kubernetes · hakman · Oct 5, 2023 · Oct 5, 2023 · Oct 6, 2023
diff --git a/docs/releases/1.29-NOTES.md b/docs/releases/1.29-NOTES.md
@@ -12,6 +12,10 @@ This is a document to gather the release notes prior to the release.
 
 ## Openstack
 
+## DigitalOcean
+
+* Node names have changed from the droplet's private IP to the droplet's ID
+
 # Breaking changes
 
 ## Other breaking changes

diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -3932,6 +3932,10 @@ spec:
                       kubelet defaults. (DEPRECATED: This parameter should be set
                       via the config file specified by the Kubelet''s --config flag.'
                     type: boolean
+                  providerID:
+                    description: ProviderID specifies the unique ID of the instance
+                      that an external provider can use to identify a specific node.
+                    type: string
                   readOnlyPort:
                     description: ReadOnlyPort is the port used by the kubelet api
                       for read-only access (default 10255)
@@ -4370,6 +4374,10 @@ spec:
                       kubelet defaults. (DEPRECATED: This parameter should be set
                       via the config file specified by the Kubelet''s --config flag.'
                     type: boolean
+                  providerID:
+                    description: ProviderID specifies the unique ID of the instance
+                      that an external provider can use to identify a specific node.
+                    type: string
                   readOnlyPort:
                     description: ReadOnlyPort is the port used by the kubelet api
                       for read-only access (default 10255)

diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml
@@ -682,6 +682,10 @@ spec:
                       kubelet defaults. (DEPRECATED: This parameter should be set
                       via the config file specified by the Kubelet''s --config flag.'
                     type: boolean
+                  providerID:
+                    description: ProviderID specifies the unique ID of the instance
+                      that an external provider can use to identify a specific node.
+                    type: string
                   readOnlyPort:
                     description: ReadOnlyPort is the port used by the kubelet api
                       for read-only access (default 10255)

diff --git a/nodeup/pkg/model/kubelet.go b/nodeup/pkg/model/kubelet.go
@@ -221,6 +221,7 @@ func buildKubeletComponentConfig(kubeletConfig *kops.KubeletConfigSpec) (*nodeta
 		componentConfig.ShutdownGracePeriodCriticalPods = *kubeletConfig.ShutdownGracePeriodCriticalPods
 	}
 	componentConfig.MemorySwap.SwapBehavior = kubeletConfig.MemorySwapBehavior
+	componentConfig.ProviderID = kubeletConfig.ProviderID
 
 	s := runtime.NewScheme()
 	if err := kubelet.AddToScheme(s); err != nil {

diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go
@@ -236,6 +236,8 @@ type KubeletConfigSpec struct {
 	// MemorySwapBehavior defines how swap is used by container workloads.
 	// Supported values: LimitedSwap, "UnlimitedSwap.
 	MemorySwapBehavior string `json:"memorySwapBehavior,omitempty"`
+	// ProviderID specifies the unique ID of the instance that an external provider can use to identify a specific node.
+	ProviderID string `json:"providerID,omitempty"`
 }
 
 // KubeProxyConfig defines the configuration for a proxy

diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go
@@ -236,6 +236,8 @@ type KubeletConfigSpec struct {
 	// MemorySwapBehavior defines how swap is used by container workloads.
 	// Supported values: LimitedSwap, "UnlimitedSwap.
 	MemorySwapBehavior string `json:"memorySwapBehavior,omitempty"`
+	// ProviderID specifies the unique ID of the instance that an external provider can use to identify a specific node.
+	ProviderID string `json:"providerID,omitempty"`
 }
 
 // KubeProxyConfig defines the configuration for a proxy

diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
diff --git a/pkg/apis/kops/v1alpha3/componentconfig.go b/pkg/apis/kops/v1alpha3/componentconfig.go
@@ -234,6 +234,8 @@ type KubeletConfigSpec struct {
 	// MemorySwapBehavior defines how swap is used by container workloads.
 	// Supported values: LimitedSwap, "UnlimitedSwap.
 	MemorySwapBehavior string `json:"memorySwapBehavior,omitempty"`
+	// ProviderID specifies the unique ID of the instance that an external provider can use to identify a specific node.
+	ProviderID string `json:"providerID,omitempty"`
 }
 
 // KubeProxyConfig defines the configuration for a proxy

diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
diff --git a/upup/pkg/fi/cloudup/do/verifier.go b/upup/pkg/fi/cloudup/do/verifier.go
@@ -98,20 +98,12 @@ func (o digitalOceanVerifier) VerifyToken(ctx context.Context, rawRequest *http.
 
 	// The node challenge is important here though, verifying the caller has control of the IP address.
 
-	nodeName := ""
-	if len(addresses) == 0 {
-		// Name seems a better default than the first IP, but we have to match what other components are expecting
-		nodeName = droplet.Name
-	} else {
-		nodeName = addresses[0]
-	}
-
 	if len(challengeEndpoints) == 0 {
 		return nil, fmt.Errorf("cannot determine challenge endpoint for server %q", serverID)
 	}
 
 	result := &bootstrap.VerifyResult{
-		NodeName:          nodeName,
+		NodeName:          strconv.Itoa(droplet.ID),
 		CertificateNames:  addresses,
 		ChallengeEndpoint: challengeEndpoints[0],
 	}

diff --git a/upup/pkg/fi/nodeup/command.go b/upup/pkg/fi/nodeup/command.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/base64"
-	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -426,6 +425,10 @@ func evaluateSpec(nodeupConfig *nodeup.Config, cloudProvider api.CloudProviderID
 
 	nodeupConfig.KubeletConfig.HostnameOverride = hostnameOverride
 
+	if cloudProvider == api.CloudProviderDO {
+		nodeupConfig.KubeletConfig.ProviderID = "digitalocean://" + hostnameOverride
+	}
+
 	if nodeupConfig.KubeProxy != nil {
 		nodeupConfig.KubeProxy.HostnameOverride = hostnameOverride
 		nodeupConfig.KubeProxy.BindAddress, err = evaluateBindAddress(nodeupConfig.KubeProxy.BindAddress)
@@ -460,17 +463,12 @@ func evaluateHostnameOverride(cloudProvider api.CloudProviderID) (string, error)
 		bareHostname := strings.Split(fullyQualified, ".")[0]
 		return bareHostname, nil
 	case api.CloudProviderDO:
-		vBytes, err := vfs.Context.ReadFile("metadata://digitalocean/interfaces/private/0/ipv4/address")
+		dropletIDBytes, err := vfs.Context.ReadFile("metadata://digitalocean/id")
 		if err != nil {
-			return "", fmt.Errorf("error reading droplet private IP from DigitalOcean metadata: %v", err)
-		}
-
-		hostname := string(vBytes)
-		if hostname == "" {
-			return "", errors.New("private IP for digitalocean droplet was empty")
+			return "", fmt.Errorf("error reading droplet ID from DigitalOcean metadata: %v", err)
 		}
 
-		return hostname, nil
+		return string(dropletIDBytes), nil
 	}
 
 	return "", nil