-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm:Clean up no longer used k8sVersion param #54982
kubeadm:Clean up no longer used k8sVersion param #54982
Conversation
e311801
to
f030dcb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some cleanup comments
@@ -119,10 +119,10 @@ func NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile *string) *cobra.Comma | |||
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile) | |||
kubeadmutil.CheckErr(err) | |||
|
|||
clusterVersion, err := getClusterVersion(client) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can now remove this function completely as it's not needed anymore
@@ -100,10 +100,10 @@ func NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile *string) *cobra.Command | |||
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile) | |||
kubeadmutil.CheckErr(err) | |||
|
|||
clusterVersion, err := getClusterVersion(client) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these two lines can now be removed
@@ -277,8 +277,7 @@ func (i *Init) Validate(cmd *cobra.Command) error { | |||
|
|||
// Run executes master node provisioning, including certificates, needed static pod manifests, etc. | |||
func (i *Init) Run(out io.Writer) error { | |||
|
|||
k8sVersion, err := version.ParseSemantic(i.cfg.KubernetesVersion) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can now remove this call completely
if len(cfg.DiscoveryFile) == 0 && len(cfg.DiscoveryTokenCACertHashes) == 0 && !cfg.DiscoveryTokenUnsafeSkipCAVerification { | ||
fmt.Println("[validation] WARNING: using token-based discovery without DiscoveryTokenCACertHashes can be unsafe (see https://kubernetes.io/docs/admin/kubeadm/#kubeadm-join).") | ||
fmt.Println("[validation] WARNING: Pass --discovery-token-unsafe-skip-ca-verification to disable this warning. This warning will become an error in Kubernetes 1.9.") | ||
if len(cfg.DiscoveryFile) == 0 && len(cfg.DiscoveryToken) != 0 && len(cfg.DiscoveryTokenCACertHashes) == 0 && !cfg.DiscoveryTokenUnsafeSkipCAVerification { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the logic seems to change here? why add len(cfg.DiscoveryToken) != 0
here?
cc @mattmoyer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIUC, only when the conditions having len(cfg.DiscoveryToken) != 0
means "using token-based discovery" as is mentioned in the error message.
fmt.Println("[validation] WARNING: using token-based discovery without DiscoveryTokenCACertHashes can be unsafe (see https://kubernetes.io/docs/admin/kubeadm/#kubeadm-join).") | ||
fmt.Println("[validation] WARNING: Pass --discovery-token-unsafe-skip-ca-verification to disable this warning. This warning will become an error in Kubernetes 1.9.") | ||
if len(cfg.DiscoveryFile) == 0 && len(cfg.DiscoveryToken) != 0 && len(cfg.DiscoveryTokenCACertHashes) == 0 && !cfg.DiscoveryTokenUnsafeSkipCAVerification { | ||
allErrs = append(allErrs, field.Invalid(fldPath, "", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"discovery-token-unsafe-skip-ca-verification"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @luxas! Will address this and other comments tomorrow :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@luxas other comments addressed. But I'm a bit confusing here now. What were you expecting here to be? allErrs = append(allErrs, field.Invalid(fldPath, "discovery-token-unsafe-skip-ca-verification",
or something else?
f030dcb
to
a04a94b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
/retest |
/hold We need to update the e2e tests first: https://github.com/kubernetes/kubernetes-anywhere/blob/master/phase1/gce/configure-vm-kubeadm.sh#L106 in order to get a green run of the kubeadm e2e CI presubmit job that now is failing: https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/pr-logs/pull/54982/pull-kubernetes-e2e-kubeadm-gce/9008/ |
@luxas PR kubernetes-retired/kubernetes-anywhere#483 sent. PTAL. Thanks! |
This overlaps with #55468 (pending approval). |
@mattmoyer thanks for pointing it out! cc @luxas |
a04a94b
to
b8e7315
Compare
/hold cancel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve no-issue |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: luxas, xiangpengzhao Associated issue requirement bypassed by: luxas The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Automatic merge from submit-queue (batch tested with PRs 55648, 55274, 54982, 51955, 55639). If you want to cherry-pick this change to another branch, please follow the instructions here. |
Automatic merge from submit-queue (batch tested with PRs 55839, 54495, 55884, 55983, 56069). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add condition "len(cfg.DiscoveryToken) != 0" to ValidateArgSelection. **What this PR does / why we need it**: as per #54982 (comment) >only when the conditions having len(cfg.DiscoveryToken) != 0 means "using token-based discovery" as is mentioned in the error message. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: ref: #54982 **Special notes for your reviewer**: /cc @kubernetes/sig-cluster-lifecycle-pr-reviews **Release note**: ```release-note NONE ```
What this PR does / why we need it:
cleanup for kubeadm.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Special notes for your reviewer:
/cc @luxas
Release note:
kubeadm join
now requires the--discovery-token-ca-cert-hash
argument to be set, or the--discovery-token-unsafe-skip-ca-verification
flag to be set for opting out of the CA pinning feature.