Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
kubeadm: add mandatory phase "annotate-cri"
**What this PR does / why we need it**:
In v1.12, after the changing how kubeadm-config upload/fetch, AnnotateCRISocket is now a necessary step for getting a cluster that can be upgraded using phases. This PR adds a new subcommand for letting users to invoke AnnotateCRISocket as a phase
**Which issue(s) this PR fixes**:
Fixes # https://github.com/kubernetes/kubeadm/issues/925
**Special notes for your reviewer**:
When testing this PR, I found that one of the tests on component config defaulting was broken (didn't have time to investigate why yet). This PR fixes this test as well
**Release note**:
```release-note
kubeadm: added phase command "alpha phase kubelet config annotate-cri"
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
/sig cluster-lifecycle
/area kubeadm
/assign @timothysc @neolit123
/kind bug
Add the:
- mandatory flag "--config" to the preflight phase
and parse the specified config file for either "master" or "node".
- flag "--ignore-preflight-errors" to the preflight phase to
allow skipping errors.
- the function AddIgnorePreflightErrorsFlag()
to "options/generic.go", because the flag is used in multiple commands.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Add a completely populated yaml InitConfig to the v1lapha3 dodoc
**What this PR does / why we need it**:
The existing docs are located in [k/website][website], which means it's difficult to keep them up to date. Having an example next to the code will make it much easier to update the docs in lockstep with spec changes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#1085
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 68341, 68385). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Fix kubeadm token list
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #https://github.com/kubernetes/kubeadm/issues/1094
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Update default etcd server to 3.2.24 for kubernetes 1.12
**What this PR does / why we need it**:
Update default etcd server to 3.2.24 for kubernetes 1.12
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref #68147
**Special notes for your reviewer**:
NONE
**Release note**:
```
Update default etcd server to 3.2.24 for kubernetes 1.12
```
/assign @wojtek-t @jpbetz @dims
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews @gyuho
Walk the certificate tree, at each step checking for a CACert.
If the CACert is found, try to use it to generate certificates.
Otherwise, generate a new CA cert.
Automatic merge from submit-queue (batch tested with PRs 63011, 68089, 67944, 68132). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Kubeadm upload and fetch of kubeam config v1alpha3
**What this PR does / why we need it**:
This PR implements upload and fetch of kubeam config v1alpha3 from cluster.
More in detail:
In upload, `kubeadm-config` gets
- `ClusterConfiguration` (without components config which are already stored in separated ConfigMaps)
- `ClusterStatus`(initialised or updated with the API endpoint of the current node)
During fetch `InitConfiguration` is composed with:
- `ClusterConfiguration` from `kubeadm-config`
- The `APIEndpoint` of the current node from `ClusterStatus` in `kubeadm-config`
- Component configs from corresponding ConfigMaps
**Which issue(s) this PR fixes** :
refs https://github.com/kubernetes/kubeadm/issues/911, refs https://github.com/kubernetes/kubeadm/issues/963
**Special notes for your reviewer**:
In order to implement this it was necessary to extend current component config management with a new GetFromConfigMap operation. This is implemented in a separated commit "
implement component configs GetFromConfigMap".
The real change build on this (commi "upload and fetch kubeadm v1alpha3")
**Release note**:
```release-note
NONE
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/sig cluster-lifecycle
/area kubeadm
/kind enhancement
/assign @luxas
/assign @timothysc
/cc @chuckha @rosti @neolit123 @liztio
Automatic merge from submit-queue (batch tested with PRs 67397, 68019). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
kubeadm: fix offline and air-gapped support
**What this PR does / why we need it**:
1.
Change the error output of getAllDefaultRoutes() so that it includes
information on which files were probed for the IP routing tables
even if such files are obvious.
Introduce a new error type which can be used to figure out of this
error is exactly of the "no routes" type.
2.
If netutil.ChooseBindAddress() fails looking up IP route tables
it will fail with an error in which case the kubeadm config
code will hard stop.
This scenario is possible if the Linux user intentionally disables
the WiFi from the distribution settings. In such a case the distro
could empty files such files as /proc/net/route and ChooseBindAddress()
will return an error.
For improved offline support, don't error on such scenarios but instead
show a warning. This is done by using the NoRoutesError type.
Also default the address to 0.0.0.0.
While doing that, prevent some commands like `init`, `join` and also
phases like `controlplane` and `certs` from using such an invalid
address.
3.
If there is no internet, label versions fail and this breaks
air-gapped setups unless the users pass an explicit version.
To work around that:
- Remain using 'release/stable-x.xx' as the default version.
- On timeout or any error different from status 404 return error
- On status 404 fallback to using the version of the client via
kubeadmVersion()
Add unit tests for kubeadmVersion().
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
refs kubernetes/kubeadm#1041
**Special notes for your reviewer**:
1st and second commits fix offline support.
3rd commit fixes air-gabbed support (as discussed in the linked issue)
the api-machinery change is only fmt.Errorf() related.
**Release note**:
```release-note
kubeadm: fix air-gapped support and also allow some kubeadm commands to work without an available networking interface
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/cc @kubernetes/sig-api-machinery-pr-reviews
/assign @kad
/assign @xiangpengzhao
/area UX
/area kubeadm
/kind bug
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Kubeadm Cert Renewal
**What this PR does / why we need it**:
adds explicit support for renewal of certificates via command
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#206
**Special notes for your reviewer**:
The targeted documentation is at kubernetes/website#9712
**Release note**:
```release-note
Adds the commands `kubeadm alpha phases renew <cert-name>`
```
Automatic merge from submit-queue (batch tested with PRs 67756, 64149, 68076, 68131, 68120). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Update manifest and version for CoreDNS
**What this PR does / why we need it**:
Updates the manifest of CoreDNS and also bumps the version of CoreDNS to 1.2.2
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/68020
**Special notes for your reviewer**:
**Release note**:
```release-note
CoreDNS is now v1.2.2 for Kubernetes 1.12
```
This change removes arch suffixes from control plane images (etcd,
kube-apiserver, kube-scheduler, kube-proxy, etc.). These are not needed, as
almost all control plane images have a fat manifest now.
We have arch suffixes only for kube-dns images now.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 64597, 67854, 67734, 67917, 67688). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move kubeproxy ComponentConfig external types to `k8s.io/kube-proxy`
**What this PR does / why we need it**:
This PR implements most of kubernetes/community#2354 for the kube-proxy.
The PR:
- Moves k8s.io/kubernetes/pkg/proxy/apis/kubeproxyconfig as-is to k8s.io/kubernetes/pkg/proxy/apis/config as agreed
- Moves the external types to the new staging repo k8s.io/kube-proxy, in the k8s.io/kube-proxy/config/v1beta1 package.
- Makes k8s.io/kubernetes/pkg/proxy/apis/config/v1beta1 source the types from k8s.io/kube-proxy/config/v1beta1. The defaulting and conversion code is kept in this package as before.
- All references to these packages have been updated.
Ref #67233
**Special notes for your reviewer**:
**Release note**:
```release-note
kube-proxy v1beta1 external ComponentConfig types are now available in the `k8s.io/kube-proxy` repo
```
Automatic merge from submit-queue (batch tested with PRs 66085, 66052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use pause image with fat-manifest
What this PR does / why we need it:
Pause manifest code is merged in #57723, so we should use new image in test.
Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #
Special notes for your reviewer:
Release note:
Automatic merge from submit-queue (batch tested with PRs 67323, 66717, 67038). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm init kernel validator display message error
Signed-off-by: Yuanbin.Chen <cybing4@gmail.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#1051
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
1) Do not fail in case a bind address cannot be obtained
If netutil.ChooseBindAddress() fails looking up IP route tables
it will fail with an error in which case the kubeadm config
code will hard stop.
This scenario is possible if the Linux user intentionally disables
the WiFi from the distribution settings. In such a case the distro
could empty files such files as /proc/net/route and ChooseBindAddress()
will return an error.
For improved offline support, don't error on such scenarios but instead
show a warning. This is done by using the NoRoutesError type.
Also default the address to 0.0.0.0.
While doing that, prevent some commands like `init`, `join` and also
phases like `controlplane` and `certs` from using such an invalid
address.
Add unit tests for the new function for address verification.
2) Fallback to local client version
If there is no internet, label versions fail and this breaks
air-gapped setups unless the users pass an explicit version.
To work around that:
- Remain using 'release/stable-x.xx' as the default version.
- On timeout or any error different from status 404 return error
- On status 404 fallback to using the version of the client via
kubeadmVersion()
Add unit tests for kubeadmVersion().
Co-authored-by: Alexander Kanevskiy <alexander.kanevskiy@intel.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: chroot to new --rootfs arg
**What this PR does / why we need it**:
This change adds a new --rootfs=path option to kubeadm, and (if
provided) chroot()s to this path before performing file operations.
This makes it possible to run the kubeadm binary from a container, but
perform remaining file operations against the host filesystem using
something like:
```
docker run -v /:/rootfs --net=host --uts=host --pid=host \
kubeadm:latest init ...
```
(Assuming something like the included `examples/kubeadm/Dockerfile` which sets CMD to `kubeadm --rootfs=/rootfs` - Edit: Dockerfile has been removed from this PR, but you get the idea)
Fixeskubernetes/kubeadm#503
**Special notes for your reviewer**:
- I'm not sure where is best to put the Dockerfile, or hook it up to the build process. Advice sought.
- The kubeadm command line arg handling was less unified than I was expecting to find. I've implemented this arg for `init` and `join`. I can add it to all the others too, if we're happy with the approach. An alternative would be to add the arg in the parent `KubeadmCommand`, possibly with a `PersistantFlag` - then it would automatically exist for all kubeadm subcommands.
- It would be slightly preferable if we could order `--rootfs` _before_ the subcommand so we could apply the arg automatically with `ENTRYPOINT ["kubeadm", "--rootfs=/rootfs"]`. This would be the only such flag in `kubeadm` however, so I have not implemented it that way atm. (Another alternative would be an env var)
**Release note**:
```release-note
Adds a new EXPERIMENTAL `--rootfs` flag to kubeadm, which (if specified) causes kubeadm to chroot before performing any file operations. This is expected to be useful when setting up kubernetes on a different filesystem, such as invoking kubeadm from docker.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm config add support for more than one APIEndpoint
**What this PR does / why we need it**:
This PR completes the changes in kubeadm for management of more than one control plane instances introducing the possibility to configure more than one APIEndpoints
**Which issue(s) this PR fixes** :
refs https://github.com/kubernetes/kubeadm/issues/911, refs https://github.com/kubernetes/kubeadm/issues/963
**Special notes for your reviewer**:
Depends on:
- [x] https://github.com/kubernetes/kubernetes/pull/67830
**Release note**:
```release-note
kubeadm: The kubeadm configuration now support definition of more than one control plane instances with their own APIEndpoint. The APIEndpoint for the "bootstrap" control plane instance should be defined using `InitConfiguration.APIEndpoint`, while the APIEndpoints for additional control plane instances should be added using `JoinConfiguration.APIEndpoint`.
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/sig cluster-lifecycle
/area kubeadm
/kind api-change
/kind enhancement
/assign @luxas
/assign @timothysc
/cc @chuckha @rosti @neolit123 @liztio
This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on [KEP-0009](https://github.com/kubernetes/community/blob/master/keps/sig-node/0009-node-heartbeat.md),
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.
- add NodeLease feature gate
- add kube-node-lease system namespace for node leases
- add Kubelet option for lease duration
- add Kubelet-internal lease controller to create and update lease
- add e2e test for NodeLease feature
- modify node authorizer and node restriction admission controller
to allow Kubelets access to corresponding leases
Automatic merge from submit-queue (batch tested with PRs 67776, 67503, 67679, 67786, 67830). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm config move ControlPlaneEndpoint to ClusterConfiguration
**What this PR does / why we need it**:
This PR moves `ControlPlaneEndpoint` from the `API` config struct to `ClusterConfiguration`.
This change is required as initial step for enabling management of more than one control plane instances in kubeadm
**Which issue(s) this PR fixes** :
refs https://github.com/kubernetes/kubeadm/issues/911, refs https://github.com/kubernetes/kubeadm/issues/963
**Special notes for your reviewer**:
just an appetizer, the main dish will be the next PR...
**Release note**:
```release-note
kubeadm: ControlPlaneEndpoint was moved from the API config struct to ClusterConfiguration
```
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/sig cluster-lifecycle
/area kubeadm
/kind api-change
/kind enhancement
/assign @luxas
/assign @timothysc
/cc @chuckha @rosti @neolit123 @liztio
Automatic merge from submit-queue (batch tested with PRs 67776, 67503, 67679, 67786, 67830). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm - deprecate feature-gates HighAvailability, SelfHosting, CertsInSecrets
**What this PR does / why we need it**:
As for sig discussion (see meeting notes - August 22 - 2018) we are going to block usage of feature gates HighAvailability, SelfHosting, CertsInSecrets for new clusters and block updates to v1.12 of existing clusters using such features.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)`
Fixes # https://github.com/kubernetes/kubeadm/issues/1058
**Special notes for your reviewer**:
I'm going to open issue to track code cleanup in v1.13
**Release note**:
```release-note
kubeadm - feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated and can't be used anymore for new clusters. Update of cluster using above feature-gates flag is not supported
```
/sig cluster-lifecycle
/kind feature
/kind cleanup
/assign @timothysc
/cc
Replace the unnecessary use of InitConfiguration in images.go with
ClusterConfiguration. This changes the interfaces of the following functions:
- GetKubeControlPlaneImage
- GetEtcdImage
- GetAllImages
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm ha upgrade
**What this PR does / why we need it**:
This PR implements one of the actions defined by https://github.com/kubernetes/kubeadm/issues/751 (checklist form implementing HA in kubeadm). see [KEP 0015](https://github.com/kubernetes/community/blob/master/keps/sig-cluster-lifecycle/0015-kubeadm-join-master.md) for more context
With this PR, kubeadm implements a new command `kubeadm upgrade node experimental-control-plane` that managed upgrade of control plane components on a secondary control plane instance.
The entire workflow in case of HA clusters will be:
- Upgrade the control plane
- run `kubeadm upgrade apply` on a first control plane instance
- run `kubeadm upgrade node experimental-control-plane` on secondary control plane instances
- Upgrade nodes
**Special notes for your reviewer**:
/CC @timothysc @luxas @chuckha @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```
kubeadm now has the `kubeadm upgrade node experimental-control-plane` command for upgrading secondary control plane instances created with `kubeadm join --experimental-control-plane`.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[reissue] kubeadm: Split out ClusterConfiguration from InitConfiguration
As @luxas is not able to take care of #66219, I am reissuing the same change here. There are a few minor things added by me:
- The original PR is rebased on latest master.
- Some broken tests were fixed.
- Some TODOs were added.
- Run update-bazel and update-gofmt
Below is the text of the original PR by Lucas.
-----
**What this PR does / why we need it:**
Splits MasterConfiguration to InitConfiguration and ClusterConfiguration as outlined in the kubeadm Config KEP. InitConfiguration holds init-only information, and ClusterConfiguration holds cluster-wide information. In the internal representation InitConfiguration wraps ClusterConfiguration as a field, but in serialized format they're different YAML documents.
**Which issue(s) this PR fixes** (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
ref: kubernetes/kubeadm#911
Depends on:
- [X] #65776
- [X] #65628
- [X] #65629
- [X] #65631
- [X] #65940
- [X] #65787
- [X] #65945
- [X] #65951
- [X] #65952
**Special notes for your reviewer:**
**Release note**:
```release-note
kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused functions in cmd
**What this PR does / why we need it**:
/kind cleanup
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67596, 67520, 67605). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cert list 2
**What this PR does / why we need it**:
Continuation of #67208. Uses the newly created declarative list of certificates kubeadm requires for the certs phase and upgrade steps.
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add --dns-loop-detect option to dnsmasq run by kube-dns
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67299
**Special notes for your reviewer**:
/cc @kubernetes/sig-network-pr-reviews
**Release note**:
```release-note
add --dns-loop-detect option to dnsmasq run by kube-dns
```
Automatic merge from submit-queue (batch tested with PRs 66793, 67405, 67068, 67501, 67484). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Remove images from the context of kubeletFailTempl
**What this PR does / why we need it**:
Since #66658 kubeletFailTempl no longer contains any images, thus we don't need to fill them
in its context.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/kind cleanup
/assign @timothysc
/assign @fabriziopandini
**Release note**:
```release-note
NONE
```
kubeletFailTempl no longer contains any images, thus we don't need to fill them
in its context.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove unused code in kubeadm/app/cmd/reset_test.go
**What this PR does / why we need it**:
remove unused code in kubeadm/app/cmd/reset_test.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62441, 66702, 67254, 67421, 65309). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Apply means to search for existing KubeConfig files in standard locations across kubeadm
**What this PR does / why we need it**:
Apply means to search for existing KubeConfig files in standard locations across kubeadm.
Tasklist:
- [x] Use the Join of Dir and File name instead of DefaultKubeConfig
- [x] Refactor token.go::findExistingKubeConfig() into a utility in cmd/kubeadm/app/cmd/util
- [x] Use the utility in config, upgrade and some of the phases commands that use --kubeconfig
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref [kubernetes/kubeadm/#805](https://github.com/kubernetes/kubeadm/issues/805)
**Special notes for your reviewer**:
/assign @neolit123
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
First pass of cert list
**What this PR does / why we need it**:
Refactors the cert management code in kubeadm to be more extensible and resiliant.
This initial change doesn't change anything on the surface, and in fact appears to add a bunch of complexity. The goal here is to reduce duplication in the certs codebase, which is started in this PR by gutting the New*CertAndKey. Eventually, those functions will be removed altogether. The declarative list will also allow us to build a more explicit renewal function and command line interface and reduce much more duplication in the cert package.
**Special notes for your reviewer**:
**Release note**:
```
```
Automatic merge from submit-queue (batch tested with PRs 66884, 67410, 67229, 67409). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: coverage improvement about ValidateVersion function
**What this PR does / why we need it**:
In commit log :2ef8157644, remove the `MinimumVersion support` for all featuregate, but the `MinimumVersion` still as a parameter in `Feature` struct for `future featuregate`.
However,https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/features/features.go#L79-L87 still have judgement about `MinimumVersion` in `ValidateVersion` function, we also need test it.
This PR make `test coverage` about `ValidateVersion` function from `20%` to `90%`. Details as below.
Before changed, the `test coverage` are:
```
root@shap000101123:/ycj/kubernetes-community/src/k8s.io/kubernetes/cmd/kubeadm/app/features# go tool cover -func=size_coverage.out
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:71: ValidateVersion 20.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:92: Enabled 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:101: Supports 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:111: Keys 0.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:120: KnownFeatures 90.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:139: NewFeatureGate 94.1%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:171: ResolveFeatureGateDependencies 100.0%
total: (statements) 73.1%
```
After change, the `test coverage` are:
```
root@shap000101123:/ycj/kubernetes-community/src/k8s.io/kubernetes/cmd/kubeadm/app/features# go tool cover -func=size_coverage.out
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:71: ValidateVersion 90.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:92: Enabled 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:101: Supports 100.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:111: Keys 0.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:120: KnownFeatures 90.0%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:139: NewFeatureGate 94.1%
k8s.io/kubernetes/cmd/kubeadm/app/features/features.go:171: ResolveFeatureGateDependencies 100.0%
total: (statements) 86.5%
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
@luxas @neolit123 @fabriziopandini @dixudx
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66491, 66587, 66856, 66657, 66923). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix grammar error: the predicate verb should be singular.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66491, 66587, 66856, 66657, 66923). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add space for output
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66984, 67236, 67216, 62721, 67106). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set kubeadm version as the default version in phase command.
**What this PR does / why we need it**:
In some phase commands which don't use kubernetes version, set kubeadm version as the kubernetes version to avoid get it from internet.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/756
**Special notes for your reviewer**:
cc @chrisob
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67017, 67190, 67110, 67140, 66873). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm join --control-plane main workflow
**What this PR does / why we need it**:
This PR implements one of the actions defined by https://github.com/kubernetes/kubeadm/issues/751 (checklist form implementing HA in kubeadm).
With this PR, kubeadm implements the `kubeadm join --control-plane`workflow, as described in the [KEP 0015-kubeadm-join-master.md](https://github.com/kubernetes/community/blob/master/keps/sig-cluster-lifecycle/0015-kubeadm-join-master.md) with the exception of the update of the `kubeadm-config` ConfigMap that will be completed in a following PR as soon as the implementation in the config file will allow it.
**Special notes for your reviewer**:
/CC @timothysc @luxas @chuckha @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```
`kubeadm join` now has the --experimental-control-plane flag that triggers deploy of a new control plane instance on the joining node.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix CRI ListKubeContainers API
**What this PR does / why we need it**:
Current implementation of this API always returns
checks output of 'crictl pods -q' and filters out everything
that doesn't start with k8s_. 'crictl pods -q' returns only pod ids,
so everything is always filtered out.
Removing filtering by name prefix should fix this.
**Which issue this PR fixes**
Fixes: kubernetes/kubeadm#926
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
use v1 version of advanced audit policy in kubeadm
audit api version has been updated to v1 #65891
**Release note**:
```release-note
kubeadm uses audit policy v1 instead of v1beta1
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Deduplicate kube-proxy image logic
**What this PR does / why we need it**:
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to generate the image for the manifest.
This PR also removes GetKubeControlPlaneImageNoOverride as it's no longer needed.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
None
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
**Release note**:
```release-note
kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same
```
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image
override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing
for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to
generate the image for the manifest.
Additionally, GetKubeControlPlaneImageNoOverride is removed as the only use case
for the function is now invalid.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
This change adds a new --rootfs=path option to kubeadm, and (if
provided) chroot()s to this path before performing file operations.
This makes it possible to run the kubeadm binary from a container, but
perform remaining file operations against the host filesystem using
something like:
docker run -v /:/rootfs --net=host --uts=host --pid=host \
kubeadm:latest init --rootfs /rootfs...
Fixeskubernetes/kubeadm#503
Current implementation of this API always returns
checks output of 'crictl pods -q' and filters out everything
that doesn't start with k8s_. 'crictl pods -q' returns only pod ids,
so everything is always filtered out.
Removing filtering by name prefix should fix this.
Fixes: kubernetes/kubeadm#926
Automatic merge from submit-queue (batch tested with PRs 64815, 66823, 66473, 66466). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix ImagePullCheck output
**What this PR does / why we need it**:
ImagePullCheck outputs "pulling <image>" line even if image
already exists and is not pulled.
Fixed the output to reflect the reality. ImagePullCheck now outputs
either "pulling <image>" or "image <image> exists".
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
error out empty hostname
**What this PR does / why we need it**:
For linux, the hostname is read from file `/proc/sys/kernel/hostname` directly, which can be overwritten with whitespaces.
Should error out such invalid hostnames.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#835
**Special notes for your reviewer**:
/cc luxas timothysc
**Release note**:
```release-note
nodes: improve handling of erroneous host names
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: fix runtime.ImageExists API
**What this PR does / why we need it**:
runtime.ImageExists returns error when underlying 'inspect' command
fails. This makes ImagePullCheck to fail as it doesn't expect
runtime.ImageExists to return an error even if image doesn't exist.
**Which issue(s) this PR fixes**:
Fixes [kubeadm issue 1024](https://github.com/kubernetes/kubeadm/issues/1024)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kernel_validator: amend kernel config check paths
**What this PR does / why we need it**:
Clear Linux Project for Intel Architecture uses its own path
to store kernel build artifacts. This PR amends the path to kernel validator's
config check paths.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```
e2e_node: add new kernel config check paths
```
ImagePullCheck outputs "pulling <image>" line even if image
already exists and is not pulled.
Fixed the output to reflect the reality. ImagePullCheck now outputs
either "pulling <image>" or "image <image> exists".
This API return error when underlying 'inspect' command
fails. This makes ImagePullCheck to fail as it doesn't expect
runtime.ImageExists to return an error even if image doesn't exist.
Fixed this by returning error nil even when inspect command fails.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move the` k8s.io/kubernetes/pkg/util/pointer` package to` k8s.io/utils/pointer`
**What this PR does / why we need it**:
Move `k8s.io/kubernetes/pkg/util/pointer` to `shared utils` directory, so that we can use it easily.
Close#66010 accidentally, and can't reopen it, so the same as #66010
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66554, 66616, 66695, 66681). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Use KubeletRunDirectory instead of hard-coded way
**What this PR does / why we need it**:
fix `TODO: Make hard-coded "/var/lib/kubelet" strings reference this constant.`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
cc @neolit123
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm join the cluster with pre-existing client certificate if provided
**What this PR does / why we need it**:
support `kubeadm join` with a pre-existing client certificate
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#945
**Special notes for your reviewer**:
/cc @luxas @timothysc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
kubeadm now can join the cluster with pre-existing client certificate if provided
```
Clear Linux Project for Intel Architecture uses its own path
to store kernel build artifacts. This is documented, e.g.,
in https://github.com/clearlinux/clr-boot-manager.
