Add support for the PodNodeSelector admission controller #920
Conversation
kubermatic-bot
added
do-not-merge/work-in-progress
| @@ -215,6 +215,7 @@ type MachineControllerConfig struct { | |||
|
|
|||
| // Features controls what features will be enabled on the cluster | |||
| type Features struct { | |||
| PodNodeSelector *PodNodeSelector `json:"podNodeSelector"` | |||
There was a problem hiding this comment.
While there is no technical obstacle to add this new feature to v1alpha1, I think we should avoid doing this, as v1alpha1 should be "conserved" and not changed anymore.
There was a problem hiding this comment.
I've thought about this as well, but I think we should keep both APIs in sync until we don't officially announce the deprecation with the 1.0 release. After that, only v1beta1 should be extended.
xmudrii
changed the title
kubermatic-bot
removed
the
do-not-merge/work-in-progress
|
@kron4eg PTAL |
| // configuration file. | ||
| // ConfigFilePath is a required field. | ||
| // More info: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#podnodeselector | ||
| ConfigFilePath string `json:"configFilePath"` |
There was a problem hiding this comment.
| ConfigFilePath string `json:"configFilePath"` | |
| Config string `json:"config"` |
Let's have it inline instead of file
There was a problem hiding this comment.
I've thought about this as well and I'm not sure this is a good approach. I think we should have the standardized API, even if it's a little bit redundant sometimes. A couple of things I have on mind:
Configis a struct for all other features. Having it as a string here could introduce confusion- The problem mentioned above could be solved by calling it
ConfigFilePathlike it's now, but then we come to another problem... - If we ever have to add another field for any reason, we would drift from the standard API way too much and we would end up in a mess.
In the long run, I think it's better as it is right now.
|
Everything looks good, except one part that really bothers me, file references (namely Yet, the API design discussion probably doesn't belongs to this PR. /lgtm |
|
LGTM label has been added. Git tree hash: 2aa50f8ec7788a89f08d39c836dbf8ad7637c37c
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kron4eg, xmudrii The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What this PR does / why we need it:
Add support for the PodNodeSelector admission controller.
The admission controller is enabled by enabling the appropriate feature, such as:
The
podnodeselector.yamlfile is located on the local file system and contains the plugin configuration. More about the configuration format can be found in the Kubernetes docs.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #852
Special notes for your reviewer:
kube-systemcomponents able to get scheduled on all nodes, an emptyscheduler.alpha.kubernetes.io/node-selectorannotation is added to thekube-systemnamespace. Thekube-systemnamespace mustn't be restricted in the plugin configuration, as pods such as CNI and kube-proxy must be scheduled on all nodes.kube-systemnamespace gets annotated,kubeadmcreates deployments/daemonsets for the needed components. The underlying pods have the incorrect node selectors and therefore are stuck in the Pending state. To resolve this problem, all pending pods in thekube-systemnamespace are removed, so they get recreated with the correct node selector.k8s.io/apiserverpackage. Importing the package would require us to bump all Kubernetes dependencies to v1.18, as well as, controller-runtime to v0.5.0 or newer.Does this PR introduce a user-facing change?:
/assign @kron4eg