in pkg/api/defaults-cloud-controller-manager.go [13:215]
func (cs *ContainerService) setCloudControllerManagerConfig() {
o := cs.Properties.OrchestratorProfile
isAzureCNIDualStack := cs.Properties.IsAzureCNIDualStack()
clusterCidr := o.KubernetesConfig.ClusterSubnet
if isAzureCNIDualStack {
clusterSubnets := strings.Split(clusterCidr, ",")
if len(clusterSubnets) > 1 {
clusterCidr = clusterSubnets[1]
}
}
staticCloudControllerManagerConfig := map[string]string{
"--allocate-node-cidrs": strconv.FormatBool(!o.IsAzureCNI() || isAzureCNIDualStack),
"--configure-cloud-routes": strconv.FormatBool(cs.Properties.RequireRouteTable()),
"--cloud-provider": "azure",
"--cloud-config": "/etc/kubernetes/azure.json",
"--cluster-cidr": clusterCidr,
"--kubeconfig": "/var/lib/kubelet/kubeconfig",
"--leader-elect": "true",
"--route-reconciliation-period": "10s",
"--v": "2",
}
// Disable cloud-node controller
staticCloudControllerManagerConfig["--controllers"] = "*,-cloud-node"
// Set --cluster-name based on appropriate DNS prefix
if cs.Properties.MasterProfile != nil {
staticCloudControllerManagerConfig["--cluster-name"] = cs.Properties.MasterProfile.DNSPrefix
}
// Default cloud-controller-manager config
defaultCloudControllerManagerConfig := map[string]string{
"--route-reconciliation-period": DefaultKubernetesCtrlMgrRouteReconciliationPeriod,
}
// If no user-configurable cloud-controller-manager config values exists, use the defaults
if o.KubernetesConfig.CloudControllerManagerConfig == nil {
o.KubernetesConfig.CloudControllerManagerConfig = defaultCloudControllerManagerConfig
} else {
for key, val := range defaultCloudControllerManagerConfig {
// If we don't have a user-configurable cloud-controller-manager config for each option
if _, ok := o.KubernetesConfig.CloudControllerManagerConfig[key]; !ok {
// then assign the default value
o.KubernetesConfig.CloudControllerManagerConfig[key] = val
}
}
}
// We don't support user-configurable values for the following,
// so any of the value assignments below will override user-provided values
for key, val := range staticCloudControllerManagerConfig {
o.KubernetesConfig.CloudControllerManagerConfig[key] = val
}
invalidFeatureGates := []string{}
// Remove --feature-gate VolumeSnapshotDataSource starting with 1.22
if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.22.0-alpha.1") {
invalidFeatureGates = append(invalidFeatureGates, "VolumeSnapshotDataSource")
}
if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.27.0") {
// Remove --feature-gate ControllerManagerLeaderMigration starting with 1.27
// Reference: https://github.com/kubernetes/kubernetes/pull/113534
invalidFeatureGates = append(invalidFeatureGates, "ControllerManagerLeaderMigration")
// Remove --feature-gate ExpandCSIVolumes, ExpandInUsePersistentVolumes, ExpandPersistentVolumes starting with 1.27
// Reference: https://github.com/kubernetes/kubernetes/pull/113942
invalidFeatureGates = append(invalidFeatureGates, "ExpandCSIVolumes", "ExpandInUsePersistentVolumes", "ExpandPersistentVolumes")
// Remove --feature-gate CSIInlineVolume, CSIMigration, CSIMigrationAzureDisk, DaemonSetUpdateSurge, EphemeralContainers, IdentifyPodOS, LocalStorageCapacityIsolation, NetworkPolicyEndPort, StatefulSetMinReadySeconds starting with 1.27
// Reference: https://github.com/kubernetes/kubernetes/pull/114410
invalidFeatureGates = append(invalidFeatureGates, "CSIInlineVolume", "CSIMigration", "CSIMigrationAzureDisk", "DaemonSetUpdateSurge", "EphemeralContainers", "IdentifyPodOS", "LocalStorageCapacityIsolation", "NetworkPolicyEndPort", "StatefulSetMinReadySeconds")
}
if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.28.0") {
// Remove --feature-gate AdvancedAuditing starting with 1.28
invalidFeatureGates = append(invalidFeatureGates, "AdvancedAuditing", "DisableAcceleratorUsageMetrics", "DryRun", "PodSecurity")
invalidFeatureGates = append(invalidFeatureGates, "NetworkPolicyStatus", "PodHasNetworkCondition", "UserNamespacesStatelessPodsSupport")
// Remove --feature-gate CSIMigrationGCE starting with 1.28
// Reference: https://github.com/kubernetes/kubernetes/pull/117055
invalidFeatureGates = append(invalidFeatureGates, "CSIMigrationGCE")
// Remove --feature-gate CSIStorageCapacity starting with 1.28
// Reference: https://github.com/kubernetes/kubernetes/pull/118018
invalidFeatureGates = append(invalidFeatureGates, "CSIStorageCapacity")
// Remove --feature-gate DelegateFSGroupToCSIDriver starting with 1.28
// Reference: https://github.com/kubernetes/kubernetes/pull/117655
invalidFeatureGates = append(invalidFeatureGates, "DelegateFSGroupToCSIDriver")
// Remove --feature-gate DevicePlugins starting with 1.28
// Reference: https://github.com/kubernetes/kubernetes/pull/117656
invalidFeatureGates = append(invalidFeatureGates, "DevicePlugins")
// Remove --feature-gate KubeletCredentialProviders starting with 1.28
// Reference: https://github.com/kubernetes/kubernetes/pull/116901
invalidFeatureGates = append(invalidFeatureGates, "KubeletCredentialProviders")
// Remove --feature-gate MixedProtocolLBService, ServiceInternalTrafficPolicy, ServiceIPStaticSubrange, EndpointSliceTerminatingCondition starting with 1.28
