Order of Volumes and VolumeMounts in the pod objects created by
kubeadm is undefined as they're represended as maps in the
controlPlaneHostPathMounts struct.
This influences 'kubeadm upgrade' logic in a way that even when
manifest of the component is not changed kubeadm tries to upgrade
it because most of the time current and new pods are not equal
due to the different order of Volumes and VolumeMounts.
For example 'kubeadm apply diff' almost always shows difference
in Volumes and VolumeMounts because of this:
volumeMounts:
+ - mountPath: /etc/kubernetes/pki
+ name: k8s-certs
+ readOnly: true
- mountPath: /etc/ssl/certs
name: ca-certs
+ readOnly: true
+ - mountPath: /etc/pki
+ name: etc-pki
+ readOnly: true
+ - mountPath: /usr/share/ca-certificates
+ name: usr-share-ca-certificates
readOnly: true
- mountPath: /etc/ca-certificates
name: etc-ca-certificates
readOnly: true
- - mountPath: /etc/pki
- name: etc-pki
- readOnly: true
- - mountPath: /etc/kubernetes/pki
- name: k8s-certs
- readOnly: true
- - mountPath: /usr/share/ca-certificates
- name: usr-share-ca-certificates
- readOnly: true
Sorting Volumes and VolumeMounts should fix this issue and help
to avoid unnecessary upgrades.
`kubectl cp` relies on tar to extract the copied file/directory in the
container, tar by default attempts to chown/chmod the extracted file
after extraction if the user is the "superuser"(root)
```
--same-owner
try extracting files with the same ownership as exists in the archive
(default for superuser)
-p, --preserve-permissions, --same-permissions
extract information about file permissions (default for superuser)
```
This fails in environment where the container runs as root but is not
granted the OWNER or CHOWN capability.
Before this patch below was the behavior of `kubectl cp`
```
kubectl cp README.md foo-67b6fcbd4c-qjlt6:/tmp
tar: README.md: Cannot change ownership to uid 1000, gid 1000: Operation
not permitted
tar: Exiting with failure status due to previous errors
command terminated with exit code 2
kubectl exec -it foo-67b6fcbd4c-qjlt6 -- ls -l /tmp/README.md
-rw------- 1 1000 1000 3179 Oct 7 22:00 /tmp/README.md
```
After this patch
```
kubectl cp -x a foo-67b6fcbd4c-qjlt6:/
kubectl exec -it foo-67b6fcbd4c-qjlt6 -- ls -l /tmp/README.md
-rw-r--r-- 1 root root 3179 Oct 7 22:00 /tmp/README.md
```
In order to improve the UX of kubeadm, it was decided to introduce the
following subcommands:
- `kubeadm config print` - this is currently only a placeholder for subcommands
that deal printing of some kind of configuration.
- `kubeadm config print init-defaults` - prints the default combination of
InitConfiguration and ClusterConfiguration. Selected component configs can be
printed too if the `--component-configs` command line switch is used.
- `kubeadm config print join-defaults` - prints the default JoinConfiguration.
This command also supports the use of `--component-configs`.
- `kubeadm config print-defaults` is deprecated in favor of
`kubeadm config print init/join-defaults`.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
k8s-ci-robot