Add ability to configure kubeadm's ignored pre-flight errors via InitConfiguration and JoinConfiguration

[marccarre]

What type of PR is this?
/kind feature
/sig cluster-lifecycle

What this PR does / why we need it:
This adds a more declarative way to configure ignored pre-flight errors -- via InitConfiguration and JoinConfiguration, in addition to the "legacy" CLI flag -- and therefore simplifies programmatic usage of kubeadm: just one configuration file to generate & to pass to kubeadm.

Which issue(s) this PR fixes:
Fixes #74246.
Fixes kubernetes/kubeadm/issues/1460.

Does this PR introduce a user-facing change?:

kubeadm's ignored pre-flight errors can now be configured via InitConfiguration and JoinConfiguration.

[k8s-ci-robot]

Hi @marccarre. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[neolit123]

thanks for the PR @marccarre
i think, this is pretty much what we want to do, except that it has to happen in v1beta2.

/assign @rosti @fabriziopandini
/hold

[neolit123]

@marccarre
please squash the commits into one.
/priority important-longterm

[rosti]

Thanks for your contribution @marccarre !
The thing is that we should not modify the existing v1beta1 config. We have to do that modification in the new v1beta2 config if we reach a consensus on that.
Also, my proposition is to have that field in the NodeRegistrationOptions only.

Let's hold this for now, until the time comes for it.
/hold

[marccarre]

@rosti, @neolit123, thanks for your feedback ✨
I've addressed some of it (and will squash at the very end once everyone is happy about this PR), but now face build issues as per #75499 (comment). Apologies for being new to kubeadm/kubernetes' development, but any pointer on how to resolve this would be very much appreciated.

[rosti]

Thanks for updating this @marccarre !
However, we need to hold on until the new config (probably v1beta2) becomes available. More developments on this question are to come probably next week.
We need to add the new field in that config and the internal one (not in v1beta1 or v1alpha3).
I'll ping you for a rebase and more guidance once we are ready for this.
It's just that we need to do a few more things before we can proceed with this.

[marccarre]

we need to hold on until the new config (probably v1beta2) becomes available

Sure, no worries. I'll wait then 🙂

I haven't dug into the code generation logic (yet), but I'm guessing some of the build issues I'm seeing will change/disappear once v1beta2 is added.

[rosti]

I haven't dug into the code generation logic (yet), but I'm guessing some of the build issues I'm seeing will change/disappear once v1beta2 is added.

Mostly yes.

[rosti]

@marccarre, with the merger of #76710 you are now able to continue working on this based on v1beta2.
In addition to that we need to verify the new field and make sure it cannot be set to "all" and therefore ignore all pre-flight errors from the config easily.
Thanks for taking this on!

[kad]

I thought about this PR, and I think the better way to implement that will be to modify validation.ValidateIgnorePreflightErrors such, that it will take two arrays of strings as arguments. One from command line, one from config objects. Then, merging into one set can be done inside validation.ValidateIgnorePreflightErrors by iterating both of the arrays, practically getting rid of helper function union. Also it would be good to validate that array from config object will not contain 'all', as config object should not be used as "hide everything" workarround, instead of explicitly specifying what should be ignored.

[marccarre]

@rosti, @fabriziopandini, @neolit123, @kad, I've just rebased this PR on top of latest master, added the necessary changes for v1beta2 and addressed the feedback given so far (thank you all! 🙇). PTAL 🙂

[kad]

Please squash commits. One for implementation/code changes part, one commit for auto-generated stuff.

[rosti]

Thanks for the update @marccarre !
So far it looks great!
However, we need to deny the ability to specify "all" in the config file (but still permit it in the command line). Once that is done we can merge it.

[rosti]

/ok-to-test

[rosti]

I thought about this PR, and I think the better way to implement that will be to modify validation.ValidateIgnorePreflightErrors such, that it will take two arrays of strings as arguments. One from command line, one from config objects. Then, merging into one set can be done inside validation.ValidateIgnorePreflightErrors by iterating both of the arrays, practically getting rid of helper function union. Also it would be good to validate that array from config object will not contain 'all', as config object should not be used as "hide everything" workarround, instead of explicitly specifying what should be ignored.

That's one way of doing it.
I would like to keep things simple and scope of functionality clear, hence ValidateIgnorePreflightErrors should still perform only validation of errors, but with a bool param stating the origin of the ignored errors. This is where "all" from a config file should be checked.
Then a wrapper func, that takes a couple of sets (one from command line, another from the config) would call ValidateIgnorePreflightErrors twice. If the "all" keyword is present in the command line errors, it's returned as a set with a single element. Otherwise, the sets need to be combined.

[kad]

Then a wrapper func, that takes a couple of sets (one from command line, another from the config) would call ValidateIgnorePreflightErrors twice. If the "all" keyword is present in the command line errors, it's returned as a set with a single element. Otherwise, the sets need to be combined.

This will require third iteration over the combined set with check, for mixture or all plus individual check, like it is currently performed in validation.ValidateIgnorePreflightErrors.

[marccarre]

I hope to have addressed both your requirements.
PTAL, @rosti, @kad, and thanks again for your feedback! ✨
(Previous push had some tests failing, if there still are some after this push, I'll then look into this.)

[kad]

small nits

[kad]

Also nit: do we have usage of this somewhere? Otherwise we are loosing prestine state as we read from config file, isn't it?

[marccarre]

This is currently not used anywhere, but given the configuration object is passed around, and this field could eventually be used elsewhere as a result, I thought doing the above might reduce the chance of a bug/inconsistent behaviour. I can remove it if you'd rather keep the configuration file's initial state. Let me know.

[rosti]

Thanks @marccarre !
A couple of nits and we are there!

[rosti]

Ok, the fuzzer test is failing, because we don't have the IgnorePreflightErrors in v1beta1. To fix this, we must reintroduce the fuzzNodeRegistration in the fuzzer test and plug the IgnorePreflightErrors field.
#75261 is the PR that got it deleted. You can check with it how to reintroduce it.
The new version of it should roughly look like this:

func fuzzNodeRegistration(obj *kubeadm.NodeRegistrationOptions, c fuzz.Continue) {	
	c.FuzzNoCustom(obj)	

 	// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)	
	obj.IgnorePreflightErrors = nil
}

Also, the reset test needs fixing (missing parameter in the call to ValidateIgnorePreflightErrors).

[rosti]

Thank you @marccarre !
I am happy how things turned out. Can you squash your commits as a final step so we can merge it?
/approve
/hold
For the squash.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: marccarre, rosti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [rosti]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[marccarre]

Done: PR rebased on top of latest master and commits squashed.
Thanks again for the feedback! 👍

[rosti]

@kad can you do a final pass and lgtm if you are happy with this?
/assign @kad
/hold cancel
/test pull-kubernetes-e2e-gce

[kad]

/lgtm
I have some doubts about some corner cases like in order of operations in upgrade steps (e.g. validating flags before/after trying to load cluster config), but I think it is not a big deal at the moment.

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.