Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set kubeadm version as the default version in phase command.
**What this PR does / why we need it**:
In some phase commands which don't use kubernetes version, set kubeadm version as the kubernetes version to avoid get it from internet.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/756
**Special notes for your reviewer**:
cc @chrisob
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67017, 67190, 67110, 67140, 66873). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm join --control-plane main workflow
**What this PR does / why we need it**:
This PR implements one of the actions defined by https://github.com/kubernetes/kubeadm/issues/751 (checklist form implementing HA in kubeadm).
With this PR, kubeadm implements the `kubeadm join --control-plane`workflow, as described in the [KEP 0015-kubeadm-join-master.md](https://github.com/kubernetes/community/blob/master/keps/sig-cluster-lifecycle/0015-kubeadm-join-master.md) with the exception of the update of the `kubeadm-config` ConfigMap that will be completed in a following PR as soon as the implementation in the config file will allow it.
**Special notes for your reviewer**:
/CC @timothysc @luxas @chuckha @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```
`kubeadm join` now has the --experimental-control-plane flag that triggers deploy of a new control plane instance on the joining node.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix CRI ListKubeContainers API
**What this PR does / why we need it**:
Current implementation of this API always returns
checks output of 'crictl pods -q' and filters out everything
that doesn't start with k8s_. 'crictl pods -q' returns only pod ids,
so everything is always filtered out.
Removing filtering by name prefix should fix this.
**Which issue this PR fixes**
Fixes: kubernetes/kubeadm#926
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use v1 version of advanced audit policy in kubeadm
audit api version has been updated to v1 #65891
**Release note**:
```release-note
kubeadm uses audit policy v1 instead of v1beta1
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Deduplicate kube-proxy image logic
**What this PR does / why we need it**:
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to generate the image for the manifest.
This PR also removes GetKubeControlPlaneImageNoOverride as it's no longer needed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same
```
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image
override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing
for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to
generate the image for the manifest.
Additionally, GetKubeControlPlaneImageNoOverride is removed as the only use case
for the function is now invalid.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Check config path for command "kubeadm alpha phase kubelet write-env-file"
**What this PR does / why we need it**:
Explicitly check the `--config` flag of command `kubeadm alpha phase kubelet write-env-file`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/1043
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This change adds a new --rootfs=path option to kubeadm, and (if
provided) chroot()s to this path before performing file operations.
This makes it possible to run the kubeadm binary from a container, but
perform remaining file operations against the host filesystem using
something like:
docker run -v /:/rootfs --net=host --uts=host --pid=host \
kubeadm:latest init --rootfs /rootfs...
Fixeskubernetes/kubeadm#503
Automatic merge from submit-queue (batch tested with PRs 66196, 67016, 66807, 67023). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix spelling mistakes
**What this PR does / why we need it**:
fix spelling mistakes
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Current implementation of this API always returns
checks output of 'crictl pods -q' and filters out everything
that doesn't start with k8s_. 'crictl pods -q' returns only pod ids,
so everything is always filtered out.
Removing filtering by name prefix should fix this.
Fixes: kubernetes/kubeadm#926
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor storage factory config with Complete().New() flow
**What this PR does / why we need it**:
1. Split `BuildStorageFactory` constructor into `Complete().New()` flow to build an instance for etcd storage.
2. Put `EtcdOptions` and `StorageSerializationOptions` into a `StorageFactoryOptions` for a more reasonable structured config object.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Generally, my idea is to split the huge code in [https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/app/server.go](https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/app/server.go) into somewhere else making more sense :)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64815, 66823, 66473, 66466). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix ImagePullCheck output
**What this PR does / why we need it**:
ImagePullCheck outputs "pulling <image>" line even if image
already exists and is not pulled.
Fixed the output to reflect the reality. ImagePullCheck now outputs
either "pulling <image>" or "image <image> exists".
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
error out empty hostname
**What this PR does / why we need it**:
For linux, the hostname is read from file `/proc/sys/kernel/hostname` directly, which can be overwritten with whitespaces.
Should error out such invalid hostnames.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#835
**Special notes for your reviewer**:
/cc luxas timothysc
**Release note**:
```release-note
nodes: improve handling of erroneous host names
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix runtime.ImageExists API
**What this PR does / why we need it**:
runtime.ImageExists returns error when underlying 'inspect' command
fails. This makes ImagePullCheck to fail as it doesn't expect
runtime.ImageExists to return an error even if image doesn't exist.
**Which issue(s) this PR fixes**:
Fixes [kubeadm issue 1024](https://github.com/kubernetes/kubeadm/issues/1024)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kernel_validator: amend kernel config check paths
**What this PR does / why we need it**:
Clear Linux Project for Intel Architecture uses its own path
to store kernel build artifacts. This PR amends the path to kernel validator's
config check paths.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```
e2e_node: add new kernel config check paths
```
Automatic merge from submit-queue (batch tested with PRs 66850, 66902, 66779, 66864, 66912). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add methods to apimachinery to easy unit testing
When unit testing, you often want a selective scheme and codec factory. Rather than writing the vars and the init function and the error handling, you can simply do
`scheme, codecs := testing.SchemeForInstallOrDie(install.Install)`
@kubernetes/sig-api-machinery-misc
@sttts
```release-note
NONE
```
ImagePullCheck outputs "pulling <image>" line even if image
already exists and is not pulled.
Fixed the output to reflect the reality. ImagePullCheck now outputs
either "pulling <image>" or "image <image> exists".
