Automatic merge from submit-queue (batch tested with PRs 63322, 64718, 64708, 64775, 64777). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm lowercases all domain names passed as additional SANs
**What this PR does / why we need it**:
Some domains, like ELBs, output a domain name with uppercase letters. To
accept these, we lowercase all arguments passed to ----apiserver-cert-extra-sans
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #[kubeadm/827](https://github.com/kubernetes/kubeadm/issues/827)
```release-note
NONE
```
Some domains, like ELBs, output a domain name with uppercase letters. To
accept these, we lowercase all arguments passed to ----apiserver-cert-extra-sans
Automatic merge from submit-queue (batch tested with PRs 63453, 64592, 64482, 64618, 64661). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace glog.Info{f,ln} with fmt.Print{f,ln}
Please see commit message.
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
This PR makes kubeadm's logging output consistent for the regular case and offers verbosity with glog.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#852
**Special notes for your reviewer**:
Unfortunately there is one call site in a dependency that uses a bare glog.Infof which we can't change without a bigger effort.
**Release note**:
```release-note
NONE
```
This follows the pattern `kubectl` uses for logging.
There are two remaining glog.Infof call that cannot be removed easily.
One glog call comes from kubelet validation which calls features.SetFromMap.
The other comes from test/e2e during kernel validation.
Mostly fixeskubernetes/kubeadm#852
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 64057, 63223, 64346, 64562, 64408). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Refactor the Bootstrap Tokens usage in the API types
**What this PR does / why we need it**:
This PR:
- Moves some common, generic Bootstrap Token helpers and constants from `k8s.io/kubernetes/cmd/kubeadm/app/util/token` to `k8s.io/client-go/tools/bootstrap/token/`
- Breaks out the top-level Bootstrap Token fields to a dedicated `BootstrapToken` struct with helper functions.
- Instead of representing the Bootstrap Token as a plain `string`, there is now a wrapper struct `BootstrapTokenString` that can marshal/unmarshal correctly and supports validation on create, and splitting up the full token in the ID/Secret parts automatically.
- Makes kubeadm support multiple Bootstrap Tokens automatically by supporting a slice of `BootstrapToken` in the `MasterConfiguration` API object
- Consolidates the place for kubeadm to create token-related flags in an `options` package
- Supports automatic conversion from the `v1alpha1` to `v1alpha2` API
- Adds support to set token expiration directly instead of setting a TTL (Expiration and TTL are mutually exclusive)
- Removes the old `TokenDiscovery` struct we're not using anymore inside of kubeadm
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related to https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
This is work in progress. Please only review the first two commits for now.
I will work on splitting up this PR in smaller chunks.
I will also write unit tests tomorrow.
**Release note**:
```release-note
[action required] kubeadm: The Token-related fields in the `MasterConfiguration` object have now been refactored. Instead of the top-level `.Token`, `.TokenTTL`, `.TokenUsages`, `.TokenGroups` fields, there is now a `BootstrapTokens` slice of `BootstrapToken` objects that support the same features under the `.Token`, `.TTL`, `.Usages`, `.Groups` fields.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @mattmoyer @liztio
Automatic merge from submit-queue (batch tested with PRs 63348, 63839, 63143, 64447, 64567). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move pkg/scheduler/schedulercache -> pkg/scheduler/cache
**What this PR does / why we need it**:
Move pkg/scheduler/schedulercache -> pkg/scheduler/cache
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63813
**Special notes for your reviewer**:
In order to prevent name conflicts still rename the `cache` to `schedulercache`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64605, 64570). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Version mismatch is now a skippable error
**What this PR does / why we need it**:
Previously, kubeadm enforced the same major and minor versions as the version of kubernetes it was installing. This is still enforced by default, but now the `--force` flag can override it. This is useful for testing and other edge cases.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #[kubeadm/877](https://github.com/kubernetes/kubeadm/issues/877)
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm upgrade apply can now ignore version errors with --force
```
Automatic merge from submit-queue (batch tested with PRs 62460, 64480, 63774, 64540, 64337). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Save kubeadm manifest backup directories
**What this PR does / why we need it**:
Kubeadm will now preserves previous manifests after `kubeadm upgrade apply`. Previously these files would be deleted after the upgrade succeeded
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # [kubeadm/489](https://github.com/kubernetes/kubeadm/issues/489)
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm now preserves previous manifests after upgrades
```
Automatic merge from submit-queue (batch tested with PRs 62460, 64480, 63774, 64540, 64337). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm uses its own scheme instead of kubectl scheme
**What this PR does / why we need it**:
kubeadm uses its own scheme instead of kubectl scheme
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused code in kubeadm error.go
**What this PR does / why we need it**:
remove unused code in kubeadm error.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
When kubeadm upgrades a static pod cluster, the old manifests were previously
deleted. This patch alters this behaviour so they are now stored in a
timestamped temporary directory.
Automatic merge from submit-queue (batch tested with PRs 64338, 64219, 64486, 64495, 64347). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: conditionally set the kubelet cgroup driver for Docker
**What this PR does / why we need it**:
Add a new utility file - util/cgroupdriver.go.
Currently it only contains the public function GetCgroupDriverDocker().
The function uses 'docker info' to obtain the cgroup driver
for Docker.
On a later stage this file can contain more methods for different
CRI.
Use GetCgroupDriverDocker() in phases/kubelet/flags.go
to conditionally set the 'cgroup-driver' argument. On error
print a warning and don't set the argument value.
Add unit tests in cgroupdriver_test.go.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#844
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
kubeadm: conditionally set the kubelet cgroup driver for Docker
```
/area kubeadm
/kind enhancement
@kubernetes/sig-cluster-lifecycle-pr-reviews
@luxas
Automatic merge from submit-queue (batch tested with PRs 57082, 64325, 64016, 64443, 64403). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove CrictlChecker from preflight checks
**What this PR does / why we need it**:
CrictlChecker uses InPathCheck to check if crictl presents
in the PATH. The same check is done in CRICheck function.
CrictlChecker is also called unconditionally, producing messages
that can confuse users. CRICheck is called only when needed, i.e.
when user specifies CRI socket.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61803, 64305, 64170, 64361, 64339). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove some unnecessarily gendered pronouns in comments
**What this PR does / why we need it**:
A bunch of comments are unnecessarily gendered. I've changed them to gender-neutral they/theirs.
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61803, 64305, 64170, 64361, 64339). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve the help of kubeadm completion
**What this PR does / why we need it**:
Add note that 'bash-completion' is required on Linux too.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [kubernetes/kubeadm/#860](https://github.com/kubernetes/kubeadm/issues/860)
**Special notes for your reviewer**:
cc @neolit123
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64318, 64269, 64438, 64516, 64311). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
UX improvement for preflight check for external etcd client certificates
**What this PR does / why we need it**:
UX improvement for preflight check for external etcd client certificates
By using same preflight check label for all etcd client certificates, it will
allow user to use single identifier, and as result shorter command line
arguments to kubeadm, in case multiple issues found with those files.
Fixes:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#834
**Special notes for your reviewer**:
**Release note**:
```release-note
Label ExternalEtcdClientCertificates can be used for ignoring all preflight check issues related to client certificate files for external etcd.
```
Add a new utility file - util/cgroupdriver.go.
Currently it only contains the public function GetCgroupDriverDocker().
The function uses 'docker info' to obtain the cgroup driver
for Docker.
On a later stage this file can contain more methods for different
CRI.
Use GetCgroupDriverDocker() in phases/kubelet/flags.go
to conditionally set the 'cgroup-driver' argument. On error
print a warning and don't set the argument value.
Add unit tests in cgroupdriver_test.go.
Automatic merge from submit-queue (batch tested with PRs 64322, 64210, 64458, 64232, 64370). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Add a 'kubeadm config migrate' command
**What this PR does / why we need it**:
This is an UX improvement so users may easier "upgrade" their **configuration files** from the an old version (e.g. `v1alpha1`) version to a new one (e.g. `v1alpha2`), can do this **locally and seamlessly without touching a cluster**. We talked about this in the SIG meeting; getting the users to be able to convert their checked-in configuration files to new API versions will be crucial.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Add a 'kubeadm config migrate' command to convert old API types to their newer counterparts in the new, supported API types. This is just a client-side tool, it just executes locally without requiring a cluster to be running. You can think about this as an Unix pipe that upgrades config files.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue (batch tested with PRs 64322, 64210, 64458, 64232, 64370). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Move .NodeName and .CRISocket to a common sub-struct
**What this PR does / why we need it**:
Regroups some common fields for `kubeadm init` and `kubeadm join` only used for the initial node registration.
Lets the user specify ExtraArgs to the kubelet.
Now also runs the dynamic env file creation for `kubeadm join`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/847
Follows-up https://github.com/kubernetes/kubernetes/pull/63887
Related to kubernetes/kubeadm#822
**Special notes for your reviewer**: WIP, but please review so we can finalize the direction of the PR
**Release note**:
```release-note
[action required] `.NodeName` and `.CRISocket` in the `MasterConfiguration` and `NodeConfiguration` v1alpha1 API objects are now `.NodeRegistration.Name` and `.NodeRegistration.CRISocket` respectively in the v1alpha2 API. The `.NoTaintMaster` field has been removed in the v1alpha2 API.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix parsing 'crictl pods -q' output
**What this PR does / why we need it**:
fix parsing 'crictl pods -q' output
Output of crictl pods -q is a list of running pod ids, one id per line.
Current code splits this output incorrectly which makes next command
'crictl stopp' fail if there is more than one pod running.
Should be fixed by using strings.Fields instead of strings.Split.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64258, 63068). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update the CoreDNS version and manifest
**What this PR does / why we need it**:
Bumps CoreDNS to 1.1.3 and updates manifest
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
CoreDNS is now v1.1.3
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Pull images early in `kubeadm init` by default
kubeadm now pulls container images before the init step.
* This commit also fixes a dependency cycle
**What this PR does / why we need it**:
This PR adds a check to kubeadm preflight checks that pulls images down before kubeadm tries to run them so boot up time of containers does not have to pull.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#825
**Special notes for your reviewer**:
The interface stuff is to remove a dependency cycle where utils pulled in preflight and preflight pulled in utils. I do not think this utils package should be importing preflight.
**Release note**:
```release-note
kubeadm will pull required images during preflight checks if it cannot find them on the system
```
Automatic merge from submit-queue (batch tested with PRs 64308, 64367, 64165, 64274). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: rename the `kube-dns` phases addon
**What this PR does / why we need it**:
The command `kubeadm alpha phases addon` has a property
called `kube-dns` which would install kube-dns, pre 1.11.
In the case of 1.11 this property will install CoreDNS,
because the property is also bound to the `CoreDNS` feature gate,
which is now `true` by default.
Fix that by renaming the property to `coredns`, updating the Cobra
info and also updating the unit tests.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/856
**Special notes for your reviewer**:
Please verify if we are OK with the "hard rename".
**Release note**:
```release-note
kubeadm: rename the addon parameter `kube-dns` to `coredns` for `kubeadm alpha phases addons` as CoreDNS is now the default DNS server in 1.11.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
Automatic merge from submit-queue (batch tested with PRs 64308, 64367, 64165, 64274). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: do not use --admission-control for the API server
**What this PR does / why we need it**:
The API server argument --admission-control is deprecated.
Use the following arguments instead:
--enable-admission-plugins=NodeRestriction
--disable-admission-plugins=PersistentVolumeLabel
Add comment that PersistentVolumeLabel should be removed at some
point in 1.11.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Updates kubernetes/kubeadm#840
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
kubeadm: when starting the API server use the arguments --enable-admission-plugins and --disable-admission-plugins instead of the deprecated --admission-control.
```
@luxas
@kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
Implement and use loadPodSpecFromFile which loads and returns PodSpec object
from YAML or JSON file. Use this function in the places where LoadPodFromFile
is used to load Pod object and then return the PodSpec portion of it. This
also removes the dependency on //pkg/volume/util and its dependencies (thus,
making kubeadm more lean).
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
By using same preflight check label for all etcd client certificates, it will
allow user to use single identifier, and as result shorter command line
arguments to kubeadm, in case multiple issues found with those files.
Fixes: kubernetes/kubeadm#834
The API server argument --admission-control is deprecated.
Use the following arguments instead:
--enable-admission-plugins=NodeRestriction
--disable-admission-plugins=PersistentVolumeLabel
Add comment that PersistentVolumeLabel should be removed at some
point in 1.11.
kubeadm now pulls container images before the init step if it cannot find them on the system
* This commit also cleans up a dependency cycle
Closes#825
Output of crictl pods -q is a list of running pod ids, one id per line.
Current code splits this output incorrectly which makes next command
'crictl stopp' fail if there is more than one pod running.
Should be fixed by using strings.Fields instead of strings.Split.
CrictlChecker uses InPathCheck to check if crictl presents
in the PATH. The same check is done in CRICheck function.
CrictlChecker is also called unconditionally, producing messages
that can confuse users. CRICheck is called only when needed, i.e.
when user specifies CRI socket.
The command `kubeadm alpha phases addon` has a property
called `kube-dns` which would install kube-dns, pre 1.11.
In the case of 1.11 this property will install CoreDNS,
because the property is also bound to the `CoreDNS` feature gate,
which is now `true` by default.
Fix that by renaming the property to `coredns`, updating the Cobra
info and also updating the unit tests.
Automatic merge from submit-queue (batch tested with PRs 64127, 63895, 64066, 64215, 64202). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Refactor the .Etcd substruct in the v1alpha2 API
**What this PR does / why we need it**:
Splits the monolithic `.Etcd` struct with all the options as fields to a more modular and clear design with two sub-structs for the different modes of hosting etcd we support.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of kubernetes/community#2131
**Special notes for your reviewer**:
Depends on:
- [x] https://github.com/kubernetes/kubernetes/pull/63917
Follows up: https://github.com/kubernetes/kubernetes/pull/63871
TODO: I still need to write unit tests for this.
**Release note**:
```release-note
[action required] kubeadm: The `:Etcd` struct has been refactored in the v1alpha2 API. All the options now reside under either `.Etcd.Local` or `.Etcd.External`. Automatic conversions from the v1alpha1 API are supported.
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Kubernetes Submit Queue