod()))
}
}
})
}
}
}
}

func TestDropProcMount(t *testing.T) {
procMount := api.UnmaskedProcMount
defaultProcMount := api.DefaultProcMount
Expand Down
1 change: 0 additions & 1 deletion pkg/api/podsecuritypolicy/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,5 @@ go_test(
"//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/component-base/featuregate/testing:go_default_library",
"//vendor/github.com/stretchr/testify/assert:go_default_library",
],
)
4 changes: 0 additions & 4 deletions pkg/api/podsecuritypolicy/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,6 @@ func DropDisabledFields(pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec) {
if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
pspSpec.AllowedCSIDrivers = nil
}
if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) &&
(oldPSPSpec == nil || oldPSPSpec.RuntimeClass == nil) {
pspSpec.RuntimeClass = nil
}
}

func allowedProcMountTypesInUse(oldPSPSpec *policy.PodSecurityPolicySpec) bool {
Expand Down
54 changes: 0 additions & 54 deletions pkg/api/podsecuritypolicy/util_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,6 @@ import (
"reflect"
"testing"

"github.com/stretchr/testify/assert"

"k8s.io/apimachinery/pkg/util/diff"
utilfeature "k8s.io/apiserver/pkg/util/feature"
featuregatetesting "k8s.io/component-base/featuregate/testing"
Expand Down Expand Up @@ -278,55 +276,3 @@ func TestDropSysctls(t *testing.T) {
}
}
}

func TestDropRuntimeClass(t *testing.T) {
type testcase struct {
name string
featureEnabled bool
pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec
expectRuntimeClass bool
}
tests := []testcase{}
pspGenerator := func(withRuntimeClass bool) *policy.PodSecurityPolicySpec {
psp := &policy.PodSecurityPolicySpec{}
if withRuntimeClass {
psp.RuntimeClass = &policy.RuntimeClassStrategyOptions{
AllowedRuntimeClassNames: []string{policy.AllowAllRuntimeClassNames},
}
}
return psp
}
for _, enabled := range []bool{true, false} {
for _, hasRuntimeClass := range []bool{true, false} {
tests = append(tests, testcase{
name: fmt.Sprintf("create feature:%t hasRC:%t", enabled, hasRuntimeClass),
featureEnabled: enabled,
pspSpec: pspGenerator(hasRuntimeClass),
expectRuntimeClass: enabled && hasRuntimeClass,
})
for _, hadRuntimeClass := range []bool{true, false} {
tests = append(tests, testcase{
name: fmt.Sprintf("update feature:%t hasRC:%t hadRC:%t", enabled, hasRuntimeClass, hadRuntimeClass),
featureEnabled: enabled,
pspSpec: pspGenerator(hasRuntimeClass),
oldPSPSpec: pspGenerator(hadRuntimeClass),
expectRuntimeClass: hasRuntimeClass && (enabled || hadRuntimeClass),
})
}
}
}

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.RuntimeClass, test.featureEnabled)()

DropDisabledFields(test.pspSpec, test.oldPSPSpec)

if test.expectRuntimeClass {
assert.NotNil(t, test.pspSpec.RuntimeClass)
} else {
assert.Nil(t, test.pspSpec.RuntimeClass)
}
})
}
}
3 changes: 1 addition & 2 deletions pkg/apis/core/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -2823,8 +2823,7 @@ type PodSpec struct {
// to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
// If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
// empty definition that uses the default runtime handler.
// More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
// This is a beta feature as of Kubernetes v1.14.
// More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class/README.md
// +optional
RuntimeClassName *string
// Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/node/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ filegroup(
srcs = [
":package-srcs",
"//pkg/apis/node/install:all-srcs",
"//pkg/apis/node/v1:all-srcs",
"//pkg/apis/node/v1alpha1:all-srcs",
"//pkg/apis/node/v1beta1:all-srcs",
"//pkg/apis/node/validation:all-srcs",
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/node/install/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ go_library(
deps = [
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/node:go_default_library",
"//pkg/apis/node/v1:go_default_library",
"//pkg/apis/node/v1alpha1:go_default_library",
"//pkg/apis/node/v1beta1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
Expand Down
11 changes: 10 additions & 1 deletion pkg/apis/node/install/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/apis/node"
v1 "k8s.io/kubernetes/pkg/apis/node/v1"
"k8s.io/kubernetes/pkg/apis/node/v1alpha1"
"k8s.io/kubernetes/pkg/apis/node/v1beta1"
)
Expand All @@ -36,5 +37,13 @@ func Install(scheme *runtime.Scheme) {
utilruntime.Must(node.AddToScheme(scheme))
utilruntime.Must(v1alpha1.AddToScheme(scheme))
utilruntime.Must(v1beta1.AddToScheme(scheme))
utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion))
utilruntime.Must(v1.AddToScheme(scheme))

// TODO (SergeyKanzhelev): priority should change after 1.21. See https://github.com/kubernetes/kubernetes/pull/95718#discussion_r520969477
// This is what controls the preferred serialization version. Add both v1beta1 and v1 here, and prefer v1beta1 over v1 until 1.21. See the comment on test/integration/etcd around serialized version.
//
// Details on why we can't advance the storage version for a release are at https://kubernetes.io/docs/reference/using-api/deprecation-policy/:
//
// > Rule #4b: The "preferred" API version and the "storage version" for a given group may not advance until after a release has been made that supports both the new version and the previous version
utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion, v1.SchemeGroupVersion))
}
2 changes: 1 addition & 1 deletion pkg/apis/node/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import (
// user or cluster provisioner, and referenced in the PodSpec. The Kubelet is
// responsible for resolving the RuntimeClassName reference before running the
// pod. For more details, see
// https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
// https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class/README.md
type RuntimeClass struct {
metav1.TypeMeta
// +optional
Expand Down
35 changes: 35 additions & 0 deletions pkg/apis/node/v1/BUILD
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")

go_library(
name = "go_default_library",
srcs = [
"doc.go",
"register.go",
"zz_generated.conversion.go",
],
importpath = "k8s.io/kubernetes/pkg/apis/node/v1",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/core:go_default_library",
"//pkg/apis/node:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/api/node/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)

filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)

filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
22 changes: 22 additions & 0 deletions pkg/apis/node/v1/doc.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/node
// +k8s:conversion-gen-external-types=k8s.io/api/node/v1

// +groupName=node.k8s.io

package v1 // import "k8s.io/kubernetes/pkg/apis/node/v1"
Loading

0 comments on commit 06da0e5

Please sign in to comment.