Automatic merge from submit-queue (batch tested with PRs 63314, 63884, 63799, 63521, 62242). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Restructure internal config usage and fix bugs
**What this PR does / why we need it**:
- Moves the generic LoadYAML function from the versioned, external API package to a helper library so it can be consumed more easily
- Makes the upgrading code use the internal version of the API (which always should be used anyway)
- Moves all config-loading code to `configutil`, together with the migration code needed. This way we have everything in one centralized place, instead of duplicating that logic N times.
- Makes `kubeadm init` use `configutil` for the reasons mentioned above.
This PR is needed in order to support multiple external API groups (like v1alpha2)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
This PR depends on:
- https://github.com/kubernetes/kubernetes/pull/63782
- https://github.com/kubernetes/kubernetes/pull/63783
**Please review only the last (third) commit**
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move to a structured status for dynamic kubelet config
This PR updates dynamic Kubelet config to use a structured status, rather than a node condition. This makes the status machine-readable, and thus more useful for config orchestration.
Fixes: #56896
```release-note
The status of dynamic Kubelet config is now reported via Node.Status.Config, rather than the KubeletConfigOk node condition.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
pass stop channel to node-controller
node controller run with stop channel passed from outside.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63589, 63644, 63861, 63872, 63847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm preflight check for IPv4 and IPv6 forwarding
**What this PR does / why we need it**: adds preflight check for IP forwarding
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#580
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm now checks that IPv4/IPv6 forwarding is enabled
```
Automatic merge from submit-queue (batch tested with PRs 63658, 63509, 63800, 63586, 63840). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm - default CoreDNS FeatureGate to true
**What this PR does / why we need it**:
This PR updates kubeadm to deploy CoreDNS rather than KubeDNS by default for new installs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Addresses part of https://github.com/kubernetes/kubeadm/issues/782
**Release note**:
```release-note
kubeadm will now deploy CoreDNS by default instead of KubeDNS
```
Currently, this does not effect upgrades. Also, documentation updates will need to be coordinated with this change.
Updates dynamic Kubelet config to use a structured status, rather than a
node condition. This makes the status machine-readable, and thus more
useful for config orchestration.
Fixes: #56896
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
scheduler: remove nested retry loops and fix serving metrics under healthz server port
This PR fixes the issues of #63404:
- The Serve func for metrics and healthz does not block. Inside, there is a retry loop. This PR fixes this and gets rid of the error messages every 5 seconds.
- The separate metrics server is only to be started if it is configured on another port. Before this PR we were wrongly checking for the healthz service to be activated and then launched the metrics server instead. Because both server startups are in a go routine, they were racing against each other. If you were unlucky, the metrics endpoint was winning and it returned 404 on /healthz (while it should not have been active in the first place). The kubemark tests run the scheduler with a liveness probe which failed, restarting the scheduler after some minutes.
Automatic merge from submit-queue (batch tested with PRs 63272, 63782, 63715, 63811, 63803). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor kubeadm config list-images
In preparation for creating a `kubeadm config images pull`
this commit refactors `kubeadm config list-images` into
`kubeadm config images list`.
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
**What this PR does / why we need it**:
Prepares the `kubeadm config images` subcommand so we can add more functionality to it.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Related to kubernetes/kubeadm#812
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63272, 63782, 63715, 63811, 63803). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stop installing kubeadm types in the generic, legacy scheme
**What this PR does / why we need it**:
Right now the kubeadm API types are (wrongly from a correctness perspective) installed in the "catch-all" and now legacy `pkg/api/legacyscheme`. Instead, we should use our own, kubeadm-specific `scheme` where our API types are registered. Doing this also cuts one dependency on the internal core API types.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @sttts @liztio
Automatic merge from submit-queue (batch tested with PRs 57536, 63812). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Contact the kubelet on its healthz port instead of its readonly port
**What this PR does / why we need it**:
In order for us to disable the kubelet's readonly port in v1.11 (https://github.com/kubernetes/kubeadm/issues/732), we need to cut the dependency on that port being open. Instead, we can use the dedicated healthz port (using the defaults `--healthz-bind-address=127.0.0.1` and `--healthz-port=10248`, xref: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/kubeadm/issues/732
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Currently kubeadm only performs an upgrade if the etcd cluster is
colocated with the control plane node. As this is only one possible
configuration, kubeadm should support upgrades with etcd clusters
that are not local to the node.
