-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use nodeutil.GetHostIP consistently when talking to nodes #33718
Use nodeutil.GetHostIP consistently when talking to nodes #33718
Conversation
KubeletClient implements ConnectionInfoGetter, but it is not a complete implementation: it does not set the kubelet port from the node record, for example. By renaming the method so that it does not implement the interface, we are able to cleanly see where the "raw" GetConnectionInfo is used (it is correct) and also have go type-checking enforce this for us.
610967b
to
20b4203
Compare
The first commit is #29011 , which was LGTM-ed but needed a rebase. This works in my testing on AWS and passes e2e above (though we are still using NodeNames that are resolvable, so this may not be complete - but still a step in the right direction IMO!) |
(removed WIP) |
Most of our communications from apiserver -> nodes used nodutil.GetNodeHostIP, but a few places didn't - and this meant that the node name needed to be resolvable _and_ we needed to populate valid IP addresses. Fix the last few places that used the NodeName. Issue kubernetes#18525 Issue kubernetes#9451 Issue kubernetes#9728 Issue kubernetes#17643 Issue kubernetes#11543 Issue kubernetes#22063 Issue kubernetes#2462 Issue kubernetes#22109 Issue kubernetes#22770 Issue kubernetes#32286
20b4203
to
8fe884a
Compare
Jenkins GKE smoke e2e failed for commit 8fe884a. Full PR test history. The magic incantation to run this job again is |
@k8s-bot gke e2e test this |
switching from DNS to IP for master->kubelet connections has implications for deployments that validate the kubelet's TLS serving certs. I am not aware of merge-queue tests that run with the master started with a This adds the requirement that the kubelet's serving certificate be valid for the node IP, which may or may not be feasible for deployments, depending on how they provision the certificates. I also don't agree that "Most of our communications from apiserver -> nodes used nodeutil.GetNodeHostIP"... only the node proxy API ( I'd like to hold merging this until we resolve whether DNS or IP should be preferred, and how we want to give control to deployers if either method does not work for them (no viable DNS or no serving certs valid for IP) c.f. #25532 for using a reported hostname to connect via DNS instead of assuming the node name is a resolvable DNS name |
We have decided though: #22063 (comment) @bgrant0607 can you confirm? |
I don't disagree that decoupling the resolution from the nodeName is desired. I'm just looking to keep continuity for clusters that are currently working for people using pod logs/exec/attach, while giving deployers the tools they need to decouple as appropriate to their environment. #25532 seems closer to achieving that goal. |
ref #2462 |
@liggitt What changes does this PR need in order to be merged? |
if there's general agreement to record more types of addresses in node status (#25532 or #34259 or similar) and to allow selecting which address types to use for apiserver->kubelet communications (#34259 or similar) by 1.5, this change to temporarily require connecting using node IP seems ok as-is |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue |
With this PR merged, does limitation 3 on https://github.com/kubernetes/kubernetes.github.io/blob/master/docs/getting-started-guides/kubeadm.md#limitations need to be removed? |
@liggitt Have we cherry picked this into latest release? Some people are asking for this. |
No, picking just this into 1.4 could break clusters that are currently working with secured node names as DNS names. More changes are needed in the kubelet and apiserver to allow both DNS-based and IP-based modes of operation. |
ping @justinsb Does this PR fix that issue? @kkirsche We can't remove it until v1.5 is released (which has this patch) |
@luxas noted. Thank you for answering and clarifying that. I wasn't sure if hot fix / cherry picking was ever done for that type of thing. Thanks for everyone'a hard work! |
Automatic merge from submit-queue Remove static kubelet client, refactor ConnectionInfoGetter Follow up to #33718 * Collapses the multi-valued return to a `ConnectionInfo` struct * Removes the "raw" connection info method and interface, since it was only used in a single non-test location (by the "real" connection info method) * Disentangles the node REST object from being a ConnectionInfoProvider itself by extracting an implementation of ConnectionInfoProvider that takes a node (using a provided NodeGetter) and determines ConnectionInfo * Plumbs the KubeletClientConfig to the point where we construct the helper object that combines the config and the node lookup. I anticipate adding a preference order for choosing an address type in #34259
Automatic merge from submit-queue Allow apiserver to choose preferred kubelet address type Follow up to #33718 to stay compatible with clusters using DNS names for master->node communications. Adds the `--kubelet-preferred-address-types` apiserver flag for clusters that prefer a different node address type. ```release-note The apiserver can now select which type of kubelet-reported address to use for master->node communications, using the --kubelet-preferred-address-types flag. ```
Hi, Which version include GetNodeHostIP fix? Client Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.5", GitCommit:"5a0a696437ad35c133c0c8493f7e9d22b0f9b81b", GitTreeState:"clean", BuildDate:"2016-10-29T01:38:40Z", GoVersion:"go1.6.3", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.5", GitCommit:"5a0a696437ad35c133c0c8493f7e9d22b0f9b81b", GitTreeState:"clean", BuildDate:"2016-10-29T01:32:42Z", GoVersion:"go1.6.3", Compiler:"gc", Platform:"linux/amd64"} Thanks, |
Looks like this was merged in |
Most of our communications from apiserver -> nodes used
nodutil.GetNodeHostIP, but a few places didn't - and this meant that the
node name needed to be resolvable and we needed to populate valid IP
addresses.
This change is![Reviewable](https://camo.githubusercontent.com/2d899f4291d07d3cd2fa4aaae1e3b243f164c23fce87d30a589ace0d496a444c/68747470733a2f2f72657669657761626c652e6b756265726e657465732e696f2f7265766965775f627574746f6e2e737667)