Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm:Clean up no longer used k8sVersion param #54982

Merged
merged 1 commit into from
Nov 15, 2017
Merged

kubeadm:Clean up no longer used k8sVersion param #54982

merged 1 commit into from
Nov 15, 2017

Conversation

xiangpengzhao
Copy link
Contributor

@xiangpengzhao xiangpengzhao commented Nov 2, 2017
edited by luxas

What this PR does / why we need it:
cleanup for kubeadm.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Special notes for your reviewer:
/cc @luxas

Release note:

NONE

kubeadm join now requires the --discovery-token-ca-cert-hash argument to be set, or the --discovery-token-unsafe-skip-ca-verification flag to be set for opting out of the CA pinning feature.

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 2, 2017
@xiangpengzhao
Copy link
Contributor Author

/assign @krousey @luxas

luxas
luxas reviewed Nov 9, 2017
View reviewed changes
Copy link
Member

@luxas luxas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some cleanup comments

cmd/kubeadm/app/cmd/phases/bootstraptoken.go
@@ -119,10 +119,10 @@ func NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile *string) *cobra.Comma
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
kubeadmutil.CheckErr(err)

clusterVersion, err := getClusterVersion(client)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can now remove this function completely as it's not needed anymore

cmd/kubeadm/app/cmd/phases/bootstraptoken.go
@@ -100,10 +100,10 @@ func NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile *string) *cobra.Command
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
kubeadmutil.CheckErr(err)

clusterVersion, err := getClusterVersion(client)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these two lines can now be removed

cmd/kubeadm/app/cmd/init.go
@@ -277,8 +277,7 @@ func (i *Init) Validate(cmd *cobra.Command) error {

// Run executes master node provisioning, including certificates, needed static pod manifests, etc.
func (i *Init) Run(out io.Writer) error {

k8sVersion, err := version.ParseSemantic(i.cfg.KubernetesVersion)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can now remove this call completely

cmd/kubeadm/app/apis/kubeadm/validation/validation.go Outdated
if len(cfg.DiscoveryFile) == 0 && len(cfg.DiscoveryTokenCACertHashes) == 0 && !cfg.DiscoveryTokenUnsafeSkipCAVerification {
fmt.Println("[validation] WARNING: using token-based discovery without DiscoveryTokenCACertHashes can be unsafe (see https://kubernetes.io/docs/admin/kubeadm/#kubeadm-join).")
fmt.Println("[validation] WARNING: Pass --discovery-token-unsafe-skip-ca-verification to disable this warning. This warning will become an error in Kubernetes 1.9.")
if len(cfg.DiscoveryFile) == 0 && len(cfg.DiscoveryToken) != 0 && len(cfg.DiscoveryTokenCACertHashes) == 0 && !cfg.DiscoveryTokenUnsafeSkipCAVerification {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the logic seems to change here? why add len(cfg.DiscoveryToken) != 0 here?
cc @mattmoyer

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC, only when the conditions having len(cfg.DiscoveryToken) != 0 means "using token-based discovery" as is mentioned in the error message.

cmd/kubeadm/app/apis/kubeadm/validation/validation.go Outdated
fmt.Println("[validation] WARNING: using token-based discovery without DiscoveryTokenCACertHashes can be unsafe (see https://kubernetes.io/docs/admin/kubeadm/#kubeadm-join).")
fmt.Println("[validation] WARNING: Pass --discovery-token-unsafe-skip-ca-verification to disable this warning. This warning will become an error in Kubernetes 1.9.")
if len(cfg.DiscoveryFile) == 0 && len(cfg.DiscoveryToken) != 0 && len(cfg.DiscoveryTokenCACertHashes) == 0 && !cfg.DiscoveryTokenUnsafeSkipCAVerification {
allErrs = append(allErrs, field.Invalid(fldPath, "",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"discovery-token-unsafe-skip-ca-verification"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @luxas! Will address this and other comments tomorrow :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luxas other comments addressed. But I'm a bit confusing here now. What were you expecting here to be? allErrs = append(allErrs, field.Invalid(fldPath, "discovery-token-unsafe-skip-ca-verification", or something else?

luxas
luxas approved these changes Nov 10, 2017
View reviewed changes
Copy link
Member

@luxas luxas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 10, 2017
@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 10, 2017
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Nov 10, 2017
@luxas
Copy link
Member

luxas commented Nov 10, 2017

/retest

@luxas
Copy link
Member

luxas commented Nov 10, 2017

/hold

We need to update the e2e tests first: https://github.com/kubernetes/kubernetes-anywhere/blob/master/phase1/gce/configure-vm-kubeadm.sh#L106 in order to get a green run of the kubeadm e2e CI presubmit job that now is failing: https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/pr-logs/pull/54982/pull-kubernetes-e2e-kubeadm-gce/9008/

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 10, 2017
@xiangpengzhao xiangpengzhao mentioned this pull request Nov 10, 2017
Merged
@xiangpengzhao
Copy link
Contributor Author

@luxas PR kubernetes-retired/kubernetes-anywhere#483 sent. PTAL. Thanks!

@mattmoyer
Copy link
Contributor

This overlaps with #55468 (pending approval).

@xiangpengzhao
Copy link
Contributor Author

xiangpengzhao commented Nov 15, 2017
edited

@mattmoyer thanks for pointing it out! I will rebase after #55468 merged.[UPDATE: I remove the overlapped part in favor of #55468] But I guess #55468 also needs to wait for kubernetes-retired/kubernetes-anywhere#483 being merged?

cc @luxas

@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 15, 2017
@xiangpengzhao xiangpengzhao changed the title kubeadm: convert warning to error and remove unused version. kubeadm:Clean up no longer used k8sVersion param Nov 15, 2017
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Nov 15, 2017
@xiangpengzhao
Copy link
Contributor Author

/hold cancel

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Nov 15, 2017
luxas
luxas approved these changes Nov 15, 2017
View reviewed changes
Copy link
Member

@luxas luxas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@luxas
Copy link
Member

luxas commented Nov 15, 2017

/approve no-issue

@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: luxas, xiangpengzhao

Associated issue requirement bypassed by: luxas

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 55648, 55274, 54982, 51955, 55639). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit dab5dc6 into kubernetes:master Nov 15, 2017
@xiangpengzhao xiangpengzhao deleted the cleanup-kubeadm branch November 15, 2017 22:32
@xiangpengzhao xiangpengzhao mentioned this pull request Nov 20, 2017
Merged
k8s-github-robot pushed a commit that referenced this pull request Nov 20, 2017
Merge pull request #56069 from xiangpengzhao/change-kubeadm-validation
db4134d 
Automatic merge from submit-queue (batch tested with PRs 55839, 54495, 55884, 55983, 56069). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add condition "len(cfg.DiscoveryToken) != 0" to ValidateArgSelection.

**What this PR does / why we need it**:
as per #54982 (comment)
>only when the conditions having len(cfg.DiscoveryToken) != 0 means "using token-based discovery" as is mentioned in the error message.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: #54982

**Special notes for your reviewer**:
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews 

**Release note**:

```release-note
NONE
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luxas luxas luxas approved these changes

Assignees

@krousey krousey

@dmmcquay dmmcquay

@luxas luxas

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@xiangpengzhao @luxas @mattmoyer @k8s-github-robot @krousey @dmmcquay @k8s-ci-robot