From 798044b720c2a44d27623e927860d542bbb91e93 Mon Sep 17 00:00:00 2001 From: Michael Taufen Date: Mon, 14 Jan 2019 16:21:38 -0800 Subject: [PATCH] Stop setting deprecated --allow-privileged Kubelet flag in 1.14 --- pkg/model/components/kubelet.go | 17 ++++++++++++++++- ....masters.k8s-iam.us-west-2.td.priv_user_data | 2 -- ...on_nodes.k8s-iam.us-west-2.td.priv_user_data | 1 - 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/pkg/model/components/kubelet.go b/pkg/model/components/kubelet.go index 3d263e97b1..a58ef97c89 100644 --- a/pkg/model/components/kubelet.go +++ b/pkg/model/components/kubelet.go @@ -59,11 +59,26 @@ func (b *KubeletOptionsBuilder) BuildOptions(o interface{}) error { // Standard options clusterSpec.Kubelet.EnableDebuggingHandlers = fi.Bool(true) clusterSpec.Kubelet.PodManifestPath = "/etc/kubernetes/manifests" - clusterSpec.Kubelet.AllowPrivileged = fi.Bool(true) clusterSpec.Kubelet.LogLevel = fi.Int32(2) clusterSpec.Kubelet.ClusterDomain = clusterSpec.ClusterDNSDomain clusterSpec.Kubelet.NonMasqueradeCIDR = clusterSpec.NonMasqueradeCIDR + // AllowPrivileged is deprecated and removed in v1.14. + // See https://github.com/kubernetes/kubernetes/pull/71835 + if kubernetesVersion.Major == 1 && kubernetesVersion.Minor >= 14 { + if clusterSpec.Kubelet.AllowPrivileged != nil { + // If it is explicitly set to false, return an error, because this + // behavior is no longer supported in v1.14 (the default was true, prior). + if *clusterSpec.Kubelet.AllowPrivileged == false { + glog.Warningf("Kubelet's --allow-privileged flag is no longer supported in v1.14.") + } + // Explicitly set it to nil, so it won't be passed on the command line. + clusterSpec.Kubelet.AllowPrivileged = nil + } + } else { + clusterSpec.Kubelet.AllowPrivileged = fi.Bool(true) + } + if clusterSpec.Kubelet.ClusterDNS == "" { ip, err := WellKnownServiceIP(clusterSpec, 10) if err != nil { diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_master-us-west-2a.masters.k8s-iam.us-west-2.td.priv_user_data b/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_master-us-west-2a.masters.k8s-iam.us-west-2.td.priv_user_data index 85089e632a..d113d9fc8d 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_master-us-west-2a.masters.k8s-iam.us-west-2.td.priv_user_data +++ b/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_master-us-west-2a.masters.k8s-iam.us-west-2.td.priv_user_data @@ -221,7 +221,6 @@ kubeScheduler: leaderElect: true logLevel: 2 kubelet: - allowPrivileged: true cgroupRoot: / cloudProvider: aws clusterDNS: 100.64.0.10 @@ -239,7 +238,6 @@ kubelet: podManifestPath: /etc/kubernetes/manifests requireKubeconfig: true masterKubelet: - allowPrivileged: true cgroupRoot: / cloudProvider: aws clusterDNS: 100.64.0.10 diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_nodes.k8s-iam.us-west-2.td.priv_user_data b/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_nodes.k8s-iam.us-west-2.td.priv_user_data index 46ac3edbab..bbc3359c83 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_nodes.k8s-iam.us-west-2.td.priv_user_data +++ b/tests/integration/update_cluster/existing_iam_cloudformation/data/aws_launch_configuration_nodes.k8s-iam.us-west-2.td.priv_user_data @@ -159,7 +159,6 @@ kubeProxy: image: gcr.io/google_containers/kube-proxy:v1.8.4 logLevel: 2 kubelet: - allowPrivileged: true cgroupRoot: / cloudProvider: aws clusterDNS: 100.64.0.10