Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: apply "master" label/taint migration for 1.24 #107533

Merged
merged 6 commits into from
Feb 16, 2022
Merged

kubeadm: apply "master" label/taint migration for 1.24 #107533

merged 6 commits into from
Feb 16, 2022

Conversation

neolit123
Copy link
Member

@neolit123 neolit123 commented Jan 13, 2022
edited
Loading

What type of PR is this?

/kind cleanup feature

What this PR does / why we need it:

adapt the kubeadm managed labels and taints to changes planned in release 1.24, as part of the effort to remove usages of the word "master".

short summary:

  • for new clusters, CP nodes will only have the new "control-plane" label ("master" label is no longer applied).
  • for new clusters, CP nodes will be tainted with both the "master" and "control-plane" taint
  • for upgraded clusters, "kubeadm upgrade apply" will remove the "master" label from CP nodes.
  • for upgraded clusters, "kubeadm upgrade apply" will apply "control-plane" taint (next to the existing "master" taint). the "master" taint will be removed in 1.25.

details from the KEP:
https://git.k8s.io/enhancements/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint

1.24 = stage 2

## Design Details

The process will be broken into multiple stages:
- First - 1.20
- Second - Minimum deprecation period for GA features is 1 year.
Estimated 1.24, but may depend on user feedback.
- Third - one release after Second
- Fourth - one release after Third

### Renaming the "node-role.kubernetes.io/master" Node label

First stage:
- Introduce the "node-role.kubernetes.io/control-plane" label in parallel to
the "master" label.
- Announce to users that they should adapt to use the new label.

Second stage:
- Remove the "master" label and announce it to the users.

### Renaming the "node-role.kubernetes.io/master" Node taint

First stage:
- Introduce the "node-role.kubernetes.io/control-plane:NoSchedule" toleration
in the CoreDNS Deployment of kubeadm.
- Announce to users that they should do that same for their workloads.

Second stage:
- Add the "node-role.kubernetes.io/control-plane:NoSchedule" taint to Nodes.

Third stage:
- Remove the "node-role.kubernetes.io/master:NoSchedule" taint from Nodes.

Fourth stage:
- Remove the "node-role.kubernetes.io/master:NoSchedule" toleration in the CoreDNS
Deployment of kubeadm
- Announce to users that they should remove tolerations for the "master" taint in
their workloads.

Which issue(s) this PR fixes:

xref kubernetes/kubeadm#2200

Special notes for your reviewer:

Does this PR introduce a user-facing change?

ACTION REQUIRED: kubeadm: apply "second stage" of the plan to migrate kubeadm away from the usage of the word "master" in labels and taints. For new clusters, the label "node-role.kubernetes.io/master" will no longer be added to control plane nodes, only the label "node-role.kubernetes.io/control-plane" will be added. For clusters that are being upgraded to 1.24 with "kubeadm upgrade apply", the command will remove the label "node-role.kubernetes.io/master" from existing control plane nodes. For new clusters, both the old taint "node-role.kubernetes.io/master:NoSchedule" and new taint "node-role.kubernetes.io/control-plane:NoSchedule" will be added to control plane nodes. In release 1.20 ("first stage"), a release note instructed to preemptively tolerate the new taint. For clusters that are being upgraded to 1.24 with "kubeadm upgrade apply", the command will add the new taint "node-role.kubernetes.io/control-plane:NoSchedule" to existing control plane nodes. Please adapt your infrastructure to these changes. In 1.25 the old taint "node-role.kubernetes.io/master:NoSchedule" will be removed.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

https://git.k8s.io/enhancements/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint

@neolit123
kubeadm: delete the old "master" label during upgrade
c0871b4 
- Rename the function in postupgrade.go to better reflect
what is being done.
- During "upgrade apply" find all nodes with the old label
and remove it by calling PatchNode.
- Update health check for CP nodes to not track "master"
labeled nodes. At this point all CP nodes should have
"control-plane" and we can use that selector only.
@neolit123
kubeadm: only apply the new "control-plane" label during init/join
a3d5e55 
- Update the markcontrolplane phase used by init and join to
only label the nodes with the new control plane label.
- Cleanup TODOs about the old label.
- Remove outdated comment about selfhosting in staticpod/utils.go.
Selfhosting has not been supported in kubeadm for a while
and the comment also mentions the "master" label.
- Update unit tests.
@neolit123
kubeadm: apply the new "control-plane" taint on CP nodes
370031c 
- Apply "control-plane" taint during init/join by adding the
taint in SetNodeRegistrationDynamicDefaults(). The old
taint "master" is still applied.
- Clarify API docs (v1beta2 and v1beta3) for nodeRegistration.Taint
to not mention "master" taint and be more generic. Remove
example for taints that includes the word "master".
- Update unit tests.
@neolit123
kubeadm: apply the new "control-plane" taint during upgrade
db6061f 
- During "upgrade apply" call a new function AddNewControlPlaneTaint()
that finds all nodes with the new "control-plane" node-role label
and adds the new "control-plane" taint to them.
- The function is called in "apply" and is separate from
the step to remove the old "master" label for better debugging
if errors occur.
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jan 13, 2022
@k8s-ci-robot k8s-ci-robot added area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jan 13, 2022
This was referenced Jan 13, 2022
Closed
Closed
@neolit123
Copy link
Member Author

/triage accepted
/priority important-soon
/milestone v1.24

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Jan 13, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Jan 13, 2022
@k8s-ci-robot k8s-ci-robot removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jan 13, 2022
@neolit123
Copy link
Member Author

/approve cancel

@k8s-ci-robot k8s-ci-robot removed the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 13, 2022
@pacoxu
Copy link
Member

pacoxu commented Jan 14, 2022
edited
Loading

https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/107533/pull-kubernetes-e2e-kind/1481653925294641152
failed for taint change.

Jan 13 16:22:25.434: INFO: -> Node kind-control-plane [[[ Ready=true, Network(available)=false, Taints=[{node-role.kubernetes.io/master NoSchedule } {node-role.kubernetes.io/control-plane NoSchedule }], NonblockingTaints=node-role.kubernetes.io/master ]]]

kubernetes/test/e2e/framework/test_context.go

Line 301 in e045e5c

flags.BoolVar(&TestContext.DisableLogDump, "disable-log-dump", false, "If set to true, logs from master and nodes won't be gathered after test run.")

pull-kubernetes-e2e-kind can set non-blocking-taints with flag. Or we should change its default value?

ricky-rav added a commit to ricky-rav/ovn-kubernetes that referenced this pull request Jun 15, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
78b1a79 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
ricky-rav added a commit to ricky-rav/ovn-kubernetes-1 that referenced this pull request Jun 16, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
d02d8cc 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
(cherry picked from commit 78b1a796be4ed5b587dbfa5d246702923574250f)
ricky-rav added a commit to ricky-rav/ovn-kubernetes-1 that referenced this pull request Jun 16, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
0f4ff78 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
(cherry picked from commit 78b1a796be4ed5b587dbfa5d246702923574250f)
ricky-rav added a commit to ricky-rav/ovn-kubernetes that referenced this pull request Jun 16, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
8d29193 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
@ricky-rav ricky-rav mentioned this pull request Jun 17, 2022
Merged
ricky-rav added a commit to ricky-rav/cluster-network-operator that referenced this pull request Jun 17, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
bbb19cd 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
ricky-rav added a commit to ricky-rav/ovn-kubernetes that referenced this pull request Jun 20, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
8735ce0 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

WARNING: openshift 4.11 still uses the old label.

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
ricky-rav added a commit to ricky-rav/ovn-kubernetes that referenced this pull request Jun 20, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
1094ec9 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
ricky-rav added a commit to ricky-rav/ovn-kubernetes-1 that referenced this pull request Jun 21, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
796d16e 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
(cherry picked from commit 1094ec9)
@mboersma mboersma mentioned this pull request Jun 21, 2022
Closed
ricky-rav added a commit to ricky-rav/ovn-kubernetes that referenced this pull request Jun 27, 2022
@ricky-rav
Replace node-role.kubernetes.io/master
433cb05 
As per kubernetes/kubernetes#107533 applied in kubernetes 1.24, replace all occurences of node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
(cherry picked from commit 1094ec9)
@adikul30 adikul30 mentioned this pull request Jul 19, 2022
Merged
@ddubson ddubson mentioned this pull request Aug 19, 2022
Closed
@adikul30 adikul30 mentioned this pull request Sep 22, 2022
Merged
@pwmorreale pwmorreale mentioned this pull request Nov 15, 2022
Merged
andreaskaris added a commit to andreaskaris/ovn-kubernetes-downstream that referenced this pull request Nov 28, 2022
@andreaskaris
Replace node-role.kubernetes.io/master
fbe3de1 
As per kubernetes/kubernetes#107533 applied
in kubernetes 1.24, replace all occurences of
node-role.kubernetes.io/master with
node-role.kubernetes.io/control-plane
Partial cherry-pick from 1094ec9 for
ovnkube-trace only.

Authored-by: Riccardo Ravaioli <rravaiol@redhat.com>
Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
andreaskaris added a commit to andreaskaris/ovn-kubernetes-downstream that referenced this pull request Nov 28, 2022
@andreaskaris
ovnkube-trace only: Replace node-role.kubernetes.io/master
67ee377 
As per kubernetes/kubernetes#107533 applied
in kubernetes 1.24, replace all occurences of
node-role.kubernetes.io/master with
node-role.kubernetes.io/control-plane
Partial cherry-pick from 1094ec9 for
ovnkube-trace only.

Authored-by: Riccardo Ravaioli <rravaiol@redhat.com>
Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
andreaskaris added a commit to andreaskaris/ovn-kubernetes-downstream that referenced this pull request Dec 1, 2022
@andreaskaris
ovnkube-trace only: Replace node-role.kubernetes.io/master
e58c31e 
As per kubernetes/kubernetes#107533 applied
in kubernetes 1.24, replace all occurences of
node-role.kubernetes.io/master with
node-role.kubernetes.io/control-plane
Partial cherry-pick from 1094ec9 for
ovnkube-trace only.

Authored-by: Riccardo Ravaioli <rravaiol@redhat.com>
Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
andreaskaris added a commit to andreaskaris/ovn-kubernetes-downstream that referenced this pull request Dec 12, 2022
@andreaskaris
ovnkube-trace only: Replace node-role.kubernetes.io/master
e0df088 
As per kubernetes/kubernetes#107533 applied
in kubernetes 1.24, replace all occurences of
node-role.kubernetes.io/master with
node-role.kubernetes.io/control-plane

Cherry-pick for ovnkube-trace.go only

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
(cherry picked from commit 1094ec9)

Signed-off-by: Andreas Karis <ak.karis@gmail.com>
@pacoxu pacoxu mentioned this pull request Jan 12, 2023
Closed
@technerd4357 technerd4357 mentioned this pull request Jan 20, 2023
Open
@fiunchinho fiunchinho mentioned this pull request Mar 16, 2023
Closed
openstack-mirroring pushed a commit to openstack/openstack-helm-infra that referenced this pull request Mar 21, 2023
@liupeng0518
Replace node-role.kubernetes.io/master with control-plane
6034a00 
The master label is no longer present on kubeadm control plane nodes(v1.24). For new clusters, the label 'node-role.kubernetes.io/master' will no longer be added to control plane nodes, only the label 'node-role.kubernetes.io/control-plane' will be added. For more information, refer to KEP-2067[https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint]: Rename the kubeadm "master" label and taint.

the kubernetes pr: kubernetes/kubernetes#107533

Change-Id: I3056b642db0a1799089998e3c020b4203c9a93ab
openstack-mirroring pushed a commit to openstack/openstack that referenced this pull request Mar 21, 2023
@liupeng0518 @openstack-gerrit
Update git submodules
4dc00bf 
* Update openstack-helm-infra from branch 'master'
  to 6034a00bf7049d2a7f10bd946d04436a3041ed87
  - Replace node-role.kubernetes.io/master with control-plane
    
    The master label is no longer present on kubeadm control plane nodes(v1.24). For new clusters, the label 'node-role.kubernetes.io/master' will no longer be added to control plane nodes, only the label 'node-role.kubernetes.io/control-plane' will be added. For more information, refer to KEP-2067[https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint]: Rename the kubeadm "master" label and taint.
    
    the kubernetes pr: kubernetes/kubernetes#107533
    
    Change-Id: I3056b642db0a1799089998e3c020b4203c9a93ab
openstack-mirroring pushed a commit to openstack/openstack that referenced this pull request Mar 21, 2023
@liupeng0518 @openstack-gerrit
Update git submodules
fa132bc 
* Update openstack-helm from branch 'master'
  to 73e696b3fbbbbcfb3b6acb1b191885f98ff2b18d
  - Replace node-role.kubernetes.io/master with control-plane
    
    The master label is no longer present on kubeadm control plane nodes(v1.24). For new clusters, the label 'node-role.kubernetes.io/master' will no longer be added to control plane nodes, only the label 'node-role.kubernetes.io/control-plane' will be added. For more information, refer to KEP-2067[https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint]: Rename the kubeadm "master" label and taint.
    
    the kubernetes pr: kubernetes/kubernetes#107533
    
    Change-Id: Iad8c833371efb3ec35149c89eb8fafdf1150fa87
openstack-mirroring pushed a commit to openstack/openstack-helm that referenced this pull request Mar 21, 2023
@liupeng0518
Replace node-role.kubernetes.io/master with control-plane
73e696b 
The master label is no longer present on kubeadm control plane nodes(v1.24). For new clusters, the label 'node-role.kubernetes.io/master' will no longer be added to control plane nodes, only the label 'node-role.kubernetes.io/control-plane' will be added. For more information, refer to KEP-2067[https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint]: Rename the kubeadm "master" label and taint.

the kubernetes pr: kubernetes/kubernetes#107533

Change-Id: Iad8c833371efb3ec35149c89eb8fafdf1150fa87
@innobead innobead mentioned this pull request Apr 15, 2023
Closed
@asifdxtreme asifdxtreme mentioned this pull request Apr 20, 2023
Closed
@SataQiu SataQiu mentioned this pull request Jun 6, 2023
Merged
@fossedihelm fossedihelm mentioned this pull request Apr 18, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SataQiu SataQiu SataQiu approved these changes

@fabriziopandini fabriziopandini Awaiting requested review from fabriziopandini

@pacoxu pacoxu Awaiting requested review from pacoxu

Assignees

@SataQiu SataQiu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/e2e-test-framework Issues or PRs related to refactoring the kubernetes e2e test framework area/kubeadm area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.24
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@neolit123 @pacoxu @BenTheElder @k8s-ci-robot @SataQiu