Previously, GetEnvParams (now called SetEnvParams) had no way of being altered unless
it was through enviroment variables. These changes allow for a global
EnvParam to be set and also altered while still initally getting their value from
set enviroment variables. This change is especially helpful for testing
(see kubeadm/app/util/kubeconfig_test.go).
Automatic merge from submit-queue
Test API more extensivelly before declaring readiness
**What this PR does / why we need it**:
It's possible that first deployment kubeadm creates will hit `deployments.extensions "kube-discovery" is forbidden: not yet ready to handle request`, which comes from NamespaceLifecycle admission controller and has something to do with cache. According to @derekwaynecarr, we need to create a namespace-scoped resource to really check for this. I didn't want to make a check with deployment of whatever comes first right now, and decided to have explicit step for this in `apiclient.go`.
**Which issue this PR fixes**: fixes#34411
**Special notes for your reviewer**: @kubernetes/sig-cluster-lifecycle
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue
Do not probe so aggressively which may lead to unnecessary restarts
@errordeveloper @mikedanese PTAL
I came across a case where etcd restarted about 5-10 times because the load was very high on the machine.
The load seems to have lead to that the `etcd` container occasionally didn't respond to the probe, which caused many restart and made the whole thing even worse.
Maybe we should remove the etcd probe totally? I don't know, what do you think?
This is at least a try to loosen the limits here...
Automatic merge from submit-queue
Kubeadm: print information about certificates
Prints basic information about certificates to the user.
Example of `kubeadm init` output:
```
<master/pki> generated Certificate Authority key and certificate:
Issuer: CN=kubernetes | Subject: CN=kubernetes | CA: true
Not before: 2016-09-30 11:19:19 +0000 UTC Not After: 2026-09-28 11:19:19 +0000 UTC
Public: /etc/kubernetes/pki/ca-pub.pem
Private: /etc/kubernetes/pki/ca-key.pem
Cert: /etc/kubernetes/pki/ca.pem
<master/pki> generated API Server key and certificate:
Issuer: CN=kubernetes | Subject: CN=kube-apiserver | CA: false
Not before: 2016-09-30 11:19:19 +0000 UTC Not After: 2017-09-30 11:19:19 +0000 UTC
Alternate Names: [172.18.76.239 10.0.0.1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local]
Public: /etc/kubernetes/pki/apiserver-pub.pem
Private: /etc/kubernetes/pki/apiserver-key.pem
Cert: /etc/kubernetes/pki/apiserver.pem
<master/pki> generated Service Account Signing keys:
Public: /etc/kubernetes/pki/sa-pub.pem
Private: /etc/kubernetes/pki/sa-key.pem
```
Example of `kubeadm join` command:
```
<node/csr> received signed certificate from the API server:
Issuer: CN=kubernetes | Subject: CN=system:node:minion | CA: false
Not before: 2016-09-30 11:28:00 +0000 UTC Not After: 2017-09-30 11:28:00 +0000 UTC
```
Fixes#33642
cc @kubernetes/sig-cluster-lifecycle
Currently the boostrap fails when a token is provided by the user
on `master init` and works when the token is generated. This is
because of a mismatch of how the token string in the kube-discovery
secret is encoded.
bruceauyeung