New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure CoreDNS running when Corefile migration doesn't support current version #88811
Ensure CoreDNS running when Corefile migration doesn't support current version #88811
Conversation
// Since the current configuration present is not the default version, try and migrate it. | ||
updatedCorefile, err := migration.Migrate(currentInstalledCoreDNSVersion, kubeadmconstants.CoreDNSVersion, corefile, false) | ||
if err != nil { | ||
return errors.Wrap(err, "unable to migrate CoreDNS ConfigMap") | ||
} | ||
|
||
// Point the CoreDNS deployment to the `Corefile-backup` data. | ||
if err := patchCoreDNSDeployment(client, "Corefile-backup"); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This step points CoreDNS Deployment to a Configmap value that doesn't exist until the next step (or exists from a prior kubeadm upgrade). IMO, we should create the backup first, then point the deployment to it.
Minor nit: the name of the function patchCoreDNSDeployment()
seems too generic for what it does. I think setCorefile()
or something like that would be better.
/lgtm |
/priority important-longterm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, rajansandeep The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
if err := setCorefile(client, "Corefile-backup"); err != nil { | ||
return err | ||
} | ||
|
||
fmt.Println("[addons] Migrating CoreDNS Corefile") | ||
changes, err := migration.Deprecated(currentInstalledCoreDNSVersion, kubeadmconstants.CoreDNSVersion, corefile) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should setCorefile()
be after this too? Just in case this fails?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @rajansandeep !
I have a bit of a problem here. migrateCoreDNSCorefile
is supposed to be only called whenever IsCoreDNSConfigMapMigrationRequired
returns true. I do think that the latter function is really supposed to return true and migration to be performed whenever CoreDNS is surely not going to start with the old config (hence a migration is required).
I am not OK to do unnecessary migrations as these can change a Corefile beyond recognition and can cause problems like the one with the failed migration.
If a migration is failing and it's required (CoreDNS can't work without it), then a failure to start is genuine.
With the above in mind, it's probably better to investigate why IsCoreDNSConfigMapMigrationRequired
is returning true more often than it shouldn't.
/hold
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
569337f
to
7e9f589
Compare
My point here is that during upgrades we should keep the behavior of CoreDNS the same as in the previous Kubernetes/CoreDNS version. Migration should only result in a new config if there are some unavoidable changes - config format change, drop of unsupported plugin and its replacement with a supported one. |
it makes sense to me to only migrate when actually needed, yet it don't know how easy it is to distinguish that. |
@rosti, In this PR, if Regarding only making changes when necessary:
2 and 3 are IMO minor points because they do not change functionality. However, we could avoid them in part by inspecting the list of deprecations first. e.g. We could make the call to This PR aims to fix a bug in the current released version of kubeadm that had 2 consequences:
|
Thanks for the clarification @chrisohaver !
We seem to be on slightly different pages here. I was shocked that a fix for a failed migration is to leave the old config intact and the new CoreDNS version would simply pick it up and use it. The question I was asking myself is why did we need to attempt to perform the migration in first place? However, I saw that you already answered that below.
The interesting case here is 1. It's obvious - CoreDNS won't start if we have an old plugin.
That's ideal for us. We don't want to silently skip telling the user that a migration error happened when the migration was supposed to remove an old plugin and make the config working with a the new CoreDNS version. @rajansandeep Now that we are on the same page, I think the only thing left to do here is to make the earlier |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @rajansandeep !
I think, that I am happy with it. Can you please, squash your commits, so I can apply the LGTM label?
add an additional check for coredns image sha add a check to see if migration is required
a9b4884
to
fcd229e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @rajansandeep !
/lgtm
/hold cancel |
/retest |
What type of PR is this?
/kind bug
What this PR does / why we need it:
This PR aims to fix a bug in the current released version of kubeadm that had 2 consequences:
Which issue(s) this PR fixes:
Fixes #88725
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: