Merge pull request #16510 from deads2k/controller-13-simplify

Automatic merge from submit-queue (batch tested with PRs 16534, 16533, 16510, 16508, 16392)

simplify controller start

Last commit is unique.  This removes the direct usage of the controller manager options struct for unrelated controller initialization. We still use it for parsing (I didn't want to get stuck writing new config.  This isn't net new usage.  I just made the links obvious).

Author: openshift-merge-robot

pkg/cmd/server/kubernetes/master/master_config.go

@@ -19,7 +19,6 @@ import (
 	"github.com/golang/glog"
 	"gopkg.in/natefinch/lumberjack.v2"
 
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	openapicommon "k8s.io/apimachinery/pkg/openapi"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -48,16 +47,13 @@ import (
 	auditlog "k8s.io/apiserver/plugin/pkg/audit/log"
 	auditwebhook "k8s.io/apiserver/plugin/pkg/audit/webhook"
 	kapiserveroptions "k8s.io/kubernetes/cmd/kube-apiserver/app/options"
-	cmapp "k8s.io/kubernetes/cmd/kube-controller-manager/app/options"
 	kapi "k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/apps"
 	"k8s.io/kubernetes/pkg/apis/autoscaling"
 	"k8s.io/kubernetes/pkg/apis/batch"
 	batchv2alpha1 "k8s.io/kubernetes/pkg/apis/batch/v2alpha1"
-	"k8s.io/kubernetes/pkg/apis/componentconfig"
 	"k8s.io/kubernetes/pkg/apis/extensions"
 	"k8s.io/kubernetes/pkg/apis/networking"
-	"k8s.io/kubernetes/pkg/cloudprovider"
 	"k8s.io/kubernetes/pkg/master"
 	"k8s.io/kubernetes/pkg/registry/cachesize"
 	"k8s.io/kubernetes/pkg/registry/core/endpoint"
@@ -71,7 +67,6 @@ import (
 	"github.com/openshift/origin/pkg/cmd/flagtypes"
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
-	"github.com/openshift/origin/pkg/cmd/server/cm"
 	"github.com/openshift/origin/pkg/cmd/server/crypto"
 	"github.com/openshift/origin/pkg/cmd/server/election"
 	cmdutil "github.com/openshift/origin/pkg/cmd/util"
@@ -326,78 +321,6 @@ func buildUpstreamClientCARegistrationHook(s *kapiserveroptions.ServerRunOptions
 	}, nil
 }
 
-func BuildControllerManagerServer(masterConfig configapi.MasterConfig) (*cmapp.CMServer, cloudprovider.Interface, error) {
-	podEvictionTimeout, err := time.ParseDuration(masterConfig.KubernetesMasterConfig.PodEvictionTimeout)
-	if err != nil {
-		return nil, nil, fmt.Errorf("unable to parse PodEvictionTimeout: %v", err)
-	}
-
-	// Defaults are tested in TestCMServerDefaults
-	cmserver := cmapp.NewCMServer()
-	// Adjust defaults
-	cmserver.ClusterSigningCertFile = ""
-	cmserver.ClusterSigningKeyFile = ""
-	cmserver.LeaderElection.RetryPeriod = metav1.Duration{Duration: 3 * time.Second}
-	cmserver.ClusterSigningDuration = metav1.Duration{Duration: 0}
-	cmserver.Address = "" // no healthz endpoint
-	cmserver.Port = 0     // no healthz endpoint
-	cmserver.EnableGarbageCollector = true
-	cmserver.PodEvictionTimeout = metav1.Duration{Duration: podEvictionTimeout}
-	cmserver.VolumeConfiguration.EnableDynamicProvisioning = masterConfig.VolumeConfig.DynamicProvisioningEnabled
-
-	// IF YOU ADD ANYTHING TO THIS LIST, MAKE SURE THAT YOU UPDATE THEIR STRATEGIES TO PREVENT GC FINALIZERS
-	cmserver.GCIgnoredResources = append(cmserver.GCIgnoredResources,
-		// explicitly disabled from GC for now - not enough value to track them
-		componentconfig.GroupResource{Group: "authorization.openshift.io", Resource: "rolebindingrestrictions"},
-		componentconfig.GroupResource{Group: "network.openshift.io", Resource: "clusternetworks"},
-		componentconfig.GroupResource{Group: "network.openshift.io", Resource: "egressnetworkpolicies"},
-		componentconfig.GroupResource{Group: "network.openshift.io", Resource: "hostsubnets"},
-		componentconfig.GroupResource{Group: "network.openshift.io", Resource: "netnamespaces"},
-		componentconfig.GroupResource{Group: "oauth.openshift.io", Resource: "oauthclientauthorizations"},
-		componentconfig.GroupResource{Group: "oauth.openshift.io", Resource: "oauthclients"},
-		componentconfig.GroupResource{Group: "quota.openshift.io", Resource: "clusterresourcequotas"},
-		componentconfig.GroupResource{Group: "user.openshift.io", Resource: "groups"},
-		componentconfig.GroupResource{Group: "user.openshift.io", Resource: "identities"},
-		componentconfig.GroupResource{Group: "user.openshift.io", Resource: "users"},
-		componentconfig.GroupResource{Group: "image.openshift.io", Resource: "images"},
-
-		// virtual resource
-		componentconfig.GroupResource{Group: "project.openshift.io", Resource: "projects"},
-		// these resources contain security information in their names, and we don't need to track them
-		componentconfig.GroupResource{Group: "oauth.openshift.io", Resource: "oauthaccesstokens"},
-		componentconfig.GroupResource{Group: "oauth.openshift.io", Resource: "oauthauthorizetokens"},
-		// exposed already as cronjobs
-		componentconfig.GroupResource{Group: "batch", Resource: "scheduledjobs"},
-		// exposed already as extensions v1beta1 by other controllers
-		componentconfig.GroupResource{Group: "apps", Resource: "deployments"},
-		// exposed as autoscaling v1
-		componentconfig.GroupResource{Group: "extensions", Resource: "horizontalpodautoscalers"},
-	)
-
-	// resolve extended arguments
-	// TODO: this should be done in config validation (along with the above) so we can provide
-	// proper errors
-	if err := cmdflags.Resolve(masterConfig.KubernetesMasterConfig.ControllerArguments, cm.OriginControllerManagerAddFlags(cmserver)); len(err) > 0 {
-		return nil, nil, kerrors.NewAggregate(err)
-	}
-	cloud, err := cloudprovider.InitCloudProvider(cmserver.CloudProvider, cmserver.CloudConfigFile)
-	if err != nil {
-		return nil, nil, err
-	}
-	if cloud != nil {
-		if cloud.HasClusterID() == false {
-			if cmserver.AllowUntaggedCloud == true {
-				glog.Warning("detected a cluster without a ClusterID.  A ClusterID will be required in the future.  Please tag your cluster to avoid any future issues")
-			} else {
-				return nil, nil, fmt.Errorf("no ClusterID Found.  A ClusterID is required for the cloud provider to function properly.  This check can be bypassed by setting the allow-untagged-cloud option")
-			}
-		}
-		glog.V(2).Infof("Successfully initialized cloud provider: %q from the config file: %q\n", cmserver.CloudProvider, cmserver.CloudConfigFile)
-	}
-
-	return cmserver, cloud, nil
-}
-
 func buildProxyClientCerts(masterConfig configapi.MasterConfig) ([]tls.Certificate, error) {
 	var proxyClientCerts []tls.Certificate
 	if len(masterConfig.KubernetesMasterConfig.ProxyClientInfo.CertFile) > 0 {

pkg/cmd/server/origin/controller/autoscaling.go

@@ -19,9 +19,10 @@ type HorizontalPodAutoscalerControllerConfig struct {
 }
 
 func (c *HorizontalPodAutoscalerControllerConfig) RunController(originCtx ControllerContext) (bool, error) {
-	ctx := originCtx.KubeControllerContext
-
-	hpaClientConfig := ctx.ClientBuilder.ConfigOrDie(bootstrappolicy.InfraHorizontalPodAutoscalerControllerServiceAccountName)
+	hpaClientConfig, err := originCtx.ClientBuilder.Config(bootstrappolicy.InfraHorizontalPodAutoscalerControllerServiceAccountName)
+	if err != nil {
+		return true, err
+	}
 
 	hpaClient, err := kubeclientset.NewForConfig(hpaClientConfig)
 	if err != nil {
@@ -52,11 +53,11 @@ func (c *HorizontalPodAutoscalerControllerConfig) RunController(originCtx Contro
 		delegatingScalesGetter,
 		hpaClient.Autoscaling(),
 		replicaCalc,
-		ctx.InformerFactory.Autoscaling().V1().HorizontalPodAutoscalers(),
-		ctx.Options.HorizontalPodAutoscalerSyncPeriod.Duration,
-		ctx.Options.HorizontalPodAutoscalerUpscaleForbiddenWindow.Duration,
-		ctx.Options.HorizontalPodAutoscalerDownscaleForbiddenWindow.Duration,
-	).Run(ctx.Stop)
+		originCtx.ExternalKubeInformers.Autoscaling().V1().HorizontalPodAutoscalers(),
+		originCtx.OpenshiftControllerOptions.HPAControllerOptions.SyncPeriod.Duration,
+		originCtx.OpenshiftControllerOptions.HPAControllerOptions.UpscaleForbiddenWindow.Duration,
+		originCtx.OpenshiftControllerOptions.HPAControllerOptions.DownscaleForbiddenWindow.Duration,
+	).Run(originCtx.Stop)
 
 	return true, nil
 }

pkg/cmd/server/origin/controller/interfaces.go

@@ -3,7 +3,7 @@ package controller
 import (
 	"github.com/golang/glog"
 
-	kubecontroller "k8s.io/kubernetes/cmd/kube-controller-manager/app"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kclientsetinternal "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 	kexternalinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions"
 	kinternalinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
@@ -25,7 +25,7 @@ import (
 )
 
 type ControllerContext struct {
-	KubeControllerContext kubecontroller.ControllerContext
+	OpenshiftControllerOptions OpenshiftControllerOptions
 
 	// ClientBuilder will provide a client for this controller to use
 	ClientBuilder ControllerClientBuilder
@@ -44,6 +44,30 @@ type ControllerContext struct {
 	Stop <-chan struct{}
 }
 
+// OpenshiftControllerOptions contain the options used to run the controllers.  Eventually we need to construct a way to properly
+// configure these in a config struct.  This at least lets us know what we have.
+type OpenshiftControllerOptions struct {
+	HPAControllerOptions       HPAControllerOptions
+	ResourceQuotaOptions       ResourceQuotaOptions
+	ServiceAccountTokenOptions ServiceAccountTokenOptions
+}
+
+type HPAControllerOptions struct {
+	SyncPeriod               metav1.Duration
+	UpscaleForbiddenWindow   metav1.Duration
+	DownscaleForbiddenWindow metav1.Duration
+}
+
+type ResourceQuotaOptions struct {
+	ConcurrentSyncs int32
+	SyncPeriod      metav1.Duration
+	MinResyncPeriod metav1.Duration
+}
+
+type ServiceAccountTokenOptions struct {
+	ConcurrentSyncs int32
+}
+
 // TODO wire this up to something that handles the names.  The logic is available upstream, we just have to wire to it
 func (c ControllerContext) IsControllerEnabled(name string) bool {
 	return true
@@ -227,10 +251,3 @@ func (b OpenshiftControllerClientBuilder) OpenshiftInternalNetworkClientOrDie(na
 	}
 	return client
 }
-
-// FromKubeInitFunc adapts a kube init func to an openshift one
-func FromKubeInitFunc(initFn kubecontroller.InitFunc) InitFunc {
-	return func(ctx ControllerContext) (bool, error) {
-		return initFn(ctx.KubeControllerContext)
-	}
-}

pkg/cmd/server/origin/controller/quota.go

@@ -15,9 +15,9 @@ import (
 )
 
 func RunResourceQuotaManager(ctx ControllerContext) (bool, error) {
-	concurrentResourceQuotaSyncs := int(ctx.KubeControllerContext.Options.ConcurrentResourceQuotaSyncs)
-	resourceQuotaSyncPeriod := ctx.KubeControllerContext.Options.ResourceQuotaSyncPeriod.Duration
-	replenishmentSyncPeriodFunc := calculateResyncPeriod(ctx.KubeControllerContext.Options.MinResyncPeriod.Duration)
+	concurrentResourceQuotaSyncs := int(ctx.OpenshiftControllerOptions.ResourceQuotaOptions.ConcurrentSyncs)
+	resourceQuotaSyncPeriod := ctx.OpenshiftControllerOptions.ResourceQuotaOptions.SyncPeriod.Duration
+	replenishmentSyncPeriodFunc := calculateResyncPeriod(ctx.OpenshiftControllerOptions.ResourceQuotaOptions.MinResyncPeriod.Duration)
 	saName := "resourcequota-controller"
 
 	resourceQuotaRegistry := quota.NewOriginQuotaRegistry(

pkg/cmd/server/origin/controller/serviceaccount.go

@@ -68,7 +68,7 @@ func (c *ServiceAccountTokenControllerOptions) RunController(ctx ControllerConte
 			RootCA:           c.RootCA,
 			ServiceServingCA: c.ServiceServingCA,
 		},
-	).Run(int(ctx.KubeControllerContext.Options.ConcurrentSATokenSyncs), ctx.Stop)
+	).Run(int(ctx.OpenshiftControllerOptions.ServiceAccountTokenOptions.ConcurrentSyncs), ctx.Stop)
 	return true, nil
 }
 

pkg/cmd/server/start/controllers.go

@@ -1,57 +1,50 @@
 package start
 
 import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/golang/glog"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	kutilerrors "k8s.io/apimachinery/pkg/util/errors"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/rest"
-	cmapp "k8s.io/kubernetes/cmd/kube-controller-manager/app"
 	cmappoptions "k8s.io/kubernetes/cmd/kube-controller-manager/app/options"
-	"k8s.io/kubernetes/pkg/cloudprovider"
+	"k8s.io/kubernetes/pkg/apis/componentconfig"
+	kclientsetexternal "k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
 	"k8s.io/kubernetes/pkg/controller"
 
-	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
+	"github.com/openshift/origin/pkg/cmd/server/cm"
 	origincontrollers "github.com/openshift/origin/pkg/cmd/server/origin/controller"
+	cmdflags "github.com/openshift/origin/pkg/cmd/util/flags"
 )
 
-func getControllerContext(options configapi.MasterConfig, controllerManagerOptions *cmappoptions.CMServer, cloudProvider cloudprovider.Interface, informers *informers, stopCh <-chan struct{}) (origincontrollers.ControllerContext, error) {
-	loopbackConfig, _, kubeExternal, _, err := getAllClients(options)
-	if err != nil {
-		return origincontrollers.ControllerContext{}, err
-	}
+func newControllerContext(
+	openshiftControllerOptions origincontrollers.OpenshiftControllerOptions,
+	privilegedLoopbackConfig *rest.Config,
+	kubeExternal kclientsetexternal.Interface,
+	informers *informers,
+	stopCh <-chan struct{},
+) origincontrollers.ControllerContext {
+
 	// divide up the QPS since it re-used separately for every client
 	// TODO, eventually make this configurable individually in some way.
-	if loopbackConfig.QPS > 0 {
-		loopbackConfig.QPS = loopbackConfig.QPS/10 + 1
+	if privilegedLoopbackConfig.QPS > 0 {
+		privilegedLoopbackConfig.QPS = privilegedLoopbackConfig.QPS/10 + 1
 	}
-	if loopbackConfig.Burst > 0 {
-		loopbackConfig.Burst = loopbackConfig.Burst/10 + 1
-	}
-
-	rootClientBuilder := controller.SimpleControllerClientBuilder{
-		ClientConfig: loopbackConfig,
-	}
-
-	availableResources, err := cmapp.GetAvailableResources(rootClientBuilder)
-	if err != nil {
-		return origincontrollers.ControllerContext{}, err
+	if privilegedLoopbackConfig.Burst > 0 {
+		privilegedLoopbackConfig.Burst = privilegedLoopbackConfig.Burst/10 + 1
 	}
 
 	openshiftControllerContext := origincontrollers.ControllerContext{
-		KubeControllerContext: cmapp.ControllerContext{
-			ClientBuilder: controller.SAControllerClientBuilder{
-				ClientConfig:         rest.AnonymousClientConfig(loopbackConfig),
-				CoreClient:           kubeExternal.Core(),
-				AuthenticationClient: kubeExternal.Authentication(),
-				Namespace:            "kube-system",
-			},
-			InformerFactory:    newGenericInformers(informers),
-			Options:            *controllerManagerOptions,
-			AvailableResources: availableResources,
-			Cloud:              cloudProvider,
-			Stop:               stopCh,
-		},
+		OpenshiftControllerOptions: openshiftControllerOptions,
+
 		ClientBuilder: origincontrollers.OpenshiftControllerClientBuilder{
 			ControllerClientBuilder: controller.SAControllerClientBuilder{
-				ClientConfig:         rest.AnonymousClientConfig(loopbackConfig),
+				ClientConfig:         rest.AnonymousClientConfig(privilegedLoopbackConfig),
 				CoreClient:           kubeExternal.Core(),
 				AuthenticationClient: kubeExternal.Authentication(),
 				Namespace:            bootstrappolicy.DefaultOpenShiftInfraNamespace,
@@ -69,5 +62,68 @@ func getControllerContext(options configapi.MasterConfig, controllerManagerOptio
 		Stop:                   stopCh,
 	}
 
