kubeadm: FeatureGate MergeCLIArgumentsWithConfig is added for ignorePreflightErrors

[chendave]

Turn on FeatureGate MergeCLIArgumentsWithConfig to keep the legacy way of management of ignorePreflightErrors, which means the value defined by the flag ignore-preflight-errors will be merged with the value ignorePreflightErrors defined in the config file.

Otherwise, the value defined by the flag will replace the value from the config file if set.

/kind feature

ref: #113583 (comment)

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

kubeadm: Turn on FeatureGate `MergeCLIArgumentsWithConfig` to merge the config from flag and config file, otherwise, If the flag `--ignore-preflight-errors` is set from CLI, then the value from config file will be ignored. 

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[k8s-ci-robot]

Please note that we're already in Test Freeze for the release-1.28 branch. This means every merged PR will be automatically fast-forwarded via the periodic ci-fast-forward job to the release branch of the upcoming v1.28.0 release.

Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Tue Aug 15 04:36:57 UTC 2023.

[chendave]

/hold

adding a feature gate.

[neolit123]

/hold

adding a feature gate.

@chendave note how we added a deprecated FG here:
kubernetes/kubeadm#2346

we can use the same pattern IMO

[chendave]

/unhold

[chendave]

I must tweak a little bit around those related testcases.

@neolit123 @SataQiu @pacoxu pls review if you have time. I think all testcases should pass now.

[neolit123]

thanks for the update @chendave
this definitely needs more eyes.

the FG name and mechanism SGMT.
added a couple of questions related to side changes around join_*.

[neolit123]

hm, wouldn't this result in the init config being fetched always?
how do we know if this is a test config?

also why not add this below:

if _, err := os.Stat(adminKubeConfigPath); err == nil && opt.controlPlane {
		// use the admin.conf as tlsBootstrapCfg, that is the kubeconfig file used for reading the kubeadm-config during discovery
		klog.V(1).Infof("[preflight] found %s. Use it for skipping discovery", adminKubeConfigPath)
		tlsBootstrapCfg, err = clientcmd.LoadFromFile(adminKubeConfigPath)
		if err != nil {
			return nil, errors.Wrapf(err, "Error loading %s", adminKubeConfigPath)
		}
	}

[chendave]

hm, wouldn't this result in the init config being fetched always?

we cannot get the FG defined from a init config if there is no such config.

how do we know if this is a test config?

if this is not a test config and an error is hit, then initCfg would be an empty config, then initCfg could be fetched again when it is needed.

also why not add this below:

do you mean fetching the config only it's a control plane && admin kubeconfig exist? sorry, I cannot get it, is there any benefit for us to move those code up?

[chendave]

hm, wouldn't this result in the init config being fetched always?

we cannot get the FG defined from a init config if there is no such config.

this is pain, is there anyway for us to workaround this?

[neolit123]

do you mean fetching the config only it's a control plane && admin kubeconfig exist? sorry, I cannot get it, is there any benefit for us to move those code up?

no just putting the login closer to the block i posted here
#119946 (comment)

core organization wise

[neolit123]

i don't think we are understanding each other very well here.
the above logic and comment in the code confused me, but i think you might want to ignore my question for now, because i'm doing N things at once and don't have enough time to have a look at this PR more today.

if you think it's the right thing to do, leave it like so and other reviewers will also have a look.

[chendave]

@neolit123 take your time, this is not urgent I think, thanks!

[chendave]

hm, wouldn't this result in the init config being fetched always?

this should be, the reason is we need to get the initCfg from cluster, so that we can get the FeatureGates from the initCfg.

here is the code:

ignorePreflightErrorsSet, err := validation.ValidateIgnorePreflightErrors(initCfg.FeatureGates, opt.ignorePreflightErrors, cfg.NodeRegistration.IgnorePreflightErrors)

Because of that, I add a parameter lazilyFetchInitCfg here to keep the original testcase unimpacted, the testcases there expected to lazily fetch a initConfiguration, I think that is because testcase should not interact with the cluster.

no just putting the login closer to the block i posted here

hmm, looks like I cannot move this piece of code up, because the code must under the cfg, I need the cfg to get the cfg.NodeRegistration.IgnorePreflightErrors as well.

cfg, err := configutil.LoadOrDefaultJoinConfiguration(opt.cfgPath, opt.externalcfg)

[neolit123]

can you please elaborate on why this controlPlane field bypasses the discovery of a tlsBootstrapCfg? is it because the tlsBootstrapCfg local var will be nil if there is no admin.conf?
i got a bit lost on this one. maybe more details in the comment are needed.

[chendave]

overall, we want to bypass the logic to get the tlsBootstrapCfg from a cluster, unittest shouldn't do that (interact with a cluster to fetch something from a cluster).

https://github.com/kubernetes/kubernetes/pull/119946/files#diff-c6f6a594b0b45b48a444c274731731e10883c6cf9e2e66f8938aa28af5a57b27R436-R437

	if tlsBootstrapCfg == nil {
		if tlsBootstrapCfg, err = discovery.For(cfg); err == nil {

set the controlplane will help to set tlsBootstrapCfg and hence skip this step.

[chendave]

Since I added a new parameter lazilyFetchInitCfg in the function of newJoinData, so those change are not needed anymore.

[neolit123]

/approve
/hold
/triage accepted

generally LGTM. needs another reviewer!

please double check the logic around:
https://github.com/kubernetes/kubernetes/pull/119946/files#r1315679568

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chendave, neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [chendave,neolit123]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[chendave]

@SataQiu @pacoxu Does this approach look good to you?

[chendave]

typo here.

[pacoxu]

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: dc12011e34940d0cffc7ff92e2512eba2d97cc38

[chendave]

/unhold

thanks guys for the review!