kubeadm - addon configuration in the kubeadm config API.

[fabriziopandini]

What this PR does / why we need it:
This PR introduces addon configuration in the kubeadm config API; as a consequence kubeadm feature flag CoreDNS is deprecated.

Which issue(s) this PR fixes :

Special notes for your reviewer:
This is a WIP, aimed at collecting feedbacks on the API design; since addon configuration includes image configuration, I took a look a 360° look at this topic and reviewed comments accordingly

/sig cluster-lifecycle
/kind documentation
/assign @timothysc
/assign @dtieber
/cc @rosti
@kubernetes/sig-cluster-lifecycle-pr-reviews
@neolit123
@chuckha

Release note:

Addon configuration is introduced in the kubeadm config API, while feature flag CoreDNS is now deprecated.

[k8s-ci-robot]

@fabriziopandini: GitHub didn't allow me to assign the following users: dtieber.

Note that only kubernetes members and repo collaborators can be assigned.
For more information please see the contributor guide

In response to this:

What this PR does / why we need it:
This PR introduces add-on configuration in the kubeadm config API; as a consequence kubeadm feature flag CoreDNS is deprecated.

Which issue(s) this PR fixes :

Special notes for your reviewer:
This is a WIP, aimed at collecting feedbacks on the API design; since add-on configuration includes image configuration, I took a look a 360° look at this topic and reviewed comments accordingly

/sig cluster-lifecycle
/kind documentation
/assign @timothysc
/assign @dtieber
/cc @rosti
@kubernetes/sig-cluster-lifecycle-pr-reviews
@neolit123
@chuckha

Release note:

Add-on configuration is introduced in the kubeadm config API, while feature flag CoreDNS is now deprecated.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[neolit123]

@fabriziopandini thanks.
added some comments + questions on which we can have a discussion.

overall, i think this is fine.

[neolit123]

my original idea was to have these under a parent Addons sub-struct or a list, but this is fine too.
...unless if we decide at some point to add a bunch more core addons, which will then leave all of them floating in the root config.

[timothysc]

json:"proxy"

[neolit123]

it might be a good idea for us to outline that a tag is included here as part of Image.
e.g. Image = "image:tag".

we might get some reports in the lines of "hey, my custom coredns version upgrade is not working correctly", but that would be a side effect of the flexibility here, so it's a trade off.

[rosti]

Thanks @fabriziopandini ! Definitely a step in the right direction.

[rosti]

Not sure of what will be the use case of setting this to a different value (than ClusterConfiguration.ImageRepository, but not setting Image here directly).

[fabriziopandini]

by setting ImageRepository you can do kubeadm upgrade, while image binds you to an image:tag

[timothysc]

@fabriziopandini I think we should create an ImageMeta as mentioned above

[rosti]

Not sure if this is reasonable for kube-proxy. But it's ok, as long as the same K8s version is used.

[rosti]

We may have to have a version of ExtraArgs on a per-node basis...

[fabriziopandini]

This was discussed and punted out ...

[rosti]

This should probably now state ... to pull images from. (remove the control plane part of it). Since this could be used for kube-proxy and pause images, which run on worker nodes too.

[timothysc]

ImageRepository string `json:"imageRepository,omitempty"`
Image string `json:"image,omitempty"`
ExtraArgs map[string]string `json:"extraArgs,omitempty"` 

almost all seem pretty ImageMeta

[fabriziopandini]

@timothysc if I got your point here it can work but we need to have CoreImageMeta (where only ExtraArgs override makes sense) and ExternalImageMeta (where it is possible to override imageRepository or image:tag).
WDYT?

Another detail to be addressed is the DNS substruct that that can be both a "coreComponent" (kube-dns) and an "externalComponent" (core-dns)... might be it is better to have different structs

[timothysc]

I'm not following, I don't see a distinction between the two from the fields they would provide.

[timothysc]

Similar comments to a different PR.

[timothysc]

json:"proxy"

[timothysc]

blarg.. I need to talk with @kubernetes/sig-network-misc @thockin what is the deprecation plan?

I was hoping we could finally rid ourselves of this tech-debt.

[luxas]

kube-dns is GA and is gonna be so for a long time, we need to support it although it's not fun

[timothysc]

@fabriziopandini I think we should create an ImageMeta as mentioned above

[fabriziopandini]

@timothysc @rosti @luxas @neolit123
Now this PR is aligned with what discussed today in the kubeadm office hour.
I still have to do some manual test on the upgrade part, but it will be great if you can give a first pass

[neolit123]

thanks for the update @fabriziopandini
went through the whole change and added only two comments.

can have a look again tomorrow.

[neolit123]

the k8s-infra team has plans to make architectures as part of the image tag for future releases.
e.g. pause:3.1-arm64
possibly platforms too e.g. pause:3.1-adm64-windows

just FYI, i think i don't see a problem with having the ImageTag like that.

[neolit123]

DND add-on -> DNS addon

[rosti]

@fabriziopandini looks great! Thanks for this!

[rosti]

I'd rather have this as just:

out.FeatureGates["CoreDNS"] = (in.DNS.Type == kubeadm.CoreDNS)

[rosti]

Probably change this to etcdImageToImageMeta?

[luxas]

Thanks, good work!
Left some comment, the main one that we can't break the CLI, so deprecated feature gates can't error in validation. However, as agreed, I'll LGTM this now, and you'll fix up the deprecated feature gates' expected behavior later as a standalone change (this due also that it touches other deprecated feature gates, not just this one)
Needs a rebase though

/approve
/lgtm

[luxas]

kube-dns is GA and is gonna be so for a long time, we need to support it although it's not fun

[luxas]

I'd still mark this GA, but deprecate and hide it

[luxas]

Let's change this to output the deprecation warning or something instead if deprecated. If this check returns false, validation is gonna error, which is something we can't let happen in this release

[luxas]

doesn't need conversion I think

[luxas]

doesn't need conversion

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini, luxas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [fabriziopandini,luxas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

[fabriziopandini]

opened kubernetes/kubeadm#1226 for tracking implementation of requested feature gate warning as per @luxas comment

[fabriziopandini]

/retest

[timothysc]

reapplying
/lgtm

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.