Add OpenShift's recycler templates to Kubernetes controller config

When user did not specify any recycler template files, create OpenShift one and
let Kubernetes use it.

The template file is created in /tmp and is deleted after controller
initialization (which is safe).

pkg/cmd/server/kubernetes/master/master_config.go

@@ -2,11 +2,13 @@ package master
 
 import (
 	"crypto/tls"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@@ -43,6 +45,7 @@ import (
 	kapiserveroptions "k8s.io/kubernetes/cmd/kube-apiserver/app/options"
 	cmapp "k8s.io/kubernetes/cmd/kube-controller-manager/app/options"
 	kapi "k8s.io/kubernetes/pkg/api"
+	kapiv1 "k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/pkg/apis/apps"
 	"k8s.io/kubernetes/pkg/apis/autoscaling"
 	"k8s.io/kubernetes/pkg/apis/batch"
@@ -57,15 +60,18 @@ import (
 	endpointsstorage "k8s.io/kubernetes/pkg/registry/core/endpoint/storage"
 	rbacrest "k8s.io/kubernetes/pkg/registry/rbac/rest"
 	kversion "k8s.io/kubernetes/pkg/version"
+	"k8s.io/kubernetes/pkg/volume"
 
 	"github.com/openshift/origin/pkg/api"
 	"github.com/openshift/origin/pkg/authorization/authorizer/scope"
 	"github.com/openshift/origin/pkg/cmd/flagtypes"
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
+	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 	"github.com/openshift/origin/pkg/cmd/server/cm"
 	"github.com/openshift/origin/pkg/cmd/server/crypto"
 	"github.com/openshift/origin/pkg/cmd/server/election"
 	cmdflags "github.com/openshift/origin/pkg/cmd/util/flags"
+	"github.com/openshift/origin/pkg/cmd/util/variable"
 	oauthutil "github.com/openshift/origin/pkg/oauth/util"
 	openapigenerated "github.com/openshift/origin/pkg/openapi"
 	securityapi "github.com/openshift/origin/pkg/security/apis/security"
@@ -369,6 +375,60 @@ func BuildControllerManagerServer(masterConfig configapi.MasterConfig) (*cmapp.C
 	return cmserver, cloud, nil
 }
 
+// AddRecyclerTemplates creates a file with default recycled pod template and
+// adds it into PersistentVolumeRecyclerConfiguration if it is not set. It
+// returns name of the template file that should be deleted after controllers
+// start.
+func AddRecyclerTemplates(masterConfig configapi.MasterConfig, cmserver *cmapp.CMServer) (string, error) {
+	if cmserver.VolumeConfiguration.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathHostPath != "" && cmserver.VolumeConfiguration.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathNFS != "" {
+		// Both templates are set by user config, there is nothing to configure.
+		return "", nil
+	}
+
+	// At least one template is needed, fill it
+	imageTemplate := variable.NewDefaultImageTemplate()
+	imageTemplate.Format = masterConfig.ImageConfig.Format
+	imageTemplate.Latest = masterConfig.ImageConfig.Latest
+	uid := int64(0)
+
+	template := volume.NewPersistentVolumeRecyclerPodTemplate()
+	template.Namespace = "openshift-infra"
+	template.Spec.ServiceAccountName = bootstrappolicy.InfraPersistentVolumeRecyclerControllerServiceAccountName
+	template.Spec.Containers[0].Image = imageTemplate.ExpandOrDie("recycler")
+	template.Spec.Containers[0].Command = []string{"/usr/bin/openshift-recycle"}
+	template.Spec.Containers[0].Args = []string{"/scrub"}
+	template.Spec.Containers[0].SecurityContext = &kapiv1.SecurityContext{RunAsUser: &uid}
+	template.Spec.Containers[0].ImagePullPolicy = kapiv1.PullIfNotPresent
+
+	templateBytes, err := json.Marshal(template)
+	if err != nil {
+		return "", err
+	}
+
+	f, err := ioutil.TempFile("", "openshift-recycler-template-")
+	if err != nil {
+		return "", err
+	}
+	filename := f.Name()
+
+	_, err = f.Write(templateBytes)
+	if err != nil {
+		f.Close()
+		os.Remove(filename)
+		return "", err
+	}
+	f.Close()
+
+	if cmserver.VolumeConfiguration.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathHostPath == "" {
+		cmserver.VolumeConfiguration.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathHostPath = filename
+	}
+	if cmserver.VolumeConfiguration.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathNFS == "" {
+		cmserver.VolumeConfiguration.PersistentVolumeRecyclerConfiguration.PodTemplateFilePathNFS = filename
+	}
+	glog.V(4).Infof("Using %q as recycler template", filename)
+	return filename, nil
+}
+
 func buildProxyClientCerts(masterConfig configapi.MasterConfig) ([]tls.Certificate, error) {
 	var proxyClientCerts []tls.Certificate
 	if len(masterConfig.KubernetesMasterConfig.ProxyClientInfo.CertFile) > 0 {

pkg/cmd/server/start/start_master.go

@@ -35,7 +35,6 @@ import (
 	kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 	kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"
 	"k8s.io/kubernetes/pkg/master"
-	"k8s.io/kubernetes/pkg/volume"
 	kutilerrors "k8s.io/kubernetes/staging/src/k8s.io/apimachinery/pkg/util/errors"
 
 	assetapiserver "github.com/openshift/origin/pkg/assets/apiserver"
@@ -410,7 +409,6 @@ func (m *Master) Start() error {
 		imageTemplate := variable.NewDefaultImageTemplate()
 		imageTemplate.Format = m.config.ImageConfig.Format
 		imageTemplate.Latest = m.config.ImageConfig.Latest
-		volume.NewPersistentVolumeRecyclerPodTemplate = newPersistentVolumeRecyclerPodTemplate(imageTemplate.ExpandOrDie("recycler"))
 
 		if !m.api {
 			// you can't double run healthz, so only do this next bit if we aren't starting the API
@@ -478,6 +476,25 @@ func (m *Master) Start() error {
 			// continuously run the scheduler while we have the primary lease
 			go runEmbeddedScheduler(m.config.MasterClients.OpenShiftLoopbackKubeConfig, m.config.KubernetesMasterConfig.SchedulerConfigFile, m.config.KubernetesMasterConfig.SchedulerArguments)
 
+			// OpenShift uses a different default volume recycler template than
+			// Kubernetes. This default template is hardcoded in Kubernetes and
+			// it isn't possible to pass it via ControllerContext. Crate a
+			// temporary file with OpenShift's template and let's pretend it was
+			// set by user as --recycler-pod-template-filepath-hostpath and
+			// --pv-recycler-pod-template-filepath-nfs arguments.
+			recyclerPodTemplatePath, err := kubernetes.AddRecyclerTemplates(*m.config, kubeControllerManagerConfig)
+			if err != nil {
+				glog.Fatal(err)
+			}
+			if recyclerPodTemplatePath != "" {
+				defer func() {
+					// Recycler template is loaded synchronously in startControllers
+					// and can be safely deleted when the function finishes.
+					glog.V(4).Infof("Deleting recycler template %s", recyclerPodTemplatePath)
+					os.Remove(recyclerPodTemplatePath)
+				}()
+			}
+
 			controllerContext, err := getControllerContext(*m.config, kubeControllerManagerConfig, cloudProvider, informers, utilwait.NeverStop)
 			if err != nil {
 				glog.Fatal(err)