The Addon-manager is a service running on the Kubernetes cluster's Master nodes designed to manage various Add-ons. It maintains all the extensions present in the $ADDON_PATH (which defaults to /etc/kubernetes/addons/) to ensure they always operate in the desired state.
Addon-manager supports two types of labels:
For extensions tagged with addonmanager.kubernetes.io/mode=Reconcile, modifications through the API are not allowed. This means that:
Any changes made through the API will automatically revert to the configuration in /etc/kubernetes/addons/.
If an extension is deleted via the API, it will be automatically recreated from the configuration in /etc/kubernetes/addons/.
Removing configuration from /etc/kubernetes/addons/ will also delete the corresponding Kubernetes resources.
Essentially, modifications can only be made by adjusting the configuration in /etc/kubernetes/addons/.
For extensions with the addonmanager.kubernetes.io/mode=EnsureExists label, there's only a check to ensure the existence of the extension without checking for configuration changes. In effect:
The configuration can be modified via the API without it being automatically reverted.
If an extension is deleted via the API, it will be automatically recreated from the configuration in /etc/kubernetes/addons/.
However, if the configuration is removed from /etc/kubernetes/addons/, the Kubernetes resources will not be deleted.
Deployment Method
Save the following YAML into the /etc/kubernetes/manifests/kube-addon-manager.yaml file on all Master nodes:
apiVersion:v1kind:Podmetadata:name:kube-addon-managernamespace:kube-systemannotations:scheduler.alpha.kubernetes.io/critical-pod:''seccomp.security.alpha.kubernetes.io/pod:'docker/default'labels:component:kube-addon-managerspec:hostNetwork:truecontainers:-name:kube-addon-manager # When updating version also bump it in: # - test/kubemark/resources/manifests/kube-addon-manager.yamlimage:k8s.gcr.io/kube-addon-manager:v8.7command:-/bin/bash--c-exec /opt/kube-addons.sh 1>>/var/log/kube-addon-manager.log 2>&1resources:requests:cpu:3mmemory:50MivolumeMounts:-mountPath:/etc/kubernetes/name:addonsreadOnly:true-mountPath:/var/logname:varlogreadOnly:falseenv:-name:KUBECTL_EXTRA_PRUNE_WHITELISTvalue:{{kubectl_extra_prune_whitelist}}volumes:-hostPath:path:/etc/kubernetes/name:addons-hostPath:path:/var/logname:varlog
Meet the Addon-manager, the essential service that diligently works in the background of Kubernetes Master nodes keeping add-ons in check. It's like a digital conductor for the $ADDON_PATH – typically /etc/kubernetes/addons/ – maintaining a seamless operation of all extensions according to the script written for them.
The Addon-manager is adept at handling two kinds of labels that dictate extension behavior:
Extensions marked with addonmanager.kubernetes.io/mode=Reconcile play by strict rules:
Try tweaking them through the API, and like a boomerang, they'll revert to their /etc/kubernetes/addons/ settings.
Delete them, and they magically reappear, thanks to the /etc/kubernetes/addons/ backup band.
However, pull their files from /etc/kubernetes/addons/, and it's curtains down for those Kubernetes resources.
The gist is, backstage configuration edits in /etc/kubernetes/addons/ are the only way to shuffle their act.
Extensions donning the addonmanager.kubernetes.io/mode=EnsureExists label are the free spirits:
API modifications? Go ahead; no strings attached for a rollback.
Vanish through the API, and voilà, they make an encore using the /etc/kubernetes/addons/ script.
But should their part get axed from /etc/kubernetes/addons/, the show goes on without the Kubernetes resources curtain call.
Setting the Stage
To roll out the Addon-manager across the Master nodes' ensemble, simply script the following YAML into the /etc/kubernetes/manifests/kube-addon-manager.yaml of each maestro's station:
