-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement individual control for kubeadm preflight checks #56072
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,6 +26,7 @@ import ( | |
|
||
"github.com/spf13/pflag" | ||
|
||
"k8s.io/apimachinery/pkg/util/sets" | ||
"k8s.io/apimachinery/pkg/util/validation" | ||
"k8s.io/apimachinery/pkg/util/validation/field" | ||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" | ||
|
@@ -289,7 +290,7 @@ func ValidateMixedArguments(flag *pflag.FlagSet) error { | |
|
||
mixedInvalidFlags := []string{} | ||
flag.Visit(func(f *pflag.Flag) { | ||
if f.Name == "config" || strings.HasPrefix(f.Name, "skip-") || f.Name == "dry-run" || f.Name == "kubeconfig" { | ||
if f.Name == "config" || strings.HasPrefix(f.Name, "ignore-checks-") || strings.HasPrefix(f.Name, "skip-") || f.Name == "dry-run" || f.Name == "kubeconfig" { | ||
// "--skip-*" flags or other whitelisted flags can be set with --config | ||
return | ||
} | ||
|
@@ -328,3 +329,27 @@ func ValidateAPIEndpoint(c *kubeadm.MasterConfiguration, fldPath *field.Path) fi | |
} | ||
return allErrs | ||
} | ||
|
||
// ValidateIgnoreChecksErrors validates duplicates in ignore-checks-errors flag. | ||
func ValidateIgnoreChecksErrors(ignoreChecksErrors []string, skipPreflightChecks bool) (sets.String, error) { | ||
ignoreErrors := sets.NewString() | ||
allErrs := field.ErrorList{} | ||
|
||
for _, item := range ignoreChecksErrors { | ||
ignoreErrors.Insert(strings.ToLower(item)) // parameters are case insensitive | ||
} | ||
|
||
// TODO: remove once deprecated flag --skip-preflight-checks is removed. | ||
if skipPreflightChecks { | ||
if ignoreErrors.Has("all") { | ||
allErrs = append(allErrs, field.Invalid(field.NewPath("ignore-checks-errors"), strings.Join(ignoreErrors.List(), ","), "'all' is used together with deprecated flag --skip-preflight-checks. Remove deprecated flag")) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not certain...but this looks like it would force an exit if both are specified why couldn't it prefer 'ignore-checks-errors' and warn? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. +1. I'd only warn if skipPreflightChecks is there and that's it |
||
} | ||
ignoreErrors.Insert("all") | ||
} | ||
|
||
if ignoreErrors.Has("all") && ignoreErrors.Len() > 1 { | ||
allErrs = append(allErrs, field.Invalid(field.NewPath("ignore-checks-errors"), strings.Join(ignoreErrors.List(), ","), "don't specify individual checks if 'all' is used")) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same.. could warn |
||
} | ||
|
||
return ignoreErrors, allErrs.ToAggregate() | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,6 +31,7 @@ import ( | |
flag "github.com/spf13/pflag" | ||
|
||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/apimachinery/pkg/util/sets" | ||
clientset "k8s.io/client-go/kubernetes" | ||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" | ||
kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1" | ||
|
@@ -112,6 +113,7 @@ func NewCmdInit(out io.Writer) *cobra.Command { | |
var dryRun bool | ||
var featureGatesString string | ||
var criSocket string | ||
var ignoreChecksErrors []string | ||
|
||
cmd := &cobra.Command{ | ||
Use: "init", | ||
|
@@ -126,15 +128,18 @@ func NewCmdInit(out io.Writer) *cobra.Command { | |
internalcfg := &kubeadmapi.MasterConfiguration{} | ||
legacyscheme.Scheme.Convert(cfg, internalcfg, nil) | ||
|
||
i, err := NewInit(cfgPath, internalcfg, skipPreFlight, skipTokenPrint, dryRun, criSocket) | ||
ignoreChecksErrorsSet, err := validation.ValidateIgnoreChecksErrors(ignoreChecksErrors, skipPreFlight) | ||
kubeadmutil.CheckErr(err) | ||
|
||
i, err := NewInit(cfgPath, internalcfg, ignoreChecksErrorsSet, skipTokenPrint, dryRun, criSocket) | ||
kubeadmutil.CheckErr(err) | ||
kubeadmutil.CheckErr(i.Validate(cmd)) | ||
kubeadmutil.CheckErr(i.Run(out)) | ||
}, | ||
} | ||
|
||
AddInitConfigFlags(cmd.PersistentFlags(), cfg, &featureGatesString) | ||
AddInitOtherFlags(cmd.PersistentFlags(), &cfgPath, &skipPreFlight, &skipTokenPrint, &dryRun, &criSocket) | ||
AddInitOtherFlags(cmd.PersistentFlags(), &cfgPath, &skipPreFlight, &skipTokenPrint, &dryRun, &criSocket, &ignoreChecksErrors) | ||
|
||
return cmd | ||
} | ||
|
@@ -190,16 +195,21 @@ func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiext.MasterConfigur | |
} | ||
|
||
// AddInitOtherFlags adds init flags that are not bound to a configuration file to the given flagset | ||
func AddInitOtherFlags(flagSet *flag.FlagSet, cfgPath *string, skipPreFlight, skipTokenPrint, dryRun *bool, criSocket *string) { | ||
func AddInitOtherFlags(flagSet *flag.FlagSet, cfgPath *string, skipPreFlight, skipTokenPrint, dryRun *bool, criSocket *string, ignoreChecksErrors *[]string) { | ||
flagSet.StringVar( | ||
cfgPath, "config", *cfgPath, | ||
"Path to kubeadm config file. WARNING: Usage of a configuration file is experimental.", | ||
) | ||
flagSet.StringSliceVar( | ||
ignoreChecksErrors, "ignore-checks-errors", *ignoreChecksErrors, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. again ignore-checks-errors is difficult to read and rationalize. |
||
"A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.", | ||
) | ||
// Note: All flags that are not bound to the cfg object should be whitelisted in cmd/kubeadm/app/apis/kubeadm/validation/validation.go | ||
flagSet.BoolVar( | ||
skipPreFlight, "skip-preflight-checks", *skipPreFlight, | ||
"Skip preflight checks which normally run before modifying the system.", | ||
) | ||
flagSet.MarkDeprecated("skip-preflight-checks", "it is now equivalent to --ignore-checks-errors=all") | ||
// Note: All flags that are not bound to the cfg object should be whitelisted in cmd/kubeadm/app/apis/kubeadm/validation/validation.go | ||
flagSet.BoolVar( | ||
skipTokenPrint, "skip-token-print", *skipTokenPrint, | ||
|
@@ -217,7 +227,7 @@ func AddInitOtherFlags(flagSet *flag.FlagSet, cfgPath *string, skipPreFlight, sk | |
} | ||
|
||
// NewInit validates given arguments and instantiates Init struct with provided information. | ||
func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, skipPreFlight, skipTokenPrint, dryRun bool, criSocket string) (*Init, error) { | ||
func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, ignoreChecksErrors sets.String, skipTokenPrint, dryRun bool, criSocket string) (*Init, error) { | ||
fmt.Println("[kubeadm] WARNING: kubeadm is currently in beta") | ||
|
||
if cfgPath != "" { | ||
|
@@ -249,19 +259,15 @@ func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, skipPreFlight, | |
fmt.Println("\t(/etc/systemd/system/kubelet.service.d/10-kubeadm.conf should be edited for this purpose)") | ||
} | ||
|
||
if !skipPreFlight { | ||
fmt.Println("[preflight] Running pre-flight checks.") | ||
fmt.Println("[preflight] Running pre-flight checks.") | ||
|
||
if err := preflight.RunInitMasterChecks(utilsexec.New(), cfg, criSocket); err != nil { | ||
return nil, err | ||
} | ||
|
||
// Try to start the kubelet service in case it's inactive | ||
preflight.TryStartKubelet() | ||
} else { | ||
fmt.Println("[preflight] Skipping pre-flight checks.") | ||
if err := preflight.RunInitMasterChecks(utilsexec.New(), cfg, criSocket, ignoreChecksErrors); err != nil { | ||
return nil, err | ||
} | ||
|
||
// Try to start the kubelet service in case it's inactive | ||
preflight.TryStartKubelet(ignoreChecksErrors) | ||
|
||
return &Init{cfg: cfg, skipTokenPrint: skipTokenPrint, dryRun: dryRun}, nil | ||
} | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ValidateIgnoreChecksErrors - doesn't parse well when reading.