KubeletVersionCheck now able to detect if kubelet version
is higher than control plane. As this might lead to malfunctional
cluster setups, kubeadm will give warning.
Fixes: kubernetes/kubeadm#496
Refactor the kube-scheduler configuration API, command setup, and server
setup according to the guidelines established in #32215 and using the
kube-proxy refactor (#34727) as a model of a well factored component
adhering to said guidelines.
* Config API: clarify meaning and use of algorithm source by replacing
modality derived from bools and string emptiness checks with an explicit
AlgorithmSource type hierarchy.
* Config API: consolidate client connection config with common structs.
* Config API: split and simplify healthz/metrics server configuration.
* Config API: clarify leader election configuration.
* Config API: improve defaulting.
* CLI: deprecate all flags except `--config`.
* CLI: port all flags to new config API.
* CLI: refactor to match kube-proxy Cobra command style.
* Server: refactor away configurator.go to clarify application wiring.
* Server: refactor to more clearly separate wiring/setup from running.
Fixes#52428.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Warn user if Pod/Service networks will be accessed via proxy.
**What this PR does / why we need it**:
In environments where HTTP proxies are used, it is important
to whitelist Pod and Services network ranges in the NO_PROXY
variable, so cluster will be properly operational.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
- kubeadm will warn users if access to IP ranges for Pods or Services will be done via HTTP proxy.
```
With this change, Kubeadm will check that
/proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in
preflight when using IPv6. This is similar to how it currenltly checks for
bridge-nf-call-iptables.
In environments where HTTP proxies are used, it is important
to whitelist Pod and Services network ranges in the NO_PROXY
variable, so cluster will be properly operational.
Automatic merge from submit-queue (batch tested with PRs 53776, 53786, 53352, 51567). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm: Add some validation for external etcd config
**What this PR does / why we need it**:
This PR add file existing check for etcd cert files.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes https://github.com/kubernetes/kubeadm/issues/342
**Special notes for your reviewer**:
Unlike issue https://github.com/kubernetes/kubeadm/issues/342 said, we already have etcd version check which include extensive validation including file format etc. This PR simply added some file existing check upfront for being more user friendly.
**Release note**:
```release-note
NONE
```
Recent versions of kubelet require special flags if runned
on the system with enabled swap. Thus, remind user about either
disabling swap or add appropriate flag to kubelet settings
Automatic merge from submit-queue (batch tested with PRs 49019, 48919, 49040, 49018, 48874)
kubeadm: Remove the old KubernetesDir envparam
**What this PR does / why we need it**:
The last piece of https://github.com/kubernetes/kubernetes/issues/48053 for moving the env params into the API, and the KubernetesDir into a constant.
After this pretty mechanical change, we might offer short-hand functions in constants like `GetStaticPodManifestDir()` etc easily in order to centralize the `filepath.Join` logic into one place.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes https://github.com/kubernetes/kubeadm/issues/326
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc @kubernetes/sig-cluster-lifecycle-pr-reviews @fabriziopandini
Automatic merge from submit-queue
kubeadm: Remove some old comments
**What this PR does / why we need it**:
Removes old and outdated comments.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@dmmcquay
Allow to specify a node-name instead of relaying in `os.Hostname()`
This is useful where kubelet use the name given by the cloud-provider to
register the node.
Partially fix: kubernetes/kubeadm#64
Automatic merge from submit-queue (batch tested with PRs 48196, 42783, 48507, 47719, 46138)
add extra args validate
`ExtraArgsCheck` return warnings not errors. because kubeadm may create the newer version control plane, there are new arguments that kubeadm doesn't know.
Automatic merge from submit-queue
Allow configurable etcd options
**What this PR does / why we need it**:
Allows users to set the `--listen-client-urls` and `--advertise-client-urls` flags on etcd binaries for clusters set up with kubeadm.
**Which issue this PR fixes**:
As far as I can tell right now, other nodes in a cluster set up with kubeadm cannot communicate with the etcd static pod running on the master. This is needed in order to set up calico/canal SDN which needs access to a publicly addressable IPv4 _before_ the overlay network and inter-cluster subnet is created.
Addresses https://github.com/kubernetes/features/issues/138 and https://github.com/kubernetes/features/issues/11.
**Release note**:
```release-note
Users can now specify listen and advertise URLs for etcd in a kubeadm cluster
```
Automatic merge from submit-queue (batch tested with PRs 42762, 42739, 42425, 42778)
kubeadm: update docker version for CE and EE
**What this PR does / why we need it**: Update regex for docker version to also capture new CE and EE versions.
**Which issue this PR fixes**: fixes #https://github.com/kubernetes/kubeadm/issues/189
**Special notes for your reviewer**: /cc @jbeda @luxas
**Release note**:
```release-note
NONE
```
This change allows validators to pass warnings as well as errors. This
was needed because of how support for docker 1.13+ and the new EE and CE
versions is currently being handled.
Automatic merge from submit-queue (batch tested with PRs 41954, 40528, 41875, 41165, 41877)
preflight check external etcd version when kubeadm init
**What this PR does / why we need it**:
1. preflight check if verson of external etcd server meets the demand of kubeadm, currently requires >= 3.0.14
2. support mixed http endpoints and https endpoints
**Which issue this PR fixes** : fixes https://github.com/kubernetes/kubeadm/issues/174
**Special notes for your reviewer**:
i have tested against single endpoint including http etcd server , https etcd server, but multiple endpoints not tested yet. i'll do it tomorrow
Automatic merge from submit-queue (batch tested with PRs 41466, 41456, 41550, 41238, 41416)
add check to authorization config
Prompt user to create the config when using abac/webhook.
Automatic merge from submit-queue (batch tested with PRs 41223, 40892, 41220, 41207, 41242)
kubeadm: preflight should only warn about unresolvable hostnames
**What this PR does / why we need it**:
This is quite often the case on AWS, and we really don't care if
the hostname is resolvable or not. It's not an easy requirement
to ask user to fix, and there is no functional penalty at the
Kubernetes level, also it's possible that users fixes their host
resolution eventually, we don't have to make them do so.
**Special notes for your reviewer**: @dmmcquay @luxas PTAL 👍
**Release note**:
```release-note
NONE
```