-	return openshiftControllerContext, nil
+	return openshiftControllerContext
+}
+
+// getOpenshiftControllerOptions parses the CLI args used by the kube-controllers (which control these options today), so that
+// we can defer making the controller options structs until we have a better idea what they should look like.
+// This does mean we pull in an upstream command that hopefully won't change much.
+func getOpenshiftControllerOptions(args map[string][]string) (origincontrollers.OpenshiftControllerOptions, error) {
+	cmserver := cmappoptions.NewCMServer()
+	if err := cmdflags.Resolve(args, cm.OriginControllerManagerAddFlags(cmserver)); len(err) > 0 {
+		return origincontrollers.OpenshiftControllerOptions{}, kutilerrors.NewAggregate(err)
+	}
+
+	return origincontrollers.OpenshiftControllerOptions{
+		HPAControllerOptions: origincontrollers.HPAControllerOptions{
+			SyncPeriod:               cmserver.KubeControllerManagerConfiguration.HorizontalPodAutoscalerSyncPeriod,
+			UpscaleForbiddenWindow:   cmserver.KubeControllerManagerConfiguration.HorizontalPodAutoscalerUpscaleForbiddenWindow,
+			DownscaleForbiddenWindow: cmserver.KubeControllerManagerConfiguration.HorizontalPodAutoscalerDownscaleForbiddenWindow,
+		},
+		ResourceQuotaOptions: origincontrollers.ResourceQuotaOptions{
+			ConcurrentSyncs: cmserver.KubeControllerManagerConfiguration.ConcurrentResourceQuotaSyncs,
+			SyncPeriod:      cmserver.KubeControllerManagerConfiguration.ResourceQuotaSyncPeriod,
+			MinResyncPeriod: cmserver.KubeControllerManagerConfiguration.MinResyncPeriod,
+		},
+		ServiceAccountTokenOptions: origincontrollers.ServiceAccountTokenOptions{
+			ConcurrentSyncs: cmserver.KubeControllerManagerConfiguration.ConcurrentSATokenSyncs,
+		},
+	}, nil
+}
+
+// getLeaderElectionOptions parses the CLI args used by the openshift controller leader election (which control these options today), so that
+// we can defer making the options structs until we have a better idea what they should look like.
+// This does mean we pull in an upstream command that hopefully won't change much.
+func getLeaderElectionOptions(args map[string][]string) (componentconfig.LeaderElectionConfiguration, error) {
+	cmserver := cmappoptions.NewCMServer()
+	cmserver.LeaderElection.RetryPeriod = metav1.Duration{Duration: 3 * time.Second}
+
+	if err := cmdflags.Resolve(args, cm.OriginControllerManagerAddFlags(cmserver)); len(err) > 0 {
+		return componentconfig.LeaderElectionConfiguration{}, kutilerrors.NewAggregate(err)
+	}
+
+	return cmserver.KubeControllerManagerConfiguration.LeaderElection, nil
+}
+
+func waitForHealthyAPIServer(client rest.Interface) error {
+	var healthzContent string
+	// If apiserver is not running we should wait for some time and fail only then. This is particularly
+	// important when we start apiserver and controller manager at the same time.
+	err := wait.PollImmediate(time.Second, 5*time.Minute, func() (bool, error) {
+		healthStatus := 0
+		resp := client.Get().AbsPath("/healthz").Do().StatusCode(&healthStatus)
+		if healthStatus != http.StatusOK {
+			glog.Errorf("Server isn't healthy yet. Waiting a little while.")
+			return false, nil
+		}
+		content, _ := resp.Raw()
+		healthzContent = string(content)
+
+		return true, nil
+	})
+	if err != nil {
+		return fmt.Errorf("server unhealthy: %v: %v", healthzContent, err)
+	}
+
+	return nil
 }