-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: cleanup upgrade from no-TLS etcd to TLS etcd #71740
kubeadm: cleanup upgrade from no-TLS etcd to TLS etcd #71740
Conversation
Hi @yuexiao-wang. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@fabriziopandini PTAL |
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your contribution @yuexiao-wang !
Only one minor nit left to cleanup here. HasTLS()
from the ClusterInterrogator
interface and all its implementations are left unused. Therefore we should get rid of them.
2e9c31d
to
5610ac3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @yuexiao-wang
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, yuexiao-wang The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@rosti @neolit123 This PR is updated and thanks for your review |
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks @yuexiao-wang
/lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know I'm late for this train, but if I'm not wrong there are some left overs...
@rosti @detiber @yuexiao-wang @yagonobre wdyt?
waitForComponentRestart = false | ||
} | ||
// Normally, if an Etcd upgrade is successful, but the apiserver upgrade fails, Etcd is not rolled back. | ||
// In the case of a TLS upgrade, the old KubeAPIServer config is incompatible with the new Etcd confg, so we rollback Etcd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here for the if and for the recoverEtcd
part
fmt.Printf("[upgrade/staticpods] The %s manifest will be restored if component %q fails to upgrade\n", constants.Etcd, component) | ||
} | ||
|
||
// We currently depend on getting the Etcd mirror Pod hash from the KubeAPIServer; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the code under to old``if isTLSUpgrade` should go away.
The case "upgrading the etcd protocol" doesn't exist anymore, so probably also the waitForComponentUpgrade
should go away (this last point should be double checked)
@@ -313,20 +312,18 @@ func performEtcdStaticPodUpgrade(client clientset.Interface, waiter apiclient.Wa | |||
} | |||
|
|||
// Waiter configurations for checking etcd status | |||
// If we are upgrading TLS we need to wait for old static pod to be removed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The case if we are upgrading TLS doesn't exist anymore so pod restart delay IMO should go away
Got it and I will send a PR |
Signed-off-by: yuexiao-wang wang.yuexiao@zte.com.cn
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
Don't support no-TLS etcd in kubeadm upgrade because kubeadm switched to etcd installation with TLS after some releases ago
Which issue(s) this PR fixes:
Fixes # kubernetes/kubeadm#1298
Special notes for your reviewer:
Does this PR introduce a user-facing change?: