Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm checks import error
kubeadm checks package import path exist "kubernetes/test",
So change the import path.
* move "k8s.io/kubernetes/test/e2e_node/system" directory file
tto "k8s.io/kubernetes/cmd/kubeadm/app/util/system" and change checks import
* remove "k8s.io/kubernetes/test/e2e_node/system" directory
Issues report link:
https://github.com/kubernetes/kubeadm/issues/976
Signed-off-by: Yuanbin.Chen <cybing4@gmail.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #https://github.com/kubernetes/kubeadm/issues/976
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66094, 65676). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a timeout when fetching latest version
**What this PR does / why we need it**:
When there is no internet on the node and `--kubernetes-versio`n is not specified running `kubeadm init` hangs forever with no text output.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/986
**Special notes for your reviewer**:
Using the same duration as the existing timeout `externalEtcdRequestTimeout`
Sample output:
```
kubeadm init
unable to get URL "https://dl.k8s.io/release/stable-1.11.txt": Get https://dl.k8s.io/release/stable-1.11.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
```
**Release note**:
```release-note
kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make kubernetes json serializer case sensitive
This PR imported the latest jsoniterator library so that case sensitivity during unmarhsaling is optional. The PR also set Kubernetes json serializer to be case sensitive.
Kubernetes json serializer had been case sensitive for 1.1-1.7 as we were using ugorji. This PR restores the behavior.
Fix#64612.
```release-notes
Kubernetes json deserializer is now case-sensitive as it was before 1.8.
If your config files contains fields with wrong case, the config files will be now invalid.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: When etcd is listening on all interfaces, set the etcd probe to use loopback
**What this PR does / why we need it**:
When constructing the etcd liveness probe, if the user passes an IPv4 or IPv6 address,
we set the `etcdctl` liveness probe to use the respective IPv4 or IPv6 loopback address for `--endpoints`.
The etcd probe is now always formatted with the https:// protocol and square brackets around the IP (required for IPv6 / compatible with IPv4).
`::1` is now also included in the etcd serving cert SAN by default.
/kind bug
/area kubeadm
/area etcd
/priority important-soon
/sig cluster-lifecycle
/assign @fabriziopandini
**Which issue(s) this PR fixes**
Fixes https://github.com/kubernetes/kubeadm/issues/882
**Special notes for your reviewer**:
```bash
root@vagrant:~# /vagrant/bin/882_kubeadm init --config /dev/stdin << EOF |& tail -n5
etcd:
extraArgs:
listen-client-urls: https://[::]:2379
EOF
I0603 19:52:15.666594 24743 tlsbootstrap.go:50] [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
I0603 19:52:15.671424 24743 tlsbootstrap.go:72] [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
I0603 19:52:15.674607 24743 tlsbootstrap.go:95] [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
I0603 19:52:15.677551 24743 clusterinfo.go:43] [bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
root@vagrant:~# cat /etc/kubernetes/manifests/etcd.yaml |grep -C4 listen
spec:
containers:
- command:
- etcd
- --listen-client-urls=https://[::]:2379
- --advertise-client-urls=https://127.0.0.1:2379
- --cert-file=/etc/kubernetes/pki/etcd/server.crt
- --client-cert-auth=true
- --data-dir=/var/lib/etcd
root@vagrant:~# cat /etc/kubernetes/manifests/etcd.yaml |grep -C4 etcdctl
exec:
command:
- /bin/sh
- -ec
- ETCDCTL_API=3 etcdctl --endpoints=https://[::1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt
--cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key
get foo
failureThreshold: 8
initialDelaySeconds: 15
```
**Release note**:
```release-note
kubeadm now configures the etcd liveness probe correctly when etcd is listening on all interfaces
```
Some domains, like ELBs, output a domain name with uppercase letters. To
accept these, we lowercase all arguments passed to ----apiserver-cert-extra-sans
Automatic merge from submit-queue (batch tested with PRs 64057, 63223, 64346, 64562, 64408). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Refactor the Bootstrap Tokens usage in the API types
**What this PR does / why we need it**:
This PR:
- Moves some common, generic Bootstrap Token helpers and constants from `k8s.io/kubernetes/cmd/kubeadm/app/util/token` to `k8s.io/client-go/tools/bootstrap/token/`
- Breaks out the top-level Bootstrap Token fields to a dedicated `BootstrapToken` struct with helper functions.
- Instead of representing the Bootstrap Token as a plain `string`, there is now a wrapper struct `BootstrapTokenString` that can marshal/unmarshal correctly and supports validation on create, and splitting up the full token in the ID/Secret parts automatically.
- Makes kubeadm support multiple Bootstrap Tokens automatically by supporting a slice of `BootstrapToken` in the `MasterConfiguration` API object
- Consolidates the place for kubeadm to create token-related flags in an `options` package
- Supports automatic conversion from the `v1alpha1` to `v1alpha2` API
- Adds support to set token expiration directly instead of setting a TTL (Expiration and TTL are mutually exclusive)
- Removes the old `TokenDiscovery` struct we're not using anymore inside of kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related to https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
This is work in progress. Please only review the first two commits for now.
I will work on splitting up this PR in smaller chunks.
I will also write unit tests tomorrow.
**Release note**:
```release-note
[action required] kubeadm: The Token-related fields in the `MasterConfiguration` object have now been refactored. Instead of the top-level `.Token`, `.TokenTTL`, `.TokenUsages`, `.TokenGroups` fields, there is now a `BootstrapTokens` slice of `BootstrapToken` objects that support the same features under the `.Token`, `.TTL`, `.Usages`, `.Groups` fields.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @mattmoyer @liztio
Automatic merge from submit-queue (batch tested with PRs 62460, 64480, 63774, 64540, 64337). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Save kubeadm manifest backup directories
**What this PR does / why we need it**:
Kubeadm will now preserves previous manifests after `kubeadm upgrade apply`. Previously these files would be deleted after the upgrade succeeded
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # [kubeadm/489](https://github.com/kubernetes/kubeadm/issues/489)
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm now preserves previous manifests after upgrades
```
Automatic merge from submit-queue (batch tested with PRs 62460, 64480, 63774, 64540, 64337). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm uses its own scheme instead of kubectl scheme
**What this PR does / why we need it**:
kubeadm uses its own scheme instead of kubectl scheme
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused code in kubeadm error.go
**What this PR does / why we need it**:
remove unused code in kubeadm error.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
When kubeadm upgrades a static pod cluster, the old manifests were previously
deleted. This patch alters this behaviour so they are now stored in a
timestamped temporary directory.
Add a new utility file - util/cgroupdriver.go.
Currently it only contains the public function GetCgroupDriverDocker().
The function uses 'docker info' to obtain the cgroup driver
for Docker.
On a later stage this file can contain more methods for different
CRI.
Use GetCgroupDriverDocker() in phases/kubelet/flags.go
to conditionally set the 'cgroup-driver' argument. On error
print a warning and don't set the argument value.
Add unit tests in cgroupdriver_test.go.
Automatic merge from submit-queue (batch tested with PRs 64322, 64210, 64458, 64232, 64370). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Add a 'kubeadm config migrate' command
**What this PR does / why we need it**:
This is an UX improvement so users may easier "upgrade" their **configuration files** from the an old version (e.g. `v1alpha1`) version to a new one (e.g. `v1alpha2`), can do this **locally and seamlessly without touching a cluster**. We talked about this in the SIG meeting; getting the users to be able to convert their checked-in configuration files to new API versions will be crucial.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Add a 'kubeadm config migrate' command to convert old API types to their newer counterparts in the new, supported API types. This is just a client-side tool, it just executes locally without requiring a cluster to be running. You can think about this as an Unix pipe that upgrades config files.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
