Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kubeadm] fix kubelet config bug for kubeadm init phase #76578

Merged
merged 1 commit into from
Apr 25, 2019
Merged

[kubeadm] fix kubelet config bug for kubeadm init phase #76578

merged 1 commit into from
Apr 25, 2019

Conversation

SataQiu
Copy link
Member

@SataQiu SataQiu commented Apr 15, 2019

What type of PR is this?

/kind bug

What this PR does / why we need it:
[kubeadm] fix kubelet config bug for kubeadm init phase.

Which issue(s) this PR fixes:

Fixes kubernetes/kubeadm#1493

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Apr 15, 2019
@k8s-ci-robot k8s-ci-robot added area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 15, 2019
@SataQiu
Copy link
Member Author

SataQiu commented Apr 15, 2019

/assign @neolit123

neolit123
neolit123 reviewed Apr 15, 2019
View reviewed changes
Copy link
Member

@neolit123 neolit123 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the PR, tentative LGTM.

i think we should instead set the value in the KubeletConfiguration (component configuration).
the rest of the flags for settings are already supported in the KubeletConfiguration and should be moved to there as well.

/assign @fabriziopandini
@kubernetes/sig-cluster-lifecycle-pr-reviews

@SataQiu
Copy link
Member Author

SataQiu commented Apr 18, 2019

/assign @timothysc
Could you have a look at this PR?

@timothysc
Copy link
Member

I'm going to defer to @fabriziopandini on this one, I know he was looking more broadly on a number of certs issues.

@timothysc timothysc added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Apr 22, 2019
@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Apr 22, 2019
rosti
rosti suggested changes Apr 22, 2019
View reviewed changes
Copy link
Contributor

@rosti rosti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this @SataQiu !

We set that value via the component config:

kubernetes/cmd/kubeadm/app/componentconfigs/defaults.go

Line 91 in f0a4672

externalkubeletcfg.Authentication.X509.ClientCAFile = kubeadmapiv1beta1.DefaultCACertPath

What we should be doing is to ensure, that we use internalcfg.CertificatesDir to get the path (rather than the const).

/hold

@SataQiu
Copy link
Member Author

SataQiu commented Apr 23, 2019

@rosti OK. Thank you for your explanation. I will try further.

@SataQiu
Copy link
Member Author

SataQiu commented Apr 23, 2019

/assign @fabriziopandini
Could you have a look at this PR?

@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 23, 2019
@SataQiu
Copy link
Member Author

SataQiu commented Apr 23, 2019

@rosti
I've updated the code.
After a simple test, it worked.

rosti
rosti reviewed Apr 24, 2019
View reviewed changes
Copy link
Contributor

@rosti rosti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @SataQiu !

cmd/kubeadm/app/componentconfigs/defaults.go Outdated
@@ -88,7 +91,7 @@ func DefaultKubeletConfiguration(internalcfg *kubeadmapi.ClusterConfiguration) {
// Enforce security-related kubelet options

// Require all clients to the kubelet API to have client certs signed by the cluster CA
externalkubeletcfg.Authentication.X509.ClientCAFile = kubeadmapiv1beta1.DefaultCACertPath
externalkubeletcfg.Authentication.X509.ClientCAFile = fmt.Sprintf("%s/%s", strings.TrimSuffix(internalcfg.CertificatesDir, "/"), constants.CACertName)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks way better than before, however let's use filepath.Join for the actual path construction.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much!
The code has been updated.

rosti
rosti approved these changes Apr 24, 2019
View reviewed changes
Copy link
Contributor

@rosti rosti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @SataQiu !
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rosti, SataQiu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 24, 2019
@rosti
Copy link
Contributor

rosti commented Apr 24, 2019

/test pull-kubernetes-kubemark-e2e-gce-big

@SataQiu
Copy link
Member Author

SataQiu commented Apr 25, 2019

/cc @neolit123 @timothysc
Can you have a look at this PR?

yagonobre
yagonobre reviewed Apr 25, 2019
View reviewed changes
Copy link
Member

@yagonobre yagonobre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @SataQiu
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 25, 2019
@SataQiu
Copy link
Member Author

SataQiu commented Apr 25, 2019

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 25, 2019
@k8s-ci-robot k8s-ci-robot merged commit 8501546 into kubernetes:master Apr 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yagonobre yagonobre yagonobre left review comments

@rosti rosti rosti approved these changes

@chuckha chuckha Awaiting requested review from chuckha

@detiber detiber Awaiting requested review from detiber

@neolit123 neolit123 Awaiting requested review from neolit123

@timothysc timothysc Awaiting requested review from timothysc

Assignees

@timothysc timothysc

@neolit123 neolit123

@fabriziopandini fabriziopandini

@yagonobre yagonobre

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note-none Denotes a PR that doesn't merit a release note. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Can not set --cert-dir on init phase kubelet-start
7 participants
@SataQiu @timothysc @k8s-ci-robot @rosti @neolit123 @yagonobre @fabriziopandini