Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm init: skip checking cri socket in preflight checks
**What this PR does / why we need it**:
`kubeadm init` does not need to require `dockershim.sock` to be present.
Remove the check for `dockershim.sock`.
xref #55055
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#657
**Special notes for your reviewer**:
/area kubeadm
/kind bug
/assign @luxas
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
kubeadm init: skip checking cri socket in preflight checks
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include `upstream` option in CoreDNS
**What this PR does / why we need it**:
Including `upstream` as a default in the manifest and keep in sync with the default CoreDNS manifest.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57785
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix adding FileContentCheck
**What this PR does / why we need it**:
Current code adds FileContentCheck only for the first API
Server mentioned in the command line. The test is never added
as net.ParseIP always fails because address:port is passed
to it instead of just an address.
Fixed both issues by introducing a loop over all API Servers
and splitting address:port before passing address to the
net.ParseIP API.
**Release note**:
```release-note
NONE
```
This check doesn't use port. It uses proxy related variables
(HTTP_PROXY, NO_PROXY, etc) that only operate with protocol
and host.
Removing port from the check should make it more clear for
user that port is not used as it will not be present in
the check output.
Automatic merge from submit-queue (batch tested with PRs 58518, 58771, 58101, 56829). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix typo
**What this PR does / why we need it**:
Fix a typo (evalutated -> evaluated).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
I didn't touch pkg/generated/bindata.go and k8s.mo. Should I regenerate them in this PR?
**Release note**:
```release-note
NONE
```
Current code adds FileContentCheck only for the first API
Server mentioned in the command line. The test is never added
as net.ParseIP always fails because <address>:<port> is passed
to it instead of <address>.
Fixed both issues by introducing a loop over all API Servers
and splitting <address>:<port> before passing <address> to the
net.ParseIP API.
Automatic merge from submit-queue (batch tested with PRs 53895, 58013, 58466, 58531, 58535). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[kubeadm] Bump kube-dns to 1.14.8
**What this PR does / why we need it**:
Bump kube-dns to 1.14.8 for kubeadm. Ref https://github.com/kubernetes/kubernetes/pull/57918.
cc @rramkumar1
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Utilize transport defaults from API machinery for http calls inside kubeadm
**What this PR does / why we need it**:
Default Go HTTP transport does not allow to use CIDR notations in
NO_PROXY variables, thus for certain HTTP calls that is done inside
kubeadm user needs to put explicitly multiple IP addresses. For most of
calls done via API machinery it is get solved by setting different Proxy
resolver. This patch allows to use CIDR notations in NO_PROXY variables
for currently all other HTTP calls that is made inside kubeadm.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes kubernetes/kubeadm#324
**Special notes for your reviewer**:
Based on discussion in #52788, replacing this patch replacing all calls inside kubeadm that are done via DefaultTransport to explicitly defined and initialized with API machinery defaults Transport and http client.
**Release note**:
```release-note
- kubeadm now supports CIDR notations in NO_PROXY environment variable
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Allows to specify custom flag values for control plane components
This makes it possible to override / add flag values to the k8s api server, controller manager and scheduler components on `kubeadm init` and `kubeadm alpha controlplane <component>`
**What this PR does / why we need it**:
This PR makes kubeadm a little more flexible by allowing to specify flag values (or override kubeadm defaults) for the control plane components.
One good example is to deploy Kubernetes with a different admission-control flag on API server
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58072
**Special notes for your reviewer**:
Not sure about what should be fixed. The PR merely adds flags to the CLI exposing existing functionality (which I suppose is already tested)
**Release note**:
```release-note
kubeadm now accept `--apiserver-extra-args`, `--controller-manager-extra-args` and `--scheduler-extra-args` to override / specify additional flags for control plane components
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
improve error message for expired tokens
**What this PR does / why we need it**:
When you join a node with a expired tokens, you can get fuzz error messages: `[discovery] Failed to connect to API Server "<cluster-ip>:6443": there is no JWS signed token in the cluster-info ConfigMap. This token id "c33826" is invalid for this cluster, can't connect`, we should improve it.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes [https://github.com/kubernetes/kubeadm/issues/630](https://github.com/kubernetes/kubeadm/issues/630)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
This makes it possible to override / add flag values to the k8s api server, controller manager and scheduler components on `kubeadm init` and `kubeadm alpha controlplane <component>`
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Kubeadm: clean up MarshalToYamlForCodecs
Proxy will use PrintBytesWithLinePrefix to indent.
**What this PR does / why we need it**:
This removed the function MarshalToYamlForCodecsWithShift() and the proxy
code will use PrintBytesWithLinePrefix() to shift over the yaml lines.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57907
**Special notes for your reviewer**:
**Release note**:
```release-note-none
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable privileged containers for apiserver and controller
**What this PR does / why we need it**:
In OpenStack environment, when there is no metadata service, we
look at the config drive to figure out the metadata. Since we need
to run commands like blkid, we need to ensure that api server and
kube controller are running in the privileged mode.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#47392
Fixes https://github.com/kubernetes/kubeadm/issues/588
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix issue when using OpenStack config drive for node metadata
```
In OpenStack environment, when there is no metadata service, we
look at the config drive to figure out the metadata. Since we need
to run commands like blkid, we need to ensure that api server and
kube controller are running in the privileged mode.
So add a new field in MasterConfiguration for specifying that the
api server and controller manager (s) need extra privileges. Added
a TODO to remove this code when we fully yank out cloud provider
specific calls from these processes.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some bad url
**What this PR does / why we need it**:
fix some bad url
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update vendor spf13/cobra to enforce required flags
**What this PR does / why we need it**:
spf13/cobra#502 has enforced checking flags that marked as required, an error will be raised if unset.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*:fixes #54855
xref #48400fixeskubernetes/kubectl#121
**Special notes for your reviewer**:
/assign @liggitt @eparis
**Release note**:
```release-note
kubectl now enforces required flags at a more fundamental level
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9
**What this PR does / why we need it**:
Since 1.9, `ValidatingAdmissionWebhook` and `MutatingAdmissionWebhook` are beta. Kubeadm should enable them by default.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#642
**Special notes for your reviewer**:
/assign @luxas
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Print the full path of Kubeconfig files.
**What this PR does / why we need it**:
kubeadm init:
```
[kubeconfig] Wrote KubeConfig file to disk: "admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "scheduler.conf"
```
It'd be good to print the path of the KubeConfig files in case users want to view the content of these files.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/656
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56290, 57984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: more random tokens
The strategy of hex encoding a random byte array only uses the
following characters:
0123456789abcdef
Instead of the entire bootstrapping token character set:
0123456789abcdefghijklmnopqrstuvwxyz
Update the token generation to use the entire character set. This
increases the token secret from 48 bits of entropy to ~82 bits.
256^8 (1.8e+19) vs. 36^16 (7.9e+24).
Noticed this writing https://github.com/kubernetes-incubator/bootkube/pull/663
```release-note
NONE
```
/cc @mattmoyer @luxas
Automatic merge from submit-queue (batch tested with PRs 56290, 57984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactoring ValidateUsages for bootstrap tokens.
**What this PR does / why we need it**:
Refactoring and cleanup.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @luxas @jbeda
**Release note**:
```release-note
NONE
```
The strategy of hex encoding a random byte array only uses the
following characters:
0123456789abcdef
Instead of the entire bootstrapping token character set:
0123456789abcdefghijklmnopqrstuvwxyz
Update the token generation to use the entire character set. This
increases the token secret from 48 bits of entropy to ~82 bits.
256^8 (1.8e+19) vs. 36^16 (7.9e+24).
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove mikedanese from kubeadm owners since he's no longer actively working on the project
**What this PR does / why we need it**: OWNERS file cleanup.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix `kubeadm upgrade` error while CoreDNS is installed
**What this PR does / why we need it**:
In the scenario when I have CoreDNS installed via `kubeadm init` and I want to continue using CoreDNS after `kubeadm upgrade`, the upgrade is unsuccessful and it gives an error.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#641
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move scheduler out of plugin directory
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
This is but one step toward resolving the referenced issue.
/ref #57579
**Special notes for your reviewer**:
**Release note**:
```release-note
Default scheduler code is moved out of the plugin directory.
plugin/pkg/scheduler -> pkg/scheduler
plugin/cmd/kube-scheduler -> cmd/kube-scheduler
```
/sig scheduling
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: set kube-apiserver advertise address using downward API
**What this PR does / why we need it**:
Sets kube-apiserver --advertise-address using downward API for self-hosted Kubernetes with kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubeadm/issues/400
**Special notes for your reviewer**:
@luxas mentioned something about losing the ability to customize advertise address via kubeadm, didn't really take that into consideration yet but I can definitely make the necessary changes if needed.
**Release note**:
```release-note
kubeadm: set kube-apiserver advertise address using downward API
```
This moves plugin/pkg/scheduler to pkg/scheduler and
plugin/cmd/kube-scheduler to cmd/kube-scheduler.
Bulk of the work was done with gomvpkg, except for kube-scheduler main
package.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump pause container used by kubelet and tests to 3.1
This updates the version of the pause container used by the kubelet and
various test utilities to 3.1.
**What this PR does / why we need it**: The pause container hasn't been rebuilt in quite a while and needs an update to reap zombies (#50865) and for schema2 manifest (#56253).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#50865, Fixes#56253
**Special notes for your reviewer**:
**Release note**:
```release-note
The kubelet uses a new release 3.1 of the pause container with the Docker runtime. This version will clean up orphaned zombie processes that it inherits.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update gengo version to include goimports formatter
Update gengo which now uses goimports to format code and organize imports.
Fixes#55542
**Special notes for your reviewer**:
Updates version of k8s.io/gengo
Takes new dependency on golang.org/x/tools/imports and golang.org/x/tools/go/ast/astutil
**Release Notes**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix incorrect hairpin-mode value and validate it
**What this PR does / why we need it**:
* Fix incorrect hairpin-mode value
* Add validation
**Which issue(s) this PR fixes**:
Fixes#57609
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55483, 57132). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
enhance kube-schedule init flag
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
```
remove TODO: once we switch everything over to Cobra commands, we can go back to calling
utilflag.InitFlags() (by removing its pflag.Parse() call).
For now, we have to set the normalize func and add the go flag set by hand.
```
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve error messages and comments in KubeAdm.
**What this PR does / why we need it**:
Improve error messages and comments in KubeAdm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix minor err in kubeadm
**What this PR does / why we need it**:
fix minor text error in kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57139, 57358). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm upgrade: fix unit test flake
The CA generated for each test case is global and the cases modify
the expiry. This can flake depending on what order the tests run.
Generate a new CA for each test case.
```release-note
NONE
```
Fixes https://github.com/kubernetes/kubernetes/issues/57357
/cc @kubernetes/sig-cluster-lifecycle-bugs
/cc @xiangpengzhao
/cc @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fixed typo in kubeadm/v1alpha1/defaults.go
**What this PR does / why we need it**:
fixed some typo in comment
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use apps/v1 API in kubeadm
**What this PR does / why we need it**:
The core workloads API has been promoted to GA stability in the apps/v1 group version from 1.9. Use apps/v1 API in kubeadm.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/596
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
The CA generated for each test case is global and the cases modify
the expiry. This can flake depending on what order the tests run.
Generate a new CA for each test case.
Automatic merge from submit-queue (batch tested with PRs 57287, 57233, 57305). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove kube-proxy 1.8 configmap and daemonset manifests in kubeadm
**What this PR does / why we need it**:
Remove unsupported manifests of kube-proxy in kubeadm of 1.10.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57287, 57233, 57305). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update kubeadm's minimum supported kubernetes to 1.9.
**What this PR does / why we need it**:
Update it in 1.10 cycle.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
Update kubeadm's minimum supported Kubernetes version in v1.10.x to v1.9.0
```
Automatic merge from submit-queue (batch tested with PRs 56390, 56334, 55572, 55598, 56563). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add apiServerCertSANs case for test GetAltNames
**What this PR does / why we need it**:
When fix#55566 , found there is not test case for apiServerCertSANs
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
assgin @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55900, 55995, 55913, 55467, 55376). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix a typo in kubeadm/GetEtcdPodSpec
**What this PR does / why we need it**:
Fix a typo in kubeadm/GetEtcdPodSpec.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55954, 56037, 55866, 55984, 54994). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve kubeadm validation unit test coverage.
**What this PR does / why we need it**:
From:
`ok k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation 0.100s coverage: 92.3% of statements`
To:
`ok k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation 0.114s coverage: 100.0% of statements`
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Don't downgrade etcd on cluster downgrade
**What this PR does / why we need it**:
- Don't try downgrade etcd on k8s downgrade -- that doesn't work
- Mark self-hosting as alpha as discussed in the SIG
- Don't print the beta warning as it confuses users
- Slightly make the wording around upgrade/downgrade clearer
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 55360, 56444, 56687, 56791, 56802). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Bump CoreDNS version to 1.0.0
**What this PR does / why we need it**:
Updating the CoreDNS version to 1.0.0, which fixes bugs, including the ones which were failing the e2e tests for kubeadm with CoreDNS as the default DNS server (kubernetes/test-infra#5601)
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56400, 56535). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Create volumeMount and hostPath for cloud config file
We have a way to specify the cloudProvider in kubeadm.conf. We also
add `--cloud-config /etc/kubernetes/cloud-config` to both the
kubernetes api server and controller manager yaml files if one exists
on the box. However we fail to make that file available to the
process running in the container. We need to make this `cloud-config`
file available to both processes similar to how controller-manager.conf
is passed to controller manager.
**What this PR does / why we need it**:
Fixes https://github.com/kubernetes/kubeadm/issues/576
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56497, 56500, 55018, 56544, 56425). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add brackets around IPv6 kube-dns liveness probe addrs
**What this PR does / why we need it**:
Previously, when an IPv6-only Kubernetes cluster was instantiated
via 'kubeadm init ...', the liveness probes that were
configured by kubeadm for kube-dns currently use IP:port
strings of "::1:53" and "::1:10053". These IP:port strings should
instead include brackets around the ::1 IPv6 loopback address, e.g.
"[::1]:53" and "[::1]:10053".
This change adds the necessary brackets around the ::1 IPv6 loopback
address.
Without this change, the kube-dns sidecar container interprets the
bracket-less strings as IPv4 IP:port strings that have too many
colons, and the kube-dns pod is restarted about once every 2 minutes.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56543
/area ipv6
/sig network
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56497, 56500, 55018, 56544, 56425). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm etcd modifying recovery steps
Closes#56499
```release-note
Modifying etcd recovery steps for the case of failed upgrade
```
We have a way to specify the cloudProvider in kubeadm.conf. We also
add `--cloud-config /etc/kubernetes/cloud-config` to both the
kubernetes api server and controller manager yaml files if one exists
on the box. However we fail to make that file available to the
process running in the container. We need to make this `cloud-config`
file available to both processes similar to how controller-manager.conf
is passed to controller manager.
When a Kubernetes cluster is instantiated in IPv6-only mode
via 'kubeadm init ...', the liveness probes that are
configured by kubeadm for kube-dns currently use IP:port
strings of "::1:53" and "::1:10053". These IP:port strings should
instead include brackets around the ::1 IPv6 loopback address, e.g.
"[::1]:53" and "[::1]:10053".
This change adds the necessary brackets around the ::1 IPv6 loopback
address.
Without this change, the kube-dns sidecar container interprets the
bracket-less strings as IPv4 IP:port strings that have too many
colons, and the kube-dns pod is restarted about once every 2 minutes.
fixes#56543
/area ipv6
/sig network
In commit 3a0aa06fc9, the flag
was changed from `ignore-checks-errors` to `ignore-preflight-errors`,
but the condition check in ValidateMixedArguments was not updated.
So specifying say `--config kubeadm.conf --ignore-preflight-errors all`
would fail.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Remove SupportIPVSProxyMode feature gate in kubeadm.
**What this PR does / why we need it**:
Since #55972 gets merged, kubeadm now supports using kube-proxy ComponentConfig. Then `SupportIPVSProxyMode` feature gate can be configured in kube-proxy config. There is no need to config the feature gate in kubeadm (workaround introduced by #53962). The benefit of removing it I can think of is that we don't need to care about the IPVS feature evolution in kubeadm any longer.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/512
**Special notes for your reviewer**:
/cc @luxas @Lion-Wei @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make healthchecks skippable, and check masters only
**What this PR does / why we need it**:
Previously kubeadm would abort if _any_ node was not Ready. This is obviously infeasible in a non-trivial (esp. baremetal) cluster.
This PR makes two changes:
- Allows kubeadm healthchecks to be selectively skipped (made non-fatal) with --ignore-checks-errors.
- Check only that the *master* nodes are Ready.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes kubernetes/kubeadm#539
**Special notes for your reviewer**:
Builds on #56072
**Release note**:
```release-note
kubeadm health checks can also be skipped with `--ignore-checks-errors`
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use kube-proxy ComponentConfig in kubeadm clusters
This change adds configuring the kube-proxy bind address to be an
IPv6 address based on the whether the API server advertise address is IPv6.
It is doing this via the kube-proxy ComponentConfig API now from v1.9
**What this PR does / why we need it**:
This PR sets the bind address for kube-proxy to be a IPv6 address. This is needed for IPv6
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#50927
Fixes https://github.com/kubernetes/kubeadm/issues/527
**Special notes for your reviewer**:
**Release note**:
```release-note
Adds kubeadm support for using ComponentConfig for the kube-proxy
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix controlplane unit tests
What this PR does / why we need it:
when the flexvolumeDirVolumePath is truely existent in the host,
```cmd/kubeadm/app/phases/controlplane``` unit tests will be failed.
Fixes#56189
Release note:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55952, 49112, 55450, 56178, 56151). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support to kubeadm upgrade for CoreDNS
**What this PR does / why we need it**:
This PR enables to get CoreDNS in the kubeadm upgrade and alpha phases addons via feature-gates.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/446
**Special notes for your reviewer**:
**Release note**:
```release-note
kubeadm: Add CoreDNS support for kubeadm "upgrade" and "alpha phases addons".
```
Automatic merge from submit-queue (batch tested with PRs 55545, 55548, 55815, 56136, 56185). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: add `--print-join-command` flag for token create.
**What this PR does / why we need it**: This change adds a new flag `kubeadm token create --print-join-command`. When this flag is passed, kubeadm prints the full `kubeadm join [...]` command, including the CA certificate hash which is otherwise annoying to calculate.
**Which issue(s) this PR fixes** fixes https://github.com/kubernetes/kubeadm/issues/519
**Special notes for your reviewer**:
### Example Output
```
$ kubeadm token create --print-join-command
kubeadm join --token 447067.20b55955bd6abe6c 192.168.99.100:8443 --discovery-token-ca-cert-hash sha256:17023a5c90b996e50c514e63e161e46f78be216fd48c0c3df3be67e008b28889
$ kubeadm token create -h
[...]
--print-join-command Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.
[...]
```
I ended up not using the approach suggested by @xiangpengzhao in https://github.com/kubernetes/kubernetes/pull/56025 (and also by @fabriziopandini) of reusing the `bootstrap-token` phase code, since that code assumes it can load the CA certificates from `/etc/kubernetes`, but that is only true if kubeadm is run on an already-joined node.
Instead, I wrote code to pull the CA certificates and server endpoint from the kubeconfig that `kubeadm token create` is called with, since that also contains the data and is available even if, e.g., kubeadm is being run from outside the cluster.
**Release note**:
```release-note
kubeadm: added `--print-join-command` flag for `kubeadm token create`.
```
/sig cluster-lifecycle
/cc @fabriziopandini @xiangpengzhao @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Restructure cmd/kubeadm/OWNERS
**What this PR does / why we need it**:
After a year of virtually the same people in `cmd/kubeadm/OWNERS`, the SIG has decided to refresh the list of reviewers/approvers a little. If you feel more/other changes are needed yet, please speak up here in this thread, in our weekly SIG meeting or ping me on Slack.
Thanks all everyone that has helped out here and thanks to you who are stepping up more now!
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Please ACK that you are ok with this officially here as well:
@kad @timothysc @jamiehannaford @xiangpengzhao @lukemarsden @errordeveloper @mattmoyer @justinsb @fabriziopandini
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Write marshalled kubeletconfig object to init-config-dir
**What this PR does / why we need it**:
from @luxas :
>Write the the marshalled kubeletconfig object to /var/lib/kubelet/config/init/kubelet so that the kubelet will start up with the right params on init/join. The only params expected in the kubelet command-line after this is kubelet --init-config-dir /var/lib/kubelet/config/init --dynamic-config-dir /var/lib/kubelet/config/dynamic
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/28#issuecomment-345502933
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
This change adds a new flag `kubeadm token create --print-join-command`. When this flag is passed, kubeadm prints the full `kubeadm join [...]` command, including the CA certificate hash which is otherwise annoying to calculate.
Example:
```
$ kubeadm token create --print-join-command
kubeadm join --token 447067.20b55955bd6abe6c 192.168.99.100:8443 --discovery-token-ca-cert-hash sha256:17023a5c90b996e50c514e63e161e46f78be216fd48c0c3df3be67e008b28889
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Regenerate API server serving certificates when upgrading.
**What this PR does / why we need it**:
TODO:
- [x] check the age of crt.
- [x] check the new version number.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/548
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
What this PR does / why we need it:
when the flexvolumeDirVolumePath is truely existent in the host,
```cmd/kubeadm/app/phases/controlplane``` unit tests will be failed.
Fixes#56189
Release note:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 51494, 56097, 56072, 56175). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement individual control for kubeadm preflight checks
**What this PR does / why we need it**:
With new flag `--ignore-checks-errors` user is able to
decrease severity of each individual check error to warning.
Old flag `--skip-preflight-checks` now acts as `--ignore-checks-errors=all` and will produce warnings.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixeskubernetes/kubeadm#480
**Special notes for your reviewer**:
/area kubeadm
/sig cluster-lifecycle
cc @luxas
**Release note**:
```release-note
New kubeadm flag `--ignore-checks-errors` that enables to decrease severity of each individual error to warning.
Old flag `--skip-preflight-checks` is marked as deprecated and acts as `--ignore-checks-errors=all`
```
Automatic merge from submit-queue (batch tested with PRs 55340, 55329, 56168, 56170, 56105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update the configmap manifest in CoreDNS
**What this PR does / why we need it**:
This PR updates the corefile to retain the pod requests support like in kube-dns. This helps when upgrading CoreDNS using kubeadm upgrade (#55952).
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 56128, 56004, 56083, 55833, 56042). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Automatically opt into dependent feature gates when using kubeadm
**What this PR does / why we need it**:
There will be a dependency chain between feature gates. kubeadm needs to automatically opt into dependent feature gates of a chosen one.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # [https://github.com/kubernetes/kubeadm/issues/554](https://github.com/kubernetes/kubeadm/issues/554)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
With new flag `--ignore-checks-errors` user is able to
decrease severity of each individual check to warning.
