Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 handle kubeadm 1.24 kubelet ConfigMap name change #6176

Merged
merged 1 commit into from
Feb 24, 2022
Merged

🌱 handle kubeadm 1.24 kubelet ConfigMap name change #6176

merged 1 commit into from
Feb 24, 2022

Conversation

fabriziopandini
Copy link
Member

What this PR does / why we need it:
This PR makes KCP handle the kubelet ConfigMap as expected by kubeadm >= 1.24

Which issue(s) this PR fixes:
Fixes #5921

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 18, 2022
@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Feb 18, 2022
neolit123
neolit123 reviewed Feb 18, 2022
View reviewed changes
Copy link
Member

@neolit123 neolit123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, added only a couple of comments

sbueringer
sbueringer reviewed Feb 21, 2022
View reviewed changes
controlplane/kubeadm/internal/workload_cluster.go Outdated Show resolved Hide resolved
controlplane/kubeadm/internal/workload_cluster.go
if desiredKubeletConfigMapName == previousMinorVersionKubeletConfigMapName {
return nil
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: I know this was like this before but the old ConfigMap is intentionally never deleted, correct?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, in theory the user can create workers with the previous version

controlplane/kubeadm/internal/workload_cluster_rbac.go Outdated Show resolved Hide resolved
@sbueringer
Copy link
Member

sbueringer commented Feb 21, 2022
edited

Just for my understanding about how KCP works:

  • on initial cluster creation the ConfigMap is created based on the ClusterConfiguration we pass into kubeadm init
  • after that with every upgrade we just preserve the current values +/- fixes like setting the cgroupDriver
  • we just keep old ConfigMaps / Roles / RoleBindings

Are there some values in the KCP KubeadmConfig that can change and then would be / should be reflected in the kubelet ConfigMap?

@sbueringer
Copy link
Member

/cherry-pick release-1.1
given that we want to support 1.24 there too

@k8s-infra-cherrypick-robot
Copy link

@sbueringer: once the present PR merges, I will cherry-pick it on top of release-1.1 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.1
given that we want to support 1.24 there too

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@fabriziopandini fabriziopandini force-pushed the handle-kubeadm1.24-kubelet-ConfigMap-name-change branch from 2ea191f to e594009 Compare February 22, 2022 22:06
@fabriziopandini
Copy link
Member Author

Just for my understanding about how KCP works:

  • on initial cluster creation the ConfigMap is created based on the ClusterConfiguration we pass into kubeadm init
  • after that with every upgrade we just preserve the current values +/- fixes like setting the cgroupDriver
  • we just keep old ConfigMaps / Roles / RoleBindings

Yes. that's correct

Are there some values in the KCP KubeadmConfig that can change and then would be / should be reflected in the kubelet ConfigMap?

No, given that we allow only to change kubelet flags (via extra args) and they precedence on the content of kubeletConfiguration

@sbueringer
Copy link
Member

sbueringer commented Feb 23, 2022
edited

Definitely orthogonal to this PR
/lgtm

Are there some values in the KCP KubeadmConfig that can change and then would be / should be reflected in the kubelet ConfigMap?

No, given that we allow only to change kubelet flags (via extra args) and they precedence on the content of kubeletConfiguration

I looked at the KubeletConfiguration and I found clusterDomain there (no idea if there are others).
If I see correctly:

  • ClusterConfiguration.Networking.DNSDomain can be set in KCP
  • in the KubeadmConfig reconciler we default to the Cluster.Spec.ClusterNetwork.ServiceDomain if it is not set (code)
  • There is code in kubeadm which takes it from ClusterConfiguration and sets it in the KubeletConfiguration (code)

I assume this only happens on kubeadm init and later changes are not reflected in the KubeletConfiguration ConfigMap (?).
I assume in this case that's not really relevant as changing the clusterDomain probably (?) breaks the whole cluster.
Btw ClusterConfiguration.networking is immutable on KCP but the ServiceDomain in the Cluster is mutable, which means the effective domain can be changed by not setting it in KCP and changing it in Cluster.
But maybe the outcome here is that we should make it immutable in the Cluster too.

Just trying to figure out if:

  • we have a whole class of issues here
  • there are only a few fields which can't be changed anyway
  • if there are relevant fields and in those cases the KubeletConfiguration is updated accordingly

I would expect that there are only a few fields (clusterDomain might be the only one) in KubeletConfiguration which are calculated based on fields e.g. from ClusterConfiguration.

Just to confirm another assumption: KubeletConfiguration is uploaded on kubeadm init and then used as config for subsequently joining nodes? And by downloading it and not by Dynamic Kubelet Configuration.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 23, 2022
@neolit123
Copy link
Member

neolit123 commented Feb 23, 2022 via email

@fabriziopandini
Copy link
Member Author

What about moving the orthogonal discussion to an issue? this could quickly cross the line of redesigning the bootstrap API and providing a better abstraction layer on top of kubeadm/bootstrap providers.

@sbueringer
Copy link
Member

sbueringer commented Feb 23, 2022
edited

What about moving the orthogonal discussion to an issue? this could quickly cross the line of redesigning the bootstrap API and providing a better abstraction layer on top of kubeadm/bootstrap providers.

You're right. Just wanted to confirm my impression of the current state is correct.

Thx @neolit123 for the additional context.

Should this be a part of: #4464?

@fabriziopandini fabriziopandini force-pushed the handle-kubeadm1.24-kubelet-ConfigMap-name-change branch from e594009 to 9705e43 Compare February 24, 2022 14:18
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 24, 2022
@sbueringer
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 24, 2022
vincepri
vincepri approved these changes Feb 24, 2022
View reviewed changes
Copy link
Member

@vincepri vincepri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vincepri

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 24, 2022
@k8s-ci-robot k8s-ci-robot merged commit 38467d2 into kubernetes-sigs:main Feb 24, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.2 milestone Feb 24, 2022
@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Feb 24, 2022
Merged
@k8s-infra-cherrypick-robot
Copy link

@sbueringer: new pull request created: #6206

In response to this:

/cherry-pick release-1.1
given that we want to support 1.24 there too

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@fabriziopandini fabriziopandini deleted the handle-kubeadm1.24-kubelet-ConfigMap-name-change branch March 1, 2022 09:50
@sbueringer sbueringer mentioned this pull request May 10, 2022
Closed
33 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neolit123 neolit123 neolit123 left review comments

@sbueringer sbueringer sbueringer left review comments

@vincepri vincepri vincepri approved these changes

@JoelSpeed JoelSpeed Awaiting requested review from JoelSpeed

@stmcginnis stmcginnis Awaiting requested review from stmcginnis

Assignees

@sbueringer sbueringer

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.2
Development

Successfully merging this pull request may close these issues.

Handle kubeadm 1.24 kubelet ConfigMap name change
6 participants
@fabriziopandini @sbueringer @k8s-infra-cherrypick-robot @neolit123 @k8s-ci-robot @vincepri