-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: Write kubelet config file to disk and persist in-cluster #63887
kubeadm: Write kubelet config file to disk and persist in-cluster #63887
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So in general this looks like an overall cleanup improvement.. But upgrading from an old unit file seems fraught with peril
/cc @detiber
cmd/kubeadm/app/cmd/init.go
Outdated
return fmt.Errorf("error creating base kubelet configuration: %v", err) | ||
} | ||
|
||
// NOTE: flag "--dynamic-config-dir" should be specified in /etc/systemd/system/kubelet.service.d/10-kubeadm.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
b/c the kubelet will write to this location it should be /var/lib/kubelet ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How are you going to upgrade into this? You will need a systemctl daemon-reload + restart.
|
||
// DownloadKubeletConfig downloads the kubelet configuration from a ConfigMap and writes it to disk. | ||
// Used at "kubeadm join" time | ||
func DownloadKubeletConfig(kubeletKubeConfig string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't we have a download-config subcommand as well then for debugging?
// KubeletBaseConfigurationFile specifies the file name on the node which stores initial remote configuration of kubelet | ||
KubeletBaseConfigurationFile = "kubelet" | ||
// KubeletConfigurationFile specifies the file name on the node which stores initial remote configuration of kubelet | ||
KubeletConfigurationFile = "/var/lib/kubelet/config.yaml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I am understanding the docs for Dynamic Kubelet Config, it looks like the dynamic config is downloaded from the config map to the directory specified by --dynamic-config-dir
automatically and the config pulled down overrides the values that are set through --config
. With that being the case, shouldn't we write the static config file (or initial config in the case of dynamic config) to /etc/kubernetes
and leave /var/lib/kubelet
for the content that is dynamically managed at runtime by the kubelet?
The addition of an environment file is great here, but if we go forward with this it would probably be a good idea to stick with standard env file paths for the OSs we ship packages for. I know for CentOS/Fedora this would be An aside while I'm on the topic of systemd unit configuration managed by the packaging, we really shouldn't be placing packaged managed unit files and drop-in files in I'm still concerned with how we handle this transition during upgrades, since there is a bit of chicken/egg involved between the package managed dropin and the configuration done by kubeadm upgrade. If we force the update with the package upgrade of kubeadm, then we risk breaking the running kubelet prior to install. However, we could transition the ownership of the drop-in file to kubeadm, which would allow for kubeadm itself to mutate the drop-in, perform a |
Agree that we should follow the distribution standards for placement for environment files and using There's a potential issue at present in that the docs ask people to modify Moving management of that particular config to something kubeadm controls so that the drop-ins are truly static makes more sense. |
the already modified kubelet config by the user (e.g. cgroup driver updated) is a problem. i think the documentation and the suggested workflow for the kubelet would have been to never modify the kublet config but handle extra arguments from the environment only. if the same location is written to, a backup of the user config should be created - e.g.
do you have something in mind on how the mutator would work? if the user has modified his kubelet config a lot, doing a |
One option that we have is to have the upgrade scripts in packaging preserve the existing file and create the new version of the file under /usr/lib/systemd and require the user to reconcile the differences. This is a more manual step, but would get us to the place that we want to be... We could also tell users that if they haven't modified the file that it is safe to just blow it away. As for documentation on how to modify the unit config, we could tell users to just use |
going back to this:
this is so true.
i think the files should be placed in the same folder and for the old one a suffix should be appended, like
this seems like a good solution. so in terms of the docs and |
I do agree that it is confusing, but it would ensure that the existing drop-in would override the package provided one... We could always attempt to do a diff against the known previous version and only leave the diff as a drop-in under /etc/systemd/system/kubelet.service.d. We could also provide a preflight check to force the user to take some action prior to upgrade as well. I think anything we do for the transition is going to be awkward, but as long as we provide sufficient documentation and tooling to assist the user through the transition then we can limit the impact. |
948c497
to
0ba1430
Compare
/retest Review the full test history for this PR. Silence the bot with an |
3 similar comments
/retest Review the full test history for this PR. Silence the bot with an |
/retest Review the full test history for this PR. Silence the bot with an |
/retest Review the full test history for this PR. Silence the bot with an |
…so write runtime environment file and fixup the kubelet phases command
916cd0a
to
5382cf7
Compare
New changes are detected. LGTM label has been removed. |
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: luxas, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
5382cf7
to
60b0eeb
Compare
/retest |
2 similar comments
/retest |
/retest |
/retest |
Automatic merge from submit-queue (batch tested with PRs 63914, 63887, 64116, 64026, 62933). If you want to cherry-pick this change to another branch, please follow the instructions here. |
Automatic merge from submit-queue (batch tested with PRs 64322, 64210, 64458, 64232, 64370). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: Move .NodeName and .CRISocket to a common sub-struct **What this PR does / why we need it**: Regroups some common fields for `kubeadm init` and `kubeadm join` only used for the initial node registration. Lets the user specify ExtraArgs to the kubelet. Now also runs the dynamic env file creation for `kubeadm join`. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes kubernetes/kubeadm#847 Follows-up kubernetes#63887 Related to kubernetes/kubeadm#822 **Special notes for your reviewer**: WIP, but please review so we can finalize the direction of the PR **Release note**: ```release-note [action required] `.NodeName` and `.CRISocket` in the `MasterConfiguration` and `NodeConfiguration` v1alpha1 API objects are now `.NodeRegistration.Name` and `.NodeRegistration.CRISocket` respectively in the v1alpha2 API. The `.NoTaintMaster` field has been removed in the v1alpha2 API. ``` @kubernetes/sig-cluster-lifecycle-pr-reviews @liztio
What this PR does / why we need it:
In order to make configuration flow from the cluster level to node level, we need a way for kubeadm to tell the kubelet what config to use. As of v1.10 (I think) the kubelet can read
--config
using the kubelet Beta ComponentConfiguration API, so now we have an interface to talk to the kubelet properly.This PR:
/var/lib/kubelet/config.yaml
on init and join/var/lib/kubelet/kubeadm-flags.env
. This file contain runtime flags that should be passed to the kubelet.kubelet-config-1.X
The kubelet dropin file I used now looks like this:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes kubernetes/kubeadm#822
Fixes kubernetes/kubeadm#571
Special notes for your reviewer:
Release note:
@kubernetes/sig-cluster-lifecycle-pr-reviews @mtaufen