kubeadm: Split discovery from JoinConfiguration

[rosti]

What this PR does / why we need it:

This change splits out discovery fields from JoinConfiguration by performing
the following changes:

• Introduce a BootstrapTokenDiscovery structure, that houses configuration
  options needed for bootstrap token based discovery.

• Introduce a FileDiscovery structure, that houses configuration options
  (currently only a single option) needed for KubeConfig based discovery.

• Introduce a Discovery structure, that houses common options (such as
  discovery timeout and TLS bootstrap token) as well as pointer to an instance
  of either BootstrapTokenDiscovery or FileDiscovery structures.

• Replace the old discovery related JoinConfiguration members with a single
  Discovery member.

This change is required in order to cleanup the code of unnecessary logic and
make the serialized JoinConfiguration more structured (and therefore, more
intuitive).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
refs kubernetes/kubeadm#911, refs kubernetes/kubeadm#963

Special notes for your reviewer:

This is another one of those big and somewhat hard to review PRs, that are the stepping stones in the path to v1beta1.

/cc @kubernetes/sig-cluster-lifecycle-pr-reviews
/area kubeadm
/kind api-change
/kind enhancement
/assign @luxas
/assign @timothysc
/assign @fabriziopandini

Release note:

kubeadm: JoinConfiguration now houses the discovery options in a nested Discovery structure, which in turn has a couple of other nested structures to house more specific options (BootstrapTokenDiscovery and FileDiscovery)

[dixudx]

For current v1alpha3, I'd prefer not to update the json structure. Use inline instead.

We could update that in next coming v1beta1.

[dixudx]

Default will be nil.
Remove it.

[dixudx]

Ditto.

[dixudx]

Missing newline?

[dixudx]

This will break old configurations.

For coming v1beta1, we cound use a new section like this.

But for current v1alpha3, shall we use below instead in types.go,

Discovery Discovery `json:",inline"`

[rosti]

Actually, it won't, since v1alpha3 is also unreleased and is massively different than v1alpha2 of 1.11.
I am also not a fan of inlining it, because that way the context of the options in Discovery is gone.

[dixudx]

Ditto for those following yaml files.

Better not change the struction of current released v1alpha3. We could do this in coming v1beta1 instead.

[rosti]

For current v1alpha3, I'd prefer not to update the json structure. Use inline instead.

We could update that in next coming v1beta1.

This looks like a double work for me and I am willing to actually hold of this PR for v1beta1 if we are going to split it into user and back facing interface changes.
I am not a big fan of inlining the Discovery structure either - it gives us more context that way and makes the config file more structured.
The fact is that this change is literally tiny compared to the rest if the changes we have done in v1alpha3. I don't believe that a user facing interface change here is going to break anyone, since v1alpha3 is unreleased.

[timothysc]

/hold

please coordinate this with @fabriziopandini there are overlapping issues right now.

[rosti]

Rebased the PR on v1beta1

@fabriziopandini @timothysc PTAL

[timothysc]

@rosti bot says it still needs a rebase.
I'd like to chat about config changes tomorrow during office hours too.

[timothysc]

Given that you and @fabriziopandini have been working on this one I'll defer to him on lgtm

/approve
/assign @fabriziopandini

[fabriziopandini]

@rosti thank you for this PR and +100 for keeping this going across two cycles!

Overall this PR looks fine, but the things that confused a little bit me is the move from tree token fields (discoveryToken, tlsBootstrapToken and token to override the former two) to two token fields. Some other minors inline

[fabriziopandini]

Wandering if it makes more sense to have two TLS bootstrap tokens, one inside BootstrapToken and one inside File.
WDYT?

[fabriziopandini]

Ok according to original Lucas design

[fabriziopandini]

I'm not fully convinced by calling this path, but I don't have better suggestion ATM...

[rosti]

How about KubeConfigFile? Yet it sounds kind of the same to me.

[fabriziopandini]

Leave as it is ATM

[fabriziopandini]

If I'm not wrong we are missing DiscoveryToken (unless it is intentional to conflate Token and DiscoveryToken)

[fabriziopandini]

Ok according to original Lucas design

[fabriziopandini]

if I'm not wrong out.token is missing...

[fabriziopandini]

ok according to original Lucas design/the semantic of --token acting as a proxy for TLSBootstrapToken/DiscoveryToken

[fabriziopandini]

DiscoveryToken is missing also here

[fabriziopandini]

ok according to original Lucas design

[fabriziopandini]

Wandering if we should make this string instead of accepting array of string and throwing an error in validation if more than one string is passed

[fabriziopandini]

Please make this string; we are not accepting more than one value ATM and there is no plan for supporting >1 API Endpoints as far as I know

[rosti]

This will come in as a followup PR as the change is not trivial (currently there is a lot of code in kubeadm, that looks upon this as a []string and doing correct handling of multiple API Servers).

[fabriziopandini]

might be ValidateDiscoveryFile?

[fabriziopandini]

Please rename to ValidateDiscoveryFile

[fabriziopandini]

this is out of the scope of this PR, but it would be great to rename also ValidateJoinDiscoveryTokenAPIServer into ValidateDiscoveryTokenAPIServer

[fabriziopandini]

kindly rename ValidateJoinDiscoveryTokenAPIServer into ValidateDiscoveryTokenAPIServerfor consistency

[fabriziopandini]

I think to understand why you are creating separated object instead of working on cfg, but I'm wondering if we can do the the other way around: use cfg and then clean up cfg.Discovery.File or cfg.Discovery.BootstrapToken if corresponding flags/args are not set

[fabriziopandini]

I'm not a fan of this solution but we can leave with it ATM

[fabriziopandini]

This is a little bit confusing.
In the config we now there is BootstrapToken.Token and TLSBootstrapToken but not Token
here there is Token, TLSBootstrapToken but not discovery-token anymore

[fabriziopandini]

Please fix the flag documentation explaining the semantics of this flag

[rosti]

@fabriziopandini the change is along the lines of the original proposal by Lucas, which I find the most sensible solution here.
The TLSBootstrapToken is moved to the common Discovery struct and is therefore shared by both discovery methods. The DiscoveryToken field is replaced by BootstrapToken.Token. The Token field, whose purpose in v1alpha3 was to supply a common value to use for TLSBootstrapToken and DiscoveryToken, when no value was supplied for some of them, was removed. You can still specify the --token switch on command line to supply a single value to use for both TLSBootstrapToken and DiscoveryToken. Also, v1alpha3 to internal config is making sure to do the correct conversion too.

P.S.: On second though, I got the semantics for --token a bit different than what it used to be, so I'll change fix them in a bit. They should not be overwritten by --token if they are not empty.

[rosti]

Fixed the --token flag semantics (of kubeadm join).

[fabriziopandini]

@rosti
/approve
Please fix minors still pending and then ready for lgtm

After your explanation I added a note on all my previous comments that does not apply anymore, and make it clear where IMO you should fix minors

[fabriziopandini]

Please make this string; we are not accepting more than one value ATM and there is no plan for supporting >1 API Endpoints as far as I know

[fabriziopandini]

Please rename to ValidateDiscoveryBootstrapToken

[fabriziopandini]

This should go away when APIServerEndpoints changes from []string to string

[fabriziopandini]

kindly rename ValidateJoinDiscoveryTokenAPIServer into ValidateDiscoveryTokenAPIServerfor consistency

[fabriziopandini]

Please rename to ValidateDiscoveryFile

[fabriziopandini]

Please fix the flag documentation explaining the semantics of this flag

[fabriziopandini]

/approve
/lgtm

/test pull-kubernetes-e2e-gce

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini, rosti, timothysc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [fabriziopandini,timothysc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rosti]

A few minor details to address in a couple of hours and this will be ready to go.

/hold

[rosti]

@fabriziopandini should be ready now for re-lgtm.

/hold cancel

[fabriziopandini]

/lgtm

[fabriziopandini]

/test pull-kubernetes-kubemark-e2e-gce-big

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.