Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: add better test coverage to version.go
**What this PR does / why we need it**:
This PR adds unit tests for the file `kubeadm/app/cmd/version.go` via `version_test.go`. Test coverage is increased to 90% for this file. only a couple of functions are tested.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
related PRs:
https://github.com/kubernetes/kubernetes/pull/59220https://github.com/kubernetes/kubernetes/pull/58540
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58540, 62314). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add ability to specify port for kubeadm `API.ControlPlaneEndpoint`
**What this PR does / why we need it**:
When `API.ControlPlaneEndpoint` is used, the `BindPort` of the
apiserver is currently assumed, which means a load balancer cannot
listen on a different port than the apiserver. This extends the
`ControlPlaneEndpoint` to take an optional port which may differ
from the apiserver's `BindPort`.
**Release note**:
```release-note
The kubeadm config option `API.ControlPlaneEndpoint` has been extended to take an optional port which may differ from the apiserver's bind port.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: add better test coverage to reset.go
**What this PR does / why we need it**:
a PR for adding some more tests in `kubeadm/cmd` for `reset.go`.
increasing coverage from ~11% to ~92%
the remaining 8% are kind of hard to test or not worth the complexity.
original idea to add more tests in kubeadm was suggested to me by @luxas at slack.
in time, i might add better coverage to all cmd `.go` files.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
please, link issue # if you know of such.
**Special notes for your reviewer**:
none
**Release note**:
```release-note
NONE
```
When `API.ControlPlaneEndpoint` is used, the `BindPort` of the
apiserver is currently assumed, which means a load balancer cannot
listen on a different port than the apiserver. This extends the
`ControlPlaneEndpoint` to take an optional port which may differ
from the apiserver's `BindPort`.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove invalid TODOs in kubeadm constants.
**What this PR does / why we need it**:
These TODOs are invalid now.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref https://github.com/kubernetes/kubeadm/issues/571#issuecomment-347408384
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes kubeadm upgrade plan output
Closeskubernetes/kubeadm#713
Aligns `kubeadm upgrade plan` output when kubelets have different versions.
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR fixes the output of `kubeadm upgrade plan` when kubelets have different versions.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#713
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 58178, 62491, 60852). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Add support for clusterName in config file.
**What this PR does / why we need it**: Adds a `--cluster-name` arg to kubeadm init.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
See https://github.com/kubernetes/kube-deploy/issues/636
Code inspired by #52470
**Special notes for your reviewer**:
**Release note**:
```release-note
Adds --cluster-name to kubeadm init for specifying the cluster name in kubeconfig.
```
Automatic merge from submit-queue (batch tested with PRs 62455, 62465, 62427, 62416, 62411). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm upgrade ignores HighAvailability feature gate
**What this PR does / why we need it**:
This PR fixes https://github.com/kubernetes/kubeadm/issues/731
**Which issue(s) this PR fixes**:
Fixes https://github.com/kubernetes/kubeadm/issues/731
**Special notes for your reviewer**:
The problem is a regression introduced by [#55952](https://github.com/kubernetes/kubernetes/pull/55952) which added a --feature-gates
flag to `kubeadm upgrade`, to be used for updating feature gates during the upgrade process (so it is update + upgrade).
The original implementation always override the actual feature gates with the flag value, even when the flag is not set; this PR fixes this behaviour making `kubeadm upgrade` considers the flag value only if set, otherwise actual feature gates will be preserved.
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-cluster-lifecycle-bugs
**Release note**:
```release-note
Fixed#731 kubeadm upgrade ignores HighAvailability feature gate
```
Automatic merge from submit-queue (batch tested with PRs 60585, 62398, 62258, 62042). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: surface external etcd preflight validation errors
**What this PR does / why we need it**:
This PR fixes a bug where errors that could occur while running preflight against an external etcd cluster were not being surfaced to the user.
**Which issue(s) this PR fixes** :
Fixes https://github.com/kubernetes/kubeadm/issues/719
**Release note**:
```release-note
kubeadm: surface external etcd preflight validation errors
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
validate AdvertiseAddress in kubeadm init and other case
**What this PR does / why we need it**:
When using `kubeadm init --apiserver-advertise-address=****, `apiserver-advertise-address` can only be ipv4 or ipv6 address, if people use domain name in this field, will not use it and silently get hostIP.
Add a warning in this case.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#590
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 59027, 62333, 57661, 62086, 61584). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement verbosity feature for kubeadm
[WIP] Adds verbosity feature to init command hierarchy of kubeadm utility.
**What this PR does / why we need it**:
Implements verbosity feature to kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#340
**Special notes for your reviewer**:
I will be splitting this work into a smaller PR to keep it separate and clean.
**Release note**:
```release-note
Implements verbosity logging feature for kubeadm commands
```
Automatic merge from submit-queue (batch tested with PRs 61918, 62180, 62198). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Bump kube-dns to 1.14.9
**What this PR does / why we need it**:
Bump kube-dns to 1.14.9 for kubeadm. Ref #61908.
cc @rramkumar1
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
**Release note**:
```release-note
Update kube-dns to Version 1.14.9 in kubeadm.
```
Automatic merge from submit-queue (batch tested with PRs 61705, 61609, 62103, 62113, 62115). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support overriding the --node-cidr-mask-size arg passed to kube-controller-manager
Fixes: https://github.com/kubernetes/kubeadm/issues/724
**Release note**:
```release-note
kubeadm config can now override the Node CIDR Mask Size passed to kube-controller-manager.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
**What this PR does / why we need it**:
Remove YEAR field of all generated files and fix kubernetes boilerplate checker
xref: [remove YEAR fileds in gengo #91](https://github.com/kubernetes/gengo/pull/91)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [#gengo/issues/24](https://github.com/kubernetes/gengo/issues/24)
**Special notes for your reviewer**:
/cc @thockin @lavalamp @sttts
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60696, 60876, 60901, 60925, 60428). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Add writable option to *ExtraVolumes init config
**What this PR does / why we need it**:
This PR adds `writable` boolean option for each volume under the `apiServerExtraVolumes`, `controllerManagerExtraVolumes` and `schedulerExtraVolumes` kubeadm init config keys. The option controls write access on a per-volume basis. It is inverted and transferred to the corresponding static pod YAML file as the `readOnly` option of kubelet.
The default value for `writable` is `false`, which does not change the current kubeadm behavior.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Partial fix for #58587
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
kubeadm: Add the writable boolean option to kubeadm config. The option works on a per-volume basis for *ExtraVolumes config keys.
```
Automatic merge from submit-queue (batch tested with PRs 60363, 59208, 59465, 60581, 60702). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix: remove keyword defer in the loop to avoid resource leaks
Appearance of defer keyword inside a loop structure may caused resource leaks, it's not recommended to do it although it is in an unit test. Releasing a resource just after finishing using it is the most safe and effective solution, so remove defer is just OK.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Updates kubeadm default to use 1.10
**What this PR does / why we need it**:
In line with https://github.com/kubernetes/kubeadm/blob/master/docs/release-cycle.md, the default branch for kubeadm to deploy should be bumped right before the rc.1.
This can even be manually merged by the someone from the release team.
**Which issue(s) this PR fixes** :
Fixes#60608
**Special notes for your reviewer**:
**Release note**:
```
Updates default deployment for kubeadm to 1.10
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-release-members @dims @jberkus @jdumars
Automatic merge from submit-queue (batch tested with PRs 61129, 60359). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup old upgrading code that is v1.8->v1.9-specific
**What this PR does / why we need it**:
Cleanup old upgrading code that is v1.8->v1.9-specific
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/622
This will finish the task in the issue.
**Special notes for your reviewer**:
/cc @luxas @vbmade2000
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60891, 60935). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Rollback etcd server version to 3.1.11 due to #60589
Ref https://github.com/kubernetes/kubernetes/issues/60589#issuecomment-371171837
The dependencies were a bit complex (so many things relying on it) + the version was updated to 3.2.16 on top of the original bump.
So I had to mostly make manual reverting changes on a case-by-case basis - so likely to have errors :)
/cc @wojtek-t @jpbetz
```release-note
Downgrade default etcd server version to 3.1.11 due to #60589
```
(I'm not sure if we should instead remove release-notes of the original PRs)
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Reverting the anti-affinity from CoreDNS pods
**What this PR does / why we need it**:
Following #54164 and #59357, removing the anti-affinity from CoreDNS.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add mTLS to kubeadm etcd liveness probe.
**What this PR does / why we need it**:
We switched etcd over to using mTLS, but the liveness probe is still using http.
Disabling the liveness probe allows etcd to continue operating.
The real fix isn't simple, because we need to generate a client certificate for healthchecking and update the probe to exec `etcdctl` like so:
https://sourcegraph.com/github.com/coreos/etcd-operator/-/blob/pkg/util/k8sutil/pod_util.go#L71-89
~Working on patching this now.~
This PR now generates the healthcheck identity and updates the liveness probe to use it.
**Which issue(s) this PR fixes**
Fixes#59766Fixeskubernetes/kubeadm#720
**Special notes for your reviewer**:
We should generate a client cert specifically for etcd health checks so that the apiserver certs can be revoked independently.
This will be stored in `/etc/kubernetes/pki/etcd/` so that we don't have to change the pod's hostMount.
**Release note**:
```release-note
NONE
```