Old flag `--skip-preflight-checks` now acts as
`--ignore-checks-errors=all` and will produce warnings.
Fixes: kubernetes/kubeadm#480
Automatic merge from submit-queue (batch tested with PRs 55112, 56029, 55740, 56095, 55845). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve kubeadm upgrade apply error logging style
**What this PR does / why we need it**:
Improve kubeadm upgrade apply error logging style
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/kubeadm/issues/549
**Special notes for your reviewer**:
/assign @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55939, 56007). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix bad return error text
**What this PR does / why we need it**:
fix bad return error text
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve documentation for kubeadm phases
**What this PR does / why we need it**:
This PR is part of the effort for improving kubeadm reference doc (CLI, website, manpages), and more specifically improves documentation for:
- kubeadm alpha phase certs
- kubeadm alpha phase kubeconfig
- kubeadm alpha phase controlplane
- kubeadm alpha phase etcd
- kubeadm alpha phase uploadconfig
- kubeadm alpha phase addons
- kubeadm alpha phase selfhosting
**Which issue(s) this PR fixes**:
part of the effort for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Re-engineer the kubeadm join logic.
**What this PR does / why we need it**:
- wait for the kubelet to create `/etc/kubernetes/kubelet.conf`
- use those credentials to PATCH the node
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/28#issuecomment-345502933
**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubeadm: Fix a small bug in the self-hosting code
**What this PR does / why we need it**:
`apps/v1beta2` requires that `DaemonSet.spec.selector.matchLabels` equals `DaemonSet.spec.template.metadata.labels`. Without this change, the API server rejects the DaemonSet in the validation stage.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @xiangpengzhao
Automatic merge from submit-queue (batch tested with PRs 51192, 55010). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding etcd upgrade option to kubeadm upgrade apply
This PR adds etcd upgrade functionality to kubeadm upgrade apply.
First commit adds certain functions to be able to deal with a single component of control plane and not just with all three components (apiserver, controller-manager and scheduler). It adds granularity as a result code can be reused.
Closes: https://github.com/kubernetes/kubeadm/issues/490
```release-note
Adds to **kubeadm upgrade apply**, a new **--etcd-upgrade** keyword. When this keyword is specified, etcd's static pod gets upgraded to the etcd version officially recommended for a target kubernetes release.
```
Automatic merge from submit-queue (batch tested with PRs 56008, 56013). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
KubeletConfiguration.BaseConfig.ClusterDNS defaults to the tenth address of MasterConfiguration.Networking.ServiceSubnet
**What this PR does / why we need it**:
If can get DNS IP from MasterConfiguration.Networking.ServiceSubnet, defaults to it. Otherwise defaults to DefaultClusterDNSIP
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: https://github.com/kubernetes/kubeadm/issues/28#issuecomment-345502933
**Special notes for your reviewer**:
/cc @luxas
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validate usage strings when creating bootstrap tokens via kubeadm
**What this PR does / why we need it**:
fix TODO: Validate usages here so we don't allow something unsupported
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55233, 55927, 55903, 54867, 55940). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enhance kubeadm markmaster
**What this PR does / why we need it**:
This PR is part of the effort for improving kubeadm phases, and more specifically improves `mark-master` phase by implementing a behaviour similar to `kubeadm init`, that is:
- dynamically initialise node name if not provided
- allow to override with `--node-name` flag or with `--config`
Also reference doc for `mark-master` was improved.
**Which issue(s) this PR fixes**
part of the effort for [#454](https://github.com/kubernetes/kubeadm/issues/454)
part of the effort for [#265](https://github.com/kubernetes/kubeadm/issues/265)
**Special notes for your reviewer**:
Alpha disclaimer aligned to change requested on the website.
**Release note**:
```release-note
NONE
```
Michalis Kargakis