Instead discard metric values for pods that are unready and have never
been ready (they may report misleading values, the original reason for
introducing scale up forbidden window).
Use per pod metric when pod is:
- Ready, or
- Not ready but creation timestamp and last readiness change are more
than 10s apart.
In the latter case we asume the pod was ready but later became unready.
We want to use metrics for such pods because sometimes such pods are
unready because they were getting too much load.
Automatic merge from submit-queue (batch tested with PRs 66445, 66643, 60551). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Improve kubeadm init cmd tests
**What this PR does / why we need it**:
This PR improves kubeadm init cmd tests in the following ways:
- Fix a few cases that were always successful (despite completely wrong).
- Add more test cases (for different configs in particular)
- Use dry run, to avoid modifying the system and using kubeadm reset
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes NONE
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66623, 66718). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
expose GC graph via debug handler
Many times when debugging GC problems, it's important to understand the state of the GC graph at a given point in time. This pull adds the ability to dump that graph in DOT format for later consumption. It does this by exposing an additional debug handler and allowing any controller init function to produce such a handler that is included under debug.
Sample full output
```
curl http://localhost:10252/debug/controllers/garbagecollector/graph
digraph full {
// Node definitions.
0 [
label="uid=8581a030-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Pod.v1/kube-dns-7b479ccbc6-qz468
"
group=""
version="v1"
kind="Pod"
namespace="kube-system"
name="kube-dns-7b479ccbc6-qz468"
uid="8581a030-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
1 [
label="uid=822052fc-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Deployment.v1.apps/kube-dns
"
group="apps"
version="v1"
kind="Deployment"
namespace="kube-system"
name="kube-dns"
uid="822052fc-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
2 [
label="uid=857bd8ac-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
ReplicaSet.v1.apps/kube-dns-7b479ccbc6
"
group="apps"
version="v1"
kind="ReplicaSet"
namespace="kube-system"
name="kube-dns-7b479ccbc6"
uid="857bd8ac-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
// Edge definitions.
0 -> 2;
2 -> 1;
}
```
You can also select via UID and have all transitive dependencies output:
```
curl http://localhost:10252/debug/controllers/garbagecollector/graph?uid=8581a030-9043-11e8-ad4a-54e1ad486dd3
digraph full {
// Node definitions.
0 [
label="uid=822052fc-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Deployment.v1.apps/kube-dns
"
group="apps"
version="v1"
kind="Deployment"
namespace="kube-system"
name="kube-dns"
uid="822052fc-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
1 [
label="uid=8581a030-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
Pod.v1/kube-dns-7b479ccbc6-qz468
"
group=""
version="v1"
kind="Pod"
namespace="kube-system"
name="kube-dns-7b479ccbc6-qz468"
uid="8581a030-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
2 [
label="uid=857bd8ac-9043-11e8-ad4a-54e1ad486dd3
namespace=kube-system
ReplicaSet.v1.apps/kube-dns-7b479ccbc6
"
group="apps"
version="v1"
kind="ReplicaSet"
namespace="kube-system"
name="kube-dns-7b479ccbc6"
uid="857bd8ac-9043-11e8-ad4a-54e1ad486dd3"
missing="false"
beingDeleted="false"
deletingDependents="false"
virtual="false"
];
// Edge definitions.
1 -> 2;
2 -> 0;
}
```
And with some sample rendering:
```
curl http://localhost:10252/debug/controllers/garbagecollector/graph | dot -T svg -o project.svg
```
produces
@kubernetes/sig-api-machinery-pr-reviews
/assign @caesarxuchao @liggitt
```release-note
NONE
```
This API return error when underlying 'inspect' command
fails. This makes ImagePullCheck to fail as it doesn't expect
runtime.ImageExists to return an error even if image doesn't exist.
Fixed this by returning error nil even when inspect command fails.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move the` k8s.io/kubernetes/pkg/util/pointer` package to` k8s.io/utils/pointer`
**What this PR does / why we need it**:
Move `k8s.io/kubernetes/pkg/util/pointer` to `shared utils` directory, so that we can use it easily.
Close#66010 accidentally, and can't reopen it, so the same as #66010
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62444, 66358, 66724, 66726). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move kubelet serving cert rotation to beta
xref https://github.com/kubernetes/features/issues/267
This is exercised in the alpha gke e2es, and can be enabled in the non-alpha gke e2es once it no longer requires an alpha feature gate.
```release-note
Kubelet serving certificate bootstrapping and rotation has been promoted to beta status.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
refactor server.go to simplify the invokes to kubeFlags and KubeConfiguration
**What this PR does / why we need it**:
Since kubeFlags and KubeletConfiguration have been fields of KubeletServer, we just need to pass the reference of KubeletServer to the following functions. This will simplify the migrations of flags such as BootstrapCheckpointPath and others, as we don't have to specify from which object the migrated field comes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
@mtaufen
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66554, 66616, 66695, 66681). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Use KubeletRunDirectory instead of hard-coded way
**What this PR does / why we need it**:
fix `TODO: Make hard-coded "/var/lib/kubelet" strings reference this constant.`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
cc @neolit123
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm join the cluster with pre-existing client certificate if provided
**What this PR does / why we need it**:
support `kubeadm join` with a pre-existing client certificate
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#945
**Special notes for your reviewer**:
/cc @luxas @timothysc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
kubeadm now can join the cluster with pre-existing client certificate if provided
```
Clear Linux Project for Intel Architecture uses its own path
to store kernel build artifacts. This is documented, e.g.,
in https://github.com/clearlinux/clr-boot-manager.
Adapt kernel validator's config check paths to include Clear
Linux's path too.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove misleading error message on image pulling
**What this PR does / why we need it**:
Actually all the images needed have already been cached locally already as we have pulled them using `crictl`/`docker` in the preflight checks.
The error here is misleading, which should be removed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref kubernetes/kubeadm#1019
**Special notes for your reviewer**:
cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
kubeadm: remove misleading error message regarding image pulling
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pkg/controller: remove old clientbuilder methods
everything has moved to client-go now so these are the same as the original Client* methods. The only functional change is the collapse of the "horizontal-pod-autoscaler" from one client to two. This should have no effect because the GoClient was used only for discovery.
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66291, 66471, 66499). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns
**What this PR does / why we need it**:
It appears that sidecar and dnsmasq-nanny images are now required for
kube-dns deployment to work correctly. Thus the following default kube-dns
images are used now:
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#1016
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind bug
**Release note**:
```release-note
kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns
```
It appears that sidecar and dnsmasq-nanny images are now required for
kube-dns deployment to work correctly. Thus the following default kube-dns
images are used now:
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 66296, 66382). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: rename cri-socket-path -> cri-socket
**What this PR does / why we need it**:
Renamed command line option cri-socket-path for 2 reasons:
- to be consistent with the rest of kubeadm code
reset/init/join/apply subcommands use --cri-socket
- name is misleading as CRI socket can be also an url, not just a path
**Release note**:
```release-note
renamed command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" to --cri-socket to be consistent with the rest of kubeadm subcommands.
```
kubeadm init cmd tests are improved in the following ways:
- Fix a few cases that were always successful (despite completely wrong).
- Add more test cases (for different configs in particular)
- Use dry run, to avoid modifying the system and using kubeadm reset
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Renamed command line option cri-socket-path for 2 reasons:
- to be consistent with the rest of kubeadm code
reset/init/join/apply subcommands use --cri-socket
- name is misleading as CRI socket can be also an url,
not just a path
The --docker-disable-shared-pid flag has been deprecated since 1.10 and
has been superceded by ShareProcessNamespace in the pod API, which is
scheduled for beta in 1.12.
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: stop setting UID in the kubelet ConfigMap
**What this PR does / why we need it**: kubeadm: stop setting UID in the kubelet ConfigMap
**Which issue(s) this PR fixes**:
Fixes https://github.com/kubernetes/kubeadm/issues/921#
**Release note**:
```release-note
kubeadm: stop setting UID in the kubelet ConfigMap
```
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors
**What this PR does / why we need it**:
This is a followup PR for https://github.com/kubernetes/kubernetes/pull/64664 to handle errors returned from `.AddToScheme()` in places where they are not handled.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig api-machinery
/cc @sttts
Automatic merge from submit-queue (batch tested with PRs 65771, 65849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a new conversion path to replace GenericConversionFunc
reflect.Call is very expensive. We currently use a switch block as part of AddGenericConversionFunc to avoid the bulk of top level a->b conversion for our primary types which is hand-written. Instead of having these be handwritten, we should generate them.
The pattern for generating them looks like:
```
scheme.AddConversionFunc(&v1.Type{}, &internal.Type{}, func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Type_to_internal_Type(a.(*v1.Type), b.(*internal.Type), scope)
})
```
which matches AddDefaultObjectFunc (which proved out the approach last year). The
conversion machinery should then do a simple map lookup based on the incoming types and invoke the function. Like defaulting, it's up to the caller to match the types to arguments, which we do by generating this code. This bypasses reflect.Call and in the future allows Golang mid-stack inlining to optimize this code.
As part of this change I strengthened registration of custom functions to be generated instead of hand registered, and also strengthened error checking of the generator when it sees a manual conversion to error out. Since custom functions are automatically used by the generator, we don't really have a case for not registering the functions.
Once this is fully tested out, we can remove the reflection based path and the old registration methods, and all conversion will work from point to point methods (whether generated or custom).
Much of the need for the reflection path has been removed by changes to generation (to omit fields) and changes to Go (to make assigning equivalent structs easy).
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check for crictl executable only for CRI runtime
**What this PR does / why we need it**:
crictl is not used for docker runtime, so InPathCheck check can be skipped for docker.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm upgrade diff -config TODO
**What this PR does / why we need it**:
This PR addresses a TODO in `kubeadm upgrade diff` for the `-config` flag to use `options.AddConfigFlag()` instead of `cmd.Flags().StringVar()`.
**Which issue(s) this PR fixes**
None
**Special notes for your reviewer**:
/sig kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Improved runtime tests by using T.Run API:
https://golang.org/pkg/testing/#T.Run
This should improve the test output and make it more visible
which test is doing what.
Automatic merge from submit-queue (batch tested with PRs 65429, 64611). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move runtime details into ContainerRuntime
**What this PR does / why we need it**:
This PR moves all docker and CRI specifics into new ContainerRuntime
entity to isolate container runtime details from the rest of the code.
This should help to avoid having CRI and docker specific checks and code all over the place.
**NOTE: this is a not a finished work, but rather an RFC.**
Things to do:
- test manually in docker and cri-o environments
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm checks import error
kubeadm checks package import path exist "kubernetes/test",
So change the import path.
