-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds kubeadm images command #63450
Adds kubeadm images command #63450
Conversation
/cc @kubernetes/sig-cluster-lifecycle-pr-reviews |
@chuckha: Reiterating the mentions to trigger a notification: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
/test pull-kubernetes-integration |
/test pull-kubernetes-verify |
cmd/kubeadm/app/cmd/images.go
Outdated
|
||
// NewImages returns a "kubeadm images" command | ||
func NewImages(cfgPath string, cfg *kubeadmapi.MasterConfiguration) (*Images, error) { | ||
if cfgPath != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use configutil.ConfigFileAndDefaultsToInternalConfig
; this will ensure a consistent initialisation for the master-configuration e.g. by invoking SetDynamicDefaults
(same as other kubeadm commands)
cmd/kubeadm/app/cmd/images.go
Outdated
} | ||
|
||
// AddImagesFlags adds the flags required for "kubeadm images" | ||
func AddImagesFlags(flagSet *flag.FlagSet, cfgPath *string) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I'm in favour of providing a simpler UX (less flags) than kubeadm init
/kubeadm phases
, but I'm a little bit concerned if the users will find the lack of flags confusing when invoking the command without a config file.
@chuckha What about making the --config
flag mandatory? (So there is only a supported path fully consistent with kubeadm init
/kubeadm phases
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fabriziopandini is a config file required for kubeadm init
if no flags are provided? I didn't know that. I agree the UX should be as simple as possible. I think I agree here if kubeadm init
without a config or flags means nothing then kubeadm config list-images
should mean nothing as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Someone brought this up the other day, and it is definitely tangential to this PR, but we really do need to have a command to generate a config populated with the default values...
Now back on topic, I think requiring a config file is a bit of a poor experience, especially since we should have a happy path to an easy default install. I also think that it makes sense to have a handful of command line flags that can be used for common and trivial config options.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the existing set of options exposed in v1.10.2:
vagrant@ubuntu:~$ kubeadm init --help
Run this command in order to set up the Kubernetes master.
Usage:
kubeadm init [flags]
Flags:
--apiserver-advertise-address string The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface.
--apiserver-bind-port int32 Port for the API Server to bind to. (default 6443)
--apiserver-cert-extra-sans strings Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.
--cert-dir string The path where to save and store the certificates. (default "/etc/kubernetes/pki")
--config string Path to kubeadm config file. WARNING: Usage of a configuration file is experimental.
--cri-socket string Specify the CRI socket to connect to. (default "/var/run/dockershim.sock")
--dry-run Don't apply any changes; just output what would be done.
--feature-gates string A set of key=value pairs that describe feature gates for various features. Options are:
Auditing=true|false (ALPHA - default=false)
CoreDNS=true|false (BETA - default=false)
DynamicKubeletConfig=true|false (ALPHA - default=false)
SelfHosting=true|false (ALPHA - default=false)
StoreCertsInSecrets=true|false (ALPHA - default=false)
-h, --help help for init
--ignore-preflight-errors strings A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
--kubernetes-version string Choose a specific Kubernetes version for the control plane. (default "stable-1.10")
--node-name string Specify the node name.
--pod-network-cidr string Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node. --service-cidr string Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")
--service-dns-domain string Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local")
--skip-token-print Skip printing of the default bootstrap token generated by 'kubeadm init'.
--token string The token to use for establishing bidirectional trust between nodes and masters.
--token-ttl duration The duration before the bootstrap token is automatically deleted. If set to '0', the token will never expire. (default 24h0m0s)
There appear to be a few different "classes" of options that we expose today.
- command options that do not make sense in the config file:
- --config
- -h, --help
- --dry-run
- --ignore-preflight-errors
- --skip-token-print
- simple, common config overrides
- --kubernetes-version
- --node-name
- --pod-network-cidr
- --service-cidr
- --cri-socket
- feature gates
- more complex config options, or less common overrides that could have wider implications
- --apiserver-advertise-address
- --apiserver-bind-port
- --apiserver-cert-extra-sans
- --cert-dir
- --service-dns-domain
I think the first two "classes" definitely make sense to bubble up as command line options. For less common config options or where common configuration overrides would require multiple command line options to be specified (as in the case of overriding the api server advertise address and port combination) make more sense in the config file.
For feature gates, I think that is a bigger discussion that needs to happen. I think we've been a bit too cavalier with our use of feature gates to date. I don't see an issue with bubbling feature gates up to the command line options, but I think we need to be more judicious in what becomes a feature gate vs a new configuration option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So luckily for this PR the only one of those that will affect the output here are
--kubernetes-version
and feature-gates=CoreDNS=true
.
