-
Notifications
You must be signed in to change notification settings - Fork 39.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for binaries to run as Windows services #60144
Conversation
Acked-by: Alin Gabriel Serdean aserdean@ovn.org |
/sig windows |
@jstarks or @jhowardmsft can you take a look since you implemented something similar for dockerd? |
pkg/util/service/service_windows.go
Outdated
} | ||
t := []scAction{ | ||
{Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)}, | ||
{Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better to bump this up an order of magnitude from 1 to 10 minutes for second retry. I think that would be better for dealing with the case where a dependent service like dockerd.exe
isn't running yet.
For others reviewing - here's the Windows SDK doc on how restart actions work:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms685939(v=vs.85).aspx
As written, it will retry after one minute, again after 1 more minute, then wait 24 hours before trying again
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure we can change it. I wouldn't go for a hard dependency on dockerd.exe
since kubelet will be used using a different CRI in the future.
To be honest this is a default value for service creation. The hardcoded values can substitute for a default value, but I would rather add documentation on how to config the service as a sysadmin (i.e. changing start type, adding triggers, modifying restart actions as people pleases). Do you know where we can add such a documentation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed the second timeout from 1 minute to 10 minutes.
I added a short comment. Thanks for submitting this and getting restart actions included! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These code changes look good to me. I also built the bins and verified I was able to register/unregister kube-proxy & kubelet services, as well as do a kubeadm join after setting up the kubelet service (passes kubeadm pre-flight check validating kubelet is setup as a service)
@alinbalutoiu You've added files to vendor without going through the correct process. As such, this will fail CI. |
@cblecker thanks for pointing that out. Done. |
/ok-to-test |
/approve |
/assign @thockin |
@alinbalutoiu please also add the status/approved-for-milestone label |
Fixed the boilerplate header for |
/priority important-soon |
Alright - think labels are fixed. Just need final review closed from @mtaufen I hope? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updates mostly look good, I had a few more suggestions to tighten things up.
cmd/kube-proxy/app/init_windows.go
Outdated
) | ||
|
||
var ( | ||
flRunService bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ncdc this global state look good? Or does kube-proxy prefer something akin to KubeletFlags
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had put everything into the Options
struct, such as CleanupAndExit
:
kubernetes/cmd/kube-proxy/app/server.go
Lines 93 to 100 in 86ca3af
// Options contains everything necessary to create and run a proxy server. | |
type Options struct { | |
// ConfigFile is the location of the proxy server's configuration file. | |
ConfigFile string | |
// WriteConfigTo is the path where the default configuration will be written. | |
WriteConfigTo string | |
// CleanupAndExit, when true, makes the proxy server clean up iptables rules, then exit. | |
CleanupAndExit bool |
And then the flag registered directly into that field:
kubernetes/cmd/kube-proxy/app/server.go
Lines 120 to 124 in 86ca3af
// AddFlags adds flags to fs and binds them to options. | |
func (o *Options) AddFlags(fs *pflag.FlagSet) { | |
fs.StringVar(&o.ConfigFile, "config", o.ConfigFile, "The path to the configuration file.") | |
fs.StringVar(&o.WriteConfigTo, "write-config-to", o.WriteConfigTo, "If set, write the default configuration values to this file and exit.") | |
fs.BoolVar(&o.CleanupAndExit, "cleanup-iptables", o.CleanupAndExit, "If true cleanup iptables and ipvs rules and exit.") |
But I realize this is OS specific and it doesn't make sense to add it to kube-proxy's Options struct, so it's probably ok like this.
FWIW, I wouldn't prefix the package variable's name with fl
. I'd probably call it runAsWIndowsServer
or something to that effect instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. I changed the variable name into WindowsService
to be consistent with Kubelet as @mtaufen requested.
) | ||
|
||
var ( | ||
FlRunService bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be a subfield of the KubeletFlags
struct in options/options.go
. Leave a comment above the field noting that its corresponding flag only gets registered in Windows builds.
Let's also rename it to WindowsService
here and in kube-proxy so it matches the flag name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
) | ||
|
||
// AddOSFlags adds specific OS flags | ||
func AddOSFlags(fs *pflag.FlagSet) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Modify this as follows when you move the destination value into KubeletFlags
, so we're consistent with KubeletFlags.AddFlags
:
func (f *KubeletFlags) addOSFlags(fs *pflag.FlagSet) {
fs.BoolVar(&f.WindowsService, "windows-service", f.WindowsService, "Enable Windows Service Control Manager API integration")
}
and now call it at the beginning of KubeletFlags.AddFlags
instead of in cmd/kubelet/app/server.go
(I made KubeletFlags.addOSFlags
private, since there shouldn't be a reason to call this separately from KubeletFlags.AddFlags
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
cmd/kubelet/app/server.go
Outdated
@@ -238,6 +238,7 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API | |||
kubeletFlags.AddFlags(cleanFlagSet) | |||
options.AddKubeletConfigFlags(cleanFlagSet, kubeletConfig) | |||
options.AddGlobalFlags(cleanFlagSet) | |||
options.AddOSFlags(cleanFlagSet) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
merge with kubeletFlags.AddFlags, per above comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
cmd/kubelet/app/init_windows.go
Outdated
serviceName = "kubelet" | ||
) | ||
|
||
func initForOS() error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When you remove the global FlRunService
var in favor of KubeletFlags.WindowsService
, you'll have to pass it in as an arg here, e.g. func initForOS(windowsService bool) error
.
I know that's not as pretty a function signature, but it's better than global state floating around and keeps things consistent with the other flags.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One nit, and also want @ncdc to give a final thumbs-up on the kube-proxy stuff, otherwise LGTM.
cmd/kube-proxy/app/server.go
Outdated
@@ -100,6 +100,9 @@ type Options struct { | |||
CleanupAndExit bool | |||
// CleanupIPVS, when true, makes the proxy server clean up ipvs rules before running. | |||
CleanupIPVS bool | |||
// WindowsService should be set to true if kubelet is running as a service on Windows. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/kubelet/kube-proxy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
This patch adds support for kubernetes to integrate with Windows SCM. As a first step both `kubelet` and `kube-proxy` can be registered as a service. To create the service: PS > sc.exe create <component_name> binPath= "<path_to_binary> --service <other_args>" CMD > sc create <component_name> binPath= "<path_to_binary> --service <other_args>" Please note that if the arguments contain spaces, it must be escaped. Example: PS > sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>" CMD > sc create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>" Example to start the service: PS > Start-Service kubelet; Start-Service kube-proxy CMD > net start kubelet && net start kube-proxy Example to stop the service: PS > Stop-Service kubelet (-Force); Stop-Service kube-proxy (-Force) CMD > net stop kubelet && net stop kube-proxy Example to query the service: PS > Get-Service kubelet; Get-Service kube-proxy; CMD > sc.exe queryex kubelet && sc qc kubelet && sc.exe queryex kube-proxy && sc.exe qc kube-proxy Signed-off-by: Alin Balutoiu <abalutoiu@cloudbasesolutions.com> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org> Co-authored-by: Alin Gabriel Serdean <aserdean@ovn.org>
This is needed for service manager support on Windows in kubernetes binaries.
/test pull-kubernetes-kubemark-e2e-gce |
2 similar comments
/test pull-kubernetes-kubemark-e2e-gce |
/test pull-kubernetes-kubemark-e2e-gce |
I pinged @ncdc last night on Slack, and he was cool with the kube-proxy side. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alinbalutoiu, aserdean, michmike, mtaufen, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test all [submit-queue is verifying that this PR is safe to merge] |
[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process @alinbalutoiu @michmike @mtaufen @thockin Pull Request Labels
|
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
Add support for binaries to run as Windows services
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #59562
Special notes for your reviewer:
Release note: