Commit Graph

107 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
8cbe59308c Merge pull request #122786 from HirazawaUi/remove-kubeadm-useless-code
kubeadm: remove code to be removed in 1.30
2024-02-05 07:21:29 -08:00
Shida Qiu
f47c2a1ba6 Revert "kubeadm: fix a bug where the uploaded kubelet configuration in kube-system/kubelet-config ConfigMap does not respect user patch" 2024-02-02 20:34:30 +08:00
HirazawaUi
46c4249e3e Remove code to be removed in 1.30 2024-01-15 19:40:04 +08:00
Kubernetes Prow Robot
c8125c4029 Merge pull request #121305 from neolit123/1.29-super-admin-conf
kubeadm: add support for separate super-admin.conf kubeconfig file
2023-10-27 08:51:31 +02:00
Lubomir I. Ivanov
30ed50d32e kubeadm: make super-admin.conf changes in app/phases
- Register the new file in /certs/renewal, so that the
file is renewed if present. If not present the common message "MISSING"
is shown. Same for other certs/kubeconfig files.
- In /kubeconfig, update the spec for admin.conf to use
the "kubeadm:cluster-admins" Group. A new spec is added for
the "super-admin.conf" file that uses the "system:masters" Group.
- Add a new function EnsureAdminClusterRoleBinding() that includes
logic to ensure that admin.conf contains a User that is properly
bound on the "cluster-admin" built-in ClusterRole. This requires
bootstrapping using the "system:masters" containing "super-admin.conf".
Add detailed unit tests for this new logic.
- In /upgrade#PerformPostUpgradeTasks() add logic to create the
"admin.conf" and "super-admin.conf" with the new, updated specs.
Add detailed unit tests for this new logic.
- In /upgrade#StaticPodControlPlane() ensure that renewal of
"super-admin.conf" is performed if the file exists.
Update unit tests.
2023-10-26 07:36:03 +03:00
Lubomir I. Ivanov
c2a04fa1cf kubeadm: fix export comments to make golangci-lint happy 2023-10-25 19:35:10 +03:00
Dave Chen
1eb6282016 kubeadm: Move the method used only in the test to postupgrade_test.go
Signed-off-by: Dave Chen <dave.chen@arm.com>
2023-08-18 16:59:08 +08:00
SataQiu
daa7115907 kubeadm: add deprecation message for UpgradeAddonsBeforeControlPlane feature gate 2023-06-01 23:06:26 +08:00
SataQiu
b4560f9e57 kubeadm: fix a bug where file copy(backup) could not be executed correctly on Windows platform during upgrade 2023-05-08 22:17:32 +08:00
Paco Xu
c6f4bee98d kubeadm: add deprecated FG UpgradeAddonsBeforeControlPlane 2023-04-28 13:55:46 +08:00
SataQiu
e3d84aa93c kubeadm: add the experimental (alpha) feature gate UpgradeAddonsAfterControlPlane that supports upgrade coredns and kube-proxy addons after all the control plane instances have been upgraded 2023-04-25 22:12:50 +08:00
Kubernetes Prow Robot
8e31885e36 Merge pull request #115575 from SataQiu/fix-20230207
kubeadm: fix a bug where the uploaded kubelet configuration in kube-system/kubelet-config ConfigMap does not respect user patch
2023-02-16 00:45:38 -08:00
SataQiu
69e50cabd2 kubeadm: fix a bug where the uploaded kubelet configuration in kube-system/kubelet-config ConfigMap does not respect user patch 2023-02-07 18:24:31 +08:00
Dave Chen
5127cbf949 kubeadm: backup kubelet config file for upgrade apply
Back up kubelet config file for `kubeadm upgrade apply`, some code
refactoring is done to de-dup some redundant code logic.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2023-02-02 12:09:18 +08:00
Dave Chen
9e6e13e562 kubeadm: include the err got from PrintDryRunFile
The error was ingored which means if anything wrong from `PrintDryRunFiles`,
it was sliently ignored.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2023-02-02 12:00:19 +08:00
SataQiu
76bb3364d2 kubeadm: cleanup the temporary workaround about kubelet --container-runtime flag 2022-12-11 15:52:12 +08:00
wangguoyan
447ad7eacb replace deprecated ioutil functions
Signed-off-by: wangguoyan <717338097@qq.com>
2022-09-29 09:00:10 +08:00
demoManito
35c26f48e4 fix: map and slice create style 2022-09-07 17:10:13 +08:00
Kubernetes Prow Robot
50097acf15 Merge pull request #112008 from pacoxu/kubeadm-taint
Kubeadm cleanup for taint / toleration with master label
2022-08-28 19:58:36 -07:00
Paco Xu
f445764969 fix a flag replace of container-runtime=remote 2022-08-26 19:18:42 +08:00
Paco Xu
04e0c6c160 kubeadm: do not need to remove old taint as v1.25 upgrade will remove it 2022-08-25 22:24:44 +08:00
Paco Xu
f9643b69f3 cleanup kubelet config file: kubeadm-flags.env to remove container-runtime flag 2022-08-25 17:55:37 +08:00
wangyysde
e863ebb6b5 add print-manifest flag to print addon manifests to STDOUT
Signed-off-by: wangyysde <net_use@bzhy.com>
2022-06-08 13:45:37 +08:00
Lubomir I. Ivanov
665f66d2bc kubeadm: pass io.Writer and "patches dir" to WriteConfigToDisk()
With phases/kubelet/WriteConfigToDisk() about to support patches
it is required that the function accepts an io.Writer
where the PatchManager can output to and also a patch directory.

Modify all call sites of the function WriteConfigToDisk()
to properly prepare an pass an io.Writer and patches dir to it.
This results in command phases for init/join/upgrade to pass
the root io.Writer (usually stdout) and the patchesDir populated
either via the config file or --patches flag.
2022-06-06 20:37:26 +03:00
Lubomir I. Ivanov
80e5bcae9b kubeadm: remove RemoveOldControlPlaneLabel
The function is no longer used and was missed in a
1.25 cleanup PR.
2022-05-18 15:42:08 +03:00
Kubernetes Prow Robot
84c8afeba3 Merge pull request #110095 from neolit123/1.25-update-master-label-taint
kubeadm: cleanup the "master" taint on CP nodes during upgrade
2022-05-18 00:52:54 -07:00
Kubernetes Prow Robot
90d7400ca1 Merge pull request #109356 from pacoxu/kubeadm-2426-cri
kubeadm: remove temporary handling of CRI socket paths without URL scheme
2022-05-17 18:00:52 -07:00
Lubomir I. Ivanov
ddd046f3dd kubeadm: cleanup the "master" taint on CP nodes during upgrade
- iniconfiguration.go: stop applying the "master" taint
for new clusters; update related unit tests in _test.go
- apply.go: Remove logic related to cleanup of the "master" label
during upgrade
- apply.go: Add cleanup of the "master" taint on CP nodes
during upgrade
- controlplane_nodes_test.go: remove test for old "master" taint
on nodes (this needs backport to 1.24, because we have a kubeadm
1.25 vs kubernetes test suite 1.24 e2e test)
2022-05-17 19:21:49 +03:00
Lubomir I. Ivanov
b1f3034051 kubeadm: only taint CP nodes when the legacy "master" taint is present
During upgrade when a CP node is missing the old / legacy "master"
taint, assume the user has manually removed it to allow
workloads to schedule.

In such cases do not re-taint the node with the new "control-plane"
taint.
2022-05-05 23:39:23 +03:00
Paco Xu
36594d739b CRI socket paths should have URL scheme 2022-04-07 16:11:58 +08:00
Kubernetes Prow Robot
1fa888529e Merge pull request #107533 from neolit123/1.24-update-master-label-taint
kubeadm: apply "master" label/taint migration for 1.24
2022-02-15 21:44:36 -08:00
ahrtr
972dc46a1f replace deprecated io/ioutil with os and io for cmd 2022-02-01 13:59:41 +08:00
SataQiu
aed6f56257 kubeadm: make the phase prefix and capitalization consistent 2022-01-16 00:01:35 +08:00
Lubomir I. Ivanov
db6061f5a6 kubeadm: apply the new "control-plane" taint during upgrade
- During "upgrade apply" call a new function AddNewControlPlaneTaint()
that finds all nodes with the new "control-plane" node-role label
and adds the new "control-plane" taint to them.
- The function is called in "apply" and is separate from
the step to remove the old "master" label for better debugging
if errors occur.
2022-01-13 17:46:11 +02:00
Lubomir I. Ivanov
c0871b4433 kubeadm: delete the old "master" label during upgrade
- Rename the function in postupgrade.go to better reflect
what is being done.
- During "upgrade apply" find all nodes with the old label
and remove it by calling PatchNode.
- Update health check for CP nodes to not track "master"
labeled nodes. At this point all CP nodes should have
"control-plane" and we can use that selector only.
2022-01-13 17:45:32 +02:00
Lubomir I. Ivanov
39330c4278 kubeadm: ensure CRI URL scheme is present in the kubelet env file
During "upgrade node" and "upgrade apply" read the
kubelet env file from /var/lib/kubelet/kubeadm-flags.env
patch the --container-runtime-endpoint flag value to
have the appropriate URL scheme prefix (e.g. unix:// on Linux)
and write the file back to disk.

This is a temporary workaround that should be kept only for 1 release
cycle - i.e. remove this in 1.25.
2022-01-03 23:13:31 +02:00
XinYang
72fd01095d re-order imports for kubeadm
Signed-off-by: XinYang <xinydev@gmail.com>
2021-08-17 22:40:46 +08:00
XinYang
c2a8cd359f re-order the imports in kubeadm
Signed-off-by: XinYang <xinydev@gmail.com>

Update cmd/kubeadm/app/cmd/join.go

Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
2021-07-04 16:41:27 +08:00
wangyysde
c02e4b5229 remove LabelControlPlaneNodesWithExcludeFromLB function as the statement call it has be removed 2021-04-10 14:30:35 +08:00
Kubernetes Prow Robot
a6bfc7d7a9 Merge pull request #99646 from rajansandeep/remove-kube-dns
[kubeadm]: Remove the deprecated kube-dns as an option in kubeadm
2021-03-04 14:41:12 -08:00
Sandeep Rajan
b8a1bd6a6c remove the deprecated kube-dns as an option in kubeadm 2021-03-04 12:12:54 -05:00
Lubomir I. Ivanov
01ea75e36d kubeadm: exclude control plane nodes from external LBs
Apply the label:
"node.kubernetes.io/exclude-from-external-load-balancers"

To control plane nodes to preserve backwards compatibility
with the legacy mode where "master" nodes were excluded from
LBs.
2021-01-26 20:42:58 +02:00
Justin SB
8797738c02 Fix spelling typos: scheduable -> schedulable
Bulk fix of a common typo.
2021-01-09 12:59:33 -05:00
Lubomir I. Ivanov
fb7ddf88e9 kubeadm: mark the "master" label/taint as deprecated
- Mark the "node-role.kubernetes.io/master" key for labels
and taints as deprecated.
- During "kubeadm init/join" apply the label
"node-role.kubernetes.io/control-plane" to new control-plane nodes,
next to the existing "node-role.kubernetes.io/master" label.
- During "kubeadm upgrade apply", find all Nodes with the "master"
label and also apply the "control-plane" label to them
(if they don't have it).
- During upgrade health-checks collect Nodes labeled both "master"
and "control-plane".
- Rename the constants.ControlPlane{Taint|Toleraton} to
constants.OldControlPlane{Taint|Toleraton} to manage the transition.
- Mark constants.OldControlPlane{{Taint|Toleraton} as deprecated.
- Use constants.OldControlPlane{{Taint|Toleraton} instead of
constants.ControlPlane{Taint|Toleraton} everywhere.
- Introduce constants.ControlPlane{Taint|Toleraton}.
- Add constants.ControlPlaneToleraton to the kube-dns / CoreDNS
Deployments to make them anticipate the introduction
of the "node-role.kubernetes.io/control-plane:NoSchedule"
taint (constants.ControlPlaneTaint) on kubeadm control-plane Nodes.
2020-11-10 22:10:13 +02:00
Rostislav M. Georgiev
543f29be4e kubeadm: Reduce kubelet.DownloadConfig usage
kubelet.DownloadConfig is an old utility function which takes a client set and
a kubelet version, uses them to fetch the kubelet component config from a
config map, and places it in a local file. This function is simple to use, but
it is dangerous and unnecessary. Practically, in all cases the kubelet
configuration is present locally and does not need to be fetched from a config
map on the cluster (it just needs to be stored in a file).
Furthermore, kubelet.DownloadConfig does not use the kubeadm component configs
module in any way. Hence, a kubelet configuration fetched using it may not be
patched, validated, or otherwise, processed in any way by kubeadm other than
piping it to a file.

This patch replaces all but a single kubelet.DownloadConfig invocation with
equivalents that get the local copy of the kubelet component config and just
store it in a file. The sole remaining invocation covers the
`kubeadm upgrade node --kubelet-version` case.

In addition to that, a possible panic is fixed in kubelet.DownloadConfig and
it now takes the kubelet version parameter as string.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
2020-05-19 13:30:45 +03:00
Davanum Srinivas
442a69c3bd switch over k/k to use klog v2
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:27 -04:00
Lubomir I. Ivanov
d4de1a571a kubeadm: skip kube-proxy and DNS upgrades on missing ConfigMaps
If the kube-proxy/dns ConfigMap are missing, show warnings and assume
that these addons were skipped during "kubeadm init",
and that their redeployment on upgrade is not desired.

TODO: remove this once "kubeadm upgrade apply" phases are supported:
https://github.com/kubernetes/kubeadm/issues/1318
2020-04-08 22:58:42 +03:00
Lubomir I. Ivanov
6f99791021 kubeadm: add missing RBAC for getting nodes on "upgrade apply"
b117a928 added a new check during "join" whether a Node with
the same name exists in the cluster.

When upgrading from 1.17 to 1.18 make sure the required RBAC
by this check is added. Otherwise "kubeadm join" will complain that
it lacks permissions to GET a Node.
2020-03-26 22:02:55 +02:00
SataQiu
8067dd8470 kubeadm: fix the bug that 'kubeadm upgrade' hangs in single node cluster 2020-02-23 18:57:32 +08:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00