Add support for binaries to run as Windows services #60144
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
requested review from
cblecker,
dchen1107,
pmorie and
smarterclayton
|
Acked-by: Alin Gabriel Serdean [email protected] |
|
/sig windows |
k8s-ci-robot
added
the
sig/windows
|
@jstarks or @jhowardmsft can you take a look since you implemented something similar for dockerd? |
pkg/util/service/service_windows.go
Outdated
| } | ||
| t := []scAction{ | ||
| {Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)}, | ||
| {Type: scActionRestart, Delay: uint32(60 * time.Second / time.Millisecond)}, |
There was a problem hiding this comment.
I think it would be better to bump this up an order of magnitude from 1 to 10 minutes for second retry. I think that would be better for dealing with the case where a dependent service like dockerd.exe isn't running yet.
For others reviewing - here's the Windows SDK doc on how restart actions work:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms685939(v=vs.85).aspx
As written, it will retry after one minute, again after 1 more minute, then wait 24 hours before trying again
There was a problem hiding this comment.
Sure we can change it. I wouldn't go for a hard dependency on dockerd.exe since kubelet will be used using a different CRI in the future.
To be honest this is a default value for service creation. The hardcoded values can substitute for a default value, but I would rather add documentation on how to config the service as a sysadmin (i.e. changing start type, adding triggers, modifying restart actions as people pleases). Do you know where we can add such a documentation?
There was a problem hiding this comment.
Changed the second timeout from 1 minute to 10 minutes.
|
I added a short comment. Thanks for submitting this and getting restart actions included! |
There was a problem hiding this comment.
These code changes look good to me. I also built the bins and verified I was able to register/unregister kube-proxy & kubelet services, as well as do a kubeadm join after setting up the kubelet service (passes kubeadm pre-flight check validating kubelet is setup as a service)
|
@alinbalutoiu You've added files to vendor without going through the correct process. As such, this will fail CI. |
|
@cblecker thanks for pointing that out. Done. |
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
|
/approve |
k8s-ci-robot
added
the
lgtm
|
/assign @thockin |
|
@alinbalutoiu please also add the status/approved-for-milestone label |
k8s-github-robot
removed
the
lgtm
|
Fixed the boilerplate header for |
|
/priority important-soon |
k8s-ci-robot
added
the
priority/important-soon
|
Alright - think labels are fixed. Just need final review closed from @mtaufen I hope? |
cmd/kube-proxy/app/init_windows.go
Outdated
| ) | ||
|
|
||
| var ( | ||
| flRunService bool |
There was a problem hiding this comment.
@ncdc this global state look good? Or does kube-proxy prefer something akin to KubeletFlags?
There was a problem hiding this comment.
I had put everything into the Options struct, such as CleanupAndExit:
kubernetes/cmd/kube-proxy/app/server.go
Lines 93 to 100 in 86ca3af
And then the flag registered directly into that field:
kubernetes/cmd/kube-proxy/app/server.go
Lines 120 to 124 in 86ca3af
But I realize this is OS specific and it doesn't make sense to add it to kube-proxy's Options struct, so it's probably ok like this.
FWIW, I wouldn't prefix the package variable's name with fl. I'd probably call it runAsWIndowsServer or something to that effect instead.
There was a problem hiding this comment.
Done. I changed the variable name into WindowsService to be consistent with Kubelet as @mtaufen requested.
| ) | ||
|
|
||
| var ( | ||
| FlRunService bool |
There was a problem hiding this comment.
This should be a subfield of the KubeletFlags struct in options/options.go. Leave a comment above the field noting that its corresponding flag only gets registered in Windows builds.
Let's also rename it to WindowsService here and in kube-proxy so it matches the flag name.
| ) | ||
|
|
||
| // AddOSFlags adds specific OS flags | ||
| func AddOSFlags(fs *pflag.FlagSet) { |
There was a problem hiding this comment.
Modify this as follows when you move the destination value into KubeletFlags, so we're consistent with KubeletFlags.AddFlags:
func (f *KubeletFlags) addOSFlags(fs *pflag.FlagSet) {
fs.BoolVar(&f.WindowsService, "windows-service", f.WindowsService, "Enable Windows Service Control Manager API integration")
}
and now call it at the beginning of KubeletFlags.AddFlags instead of in cmd/kubelet/app/server.go (I made KubeletFlags.addOSFlags private, since there shouldn't be a reason to call this separately from KubeletFlags.AddFlags).
cmd/kubelet/app/server.go
Outdated
| @@ -238,6 +238,7 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API | |||
| kubeletFlags.AddFlags(cleanFlagSet) | |||
| options.AddKubeletConfigFlags(cleanFlagSet, kubeletConfig) | |||
| options.AddGlobalFlags(cleanFlagSet) | |||
| options.AddOSFlags(cleanFlagSet) | |||
There was a problem hiding this comment.
merge with kubeletFlags.AddFlags, per above comment
cmd/kubelet/app/init_windows.go
Outdated
| serviceName = "kubelet" | ||
| ) | ||
|
|
||
| func initForOS() error { |
There was a problem hiding this comment.
When you remove the global FlRunService var in favor of KubeletFlags.WindowsService, you'll have to pass it in as an arg here, e.g. func initForOS(windowsService bool) error.
I know that's not as pretty a function signature, but it's better than global state floating around and keeps things consistent with the other flags.
cmd/kube-proxy/app/server.go
Outdated
| @@ -100,6 +100,9 @@ type Options struct { | |||
| CleanupAndExit bool | |||
| // CleanupIPVS, when true, makes the proxy server clean up ipvs rules before running. | |||
| CleanupIPVS bool | |||
| // WindowsService should be set to true if kubelet is running as a service on Windows. | |||
This patch adds support for kubernetes to integrate with Windows SCM. As a first step both `kubelet` and `kube-proxy` can be registered as a service. To create the service: PS > sc.exe create <component_name> binPath= "<path_to_binary> --service <other_args>" CMD > sc create <component_name> binPath= "<path_to_binary> --service <other_args>" Please note that if the arguments contain spaces, it must be escaped. Example: PS > sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>" CMD > sc create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>" Example to start the service: PS > Start-Service kubelet; Start-Service kube-proxy CMD > net start kubelet && net start kube-proxy Example to stop the service: PS > Stop-Service kubelet (-Force); Stop-Service kube-proxy (-Force) CMD > net stop kubelet && net stop kube-proxy Example to query the service: PS > Get-Service kubelet; Get-Service kube-proxy; CMD > sc.exe queryex kubelet && sc qc kubelet && sc.exe queryex kube-proxy && sc.exe qc kube-proxy Signed-off-by: Alin Balutoiu <[email protected]> Signed-off-by: Alin Gabriel Serdean <[email protected]> Co-authored-by: Alin Gabriel Serdean <[email protected]>
This is needed for service manager support on Windows in kubernetes binaries.
|
/test pull-kubernetes-kubemark-e2e-gce |
2 similar comments
|
/test pull-kubernetes-kubemark-e2e-gce |
|
/test pull-kubernetes-kubemark-e2e-gce |
|
I pinged @ncdc last night on Slack, and he was cool with the kube-proxy side. |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alinbalutoiu, aserdean, michmike, mtaufen, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process @alinbalutoiu @michmike @mtaufen @thockin Pull Request Labels
|
|
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
Add support for binaries to run as Windows services
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #59562
Special notes for your reviewer:
Release note: