The defaultservicecidr controller runs as an apiserver PostStartHook
hence can not block the startup.
The logic of the controller was copied from the common boilerplate and
was assuming the controller blocked on start, hence defering the
shutdown of the eventbroadcaster.
Only shutdown the eventbroadcaster when the context is done.
Change-Id: I70426d5550afe3b12ab5ea68746238dd96f7db52
This change modifies the validation logic for ServiceCIDR updates
(`ValidateServiceCIDRUpdate`) to specifically permit upgrading a
single-stack ServiceCIDR (either IPv4 or IPv6) to a dual-stack
configuration.
This reconfiguration path is considered safe because it only involves adding
a new CIDR range without altering the existing primary CIDR. This
ensures that existing Service IP allocations are not disrupted.
Other modifications, such as:
- Downgrading from dual-stack to single-stack
- Reordering CIDRs in a dual-stack configuration
- Changing the primary CIDR during a single-to-dual-stack
reconfiguration
remain disallowed by the validation. These operations carry a higher
risk of breaking existing Services or cluster networking
configurations. Preventing these updates automatically encourages
administrators to perform such changes manually after carefully
assessing the potential impact on their specific cluster environment.
The validation errors and controller logs provide guidance when such
disallowed changes are attempted.
Change-Id: I41dc09dfddb05f277925da2262f8114d6accbd1d
If kube-apiservers run at a different version (during upgrades) and
each has different opinion on what the `extension-apiserver-authentication`
config map should look like, they would start dueling with config map
writes.
This commit removes handling of the update events of the target CM
in order to reduce the amount of such dueling to once a minute, as
the controller is guaranteed to run at least once a minute anyway.
The idea is that a cluster state with two different versions of
kube-apiserver should never be permanent, and so a reduced amount of
dueling for that period is tolerable.
