Delete the sysctl runtime admit handler

mattjmcnaughton · mattjmcnaughton · commit 9e1c99c4e228 · 2020-01-22T08:51:39.000-05:00
As of kubernetes#72831, the minimum docker version is 1.13.1. (and the minimum API version is 1.26). The only time the `RuntimeAdmitHandler` returns anything other than accept is when the Docker API version < 1.24. In other words, we can be confident that Docker will always support sysctl. As a result, we can delete this unnecessary and docker-specific code.
diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
@@ -850,20 +850,13 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
 	klet.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)
 
 	if utilfeature.DefaultFeatureGate.Enabled(features.Sysctls) {
-		// add sysctl admission
-		runtimeSupport, err := sysctl.NewRuntimeAdmitHandler(klet.containerRuntime)
-		if err != nil {
-			return nil, err
-		}
-
 		// Safe, whitelisted sysctls can always be used as unsafe sysctls in the spec.
 		// Hence, we concatenate those two lists.
 		safeAndUnsafeSysctls := append(sysctlwhitelist.SafeSysctlWhitelist(), allowedUnsafeSysctls...)
 		sysctlsWhitelist, err := sysctl.NewWhitelist(safeAndUnsafeSysctls)
 		if err != nil {
 			return nil, err
 		}
-		klet.admitHandlers.AddPodAdmitHandler(runtimeSupport)
 		klet.admitHandlers.AddPodAdmitHandler(sysctlsWhitelist)
 	}
 
diff --git a/pkg/kubelet/sysctl/BUILD b/pkg/kubelet/sysctl/BUILD
@@ -10,14 +10,12 @@ go_library(
     name = "go_default_library",
     srcs = [
         "namespace.go",
-        "runtime.go",
         "whitelist.go",
     ],
     importpath = "k8s.io/kubernetes/pkg/kubelet/sysctl",
     deps = [
         "//pkg/apis/core/validation:go_default_library",
         "//pkg/apis/policy/validation:go_default_library",
-        "//pkg/kubelet/container:go_default_library",
         "//pkg/kubelet/lifecycle:go_default_library",
     ],
 )
diff --git a/pkg/kubelet/sysctl/runtime.go b/pkg/kubelet/sysctl/runtime.go
diff --git a/test/e2e/common/BUILD b/test/e2e/common/BUILD
@@ -48,7 +48,6 @@ go_library(
         "//pkg/kubelet/events:go_default_library",
         "//pkg/kubelet/images:go_default_library",
         "//pkg/kubelet/runtimeclass/testing:go_default_library",
-        "//pkg/kubelet/sysctl:go_default_library",
         "//staging/src/k8s.io/api/coordination/v1:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/equality:go_default_library",
diff --git a/test/e2e/common/sysctl.go b/test/e2e/common/sysctl.go
@@ -20,7 +20,6 @@ import (
 	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/uuid"
-	"k8s.io/kubernetes/pkg/kubelet/sysctl"
 	"k8s.io/kubernetes/test/e2e/framework"
 	e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
 	e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
@@ -86,9 +85,6 @@ var _ = framework.KubeDescribe("Sysctls [LinuxOnly] [NodeFeature:Sysctls]", func
 		// might have already been deleted here.
 		ev, err := f.PodClient().WaitForErrorEventOrSuccess(pod)
 		framework.ExpectNoError(err)
-		if ev != nil && ev.Reason == sysctl.UnsupportedReason {
-			e2eskipper.Skipf("No sysctl support in Docker <1.12")
-		}
 		gomega.Expect(ev).To(gomega.BeNil())
 
 		ginkgo.By("Waiting for pod completion")
@@ -129,9 +125,6 @@ var _ = framework.KubeDescribe("Sysctls [LinuxOnly] [NodeFeature:Sysctls]", func
 		// might have already been deleted here.
 		ev, err := f.PodClient().WaitForErrorEventOrSuccess(pod)
 		framework.ExpectNoError(err)
-		if ev != nil && ev.Reason == sysctl.UnsupportedReason {
-			e2eskipper.Skipf("No sysctl support in Docker <1.12")
-		}
 		gomega.Expect(ev).To(gomega.BeNil())
 
 		ginkgo.By("Waiting for pod completion")
@@ -206,9 +199,6 @@ var _ = framework.KubeDescribe("Sysctls [LinuxOnly] [NodeFeature:Sysctls]", func
 		// might have already been deleted here.
 		ev, err := f.PodClient().WaitForErrorEventOrSuccess(pod)
 		framework.ExpectNoError(err)
-		if ev != nil && ev.Reason == sysctl.UnsupportedReason {
-			e2eskipper.Skipf("No sysctl support in Docker <1.12")
-		}
 
 		ginkgo.By("Checking that the pod was rejected")
 		gomega.Expect(ev).ToNot(gomega.BeNil())
diff --git a/test/e2e/framework/pods.go b/test/e2e/framework/pods.go
@@ -226,7 +226,7 @@ func (c *PodClient) WaitForErrorEventOrSuccess(pod *v1.Pod) (*v1.Event, error) {
 		}
 		for _, e := range evnts.Items {
 			switch e.Reason {
-			case events.KillingContainer, events.FailedToCreateContainer, sysctl.UnsupportedReason, sysctl.ForbiddenReason:
+			case events.KillingContainer, events.FailedToCreateContainer, sysctl.ForbiddenReason:
 				ev = &e
 				return true, nil
 			case events.StartedContainer:
diff --git a/test/e2e/upgrades/BUILD b/test/e2e/upgrades/BUILD
@@ -41,7 +41,6 @@ go_library(
         "//test/e2e/framework/node:go_default_library",
         "//test/e2e/framework/security:go_default_library",
         "//test/e2e/framework/service:go_default_library",
-        "//test/e2e/framework/skipper:go_default_library",
         "//test/e2e/framework/statefulset:go_default_library",
         "//test/e2e/framework/testfiles:go_default_library",
         "//test/e2e/scheduling:go_default_library",
diff --git a/test/e2e/upgrades/sysctl.go b/test/e2e/upgrades/sysctl.go
@@ -28,7 +28,6 @@ import (
 	"k8s.io/kubernetes/pkg/kubelet/sysctl"
 
 	"k8s.io/kubernetes/test/e2e/framework"
-	e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
 	imageutils "k8s.io/kubernetes/test/utils/image"
 )
 
@@ -85,11 +84,8 @@ func (t *SysctlUpgradeTest) verifySafeSysctlWork(f *framework.Framework) *v1.Pod
 	validPod := f.PodClient().Create(t.validPod)
 
 	ginkgo.By("Making sure the valid pod launches")
-	ev, err := f.PodClient().WaitForErrorEventOrSuccess(t.validPod)
+	_, err := f.PodClient().WaitForErrorEventOrSuccess(t.validPod)
 	framework.ExpectNoError(err)
-	if ev != nil && ev.Reason == sysctl.UnsupportedReason {
-		e2eskipper.Skipf("No sysctl support in Docker <1.12")
-	}
 	f.TestContainerOutput("pod with safe sysctl launched", t.validPod, 0, []string{fmt.Sprintf("%s = %s", safeSysctl, safeSysctlValue)})
 
 	return validPod
@@ -105,9 +101,6 @@ func (t *SysctlUpgradeTest) verifyUnsafeSysctlsAreRejected(f *framework.Framewor
 	ginkgo.By("Making sure the invalid pod failed")
 	ev, err := f.PodClient().WaitForErrorEventOrSuccess(invalidPod)
 	framework.ExpectNoError(err)
-	if ev != nil && ev.Reason == sysctl.UnsupportedReason {
-		e2eskipper.Skipf("No sysctl support in Docker <1.12")
-	}
 	framework.ExpectEqual(ev.Reason, sysctl.ForbiddenReason)
 
 	return invalidPod

Original file line number	Diff line number	Diff line change
`@@ -226,7 +226,7 @@ func (c PodClient) WaitForErrorEventOrSuccess(pod v1.Pod) (*v1.Event, error) {`
`226`	`226`	`}`
`227`	`227`	`for _, e := range evnts.Items {`
`228`	`228`	`switch e.Reason {`
`229`		`- case events.KillingContainer, events.FailedToCreateContainer, sysctl.UnsupportedReason, sysctl.ForbiddenReason:`
	`229`	`+ case events.KillingContainer, events.FailedToCreateContainer, sysctl.ForbiddenReason:`
`230`	`230`	`ev = &e`
`231`	`231`	`return true, nil`
`232`	`232`	`case events.StartedContainer:`