Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup old upgrading code that is v1.8->v1.9-specific #60359

Merged
merged 3 commits into from Mar 14, 2018
Merged

Cleanup old upgrading code that is v1.8->v1.9-specific #60359

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6aa8b2f
Remove 1.8-1.9 upgrade codes of kubeadm
xiangpengzhao Feb 24, 2018
051c480
Auto generated BUILD files.
xiangpengzhao Feb 24, 2018
1d167d2
Use cert util to get cert data.
xiangpengzhao Mar 7, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions cmd/kubeadm/app/phases/upgrade/BUILD
View file
Open in desktop
Expand Up @@ -8,7 +8,6 @@ go_library(
"health.go",
"policy.go",
"postupgrade.go",
"postupgrade_v18_19.go",
"prepull.go",
"selfhosted.go",
"staticpods.go",
Expand Down Expand Up @@ -49,6 +48,7 @@ go_library(
"//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//vendor/k8s.io/client-go/kubernetes:go_default_library",
"//vendor/k8s.io/client-go/util/cert:go_default_library",
],
)

Expand All @@ -71,7 +71,7 @@ go_test(
srcs = [
"compute_test.go",
"policy_test.go",
"postupgrade_v18_19_test.go",
"postupgrade_test.go",
"prepull_test.go",
"staticpods_test.go",
],
Expand Down
62 changes: 61 additions & 1 deletion cmd/kubeadm/app/phases/upgrade/postupgrade.go
View file
Open in desktop
Expand Up @@ -19,12 +19,14 @@ package upgrade
import (
"fmt"
"os"
"path/filepath"
"time"

apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/errors"
clientset "k8s.io/client-go/kubernetes"
certutil "k8s.io/client-go/util/cert"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
Expand All @@ -41,6 +43,9 @@ import (
"k8s.io/kubernetes/pkg/util/version"
)

var v190alpha3 = version.MustParseSemantic("v1.9.0-alpha.3")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This var is not used. Should be removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's still used (in line 147: https://github.com/kubernetes/kubernetes/pull/60359/files#diff-668202917ffe6a202af0eea0d7bcf87aR147) and necessary to keep it for now. It can be removed in 1.11 cycle.

var expiry = 180 * 24 * time.Hour

// PerformPostUpgradeTasks runs nearly the same functions as 'kubeadm init' would do
// Note that the markmaster phase is left out, not needed, and no token is created as that doesn't belong to the upgrade
func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.MasterConfiguration, newK8sVer *version.Version, dryRun bool) error {
Expand Down Expand Up @@ -84,7 +89,7 @@ func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.MasterC
}

certAndKeyDir := kubeadmapiext.DefaultCertificatesDir
shouldBackup, err := shouldBackupAPIServerCertAndKey(certAndKeyDir, newK8sVer)
shouldBackup, err := shouldBackupAPIServerCertAndKey(certAndKeyDir)
// Don't fail the upgrade phase if failing to determine to backup kube-apiserver cert and key.
if err != nil {
fmt.Printf("[postupgrade] WARNING: failed to determine to backup kube-apiserver cert and key: %v", err)
Expand Down Expand Up @@ -157,3 +162,58 @@ func getWaiter(dryRun bool, client clientset.Interface) apiclient.Waiter {
}
return apiclient.NewKubeWaiter(client, 30*time.Minute, os.Stdout)
}

// backupAPIServerCertAndKey backups the old cert and key of kube-apiserver to a specified directory.
func backupAPIServerCertAndKey(certAndKeyDir string) error {
subDir := filepath.Join(certAndKeyDir, "expired")
if err := os.Mkdir(subDir, 0766); err != nil {
return fmt.Errorf("failed to created backup directory %s: %v", subDir, err)
}

filesToMove := map[string]string{
filepath.Join(certAndKeyDir, kubeadmconstants.APIServerCertName): filepath.Join(subDir, kubeadmconstants.APIServerCertName),
filepath.Join(certAndKeyDir, kubeadmconstants.APIServerKeyName): filepath.Join(subDir, kubeadmconstants.APIServerKeyName),
}
return moveFiles(filesToMove)
}

// moveFiles moves files from one directory to another.
func moveFiles(files map[string]string) error {
filesToRecover := map[string]string{}
for from, to := range files {
if err := os.Rename(from, to); err != nil {
return rollbackFiles(filesToRecover, err)
}
filesToRecover[to] = from
}
return nil
}

// rollbackFiles moves the files back to the original directory.
func rollbackFiles(files map[string]string, originalErr error) error {
errs := []error{originalErr}
for from, to := range files {
if err := os.Rename(from, to); err != nil {
errs = append(errs, err)
}
}
return fmt.Errorf("couldn't move these files: %v. Got errors: %v", files, errors.NewAggregate(errs))
}

// shouldBackupAPIServerCertAndKey checks if the cert of kube-apiserver will be expired in 180 days.
func shouldBackupAPIServerCertAndKey(certAndKeyDir string) (bool, error) {
apiServerCert := filepath.Join(certAndKeyDir, kubeadmconstants.APIServerCertName)
certs, err := certutil.CertsFromFile(apiServerCert)
if err != nil {
return false, fmt.Errorf("couldn't load the certificate file %s: %v", apiServerCert, err)
}
if len(certs) == 0 {
return false, fmt.Errorf("no certificate data found")
}

if time.Now().Sub(certs[0].NotBefore) > expiry {
return true, nil
}

return false, nil
}
16 changes: 4 additions & 12 deletions ...phases/upgrade/postupgrade_v18_19_test.go → ...dm/app/phases/upgrade/postupgrade_test.go
View file
Open in desktop
Expand Up @@ -29,7 +29,6 @@ import (
certsphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/pkiutil"
testutil "k8s.io/kubernetes/cmd/kubeadm/test"
"k8s.io/kubernetes/pkg/util/version"
)

func TestBackupAPIServerCertAndKey(t *testing.T) {
Expand Down Expand Up @@ -139,20 +138,13 @@ func TestShouldBackupAPIServerCertAndKey(t *testing.T) {

for desc, test := range map[string]struct {
adjustedExpiry time.Duration
k8sVersion *version.Version
expected bool
}{
"1.8 version doesn't need to backup": {
k8sVersion: version.MustParseSemantic("v1.8.0"),
expected: false,
"default: cert not older than 180 days doesn't needs to backup": {
expected: false,
},
"1.9 version with cert not older than 180 days doesn't needs to backup": {
k8sVersion: version.MustParseSemantic("v1.9.0"),
expected: false,
},
"1.9 version with cert older than 180 days need to backup": {
"cert older than 180 days need to backup": {
adjustedExpiry: expiry + 100*time.Hour,
k8sVersion: version.MustParseSemantic("v1.9.0"),
expected: true,
},
} {
Expand Down Expand Up @@ -180,7 +172,7 @@ func TestShouldBackupAPIServerCertAndKey(t *testing.T) {
}
}

shouldBackup, err := shouldBackupAPIServerCertAndKey(tmpdir, test.k8sVersion)
shouldBackup, err := shouldBackupAPIServerCertAndKey(tmpdir)
if err != nil {
t.Fatalf("Test %s: failed to check shouldBackupAPIServerCertAndKey: %v", desc, err)
}
Expand Down
106 changes: 0 additions & 106 deletions cmd/kubeadm/app/phases/upgrade/postupgrade_v18_19.go
View file
Open in desktop

This file was deleted.