Signed-off-by: Craig Tracey <craigtracey@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 63492, 62379, 61984, 63805, 63807). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Sort arguments before joining them, for reproducible return string
**What this PR does / why we need it**:
This PR makes kubeadm static pod manifest generation consistent. Right now when `kubeadm init` is called repeatedly, the generated pod manifest files under /etc/kubernetes/manifest/ are changing. Its really hard to test how a configuration change effects the manifest files.
The current implementation is ranging over a map[string]string which will be happening in a random order, generating different pod manifests even without changing any configuration.
The suggested solution makes pom manifest generation idempotent. It opens up integration test possibilities, like testing whole yaml result of `kubeadm alpha phase controlplane`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig cluster-lifecycle
/assign @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
track/close kubelet->API connections on heartbeat failure
xref #48638
xref https://github.com/kubernetes-incubator/kube-aws/issues/598
we're already typically tracking kubelet -> API connections and have the ability to force close them as part of client cert rotation. if we do that tracking unconditionally, we gain the ability to also force close connections on heartbeat failure as well. it's a big hammer (means reestablishing pod watches, etc), but so is having all your pods evicted because you didn't heartbeat.
this intentionally does minimal refactoring/extraction of the cert connection tracking transport in case we want to backport this
* first commit unconditionally sets up the connection-tracking dialer, and moves all the cert management logic inside an if-block that gets skipped if no certificate manager is provided (view with whitespace ignored to see what actually changed)
* second commit plumbs the connection-closing function to the heartbeat loop and calls it on repeated failures
follow-ups:
* consider backporting this to 1.10, 1.9, 1.8
* refactor the connection managing dialer to not be so tightly bound to the client certificate management
/sig node
/sig api-machinery
```release-note
kubelet: fix hangs in updating Node status after network interruptions/changes between the kubelet and API server
```
Automatic merge from submit-queue (batch tested with PRs 55511, 63372, 63400, 63100, 63769). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create pkg/scheduling/apis/v1beta1 and move priorityClass to beta
**What this PR does / why we need it**:
This is for creating pkg/apis/scheduling/v1beta1 so that priorityClasses could be moved to beta.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of #57471
**Special notes for your reviewer**:
/cc @bsalamat @aveshagarwal
**Release note**:
```release-note
The `PriorityClass` API is promoted to `scheduling.k8s.io/v1beta1`
```
Automatic merge from submit-queue (batch tested with PRs 55511, 63372, 63400, 63100, 63769). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve kubeadm upgrade path for CoreDNS
**What this PR does / why we need it**:
This PR achieves the following:
1. Retains the CoreDNS ConfigMap defined by the user during `kubeadm upgrade`.
2. Removes the CoreDNS deployment when user decides to install kube-dns during `kubeadm upgrade`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
In preparation for creating a `kubeadm config images pull`
this commit refactors `kubeadm config list-images` into
`kubeadm config images list`.
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 63787, 62003). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Use the API machinery for marshalling
**What this PR does / why we need it**:
Similar to https://github.com/kubernetes/kubernetes/pull/63723, we should not use a generic `yaml`
package for marshalling, but use the API machinery we have already in place. This now correctly includes `apiVersion` and `kind` when printing the configuration in the upgrade procedure.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue (batch tested with PRs 63588, 63806). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm - do not generate etcd ca/certs for external etcd
**What this PR does / why we need it**:
Currently we generate an etcd CA and certificates even if we are specifying an external etcd cluster when running `kubeadm init`, this PR changes this behavior to skip generating the etcd CA and certificates if configured for an external etcd cluster.
**Which issue(s) this PR fixes**
Fixes https://github.com/kubernetes/kubeadm/issues/807
**Release note**:
```release-note
kubeadm will no longer generate an unused etcd CA and certificates when configured to use an external etcd cluster.
```
Automatic merge from submit-queue (batch tested with PRs 63735, 62807). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm: Update comments and UT to remove /66 restriction
**What this PR does / why we need it**:
The comments in cmd/kubeadm/app/phases/controlplane/manifests.go mention the
IPv6 /66 restriction, and the UT also refers to this.
This restriction was removed in PR#60089
This removes those comments and updates the UT
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62806
**Special notes for your reviewer**:
**Release note**:
```release-note-none
```
Automatic merge from submit-queue (batch tested with PRs 63735, 62807). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm-init: update note about failing containers
**What this PR does / why we need it**:
This PR was merged before all requested changes
were applied:
kubernetes/pull/59731
Update the note about failing containers as requested here:
https://github.com/kubernetes/kubernetes/pull/59731#pullrequestreview-119517427
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63783, 63734). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm marshal tests
**What this PR does / why we need it**:
Adds tests for the marshalling utilities in kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes: kubernetes/kubeadm#802
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63783, 63734). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Rename `kubeadmapiext` to the more explicit `kubeadmapiv1alpha1`
**What this PR does / why we need it**:
`kubeadmext` is somewhat confusing to those who read the code (although it means "the external API of kubeadm", which to some degree makes sense), so I'm swapping all references to it to the more explicit `kubeadmapiv1alpha1`. This change is needed given that we will support multiple external APIs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of https://github.com/kubernetes/community/pull/2131
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add necessary explanation for container log rotation.
**What this PR does / why we need it**:
#59898
> Container log manager only starts when the container runtime is remote (not docker), because we can't implement ReopenContainerLog for docker.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Control exactly what we use in kubeadm
**What this PR does / why we need it**:
we recently got rid of extra arg validation for preflight check:
9f21f5dd1e
the import-boss configuration will help us control exactly what
gets added/used in kubeadm. In this PR, we add a white-list of
the exact packages we use currently.
We will need to review these, make new PR(s) to eliminate things
we don't want to be depending on (just like the cloud provider related code).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
we recently got rid of extra arg validation for preflight check:
9f21f5dd1e
the import-boss configuration will help us control exactly what
gets added/used in kubeadm. In this PR, we add a white-list of
the exact packages we use currently.
We will need to review these, make new PR(s) to eliminate things
we don't want to be depending on (just like the cloud provider related code).
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revisit the OWNERS file for kubeadm
**What this PR does / why we need it**:
The OWNERS file for kubeadm is getting a little bit stale. As discussed in today's SIG Cluster Lifecycle meeting, we're gonna update it with the currently active contributors.
**Special notes for your reviewer**:
Every person that is involved here, please ACK and LGTM the change.
@jbeda removed from approvers
@krousey removed from approvers/reviewers
@fabriziopandini graduated to an approver
@dmmcquay removed from reviewers
@jamiehannaford removed from reviewers
@kargakis removed from reviewers
@liztio added to reviewers
@chuckha added to reviewers
@detiber added to reviewers
@stealthybox added to reviewers
@dixudx added to reviewers
Thank you everyone for your contributions 👏 (no one can't maintain something forever), and congratulations and welcome everyone with a new role, happy to have you here 👍!
**Release note**:
```release-note
NONE
```
cc @kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: add test coverage to completion.go
**What this PR does / why we need it**:
Add `completion_test.go` with the following tests:
- TestNewCmdCompletion
- TestRunCompletion
A separate commit exports the function GetSupportedShells() to obtain the list of supported shells.
Test coverage is at 96%. The only untested bit is an `io.Writer.Write()` call in `RunCompletion()`. in the case of `bytes.Buffer` it would panic and/or always return `nil` for `error`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
NONE
**Special notes for your reviewer**:
NONE
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63367, 63718, 63446, 63723, 63720). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add kind and version to Kubeadm MasterConfiguration configmaps
**What this PR does / why we need it**:
Right now Kubeadm serializes its configuration objects with just `yaml.Marshal`. By switching to `runtime.Encode`, we guarantee that version information will be added.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
First part of KEP0008
**Release note**:
```release-note
None
```
stewart-yu