* move "k8s.io/kubernetes/test/e2e_node/system" directory file
tto "k8s.io/kubernetes/cmd/kubeadm/app/util/system" and change checks import
* remove "k8s.io/kubernetes/test/e2e_node/system" directory
Issues report link:
https://github.com/kubernetes/kubeadm/issues/976
Signed-off-by: Yuanbin.Chen <cybing4@gmail.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #https://github.com/kubernetes/kubeadm/issues/976
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66094, 65676). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a timeout when fetching latest version
**What this PR does / why we need it**:
When there is no internet on the node and `--kubernetes-versio`n is not specified running `kubeadm init` hangs forever with no text output.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/986
**Special notes for your reviewer**:
Using the same duration as the existing timeout `externalEtcdRequestTimeout`
Sample output:
```
kubeadm init
unable to get URL "https://dl.k8s.io/release/stable-1.11.txt": Get https://dl.k8s.io/release/stable-1.11.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
```
**Release note**:
```release-note
kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io
```
Automatic merge from submit-queue (batch tested with PRs 65832, 66160, 66145). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiserver: make loopback logic in SecureServingOptions reusable
For reuse in other components this PR separates the loopback logic from the GenericApiServer config.
Automatic merge from submit-queue (batch tested with PRs 65899, 65900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix CRI socket validatioin
**What this PR does / why we need it**:
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
**Which issue(s) this PR fixes** :
[#928](https://github.com/kubernetes/kubeadm/issues/928)
**Release note**:
```release-note
NONE
```
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Printable default component configs
**What this PR does / why we need it**:
This PR makes default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Refs kubernetes/kubeadm#963
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind feature
**Release note**:
```release-note
kubeadm: Default component configs are printable via kubeadm config print-default
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Not step into ipvs.CleanupLeftovers() if canUseIPVS's false
**What this PR does / why we need it**:
Earlier we decide whether we should clean up the left-over ipvs rules inside `ipvs.CleanupLeftovers()`, therefore we call function `ipvs.CanUseIPVSProxier()` two times (and `GetModules()` two times). Actually no need to step into `ipvs.CleanupLeftovers()` if `canUseIPVS` is false.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get ipv6 nodeIP when in ipv6 cluster
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64985
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
Make default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 66076, 65792, 65649). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubernetes: fix printf format errors
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
```release-note
NONE
```
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
Lubomir I. Ivanov <neolit123@gmail.com>
applied ammend for:
pkg/cloudprovider/provivers/vsphere/nodemanager.go
Automatic merge from submit-queue (batch tested with PRs 65931, 65705, 66033). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: run kube-proxy on non-master tainted nodes
**What this PR does / why we need it**:
kube-proxy should be able to run on all nodes, independent
on the taint of such nodes.
This restriction was previously removed in bb28449e31 but
then was brought back in d1949261ab.
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/cc @luxas @detiber @dixudx @discordianfish @mxey
/kind bug
/area kube-proxy
/area kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#699
**Special notes for your reviewer**:
we are removing the requirement again, but please have a look at all the implications here.
hopefully we don't have to bring it again.
**Release note**:
```release-note
kubeadm: run kube-proxy on non-master tainted nodes
```
kube-proxy should be able to run on all nodes, independent
on the taint of such nodes.
This restriction was previously removed in bb28449e31 but
then was brought back in d1949261ab.
Also, annotate with:
scheduler.alpha.kubernetes.io/critical-pod: ""
and add a class in the template spec:
priorityClassName: system-node-critical
Automatic merge from submit-queue (batch tested with PRs 64664, 65836, 65917). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove stray comment from a merge
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
**What this PR does / why we need it**:
Remove stray comment from a merge.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65456, 65549). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix flexvolume in containerized kubelets
Fixes flex volumes in containerized kubelets.
cc @jsafrane @chakri-nelluri @verult
Note to reviewers : e2e tests pass in local containarized cluster.
```release-note
Fix flexvolume in containarized kubelets
```
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: pause image should be arch agnostic, as it is a manifest list
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
**What this PR does / why we need it**:
`pause` image is backed by a manifest list. so we should not use the arch image when reporting using say `kubeadm config image list`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/962
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Fix pause image to not use architecture, as it is a manifest list
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Print required flags when running kubeadm upgrade plan
**What this PR does / why we need it**:
print required flags when running kubeadm upgrade plan
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Close [kubernetes/kubeadm#935](https://github.com/kubernetes/kubeadm/issues/935)
**Special notes for your reviewer**:
/assign @chuckha
/assign @neolit123
**Release note**:
```release-note
kubeadm: print required flags when running kubeadm upgrade plan
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove --cadvisor-port - has been deprecated since v1.10
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56523
**Special notes for your reviewer**:
- Deprecated in https://github.com/kubernetes/kubernetes/pull/59827 (v1.10)
- Disabled in https://github.com/kubernetes/kubernetes/pull/63881 (v1.11)
**Release note**:
```release-note
[action required] The formerly publicly-available cAdvisor web UI that the kubelet started using `--cadvisor-port` is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet.
```
Automatic merge from submit-queue (batch tested with PRs 65897, 65909, 65856, 65815). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
only need to ignore resources that match discovery conditions
GC and quota controllers ignore resources that are too expensive to manage. In kube this is only events. The incompatible resources should now be excluded on the basis of discovery. We should actually reflect that in the RESTStorage (done for GC for events) and discovery too.
@liggitt
@kubernetes/sig-api-machinery-bugs
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
controller-managers: allow high ports in secure serving validation
Certain operating systems will select high port (>32768) when asked for a free port. This PR changes the validation to allow that.
Like https://github.com/kubernetes/kubernetes/pull/65833, but for controller managers.
```release-note
Allow kube- and cloud-controller-manager to listen on ports up to 65535.
```
Automatic merge from submit-queue (batch tested with PRs 64511, 65865, 65867, 65866). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-controller-manager: add stopCh plumbing
Needed for integration testing.
Automatic merge from submit-queue (batch tested with PRs 64511, 65865, 65867, 65866). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-controller-manager: create self-signed certs
If secure serving is enabled (not automatically wired yet, but 3rdparties could wire it), create self-signed certs if none are given. Reuses the code from k8s.io/apiserver.
Automatic merge from submit-queue (batch tested with PRs 64911, 65710). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration tests
In analogy to kube-apiserver, this implements a uniform apiextensions-apiserver for integration tests which can be started using customized flags.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: use constant instead of hardcoded path
**What this PR does / why we need it**:
Used DefaultCRISocket constant instead of hardcoded path
/var/run/dockershim.sock
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65822, 65834, 65859, 65631). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Add support for reading multiple YAML documents
**What this PR does / why we need it**:
In preparation for splitting the kubelet and kube-proxy componentconfigs out of the MasterConfiguration API struct, add support for reading multiple YAML documents
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: kubernetes/kubeadm#911
Depends on:
- [x] https://github.com/kubernetes/kubernetes/pull/65776
- [x] https://github.com/kubernetes/kubernetes/pull/65628
- [x] https://github.com/kubernetes/kubernetes/pull/65629
**Special notes for your reviewer**:
Please only review the `Refactor a bit of the config YAML loading code, and support loading multiple YAML documents` commit
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 65805, 65811, 65833, 65488, 65857). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-scheduler: allow high ports in secure serving validation
Certain operating systems will select high port (>32768) when asked for a free port. This PR changes the validation to allow that.
```release-note
Allow kube-scheduler to listen on ports up to 65535.
```
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Remove usage of `PersistentVolumeLabel` in phases/controlplane/manifests*.go
**What this PR does / why we need it**:
Remove usage of `PersistentVolumeLabel` in phases/controlplane/manifests*.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Close [kubernetes/kubeadm#866](https://github.com/kubernetes/kubeadm/issues/866)
**Special notes for your reviewer**:
/assign @neolit123
**Release note**:
```release-note
kubeadm: Remove usage of `PersistentVolumeLabel`
```
With #64976 GetGenericArchImage was used for generating the CoreDNS image path.
This generated incorrect image in the form `prefix/coredns-goarch:tag` instead
of just `prefix/coredns:tag`.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 65040, 65731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove scheduler config deprecated warning as the new component config is still in alpha
**What this PR does / why we need it**:
The new scheduler's component config file (API) is still in alpha. We shouldn't push users to use the alpha feature as it may change in the future and the changes may not be backward compatible.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig scheduling
Automatic merge from submit-queue (batch tested with PRs 65648, 65700, 64976, 65692, 65667). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Replace GetCoreImage with less error prone functions
**What this PR does / why we need it**:
GetCoreImage is a too generic function, that takes too many arguments. This
makes it prone to errors that may be difficult to trace. The solution is to
split it into the following couple of functions with a more targeted interface:
- GetKubeControlPlaneImage used to fetch Kubernetes control plane images or the
unified control plane image (if one is specified).
- GetEtcdImage is used to fetch the etcd image.
In addition to these, a couple of new utility functions are also created:
- GetKubeControlPlaneImageNoOverride used like GetKubeControlPlaneImage but
does not return the unified control plane image (even if it is set).
- GetGenericArchImage returns image path in the form of "prefix/image-goarch:tag"
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#800
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/cc @chuckha
/kind enhancement
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65094, 65533, 63522, 65694, 65702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
set leader election client and renew timeout
**What this PR does / why we need it**:
set leader-election client timeout
set timeout for tryAcquireOrRenew
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65090#65257
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add missing error handling in schema-related code
**What this PR does / why we need it**:
Adds missing error handling to a few places.
**Which issue(s) this PR fixes**
Updates #51457. Still more work to do to fix the issue - client generation code needs to be updated (addressed in https://github.com/kubernetes/kubernetes/pull/64664).
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
GetCoreImage is a too generic function, that takes too many arguments. This
makes it prone to errors that may be difficult to trace. The solution is to
split it into the following couple of functions with a more targeted interface:
- GetKubeControlPlaneImage used to fetch Kubernetes control plane images or the
unified control plane image (if one is specified).
- GetEtcdImage is used to fetch the etcd image.
In addition to these, a couple of new utility functions are also created:
- GetKubeControlPlaneImageNoOverride used like GetKubeControlPlaneImage but
does not return the unified control plane image (even if it is set).
- GetGenericArchImage returns image path in the form of "prefix/image-goarch:tag"
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Get rid of depends on kubectl in kubeadm
**What this PR does / why we need it**:
Get rif of depends on kubectl in kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fixtodo: Move these kubelet start/stop functions to phases/kubelet
**What this PR does / why we need it**:
fixtodo: Move these kubelet start/stop functions to phases/kubelet
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65349, 65354, 65402). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check error when failed to prepull the images
**Special notes for your reviewer**:
return error when failed to prepull the images
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65582, 65480, 65310, 65644, 65645). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
allow enabling kubelet serving certificate rotation via flag
allows the server rotation feature to be exercised via flags as well as config file
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add limit to the TokenRequest expiration time
**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63575
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65164, 65258). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add output to give user awareness of how long timeouts are expected to be
**What this PR does / why we need it**:
Add output to give user awareness of how long manifest upgrade timeout is expected to be.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref [kubernetes/kubeadm/#914](https://github.com/kubernetes/kubeadm/issues/914)
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: notify the user of manifest upgrade timeouts
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add myself to cmd/[cloud-]controller-manage reviewer
**What this PR does / why we need it**:
add myself to `cmd/cloud-controller-manage` reviewer
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65377, 63837, 65370, 65294, 65376). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move setup code from startControllers into the config
**What this PR does / why we need it**:
We should follow the apiserver example, and move more setup code from startControllers into the config
parts of PR [https://github.com/kubernetes/kubernetes/issues/59483](https://github.com/kubernetes/kubernetes/issues/59483)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61330, 64793, 64675, 65059, 65368). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix bug: kubelet potential panic
**What this PR does / why we need it**:
fix bug: kubelet may panic calling wg.Done after wg.Wait returned.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65290, 65326, 65289, 65334, 64860). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Typo fix: unqalified=>unqualified
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65187, 65206, 65223, 64752, 65238). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix scheduler port boundary to match detection
zero is allowed to disable the port. Fix boundary check to allow it.
```release-note
NONE
```
No release note because if we fix it in time, nothing was wrong.
Automatic merge from submit-queue (batch tested with PRs 65187, 65206, 65223, 64752, 65238). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubelet watches necessary secrets/configmaps instead of periodic polling
Automatic merge from submit-queue (batch tested with PRs 65123, 65176, 65139, 65084, 65056). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a typo in kubeadm generated doc
Fix a typo in kubeadm comment that leads to confusing docs generated.
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 65265, 64822, 65026, 65019, 65077). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some small mistakes in kubeadm
**What this PR does / why we need it**:
fix some small mistakes in kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65256, 64236, 64919, 64879, 57932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cancellable leader election
**What this PR does / why we need it**:
Adds ability to cancel leader election. Useful in integration tests where the whole app is started and stopped in each test.
**Special notes for your reviewer**:
I used the `context` package - it is impossible/hard to achieve the same behaviour with just channels without spawning additional goroutines but it is trivial with `context`. See `acquire()` and `renew()` methods.
**Release note**:
```release-note
NONE
```
/kind enhancement
/sig api-machinery
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
bind alpha feature network plugin flags correctly
**What this PR does / why we need it**:
When working #63542, I found the flags, like `--cni-conf-dir` and `cni-bin-dir`, were not correctly bound.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc kubernetes/sig-node-pr-reviews
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 64142, 64426, 62910, 63942, 64548). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
move specific option sub-struct from controller-manager into kube-controller manager packages
**What this PR does / why we need it**:
As follow-up [PR](https://github.com/kubernetes/kubernetes/pull/63283), in case of it too big to review.
Move specific option sub-struct from `controller-manager` into `kube-controller manager` packages, which only used by `kube-controller manager`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/assign @sttts @deads2k
/cc @hzxuzhonghu
/hold
just for the finally two commit, will rebase commit after [PR.](https://github.com/kubernetes/kubernetes/pull/63283) get merged.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix a small config upgrading issue with .CloudProvider
**What this PR does / why we need it**:
Fixes a panic in the conversion code where `.NodeRegistration.KubeletExtraArgs` could be nil :/
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
/kind bug
/priority critical-urgent
/milestone v1.11
/status approved-for-milestone
Automatic merge from submit-queue (batch tested with PRs 64713, 65193, 65194). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix a bug where skipping all preflight checks wouldn't activate the kubelet
**What this PR does / why we need it**:
Running `kubeadm init --skip-preflight-checks` or `--ignore-preflight-errors=all` kind of deterministically fails, as the kubelet service isn't started by kubeadm. This breaks most users' view of that kubeadm should do it automatically, instead of forcing the user to run a `systemctl daemon-reload && systemctl restart kubelet` during `kubeadm init' or `kubeadm join`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
/kind bug
/priority critical-urgent
/milestone v1.11
/status approved-for-milestone
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Restore help for --service-account-private-key-file flag, avoid incorrect deprecation notice
https://github.com/kubernetes/kubernetes/pull/60270/files#diff-fc9db90cc6b68d7c3ca838a8512447e9R61 incorrectly merged the ServiceAccountKeyFile flag used by the cloud controller manager (deprecated and scheduled to be removed in 1.10), and the one used by the kube-controller-manager (not deprecated, still supported)
This made the help for the supported flag disappear from 1.11 help output.
This PR:
* moves the option to the service account controller options
* removes the incorrect deprecation notice
* drops the option from the cloud-controller-manager
```release-note
The deprecated `--service-account-private-key-file` flag has been removed from the cloud-controller-manager. The flag is still present and supported in the kube-controller-manager.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use kubernetes image repo for coredns
Fixes#927
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
use the coredns image from the k8s image repository when building a cluster with kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#927
```release-note
NONE
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/assign @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm init/upgrade --dry-run mode
**What this PR does / why we need it**:
Split out from https://github.com/kubernetes/kubernetes/pull/65104.
Fixes `kubeadm init --dry-run` and `kubeadm upgrade apply [version] --dry-run`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 64796, 65068). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm taints to not override existing node taints
**What this PR does / why we need it**:
If a node has existing taints they are being replaced with taints from the kubeadm config.
An example of this is that the `uninitialized` taint that kubelet sets for external cloud provider is being removed, and replaces with the master taint if set, or removed leaving the nodes taints empty if `noTaintMaster=true` .
```release-note
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubernetes json serializer case sensitive
This PR imported the latest jsoniterator library so that case sensitivity during unmarhsaling is optional. The PR also set Kubernetes json serializer to be case sensitive.
Kubernetes json serializer had been case sensitive for 1.1-1.7 as we were using ugorji. This PR restores the behavior.
Fix#64612.
```release-notes
Kubernetes json deserializer is now case-sensitive as it was before 1.8.
If your config files contains fields with wrong case, the config files will be now invalid.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix small-ish bugs for v1.11
**What this PR does / why we need it**:
Fixes a bunch of bugs I noticed when I was reading the source code:
- `--cloud-provider` should also be propagated to the kubelet when converting configs from v1alpha1 to v1alpha2
- The validation for `.NodeRegistration.Name` is practically non-existent, just verifies the name isn't in upper case. Instead we currently do that validation in preflight checks, which is in the totally wrong place.
- Now that we pull images in preflight checks, the timeout for the kubelet to start the Static Pods should be kinda short, as it doesn't depend on internet connection
- I think the shorthand for `kubeadm reset --force` ought to be `-f`
- The common flags between `upgrade apply` and `upgrade plan` were registered as global flags for the `upgrade` command, although they make no sense for `upgrade diff` and/or `upgrade node config`. Hence, I moved them to be locally registered.
- Just because we vendor `glog` we have a lot of unnecessary/annoying flags registered in glog's `init()` function. Let's hide these properly.
- I saw that `kubeadm upgrade apply` doesn't write down the new kubelet config that should be used, now that is the case. Also, the CRISocket annotation information is now preserved properly on upgrade (and is configurable using the `--cri-socket` flag)
- If `kubeadm join` is run against a v1.10 cluster without the `kubelet-config-1.10` configmap, it shouldn't fail.
What I will still investigate:
- `kubeadm token create` should have a flag called `--ttl`, not `--token-ttl` as it is now (this snuck in in this dev cycle)
- That `--dry-run` works properly for `upgrade`, end to end.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 64862, 65020). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm - fix local etcd grpc gateway
**What this PR does / why we need it**:
etcd 3.2 uses the server certificate as the client cert for the grpc
gateway, this updates the generation of the etcd server certificate to
add client usage to resolve the issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/910
**Release note**:
```release-note
NONE
```
- etcd 3.2 uses the server certificate as the client cert for the grpc
gateway, this updates the generation of the etcd server certificate to
add client usage to resolve the issue.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm - set peer urls for default etcd instance
**What this PR does / why we need it**:
Override the default peer URLs for the default etcd instance. Previously we left the defaults, which meant the peer URL was unsecured previously.
**Release note**:
```release-note
kubeadm - Ensure the peer port is secured by explicitly setting the peer URLs for the default etcd instance.
kubeadm - Ensure that the etcd certificates are generated using a proper CN
kubeadm - Update generated etcd peer certificate to include localhost addresses for the default configuration.
kubeadm - Increase the manifest update timeout to make upgrades a bit more reliable.
```
- Set peer urls for default etcd instance to avoid leaving peer port unsecured
- Update generated etcd peer certificate SANs to include localhost
- Use a proper CN for etcd server and peer certificates
- Increase the manifest update timeout
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove deprecated option '--enable-custom-metrics'
**Release note**:
```release-note
deprecated and inactive option '--enable-custom-metrics' is removed in 1.11
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure directory is created for kubelet configuration
**What this PR does / why we need it**:
Ensure directory is present before writing the config file.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64887
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64881, 64885). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix output of `kubeadm migrate config`
The output should always be valid kubeadmapi.MasterConfiguration YAML.
The general problem was that we printed with fmt.Fprintf but it turns out some of the default values have `%`s in them so this caused Go to think we were missing values that we wanted substituted. We don't want to do any substitution here.
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR fixes a small bug that cause kubeadm migrate config to print YAML that was not valid.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#904
```release-note
NONE
```
/cc @luxas @timothysc
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use repo prefix when generating image names
CI defines its own custom repository. The function responsible
for listing all images now takes this into account.
Closeskubernetes/kubeadm#901
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This fixes ci-cross.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#901
**Special notes for your reviewer**:
```release-note
NONE
```
CI defines its own custom repository. The function responsible
for listing all images now takes this into account.
Closeskubernetes/kubeadm#901
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: only run kube-proxy on architecture consistent nodes
**What this PR does / why we need it**:
Currently `gcr.io/google_containers/kube-proxy-{.Arch}` is not multi-arch image. We should use `affinity` or `nodeSelector` to only run the pods on the nodes with the matching architecture, like what we've done in `kube-dns`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
partial Fixes#64647
**Special notes for your reviewer**:
/cc luxas timothysc
**Release note**:
```release-note
kubeadm: only run kube-proxy on architecture consistent nodes
```
Some code in kubeadm was designed with the intent, that in the future CoreDNS
and kube-dns versions will match to specific K8s versions. This code is not
functional, since it does not perform any version matching. As of this moment,
no version matching is planned and a lot of boilerplate code is left useless.
The solution is simple - remove the unneeded parts to simplify the flow.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 63717, 64646, 64792, 64784, 64800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Upload CRISocket information in kubeadm init/join
**What this PR does / why we need it**:
As a side-effect, `kubeadm join` will become blocking on the kubelet doing the TLS bootstrap. This partially also fixes problems when users run `kubeadm join` and it returns successfully without anything happening as the kubelet is actually unhealthy. If that happens now `kubeadm join` will exit with a non-zero code.
What this PR does is it uploads the CRISocket information to the Node API object as a workaround until we have something like https://github.com/kubernetes/kubernetes/issues/64460 in place that will solve this problem for real. This way we won't lose the CRISocket information which we would otherwise do.
This can be used for `kubeadm upgrade` or `kubeadm reset` in future releases.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Depends on https://github.com/kubernetes/kubernetes/pull/64624
**Release note**:
```release-note
[action required] TODO
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promote sysctl annotations to fields
#
**What this PR does / why we need it**:
Promoting experimental sysctl feature from annotations to API fields.
**Special notes for your reviewer**:
Following sysctl KEP: https://github.com/kubernetes/community/pull/2093
**Release note**:
```release-note
The Sysctls experimental feature has been promoted to beta (enabled by default via the `Sysctls` feature flag). PodSecurityPolicy and Pod objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective.
```
**TODO**:
* [x] - Promote sysctl annotation in Pod spec
* [x] - Promote sysctl annotation in PodSecuritySpec spec
* [x] - Feature gate the sysctl
* [x] - Promote from alpha to beta
* [x] - docs PR - https://github.com/kubernetes/website/pull/8804
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: When etcd is listening on all interfaces, set the etcd probe to use loopback
**What this PR does / why we need it**:
When constructing the etcd liveness probe, if the user passes an IPv4 or IPv6 address,
we set the `etcdctl` liveness probe to use the respective IPv4 or IPv6 loopback address for `--endpoints`.
The etcd probe is now always formatted with the https:// protocol and square brackets around the IP (required for IPv6 / compatible with IPv4).
`::1` is now also included in the etcd serving cert SAN by default.
/kind bug
/area kubeadm
/area etcd
/priority important-soon
/sig cluster-lifecycle
/assign @fabriziopandini
**Which issue(s) this PR fixes**
Fixes https://github.com/kubernetes/kubeadm/issues/882
**Special notes for your reviewer**:
```bash
root@vagrant:~# /vagrant/bin/882_kubeadm init --config /dev/stdin << EOF |& tail -n5
etcd:
extraArgs:
listen-client-urls: https://[::]:2379
EOF
I0603 19:52:15.666594 24743 tlsbootstrap.go:50] [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
I0603 19:52:15.671424 24743 tlsbootstrap.go:72] [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
I0603 19:52:15.674607 24743 tlsbootstrap.go:95] [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
I0603 19:52:15.677551 24743 clusterinfo.go:43] [bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
root@vagrant:~# cat /etc/kubernetes/manifests/etcd.yaml |grep -C4 listen
spec:
containers:
- command:
- etcd
- --listen-client-urls=https://[::]:2379
- --advertise-client-urls=https://127.0.0.1:2379
- --cert-file=/etc/kubernetes/pki/etcd/server.crt
- --client-cert-auth=true
- --data-dir=/var/lib/etcd
root@vagrant:~# cat /etc/kubernetes/manifests/etcd.yaml |grep -C4 etcdctl
exec:
command:
- /bin/sh
- -ec
- ETCDCTL_API=3 etcdctl --endpoints=https://[::1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt
--cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key
get foo
failureThreshold: 8
initialDelaySeconds: 15
```
**Release note**:
```release-note
kubeadm now configures the etcd liveness probe correctly when etcd is listening on all interfaces
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Let the `--node-name` flag flow down to `--hostname-override` for the kubelet
**What this PR does / why we need it**:
Kubeadm-initialised kubelet uses provided hostname if present
If --node-name is passed in to `kubeadm init`, `--hostname-override` will be
passed to kubelet. This prevents timeout errors for `kubeadm init`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubernetes/kubeadm#846
**Special notes for your reviewer**:
Depends on #64624 to work fully, but can safely merged before hand.
**Release note**:
```release-note
[action required] The `--node-name` flag for kubeadm now dictates the Node API object name the
kubelet uses for registration, in all cases but where you might use an in-tree cloud provider.
If you're not using an in-tree cloud provider, `--node-name` will set the Node API object name.
If you're using an in-tree cloud provider, you MUST make `--node-name` match the name the
in-tree cloud provider decides to use.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Volume topology aware dynamic provisioning: work based on new API
**What this PR does / why we need it**:
The PR has been split to 3 parts:
Part1: https://github.com/kubernetes/kubernetes/pull/63232 for basic scheduler and PV controller plumbing
Part2: https://github.com/kubernetes/kubernetes/pull/63233 for API change
and the PR itself includes work based on the API change:
- Dynamic provisioning allowed topologies scheduler work
- Update provisioning interface to be aware of selected node and topology
**Which issue(s) this PR fixes**
Feature: https://github.com/kubernetes/features/issues/561
Design: https://github.com/kubernetes/community/issues/2168
**Special notes for your reviewer**:
/sig storage
/sig scheduling
/assign @msau42 @jsafrane @saad-ali @bsalamat
@kubernetes/sig-storage-pr-reviews
@kubernetes/sig-scheduling-pr-reviews
**Release note**:
```release-note
Volume topology aware dynamic provisioning
```
