Previous v1beta4 work added support for
ClusterConfiguration.EncryptionAlgorithm, however the possible
values were limited to just "RSA" (2048 key size) and "ECDSA" (P256).
Allow more arbitrary algorithm types, that can also include key size
or curve type encoded in the name:
"RSA-2048" (default), "RSA-3072", "RSA-4096" or "ECDSA-P256".
Update the deprecation notice of the PublicKeysECDSA FeatureGate
as ideally it should be removed only after v1beta3 is removed.
Currently, timeouts are only accessible if a kubeadm runtime.Object{}
like InitConfiguration is passed around.
Any time a config is loaded or defaulted, store the Timeouts
structure in a thread-safe way in the main kubeadm API package
with SetActiveTimeouts(). Optionally, a deep-copy can be
performed before calling SetActiveTimeouts(). Make this struct
accessible with GetActiveTimeouts(). Ensure these functions
are thread safe.
On init() make sure the struct is defaulted, so that unit
tests can work with these values.
The struct is included in InitConfiguration, JoinConfiguration
and ResetConfiguration.
Add conversion and update defaulters and fuzzers.
Include a timeoututils.go that contains a function
to default the internal Timeouts struct.
Add new a v1beta4.ResetConfiguration.UnmountFlags field that
can be used to pass in Linux unmount2() flags such as MNT_FORCE.
Default value continues to be 0 - i.e. no flags.
Turn on FeatureGate MergeCLIArgumentsWithConfig to keep the legacy way of management of
ignorePreflightErrors, which means the value defined by the flag `ignore-preflight-errors`
will be merged with the value `ignorePreflightErrors` defined in the config file.
Otherwise, the value defined by the flag will replace the value from the config file if set.
Signed-off-by: Dave Chen <dave.chen@arm.com>
Add v1beta4.ClusterConfiguration.EncryptionAlgorithm field (string)
and allow the user to configure the cluster asymetric encryption
algorithm to be either "RSA" (default, 2048 pkey size) or "ECDSA" (P-256).
Add validation and fuzzing. Conversion from v1beta3 is not required
because an empty field value is accepted and defaulted to RSA if needed.
Leverage the existing configuration option (feature gate) PublicKeysECDSA
but rename the backend fields, arguments, function names to be more
generic - EncryptionAlgorithm instead of PublicKeyAlgorithm.
That is because once the feature gate is enabled the algorithm
configuration also applies to private keys. It also uses the kubeadm API
type (string) instead of the x509.PublicKeyAlgorithm enum (int).
Deprecate the PublicKeysECDSA feature gate with a message.
It should be removed with the release of v1beta4 or maximum one release
later (it is an alpha FG).
github.com/docker/distribution/reference has a new home github.com/distribution/reference
and a new tag v0.5.0. Let's switch to that.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Use []kubeadm.Arg instead of map[string]string when
validating ExtraArgs in the API.
Add new GetArgValue() and SetArgValue() utilities
and tests in apis/kubeadm.
Add new utils for constucting commands from and to
a []kubeadm.Arg slice.
Add a new type Arg that holds a dedicated Name and Value.
Instead of using map[string]string for ExtraArgs in the
API use []Arg.
Adapt v1beta3 conversion to convert to/from the
legacy map[string]string.
The `dry-run` flag was able to use with the config file, since it was not
configurable in the config file.
Make it configurable in v1beta4, so that eventually, kubeadm could deprecate
the flag and suggest to use the config file instead.
Signed-off-by: Dave Chen <dave.chen@arm.com>
Move the defaulting of the BootstrapToken type inside the
bootstraptoken/v1 package. This prevents an error where
codegen complains that a defaulter for the type exists in both
the kubeadm v1beta3 and v1beta4.
Adapt kubeadm code to use the defaulter function and constants
that were moved to bootstraptoken/v1.
NOTE: technically this is a breaking change for direct users of
v1beta3/SetDefaults_BootstrapToken().
The manual conversion was needed to adapt `ClusterConfiguration.DNS` from v1beta2
to v1beta3, now that v1beta2 is removed from the code base, the manual conversion
is unnecessary as well.
The help to reduce the maintenance efforts.
Signed-off-by: Dave Chen <dave.chen@arm.com>
