KEP-3619: Wiring up from RuntimeFeatures.SupplementalGroupsPolicy(CRI) to NodeFeatures.SupplementalGroupsPolicy(API)

everpeace · everpeace · commit f46ecf564891 · 2024-07-16T12:36:00.000+09:00
KEP-3619: fix typos in pkg/kubelet/container/runtime.go
diff --git a/pkg/kubelet/container/runtime.go b/pkg/kubelet/container/runtime.go
@@ -556,6 +556,8 @@ type RuntimeStatus struct {
 	Conditions []RuntimeCondition
 	// Handlers is an array of current available handlers
 	Handlers []RuntimeHandler
+	// Features is the set of features implemented by the runtime
+	Features *RuntimeFeatures
 }
 
 // GetRuntimeCondition gets a specified runtime condition from the runtime status.
@@ -579,7 +581,7 @@ func (r *RuntimeStatus) String() string {
 	for _, h := range r.Handlers {
 		sh = append(sh, h.String())
 	}
-	return fmt.Sprintf("Runtime Conditions: %s; Handlers: %s", strings.Join(ss, ", "), strings.Join(sh, ", "))
+	return fmt.Sprintf("Runtime Conditions: %s; Handlers: %s, Features: %s", strings.Join(ss, ", "), strings.Join(sh, ", "), r.Features.String())
 }
 
 // RuntimeHandler contains condition information for the runtime handler.
@@ -617,6 +619,19 @@ func (c *RuntimeCondition) String() string {
 	return fmt.Sprintf("%s=%t reason:%s message:%s", c.Type, c.Status, c.Reason, c.Message)
 }
 
+// RuntimeFeatures contains the set of features implemented by the runtime
+type RuntimeFeatures struct {
+	SupplementalGroupsPolicy bool
+}
+
+// String formats the runtime condition into a human readable string.
+func (f *RuntimeFeatures) String() string {
+	if f == nil {
+		return "nil"
+	}
+	return fmt.Sprintf("SupplementalGroupsPolicy: %v", f.SupplementalGroupsPolicy)
+}
+
 // Pods represents the list of pods
 type Pods []*Pod
 
diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
@@ -2883,6 +2883,7 @@ func (kl *Kubelet) updateRuntimeUp() {
 
 	kl.runtimeState.setRuntimeState(nil)
 	kl.runtimeState.setRuntimeHandlers(s.Handlers)
+	kl.runtimeState.setRuntimeFeatures(s.Features)
 	kl.oneTimeInitializer.Do(kl.initializeRuntimeDependentModules)
 	kl.runtimeState.setRuntimeSync(kl.clock.Now())
 }
diff --git a/pkg/kubelet/kubelet_node_status.go b/pkg/kubelet/kubelet_node_status.go
@@ -737,6 +737,7 @@ func (kl *Kubelet) defaultNodeStatusFuncs() []func(context.Context, *v1.Node) er
 		nodestatus.Images(kl.nodeStatusMaxImages, kl.imageManager.GetImageList),
 		nodestatus.GoRuntime(),
 		nodestatus.RuntimeHandlers(kl.runtimeState.runtimeHandlers),
+		nodestatus.NodeFeatures(kl.runtimeState.runtimeFeatures),
 	)
 
 	setters = append(setters,
diff --git a/pkg/kubelet/kuberuntime/helpers.go b/pkg/kubelet/kuberuntime/helpers.go
@@ -208,7 +208,7 @@ func parsePodUIDFromLogsDirectory(name string) types.UID {
 }
 
 // toKubeRuntimeStatus converts the runtimeapi.RuntimeStatus to kubecontainer.RuntimeStatus.
-func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeapi.RuntimeHandler) *kubecontainer.RuntimeStatus {
+func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeapi.RuntimeHandler, features *runtimeapi.RuntimeFeatures) *kubecontainer.RuntimeStatus {
 	conditions := []kubecontainer.RuntimeCondition{}
 	for _, c := range status.GetConditions() {
 		conditions = append(conditions, kubecontainer.RuntimeCondition{
@@ -232,7 +232,13 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus, handlers []*runtimeap
 			SupportsUserNamespaces:          supportsUserns,
 		}
 	}
-	return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers}
+	var retFeatures *kubecontainer.RuntimeFeatures
+	if features != nil {
+		retFeatures = &kubecontainer.RuntimeFeatures{
+			SupplementalGroupsPolicy: features.SupplementalGroupsPolicy,
+		}
+	}
+	return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers, Features: retFeatures}
 }
 
 func fieldSeccompProfile(scmp *v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (*runtimeapi.SecurityProfile, error) {
diff --git a/pkg/kubelet/kuberuntime/kuberuntime_manager.go b/pkg/kubelet/kuberuntime/kuberuntime_manager.go
@@ -347,7 +347,7 @@ func (m *kubeGenericRuntimeManager) Status(ctx context.Context) (*kubecontainer.
 	if resp.GetStatus() == nil {
 		return nil, errors.New("runtime status is nil")
 	}
-	return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers()), nil
+	return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers(), resp.GetFeatures()), nil
 }
 
 // GetPods returns a list of containers grouped by pods. The boolean parameter
diff --git a/pkg/kubelet/nodestatus/setters.go b/pkg/kubelet/nodestatus/setters.go
@@ -482,6 +482,23 @@ func GoRuntime() Setter {
 	}
 }
 
+// NodeFeatures returns a Setter that sets NodeFeatures on the node.
+func NodeFeatures(featuresGetter func() *kubecontainer.RuntimeFeatures) Setter {
+	return func(ctx context.Context, node *v1.Node) error {
+		if !utilfeature.DefaultFeatureGate.Enabled(features.SupplementalGroupsPolicy) {
+			return nil
+		}
+		features := featuresGetter()
+		if features == nil {
+			return nil
+		}
+		node.Status.Features = &v1.NodeFeatures{
+			SupplementalGroupsPolicy: &features.SupplementalGroupsPolicy,
+		}
+		return nil
+	}
+}
+
 // RuntimeHandlers returns a Setter that sets RuntimeHandlers on the node.
 func RuntimeHandlers(fn func() []kubecontainer.RuntimeHandler) Setter {
 	return func(ctx context.Context, node *v1.Node) error {
diff --git a/pkg/kubelet/runtime.go b/pkg/kubelet/runtime.go
@@ -36,6 +36,7 @@ type runtimeState struct {
 	cidr                     string
 	healthChecks             []*healthCheck
 	rtHandlers               []kubecontainer.RuntimeHandler
+	rtFeatures               *kubecontainer.RuntimeFeatures
 }
 
 // A health check function should be efficient and not rely on external
@@ -83,6 +84,18 @@ func (s *runtimeState) runtimeHandlers() []kubecontainer.RuntimeHandler {
 	return s.rtHandlers
 }
 
+func (s *runtimeState) setRuntimeFeatures(features *kubecontainer.RuntimeFeatures) {
+	s.Lock()
+	defer s.Unlock()
+	s.rtFeatures = features
+}
+
+func (s *runtimeState) runtimeFeatures() *kubecontainer.RuntimeFeatures {
+	s.RLock()
+	defer s.RUnlock()
+	return s.rtFeatures
+}
+
 func (s *runtimeState) setStorageState(err error) {
 	s.Lock()
 	defer s.Unlock()
diff --git a/pkg/registry/core/node/strategy.go b/pkg/registry/core/node/strategy.go
@@ -106,6 +106,10 @@ func dropDisabledFields(node *api.Node, oldNode *api.Node) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {
 		node.Status.RuntimeHandlers = nil
 	}
+
+	if !utilfeature.DefaultFeatureGate.Enabled(features.SupplementalGroupsPolicy) {
+		node.Status.Features = nil
+	}
 }
 
 // nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used)

Original file line number	Diff line number	Diff line change
`@@ -2883,6 +2883,7 @@ func (kl *Kubelet) updateRuntimeUp() {`
`2883`	`2883`
`2884`	`2884`	`kl.runtimeState.setRuntimeState(nil)`
`2885`	`2885`	`kl.runtimeState.setRuntimeHandlers(s.Handlers)`
	`2886`	`+ kl.runtimeState.setRuntimeFeatures(s.Features)`
`2886`	`2887`	`kl.oneTimeInitializer.Do(kl.initializeRuntimeDependentModules)`
`2887`	`2888`	`kl.runtimeState.setRuntimeSync(kl.clock.Now())`
`2888`	`2889`	`}`
Original file line number	Diff line number	Diff line change
`@@ -737,6 +737,7 @@ func (kl Kubelet) defaultNodeStatusFuncs() []func(context.Context, v1.Node) er`
`737`	`737`	`nodestatus.Images(kl.nodeStatusMaxImages, kl.imageManager.GetImageList),`
`738`	`738`	`nodestatus.GoRuntime(),`
`739`	`739`	`nodestatus.RuntimeHandlers(kl.runtimeState.runtimeHandlers),`
	`740`	`+ nodestatus.NodeFeatures(kl.runtimeState.runtimeFeatures),`
`740`	`741`	`)`
`741`	`742`
`742`	`743`	`setters = append(setters,`
Original file line number	Diff line number	Diff line change
`@@ -208,7 +208,7 @@ func parsePodUIDFromLogsDirectory(name string) types.UID {`
`208`	`208`	`}`
`209`	`209`
`210`	`210`	`// toKubeRuntimeStatus converts the runtimeapi.RuntimeStatus to kubecontainer.RuntimeStatus.`
`211`		`-func toKubeRuntimeStatus(status runtimeapi.RuntimeStatus, handlers []runtimeapi.RuntimeHandler) *kubecontainer.RuntimeStatus {`
	`211`	`+func toKubeRuntimeStatus(status runtimeapi.RuntimeStatus, handlers []runtimeapi.RuntimeHandler, features runtimeapi.RuntimeFeatures) kubecontainer.RuntimeStatus {`
`212`	`212`	`conditions := []kubecontainer.RuntimeCondition{}`
`213`	`213`	`for _, c := range status.GetConditions() {`
`214`	`214`	`conditions = append(conditions, kubecontainer.RuntimeCondition{`
`@@ -232,7 +232,13 @@ func toKubeRuntimeStatus(status runtimeapi.RuntimeStatus, handlers []runtimeap`
`232`	`232`	`SupportsUserNamespaces: supportsUserns,`
`233`	`233`	`}`
`234`	`234`	`}`
`235`		`- return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers}`
	`235`	`+ var retFeatures *kubecontainer.RuntimeFeatures`
	`236`	`+ if features != nil {`
	`237`	`+ retFeatures = &kubecontainer.RuntimeFeatures{`
	`238`	`+ SupplementalGroupsPolicy: features.SupplementalGroupsPolicy,`
	`239`	`+ }`
	`240`	`+ }`
	`241`	`+ return &kubecontainer.RuntimeStatus{Conditions: conditions, Handlers: retHandlers, Features: retFeatures}`
`236`	`242`	`}`
`237`	`243`
`238`	`244`	`func fieldSeccompProfile(scmp v1.SeccompProfile, profileRootPath string, fallbackToRuntimeDefault bool) (runtimeapi.SecurityProfile, error) {`
Original file line number	Diff line number	Diff line change
`@@ -347,7 +347,7 @@ func (m kubeGenericRuntimeManager) Status(ctx context.Context) (kubecontainer.`
`347`	`347`	`if resp.GetStatus() == nil {`
`348`	`348`	`return nil, errors.New("runtime status is nil")`
`349`	`349`	`}`
`350`		`- return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers()), nil`
	`350`	`+ return toKubeRuntimeStatus(resp.GetStatus(), resp.GetRuntimeHandlers(), resp.GetFeatures()), nil`
`351`	`351`	`}`
`352`	`352`
`353`	`353`	`// GetPods returns a list of containers grouped by pods. The boolean parameter`
Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,10 @@ func dropDisabledFields(node api.Node, oldNode api.Node) {`
`106`	`106`	`if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesSupport) {`
`107`	`107`	`node.Status.RuntimeHandlers = nil`
`108`	`108`	`}`
	`109`	`+`
	`110`	`+ if !utilfeature.DefaultFeatureGate.Enabled(features.SupplementalGroupsPolicy) {`
	`111`	`+ node.Status.Features = nil`
	`112`	`+ }`
`109`	`113`	`}`
`110`	`114`
`111`	`115`	`// nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used)`