Adapt kernel validator's config check paths to include Clear
Linux's path too.
Automatic merge from submit-queue (batch tested with PRs 66291, 66471, 66499). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns
**What this PR does / why we need it**:
It appears that sidecar and dnsmasq-nanny images are now required for
kube-dns deployment to work correctly. Thus the following default kube-dns
images are used now:
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#1016
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind bug
**Release note**:
```release-note
kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns
```
It appears that sidecar and dnsmasq-nanny images are now required for
kube-dns deployment to work correctly. Thus the following default kube-dns
images are used now:
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Renamed command line option cri-socket-path for 2 reasons:
- to be consistent with the rest of kubeadm code
reset/init/join/apply subcommands use --cri-socket
- name is misleading as CRI socket can be also an url,
not just a path
Automatic merge from submit-queue (batch tested with PRs 66341, 66405, 66403, 66264, 66447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: stop setting UID in the kubelet ConfigMap
**What this PR does / why we need it**: kubeadm: stop setting UID in the kubelet ConfigMap
**Which issue(s) this PR fixes**:
Fixes https://github.com/kubernetes/kubeadm/issues/921#
**Release note**:
```release-note
kubeadm: stop setting UID in the kubelet ConfigMap
```
Automatic merge from submit-queue (batch tested with PRs 66152, 66406, 66218, 66278, 65660). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle errors
**What this PR does / why we need it**:
This is a followup PR for https://github.com/kubernetes/kubernetes/pull/64664 to handle errors returned from `.AddToScheme()` in places where they are not handled.
**Release note**:
```release-note
NONE
```
/kind cleanup
/sig api-machinery
/cc @sttts
Automatic merge from submit-queue (batch tested with PRs 65771, 65849). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a new conversion path to replace GenericConversionFunc
reflect.Call is very expensive. We currently use a switch block as part of AddGenericConversionFunc to avoid the bulk of top level a->b conversion for our primary types which is hand-written. Instead of having these be handwritten, we should generate them.
The pattern for generating them looks like:
```
scheme.AddConversionFunc(&v1.Type{}, &internal.Type{}, func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Type_to_internal_Type(a.(*v1.Type), b.(*internal.Type), scope)
})
```
which matches AddDefaultObjectFunc (which proved out the approach last year). The
conversion machinery should then do a simple map lookup based on the incoming types and invoke the function. Like defaulting, it's up to the caller to match the types to arguments, which we do by generating this code. This bypasses reflect.Call and in the future allows Golang mid-stack inlining to optimize this code.
As part of this change I strengthened registration of custom functions to be generated instead of hand registered, and also strengthened error checking of the generator when it sees a manual conversion to error out. Since custom functions are automatically used by the generator, we don't really have a case for not registering the functions.
Once this is fully tested out, we can remove the reflection based path and the old registration methods, and all conversion will work from point to point methods (whether generated or custom).
Much of the need for the reflection path has been removed by changes to generation (to omit fields) and changes to Go (to make assigning equivalent structs easy).
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
check for crictl executable only for CRI runtime
**What this PR does / why we need it**:
crictl is not used for docker runtime, so InPathCheck check can be skipped for docker.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm upgrade diff -config TODO
**What this PR does / why we need it**:
This PR addresses a TODO in `kubeadm upgrade diff` for the `-config` flag to use `options.AddConfigFlag()` instead of `cmd.Flags().StringVar()`.
**Which issue(s) this PR fixes**
None
**Special notes for your reviewer**:
/sig kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Improved runtime tests by using T.Run API:
https://golang.org/pkg/testing/#T.Run
This should improve the test output and make it more visible
which test is doing what.
Automatic merge from submit-queue (batch tested with PRs 65429, 64611). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move runtime details into ContainerRuntime
**What this PR does / why we need it**:
This PR moves all docker and CRI specifics into new ContainerRuntime
entity to isolate container runtime details from the rest of the code.
This should help to avoid having CRI and docker specific checks and code all over the place.
**NOTE: this is a not a finished work, but rather an RFC.**
Things to do:
- test manually in docker and cri-o environments
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kubeadm checks import error
kubeadm checks package import path exist "kubernetes/test",
So change the import path.
* move "k8s.io/kubernetes/test/e2e_node/system" directory file
tto "k8s.io/kubernetes/cmd/kubeadm/app/util/system" and change checks import
* remove "k8s.io/kubernetes/test/e2e_node/system" directory
Issues report link:
https://github.com/kubernetes/kubeadm/issues/976
Signed-off-by: Yuanbin.Chen <cybing4@gmail.com>
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #https://github.com/kubernetes/kubeadm/issues/976
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66094, 65676). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add a timeout when fetching latest version
**What this PR does / why we need it**:
When there is no internet on the node and `--kubernetes-versio`n is not specified running `kubeadm init` hangs forever with no text output.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/986
**Special notes for your reviewer**:
Using the same duration as the existing timeout `externalEtcdRequestTimeout`
Sample output:
```
kubeadm init
unable to get URL "https://dl.k8s.io/release/stable-1.11.txt": Get https://dl.k8s.io/release/stable-1.11.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
```
**Release note**:
```release-note
kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io
```
Automatic merge from submit-queue (batch tested with PRs 65899, 65900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix CRI socket validatioin
**What this PR does / why we need it**:
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
**Which issue(s) this PR fixes** :
[#928](https://github.com/kubernetes/kubeadm/issues/928)
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Printable default component configs
**What this PR does / why we need it**:
This PR makes default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Refs kubernetes/kubeadm#963
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/assign @luxas
/assign @timothysc
/kind feature
**Release note**:
```release-note
kubeadm: Default component configs are printable via kubeadm config print-default
```
CRI socket doesn't have to be an absolute path, it should be an url.
However, attempt to use it as an url in 'kubeadm init' command line
causes this validation error:
$ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock
nodeRegistration.criSocket: Invalid value:
"unix:///var/run/crio/crio.sock": path is not absolute
Fixed by adding ValidateSocket function and using it in the
ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath.
Make default component configs printable via `kubeadm config print-default`.
Component configs are not printed by default. You have to explicitly request
that for concrete API objects via the `--api-objects` command line parameter.
For a list of possible API objects use the help option.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Automatic merge from submit-queue (batch tested with PRs 66076, 65792, 65649). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubernetes: fix printf format errors
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
```release-note
NONE
```
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
Lubomir I. Ivanov <neolit123@gmail.com>
applied ammend for:
pkg/cloudprovider/provivers/vsphere/nodemanager.go
kube-proxy should be able to run on all nodes, independent
on the taint of such nodes.
This restriction was previously removed in bb28449e31 but
then was brought back in d1949261ab.
Also, annotate with:
scheduler.alpha.kubernetes.io/critical-pod: ""
and add a class in the template spec:
priorityClassName: system-node-critical
Automatic merge from submit-queue (batch tested with PRs 65946, 65904, 65913, 65906, 65920). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: pause image should be arch agnostic, as it is a manifest list
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
**What this PR does / why we need it**:
`pause` image is backed by a manifest list. so we should not use the arch image when reporting using say `kubeadm config image list`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/962
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Fix pause image to not use architecture, as it is a manifest list
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Print required flags when running kubeadm upgrade plan
**What this PR does / why we need it**:
print required flags when running kubeadm upgrade plan
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Close [kubernetes/kubeadm#935](https://github.com/kubernetes/kubeadm/issues/935)
**Special notes for your reviewer**:
/assign @chuckha
/assign @neolit123
**Release note**:
```release-note
kubeadm: print required flags when running kubeadm upgrade plan
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: use constant instead of hardcoded path
**What this PR does / why we need it**:
Used DefaultCRISocket constant instead of hardcoded path
/var/run/dockershim.sock
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64593, 65117, 65629, 65827, 65686). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Remove usage of `PersistentVolumeLabel` in phases/controlplane/manifests*.go
**What this PR does / why we need it**:
Remove usage of `PersistentVolumeLabel` in phases/controlplane/manifests*.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Close [kubernetes/kubeadm#866](https://github.com/kubernetes/kubeadm/issues/866)
**Special notes for your reviewer**:
/assign @neolit123
**Release note**:
```release-note
kubeadm: Remove usage of `PersistentVolumeLabel`
```
SataQiu