I can add the kubernetes version and the feature gate flags and then in a following PR I will want to refactor the config subcommand to be a package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this PR! The offline support was one of the topics discussed at kubeconf!
I'm ok with the overall approach, only few comments to make the user experience more consistent with other kubeadm commands.
So the real question here is whether this should rise to a 1st class subcommand or if it would fit under the we need to discuss this one on the sig call, please add to the agenda for this week. /hold |
4b8c057
to
fc5567f
Compare
/test pull-kubernetes-bazel-build |
/test pull-kubernetes-bazel-build |
@chuckha kudos for adding good u-test coverage. |
As discussed in sig-cluster-lifecycle, this is moving to |
d165e56
to
90d68a0
Compare
/test pull-kubernetes-e2e-kops-aws |
1 similar comment
/test pull-kubernetes-e2e-kops-aws |
cmd/kubeadm/app/cmd/images.go
Outdated
) | ||
|
||
// NewCmdImages returns the "kubeadm images" command | ||
func NewCmdImages(out io.Writer) *cobra.Command { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we're being consistent, this would whole subcommand would be in config.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
config is going to have to get refactored. I didn't want to expand the scope of this PR -- how does opening a ticket to refactor config into a package (vs top level files) sound? Then I can stick images in that package and split out config.go into two files which would be more consistent with how we approach other multi-command subcommands.
cmd/kubeadm/app/cmd/images_test.go
Outdated
defaultNumberOfImages = 8 | ||
) | ||
|
||
func TestNewCmdImages(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same re: s/images/config
cmd/kubeadm/app/cmd/images.go
Outdated
// Run runs the images command and writes the result to the io.Writer passed in | ||
func (i *Images) Run(out io.Writer) error { | ||
imgs := []string{} | ||
imgs = append(imgs, images.GetCoreImage(constants.KubeAPIServer, i.cfg.ImageRepository, i.cfg.KubernetesVersion, i.cfg.UnifiedControlPlaneImage)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can't we wrap this into a utility f(n)? images.GetAllImages()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We certainly can. I usually leave that for when it's required, but I'm happy to refactor that if you think it's useful.
73a1930
to
668b3e9
Compare
Closes kubernetes/kubeadm#388 Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: chuckha, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Automatic merge from submit-queue (batch tested with PRs 62665, 62194, 63616, 63672, 63450). If you want to cherry-pick this change to another branch, please follow the instructions here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Super small nit only.
Thanks for this @chuckha, good UX improvement 👍
imgs = append(imgs, GetCoreImage(constants.KubeControllerManager, cfg.ImageRepository, cfg.KubernetesVersion, cfg.UnifiedControlPlaneImage)) | ||
imgs = append(imgs, GetCoreImage(constants.KubeScheduler, cfg.ImageRepository, cfg.KubernetesVersion, cfg.UnifiedControlPlaneImage)) | ||
imgs = append(imgs, fmt.Sprintf("%v/%v-%v:%v", cfg.ImageRepository, constants.KubeProxy, runtime.GOARCH, kubeadmutil.KubernetesVersionToImageTag(cfg.KubernetesVersion))) | ||
imgs = append(imgs, fmt.Sprintf("%v/pause-%v:%v", cfg.ImageRepository, runtime.GOARCH, "3.1")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we source this constant from somewhere? Also this might get updated with new Kubernetes versions, so we maybe should track it in constants like we do with etcd versions...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I looked but the best place I found was in the test framework. I could have overlooked something though. It's a surprisingly hard thing to find.
You're right though. Looking back it looks like it did get bumped in 1.10 to 3.1. I think that will be outside the kubeadm scope but we should have the mechanism in place for getting the correct version given the k8s version.
Might be worth consolidating as we have some logic in constants (etcd) and some logic in the dns package. I'll open a ticket to investigate this work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@chuckha do you plan to update |
@neolit123 Yeah, I was going to after the code freeze this week. I'm trying to get one more change to this feature before the end of the week so the documentation might be better put off until next week. |
Closes kubernetes/kubeadm#388
Signed-off-by: Chuck Ha ha.chuck@gmail.com
What this PR does / why we need it:
This PR adds a
list-images
subcommand tokubeadm config
. We need this to make installing kubernetes on air-gapped environments a little easier. This command will print out a list of images it expects to use for the master node.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes kubernetes/kubeadm#388
Special notes for your reviewer:
Release note: