Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for binaries to run as Windows services #60144

Merged
merged 2 commits into from
Mar 7, 2018

Conversation

alinbalutoiu
Copy link
Contributor

@alinbalutoiu alinbalutoiu commented Feb 21, 2018

What this PR does / why we need it:
Add support for binaries to run as Windows services

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #59562

Special notes for your reviewer:

Release note:

kubelet and kube-proxy can now be ran as Windows services

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 21, 2018
@aserdean
Copy link
Contributor

Acked-by: Alin Gabriel Serdean aserdean@ovn.org
/assign @bsteciuk @michmike .

@bsteciuk
Copy link
Contributor

/sig windows

@k8s-ci-robot k8s-ci-robot added the sig/windows Categorizes an issue or PR as relevant to SIG Windows. label Feb 21, 2018
@PatrickLang
Copy link
Contributor

@jstarks or @jhowardmsft can you take a look since you implemented something similar for dockerd?

}
t := []scAction{
{Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)},
{Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to bump this up an order of magnitude from 1 to 10 minutes for second retry. I think that would be better for dealing with the case where a dependent service like dockerd.exe isn't running yet.

For others reviewing - here's the Windows SDK doc on how restart actions work:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms685939(v=vs.85).aspx

As written, it will retry after one minute, again after 1 more minute, then wait 24 hours before trying again

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure we can change it. I wouldn't go for a hard dependency on dockerd.exe since kubelet will be used using a different CRI in the future.

To be honest this is a default value for service creation. The hardcoded values can substitute for a default value, but I would rather add documentation on how to config the service as a sysadmin (i.e. changing start type, adding triggers, modifying restart actions as people pleases). Do you know where we can add such a documentation?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the second timeout from 1 minute to 10 minutes.

@PatrickLang
Copy link
Contributor

I added a short comment. Thanks for submitting this and getting restart actions included!

Copy link
Contributor

@bsteciuk bsteciuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These code changes look good to me. I also built the bins and verified I was able to register/unregister kube-proxy & kubelet services, as well as do a kubeadm join after setting up the kubelet service (passes kubeadm pre-flight check validating kubelet is setup as a service)

@cblecker
Copy link
Member

@alinbalutoiu You've added files to vendor without going through the correct process. As such, this will fail CI.
The proper process for adding dependencies is here: https://github.com/kubernetes/community/blob/master/contributors/devel/godep.md

@alinbalutoiu
Copy link
Contributor Author

@cblecker thanks for pointing that out. Done.

@cblecker
Copy link
Member

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Feb 23, 2018
@michmike
Copy link
Contributor

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 23, 2018
@michmike
Copy link
Contributor

/assign @thockin

@michmike
Copy link
Contributor

@alinbalutoiu please also add the status/approved-for-milestone label

@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 23, 2018
@alinbalutoiu
Copy link
Contributor Author

alinbalutoiu commented Feb 23, 2018

Fixed the boilerplate header for service_windows.go, added missing licenses and added comments to the exported functions from pkg/util/service package. This were causing the build to fail.

@PatrickLang
Copy link
Contributor

/priority important-soon

@k8s-ci-robot k8s-ci-robot added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Mar 6, 2018
@PatrickLang
Copy link
Contributor

Alright - think labels are fixed. Just need final review closed from @mtaufen I hope?

Copy link
Contributor

@mtaufen mtaufen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updates mostly look good, I had a few more suggestions to tighten things up.

)

var (
flRunService bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ncdc this global state look good? Or does kube-proxy prefer something akin to KubeletFlags?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had put everything into the Options struct, such as CleanupAndExit:

// Options contains everything necessary to create and run a proxy server.
type Options struct {
// ConfigFile is the location of the proxy server's configuration file.
ConfigFile string
// WriteConfigTo is the path where the default configuration will be written.
WriteConfigTo string
// CleanupAndExit, when true, makes the proxy server clean up iptables rules, then exit.
CleanupAndExit bool

And then the flag registered directly into that field:

// AddFlags adds flags to fs and binds them to options.
func (o *Options) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&o.ConfigFile, "config", o.ConfigFile, "The path to the configuration file.")
fs.StringVar(&o.WriteConfigTo, "write-config-to", o.WriteConfigTo, "If set, write the default configuration values to this file and exit.")
fs.BoolVar(&o.CleanupAndExit, "cleanup-iptables", o.CleanupAndExit, "If true cleanup iptables and ipvs rules and exit.")

But I realize this is OS specific and it doesn't make sense to add it to kube-proxy's Options struct, so it's probably ok like this.

FWIW, I wouldn't prefix the package variable's name with fl. I'd probably call it runAsWIndowsServer or something to that effect instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. I changed the variable name into WindowsService to be consistent with Kubelet as @mtaufen requested.

)

var (
FlRunService bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a subfield of the KubeletFlags struct in options/options.go. Leave a comment above the field noting that its corresponding flag only gets registered in Windows builds.

Let's also rename it to WindowsService here and in kube-proxy so it matches the flag name.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

)

// AddOSFlags adds specific OS flags
func AddOSFlags(fs *pflag.FlagSet) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modify this as follows when you move the destination value into KubeletFlags, so we're consistent with KubeletFlags.AddFlags:

func (f *KubeletFlags) addOSFlags(fs *pflag.FlagSet) {
  fs.BoolVar(&f.WindowsService, "windows-service", f.WindowsService, "Enable Windows Service Control Manager API integration")
}

and now call it at the beginning of KubeletFlags.AddFlags instead of in cmd/kubelet/app/server.go (I made KubeletFlags.addOSFlags private, since there shouldn't be a reason to call this separately from KubeletFlags.AddFlags).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -238,6 +238,7 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
kubeletFlags.AddFlags(cleanFlagSet)
options.AddKubeletConfigFlags(cleanFlagSet, kubeletConfig)
options.AddGlobalFlags(cleanFlagSet)
options.AddOSFlags(cleanFlagSet)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

merge with kubeletFlags.AddFlags, per above comment

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

serviceName = "kubelet"
)

func initForOS() error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When you remove the global FlRunService var in favor of KubeletFlags.WindowsService, you'll have to pass it in as an arg here, e.g. func initForOS(windowsService bool) error.

I know that's not as pretty a function signature, but it's better than global state floating around and keeps things consistent with the other flags.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Copy link
Contributor

@mtaufen mtaufen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit, and also want @ncdc to give a final thumbs-up on the kube-proxy stuff, otherwise LGTM.

@@ -100,6 +100,9 @@ type Options struct {
CleanupAndExit bool
// CleanupIPVS, when true, makes the proxy server clean up ipvs rules before running.
CleanupIPVS bool
// WindowsService should be set to true if kubelet is running as a service on Windows.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/kubelet/kube-proxy

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

alinbalutoiu and others added 2 commits March 7, 2018 00:51
This patch adds support for kubernetes to integrate
with Windows SCM.

As a first step both `kubelet` and `kube-proxy` can be registered as a service.

To create the service:
PS > sc.exe create <component_name> binPath= "<path_to_binary> --service <other_args>"
CMD > sc create <component_name> binPath= "<path_to_binary> --service <other_args>"

Please note that if the arguments contain spaces, it must be escaped.
Example:
PS > sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>"
CMD > sc create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>"

Example to start the service:
PS > Start-Service kubelet; Start-Service kube-proxy
CMD > net start kubelet && net start kube-proxy

Example to stop the service:
PS > Stop-Service kubelet (-Force); Stop-Service kube-proxy (-Force)
CMD > net stop kubelet && net stop kube-proxy

Example to query the service:
PS > Get-Service kubelet; Get-Service kube-proxy;
CMD > sc.exe queryex kubelet && sc qc kubelet && sc.exe queryex kube-proxy && sc.exe qc kube-proxy

Signed-off-by: Alin Balutoiu <abalutoiu@cloudbasesolutions.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Co-authored-by: Alin Gabriel Serdean <aserdean@ovn.org>
This is needed for service manager support on Windows
in kubernetes binaries.
@alinbalutoiu
Copy link
Contributor Author

/test pull-kubernetes-kubemark-e2e-gce

2 similar comments
@alinbalutoiu
Copy link
Contributor Author

/test pull-kubernetes-kubemark-e2e-gce

@alinbalutoiu
Copy link
Contributor Author

/test pull-kubernetes-kubemark-e2e-gce

@mtaufen
Copy link
Contributor

mtaufen commented Mar 7, 2018

I pinged @ncdc last night on Slack, and he was cool with the kube-proxy side.
Kubelet side LGTM.
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 7, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alinbalutoiu, aserdean, michmike, mtaufen, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process

@alinbalutoiu @michmike @mtaufen @thockin

Pull Request Labels
  • sig/windows: Pull Request will be escalated to these SIGs if needed.
  • priority/important-soon: Escalate to the pull request owners and SIG owner; move out of milestone after several unsuccessful escalation attempts.
  • kind/feature: New functionality.
Help

@k8s-github-robot
Copy link

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/windows Categorizes an issue or PR as relevant to SIG Windows. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Can't run Kubelet as a service on Windows