kubeadm: cleanup upgrade from no-TLS etcd to TLS etcd #71740
Conversation
k8s-ci-robot
added
release-note-none
|
Hi @yuexiao-wang. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-ok-to-test
k8s-ci-robot
added
area/kubeadm
sig/cluster-lifecycle
|
@fabriziopandini PTAL |
|
/ok-to-test |
k8s-ci-robot
added
priority/important-longterm
There was a problem hiding this comment.
Thank you for your contribution @yuexiao-wang !
Only one minor nit left to cleanup here. HasTLS() from the ClusterInterrogator interface and all its implementations are left unused. Therefore we should get rid of them.
yuexiao-wang
force-pushed
the
cleanup-upgrad-etcd
branch
from
2e9c31d
to
5610ac3
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, yuexiao-wang The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
@rosti @neolit123 This PR is updated and thanks for your review |
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
|
/lgtm |
k8s-ci-robot
added
the
lgtm
There was a problem hiding this comment.
I know I'm late for this train, but if I'm not wrong there are some left overs...
@rosti @detiber @yuexiao-wang @yagonobre wdyt?
| waitForComponentRestart = false | ||
| } | ||
| // Normally, if an Etcd upgrade is successful, but the apiserver upgrade fails, Etcd is not rolled back. | ||
| // In the case of a TLS upgrade, the old KubeAPIServer config is incompatible with the new Etcd confg, so we rollback Etcd |
There was a problem hiding this comment.
Same here for the if and for the recoverEtcd part
| fmt.Printf("[upgrade/staticpods] The %s manifest will be restored if component %q fails to upgrade\n", constants.Etcd, component) | ||
| } | ||
|
|
||
| // We currently depend on getting the Etcd mirror Pod hash from the KubeAPIServer; |
There was a problem hiding this comment.
All the code under to old``if isTLSUpgrade` should go away.
The case "upgrading the etcd protocol" doesn't exist anymore, so probably also the waitForComponentUpgrade should go away (this last point should be double checked)
| @@ -313,20 +312,18 @@ func performEtcdStaticPodUpgrade(client clientset.Interface, waiter apiclient.Wa | |||
| } | |||
|
|
|||
| // Waiter configurations for checking etcd status | |||
| // If we are upgrading TLS we need to wait for old static pod to be removed. | |||
There was a problem hiding this comment.
The case if we are upgrading TLS doesn't exist anymore so pod restart delay IMO should go away
|
Got it and I will send a PR |
Signed-off-by: yuexiao-wang wang.yuexiao@zte.com.cn
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
Don't support no-TLS etcd in kubeadm upgrade because kubeadm switched to etcd installation with TLS after some releases ago
Which issue(s) this PR fixes:
Fixes # kubernetes/kubeadm#1298
Special notes for your reviewer:
Does this PR introduce a user-facing change?: