Automatic merge from submit-queue (batch tested with PRs 63151, 63795, 63553, 64068, 64113). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Remove .AuthorizationModes in the v1alpha2 API
**What this PR does / why we need it**:
Now that we have https://github.com/kubernetes/kubernetes/pull/63879, we don't actually need to have `:AuthorizationModes` in our API anymore. This PR removes support for `.AuthorizationModes` in the v1alpha2 API, but keeps an upgrade path available (automatic conversion) from the v1alpha1 version.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of kubernetes/community#2131
**Special notes for your reviewer**:
Depends on:
- [x] https://github.com/kubernetes/kubernetes/pull/63879
- [x] https://github.com/kubernetes/kubernetes/pull/63917
**Release note**:
```release-note
[action required] kubeadm: Support for `.AuthorizationModes` in the kubeadm v1alpha2 API has been removed. Instead, you can use the `.APIServerExtraArgs` and `.APIServerExtraVolumes` fields to achieve the same effect. Files using the v1alpha1 API and setting this field will be automatically upgraded to this v1alpha2 API and the information will be preserved.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix how kubeadm handles `.AuthorizationModes` and `.APIServerExtraArgs`
**What this PR does / why we need it**:
If _authorization-mode_ is configured as `--apiserver-extra-args` for kubeadm, than
_authorization-mode_ argument gets duplicated in the static pod manifest file.
```
$ kubeadm alpha phase controlplane apiserver --apiserver-extra-args authorization-mode=AlwaysAllow
$ grep authorization-mode /etc/kubernetes/manifests/kube-apiserver.yaml
- --authorization-mode=AlwaysAllow
- --authorization-mode=Node,RBAC
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig cluster-lifecycle
/assign @fabriziopandini
Automatic merge from submit-queue (batch tested with PRs 60012, 63692, 63977, 63960, 64008). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
uses a more resilient way to get branch name from version
**What this PR does / why we need it**:
Currently `getBranchFromVersion` uses a hard coded way to extract branch name from the version string. This is error prone, especially when bumping the minimum supported k8s version from v1.9 to v1.10.
This follow-up PR tries to use a more resilient way to handle this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref #63920
**Special notes for your reviewer**:
/cc luxas timothysc
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 63969, 63902, 63689, 63973, 63978). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Remove dependency on pkg/client/clientset_generated/internalclientset
**What this PR does / why we need it**:
This PR removes dependency in kubeadm on `pkg/client/clientset_generated/internalclientset` and blacklists it in `.import-restrictions`.
The above package is pulled in transitively by the usage of the following:
- [GetFlagString](a481f4bbe8/cmd/kubeadm/app/cmd/version.go (L63)) from `k8s.io/kubernetes/pkg/kubectl/cmd/util`
- [LeaseEndpointReconcilerType](a481f4bbe8/cmd/kubeadm/app/phases/controlplane/manifests.go (L205)) from `k8s.io/kubernetes/pkg/master/reconcilers`
Dropping the unneeded dependencies from the build shaves off 4-5MB from the amd64 executable and reduces the dependency hell in kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#806
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63969, 63902, 63689, 63973, 63978). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a 'kubeadm config print-default' command
**What this PR does / why we need it**:
Improves the UX around creating config files.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/829
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: A `kubeadm config print-default` command has now been added that you can use as a starting point when writing your own kubeadm configuration files
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue (batch tested with PRs 63569, 63918, 63980, 63295, 63989). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm - fix upgrades with static pod etcd
**What this PR does / why we need it**:
This PR fixes a regression introduced by https://github.com/kubernetes/kubernetes/pull/63495 which broke kubeadm upgrades for installations using a static pod etcd.
**Release note**:
```release-note
NONE
```
kubeadm uses LeaseEndpointReconcilerType as import from
k8s.io/kubernetes/pkg/master/reconcilers. However, this pull a huge
load of extra dependencies (among which
pkg/client/clientset_generated/internalclientset). The solution is
to copy this string constant locally in kubeadm.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 63920, 63716, 63928, 60553, 63946). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update kubeadm's minimum supported Kubernetes in v1.11.x to 1.10
**What this PR does / why we need it**:
This PR does,
* Restricts supported Kubernetes version in 1.11 cycle;
* Removes useless v190-specific variables, since the minimum version is v1.10;
* Bumps etcd version based on k8s version to 1.10.X => 3.1.12, 1.11.X => 3.2.18, 1.12.X => 3.2.18;
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#815
**Special notes for your reviewer**:
/cc kubernetes/sig-cluster-lifecycle-pr-reviews
/cc luxas
**Release note**:
```release-note
Update kubeadm's minimum supported kubernetes in v1.11.x to 1.10
```
Using GetFlagString from k8s.io/kubernetes/pkg/kubectl/cmd/util
causes pkg/client/clientset_generated/internalclientset to be pulled
as an external dependency, thus producing larger executable and
increasing the maintainance hell.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement `kubeadm init diff`
**What this PR does / why we need it**:
Some users want to see the changes `kubeadm` woulda apply before actually running `kubeadm upgrade apply`. This shows the changes that will be made to the static pod manifests before applying them. This is a narrower case than `kubeadm upgrade apply --dry-run`, which specifically focuses on the static pod manifests.
**Which issue(s) this PR fixes**:
Part of [kubeadm/489](https://github.com/kubernetes/kubeadm/issues/489#issuecomment-388974795)
**Special notes for your reviewer**:
**Release note**:
```release-note
adds the `kubeadm upgrade diff` command to show how static pod manifests will be changed by an upgrade.
```
Automatic merge from submit-queue (batch tested with PRs 63865, 57849, 63932, 63930, 63936). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Minor fixes for kubeadm reset
This set of fixes was proposed by @neolit123 in [PR 63849](https://github.com/kubernetes/kubernetes/pull/63849) review
comments:
- Capitalized output after [reset]
- Used %v format for Go errors
- Fixed spelling: Trying using -> Trying to use
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Remove the `.CloudProvider` and `.PrivilegedPods` configuration option
**What this PR does / why we need it**:
Removes the `.CloudProvider` option, it has been experimental for a long time. People should now use external cloud providers, which is beta in v1.11. Most importantly, you can get the exact same behavior in the API by utilizing the `.*ExtraArgs` and `.*ExtraVolumes` fields.
Removes `.PrivilegedPods` as that serves a super small edge case with the legacy cloud provider, and only for openstack.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
Depends on PRs:
- [x] #63799
- [x] #63788
**Release note**:
```release-note
[action required] In the new v1alpha2 kubeadm Configuration API, the `.CloudProvider` and `.PrivilegedPods` fields don't exist anymore.
Instead, you should use the out-of-tree cloud provider implementations which are beta in v1.11.
If you have to use the legacy in-tree cloud providers, you can rearrange your config like the example below.
If you need to use the `.PrivilegedPods` functionality, you can still edit the manifests in
`/etc/kubernetes/manifests/`, and set `.SecurityContext.Privileged=true` for the apiserver
and controller manager.
---
kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1alpha2
apiServerExtraArgs:
cloud-provider: "{cloud}"
cloud-config: "{path}"
apiServerExtraVolumes:
- name: cloud
hostPath: "{path}"
mountPath: "{path}"
controllerManagerExtraArgs:
cloud-provider: "{cloud}"
cloud-config: "{path}"
controllerManagerExtraVolumes:
- name: cloud
hostPath: "{path}"
mountPath: "{path}"
---
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @dims @liztio
This command will use crictl or docker to pull images locally.
The dockerfall back is needed because in some cases the kubelet is not
yet running so there is no CRI dockershim socket available.
Fixeskubernetes/kubeadm#812
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 63314, 63884, 63799, 63521, 62242). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Restructure internal config usage and fix bugs
**What this PR does / why we need it**:
- Moves the generic LoadYAML function from the versioned, external API package to a helper library so it can be consumed more easily
- Makes the upgrading code use the internal version of the API (which always should be used anyway)
- Moves all config-loading code to `configutil`, together with the migration code needed. This way we have everything in one centralized place, instead of duplicating that logic N times.
- Makes `kubeadm init` use `configutil` for the reasons mentioned above.
This PR is needed in order to support multiple external API groups (like v1alpha2)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
This PR depends on:
- https://github.com/kubernetes/kubernetes/pull/63782
- https://github.com/kubernetes/kubernetes/pull/63783
**Please review only the last (third) commit**
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue (batch tested with PRs 63589, 63644, 63861, 63872, 63847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm preflight check for IPv4 and IPv6 forwarding
**What this PR does / why we need it**: adds preflight check for IP forwarding
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#580
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm now checks that IPv4/IPv6 forwarding is enabled
```