// Reference: https://github.com/kubernetes/kubernetes/pull/117237
invalidFeatureGates = append(invalidFeatureGates, "MixedProtocolLBService", "ServiceInternalTrafficPolicy", "ServiceIPStaticSubrange", "EndpointSliceTerminatingCondition")
// Remove --feature-gate WindowsHostProcessContainers starting with 1.28
// Reference: https://github.com/kubernetes/kubernetes/pull/117570
invalidFeatureGates = append(invalidFeatureGates, "WindowsHostProcessContainers")
}
if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.29.0") {
// Remove --feature-gate CSIMigrationvSphere starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/121291
invalidFeatureGates = append(invalidFeatureGates, "CSIMigrationvSphere")
// Remove --feature-gate ProbeTerminationGracePeriod starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/121257
invalidFeatureGates = append(invalidFeatureGates, "ProbeTerminationGracePeriod")
// Remove --feature-gate JobTrackingWithFinalizers starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/119100
invalidFeatureGates = append(invalidFeatureGates, "JobTrackingWithFinalizers")
// Remove --feature-gate TopologyManager starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/121252
invalidFeatureGates = append(invalidFeatureGates, "TopologyManager")
// Remove --feature-gate OpenAPIV3 starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/121255
invalidFeatureGates = append(invalidFeatureGates, "OpenAPIV3")
// Remove --feature-gate SeccompDefault starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/121246
invalidFeatureGates = append(invalidFeatureGates, "SeccompDefault")
// Remove --feature-gate CronJobTimeZone, JobMutableNodeSchedulingDirectives, LegacyServiceAccountTokenNoAutoGeneration starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/120192
invalidFeatureGates = append(invalidFeatureGates, "CronJobTimeZone", "JobMutableNodeSchedulingDirectives", "LegacyServiceAccountTokenNoAutoGeneration")
// Remove --feature-gate DownwardAPIHugePages starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/120249
invalidFeatureGates = append(invalidFeatureGates, "DownwardAPIHugePages")
// Remove --feature-gate GRPCContainerProbe starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/120248
invalidFeatureGates = append(invalidFeatureGates, "GRPCContainerProbe")
// Remove --feature-gate RetroactiveDefaultStorageClass starting with 1.29
// Reference: https://github.com/kubernetes/kubernetes/pull/120861
invalidFeatureGates = append(invalidFeatureGates, "RetroactiveDefaultStorageClass")
}
if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.30.0") {
// Remove --feature-gate KubeletPodResources starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122139
invalidFeatureGates = append(invalidFeatureGates, "KubeletPodResources")
// Remove --feature-gate KubeletPodResourcesGetAllocatable starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122138
invalidFeatureGates = append(invalidFeatureGates, "KubeletPodResourcesGetAllocatable")
// Remove --feature-gate LegacyServiceAccountTokenTracking starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122409
invalidFeatureGates = append(invalidFeatureGates, "LegacyServiceAccountTokenTracking")
// Remove --feature-gate MinimizeIPTablesRestore starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122136
invalidFeatureGates = append(invalidFeatureGates, "MinimizeIPTablesRestore")
// Remove --feature-gate ProxyTerminatingEndpoints starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122134
invalidFeatureGates = append(invalidFeatureGates, "ProxyTerminatingEndpoints")
// Remove --feature-gate RemoveSelfLink starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122468
invalidFeatureGates = append(invalidFeatureGates, "RemoveSelfLink")
// Remove --feature-gate SecurityContextDeny starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122612
invalidFeatureGates = append(invalidFeatureGates, "SecurityContextDeny")
// Remove --feature-gate APISelfSubjectReview starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122032
invalidFeatureGates = append(invalidFeatureGates, "APISelfSubjectReview")
// Remove --feature-gate CSIMigrationAzureFile starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122576
invalidFeatureGates = append(invalidFeatureGates, "CSIMigrationAzureFile")
// Remove --feature-gate ExpandedDNSConfig starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122086
invalidFeatureGates = append(invalidFeatureGates, "ExpandedDNSConfig")
// Remove --feature-gate ExperimentalHostUserNamespaceDefaulting starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122088
invalidFeatureGates = append(invalidFeatureGates, "ExperimentalHostUserNamespaceDefaulting")
// Remove --feature-gate IPTablesOwnershipCleanup starting with 1.30
// Reference: https://github.com/kubernetes/kubernetes/pull/122137
invalidFeatureGates = append(invalidFeatureGates, "IPTablesOwnershipCleanup")
}
removeInvalidFeatureGates(o.KubernetesConfig.CloudControllerManagerConfig, invalidFeatureGates)
// TODO add RBAC support
/*if *o.KubernetesConfig.EnableRbac {
o.KubernetesConfig.CloudControllerManagerConfig["--use-service-account-credentials"] = "true"
}*/
}