Merge pull request #1888 from sairameshv/bump-1.29.2

OCPNODE-1892: Bump k8s to 1.29.2

.go-version

@@ -1 +1 @@
-1.21.6
+1.21.7

api/openapi-spec/v3/api__v1_openapi.json

@@ -4634,7 +4634,7 @@
                 "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"
               }
             ],
-            "description": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature."
+            "description": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is a beta field and requires the PersistentVolumeLastPhaseTransitionTime feature to be enabled (enabled by default)."
           },
           "message": {
             "description": "message is a human-readable message indicating details about why the volume is in this state.",

build/build-image/cross/VERSION

@@ -1 +1 @@
-v1.29.0-go1.21.6-bullseye.0
+v1.29.0-go1.21.7-bullseye.0

build/common.sh

@@ -96,9 +96,9 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}"
 readonly KUBE_CONTAINER_RSYNC_PORT=8730
 
 # These are the default versions (image tags) for their respective base images.
-readonly __default_distroless_iptables_version=v0.4.4
-readonly __default_go_runner_version=v2.3.1-go1.21.6-bookworm.0
-readonly __default_setcap_version=bookworm-v1.0.0
+readonly __default_distroless_iptables_version=v0.4.5
+readonly __default_go_runner_version=v2.3.1-go1.21.7-bookworm.0
+readonly __default_setcap_version=bookworm-v1.0.1
 
 # These are the base images for the Docker-wrapped binaries.
 readonly KUBE_GORUNNER_IMAGE="${KUBE_GORUNNER_IMAGE:-$KUBE_BASE_IMAGE_REGISTRY/go-runner:$__default_go_runner_version}"

build/dependencies.yaml

@@ -118,7 +118,7 @@ dependencies:
 
   # Golang
   - name: "golang: upstream version"
-    version: 1.21.6
+    version: 1.21.7
     refPaths:
     - path: .go-version
     - path: build/build-image/cross/VERSION
@@ -140,13 +140,13 @@ dependencies:
       match: minimum_go_version=go([0-9]+\.[0-9]+)
 
   - name: "registry.k8s.io/kube-cross: dependents"
-    version: v1.29.0-go1.21.6-bullseye.0
+    version: v1.29.0-go1.21.7-bullseye.0
     refPaths:
     - path: build/build-image/cross/VERSION
 
   # Base images
   - name: "registry.k8s.io/debian-base: dependents"
-    version: bookworm-v1.0.0
+    version: bookworm-v1.0.1
     refPaths:
     - path: cluster/images/etcd/Makefile
       match: BASEIMAGE\?\=registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)
@@ -178,15 +178,15 @@ dependencies:
       match: registry\.k8s\.io\/build-image\/debian-base:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)
 
   - name: "registry.k8s.io/distroless-iptables: dependents"
-    version: v0.4.4
+    version: v0.4.5
     refPaths:
     - path: build/common.sh
       match: __default_distroless_iptables_version=
     - path: test/utils/image/manifest.go
       match: configs\[DistrolessIptables\] = Config{list\.BuildImageRegistry, "distroless-iptables", "v([0-9]+)\.([0-9]+)\.([0-9]+)"}
 
   - name: "registry.k8s.io/go-runner: dependents"
-    version: v2.3.1-go1.21.6-bookworm.0
+    version: v2.3.1-go1.21.7-bookworm.0
     refPaths:
     - path: build/common.sh
       match: __default_go_runner_version=
@@ -254,7 +254,7 @@ dependencies:
       match: configs\[Pause\] = Config{list\.GcRegistry, "pause", "\d+\.\d+(.\d+)?"}
 
   - name: "registry.k8s.io/build-image/setcap: dependents"
-    version: bookworm-v1.0.0
+    version: bookworm-v1.0.1
     refPaths:
     - path: build/common.sh
       match: __default_setcap_version=

cluster/gce/gci/configure-helper.sh

@@ -3161,7 +3161,7 @@ spec:
   - name: vol
   containers:
   - name: pv-recycler
-    image: registry.k8s.io/build-image/debian-base:bookworm-v1.0.0
+    image: registry.k8s.io/build-image/debian-base:bookworm-v1.0.1
     command:
     - /bin/sh
     args:

cluster/images/etcd/Makefile

@@ -92,19 +92,19 @@ DOCKERFILE.windows = Dockerfile.windows
 DOCKERFILE := ${DOCKERFILE.${OS}}
 
 ifeq ($(ARCH),amd64)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base:bookworm-v1.0.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base:bookworm-v1.0.1
 endif
 ifeq ($(ARCH),arm)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm:bookworm-v1.0.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm:bookworm-v1.0.1
 endif
 ifeq ($(ARCH),arm64)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm64:bookworm-v1.0.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-arm64:bookworm-v1.0.1
 endif
 ifeq ($(ARCH),ppc64le)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-ppc64le:bookworm-v1.0.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-ppc64le:bookworm-v1.0.1
 endif
 ifeq ($(ARCH),s390x)
-    BASEIMAGE?=registry.k8s.io/build-image/debian-base-s390x:bookworm-v1.0.0
+    BASEIMAGE?=registry.k8s.io/build-image/debian-base-s390x:bookworm-v1.0.1
 endif
 
 BASE.windows = mcr.microsoft.com/windows/nanoserver

cmd/kubeadm/app/cmd/init.go

@@ -518,16 +518,18 @@ func (d *initData) Client() (clientset.Interface, error) {
 				return nil, err
 			}
 		} else { // Use a real client
-			if !d.adminKubeConfigBootstrapped {
+			isDefaultKubeConfigPath := d.KubeConfigPath() == kubeadmconstants.GetAdminKubeConfigPath()
+			// Only bootstrap the admin.conf if it's used by the user (i.e. --kubeconfig has its default value)
+			// and if the bootstrapping was not already done
+			if !d.adminKubeConfigBootstrapped && isDefaultKubeConfigPath {
 				// Call EnsureAdminClusterRoleBinding() to obtain a working client from admin.conf.
 				d.client, err = kubeconfigphase.EnsureAdminClusterRoleBinding(kubeadmconstants.KubernetesDir, nil)
 				if err != nil {
 					return nil, errors.Wrapf(err, "could not bootstrap the admin user in file %s", kubeadmconstants.AdminKubeConfigFileName)
 				}
 				d.adminKubeConfigBootstrapped = true
 			} else {
-				// In case adminKubeConfigBootstrapped is already set just return a client from the default
-				// kubeconfig location.
+				// Alternatively, just load the config pointed at the --kubeconfig path
 				d.client, err = kubeconfigutil.ClientSetFromFile(d.KubeConfigPath())
 				if err != nil {
 					return nil, err

cmd/kubeadm/app/cmd/init_test.go

@@ -17,7 +17,10 @@ limitations under the License.
 package cmd
 
 import (
+	"context"
 	"fmt"
+	"net/http"
+	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"testing"
@@ -54,6 +57,20 @@ kind: ClusterConfiguration
 controlPlaneEndpoint: "3.4.5.6"
 `, kubeadmapiv1.SchemeGroupVersion.String(), expectedCRISocket)
 
+const testKubeconfigDataFormat = `---
+apiVersion: v1
+clusters:
+- name: foo-cluster
+  cluster:
+    server: %s
+contexts:
+- name: foo-context
+  context:
+    cluster: foo-cluster
+current-context: foo-context
+kind: Config
+`
+
 func TestNewInitData(t *testing.T) {
 	// create temp directory
 	tmpDir, err := os.MkdirTemp("", "kubeadm-init-test")
@@ -349,3 +366,38 @@ func expectedInitIgnorePreflightErrors(expectedItems ...string) func(t *testing.
 		}
 	}
 }
+
+func TestInitDataClientWithNonDefaultKubeconfig(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodHead {
+			w.WriteHeader(http.StatusMethodNotAllowed)
+		}
+	}))
+	defer ts.Close()
+
+	kubeconfigPath := filepath.Join(t.TempDir(), "custom.conf")
+	if err := os.WriteFile(kubeconfigPath, []byte(fmt.Sprintf(testKubeconfigDataFormat, ts.URL)), 0o600); err != nil {
+		t.Fatalf("os.WriteFile returned unexpected error: %v", err)
+	}
+
+	// initialize an external init option and inject it to the init cmd
+	initOptions := newInitOptions()
+	initOptions.skipCRIDetect = true // avoid CRI detection in unit tests
+	initOptions.kubeconfigPath = kubeconfigPath
+	cmd := newCmdInit(nil, initOptions)
+
+	data, err := newInitData(cmd, nil, initOptions, nil)
+	if err != nil {
+		t.Fatalf("newInitData returned unexpected error: %v", err)
+	}
+
+	client, err := data.Client()
+	if err != nil {
+		t.Fatalf("data.Client returned unexpected error: %v", err)
+	}
+
+	result := client.Discovery().RESTClient().Verb("HEAD").Do(context.Background())
+	if err := result.Error(); err != nil {
+		t.Fatalf("REST client request returned unexpected error: %v", err)
+	}
+}

cmd/kubeadm/app/cmd/phases/init/uploadconfig.go

@@ -104,7 +104,7 @@ func getUploadConfigPhaseFlags() []string {
 
 // runUploadKubeadmConfig uploads the kubeadm configuration to a ConfigMap
 func runUploadKubeadmConfig(c workflow.RunData) error {
-	cfg, client, _, err := getUploadConfigData(c)
+	cfg, client, err := getUploadConfigData(c)
 	if err != nil {
 		return err
 	}
@@ -118,13 +118,13 @@ func runUploadKubeadmConfig(c workflow.RunData) error {
 
 // runUploadKubeletConfig uploads the kubelet configuration to a ConfigMap
 func runUploadKubeletConfig(c workflow.RunData) error {
-	cfg, client, patchesDir, err := getUploadConfigData(c)
+	cfg, client, err := getUploadConfigData(c)
 	if err != nil {
 		return err
 	}
 
 	klog.V(1).Infoln("[upload-config] Uploading the kubelet component config to a ConfigMap")
-	if err = kubeletphase.CreateConfigMap(&cfg.ClusterConfiguration, patchesDir, client); err != nil {
+	if err = kubeletphase.CreateConfigMap(&cfg.ClusterConfiguration, client); err != nil {
 		return errors.Wrap(err, "error creating kubelet configuration ConfigMap")
 	}
 
@@ -135,15 +135,15 @@ func runUploadKubeletConfig(c workflow.RunData) error {
 	return nil
 }
 
-func getUploadConfigData(c workflow.RunData) (*kubeadmapi.InitConfiguration, clientset.Interface, string, error) {
+func getUploadConfigData(c workflow.RunData) (*kubeadmapi.InitConfiguration, clientset.Interface, error) {
 	data, ok := c.(InitData)
 	if !ok {
-		return nil, nil, "", errors.New("upload-config phase invoked with an invalid data struct")
+		return nil, nil, errors.New("upload-config phase invoked with an invalid data struct")
 	}
 	cfg := data.Cfg()
 	client, err := data.Client()
 	if err != nil {
-		return nil, nil, "", err
+		return nil, nil, err
 	}
-	return cfg, client, data.PatchesDir(), err
+	return cfg, client, err
 }

cmd/kubeadm/app/cmd/upgrade/node.go

@@ -41,7 +41,6 @@ import (
 // supported by this api will be exposed as a flag.
 type nodeOptions struct {
 	kubeConfigPath        string
-	isControlPlaneNode    bool
 	etcdUpgrade           bool
 	renewCerts            bool
 	dryRun                bool
@@ -106,26 +105,11 @@ func newCmdNode(out io.Writer) *cobra.Command {
 
 // newNodeOptions returns a struct ready for being used for creating cmd kubeadm upgrade node flags.
 func newNodeOptions() *nodeOptions {
-	kubeConfigPath := constants.GetKubeletKubeConfigPath()
-
-	// isControlPlaneNode checks if a node is a control-plane node by looking up
-	// the kube-apiserver manifest file
-	isControlPlaneNode := true
-	filepath := constants.GetStaticPodFilepath(constants.KubeAPIServer, constants.GetStaticPodDirectory())
-	if _, err := os.Stat(filepath); os.IsNotExist(err) {
-		isControlPlaneNode = false
-	}
-
-	if isControlPlaneNode {
-		kubeConfigPath = constants.GetAdminKubeConfigPath()
-	}
-
 	return &nodeOptions{
-		kubeConfigPath:     kubeConfigPath,
-		isControlPlaneNode: isControlPlaneNode,
-		dryRun:             false,
-		renewCerts:         true,
-		etcdUpgrade:        true,
+		kubeConfigPath: "", // This is populated in newNodeData() on runtime
+		dryRun:         false,
+		renewCerts:     true,
+		etcdUpgrade:    true,
 	}
 }
 
@@ -141,14 +125,28 @@ func addUpgradeNodeFlags(flagSet *flag.FlagSet, nodeOptions *nodeOptions) {
 // This func takes care of validating nodeOptions passed to the command, and then it converts
 // options into the internal InitConfiguration type that is used as input all the phases in the kubeadm upgrade node workflow
 func newNodeData(cmd *cobra.Command, args []string, options *nodeOptions, out io.Writer) (*nodeData, error) {
+	// Checks if a node is a control-plane node by looking up the kube-apiserver manifest file
+	isControlPlaneNode := true
+	filepath := constants.GetStaticPodFilepath(constants.KubeAPIServer, constants.GetStaticPodDirectory())
+	if _, err := os.Stat(filepath); os.IsNotExist(err) {
+		isControlPlaneNode = false
+	}
+	if len(options.kubeConfigPath) == 0 {
+		// Update the kubeconfig path depending on whether this is a control plane node or not.
+		options.kubeConfigPath = constants.GetKubeletKubeConfigPath()
+		if isControlPlaneNode {
+			options.kubeConfigPath = constants.GetAdminKubeConfigPath()
+		}
+	}
+
 	client, err := getClient(options.kubeConfigPath, options.dryRun)
 	if err != nil {
 		return nil, errors.Wrapf(err, "couldn't create a Kubernetes client from file %q", options.kubeConfigPath)
 	}
 	// Fetches the cluster configuration
 	// NB in case of control-plane node, we are reading all the info for the node; in case of NOT control-plane node
 	//    (worker node), we are not reading local API address and the CRI socket from the node object
-	cfg, err := configutil.FetchInitConfigurationFromCluster(client, nil, "upgrade", !options.isControlPlaneNode, false)
+	cfg, err := configutil.FetchInitConfigurationFromCluster(client, nil, "upgrade", !isControlPlaneNode, false)
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to fetch the kubeadm-config ConfigMap")
 	}
@@ -165,7 +163,7 @@ func newNodeData(cmd *cobra.Command, args []string, options *nodeOptions, out io
 		dryRun:                options.dryRun,
 		cfg:                   cfg,
 		client:                client,
-		isControlPlaneNode:    options.isControlPlaneNode,
+		isControlPlaneNode:    isControlPlaneNode,
 		patchesDir:            options.patchesDir,
 		ignorePreflightErrors: ignorePreflightErrorsSet,
 		kubeConfigPath:        options.kubeConfigPath,

cmd/kubeadm/app/phases/kubelet/config.go

@@ -68,7 +68,10 @@ func WriteConfigToDisk(cfg *kubeadmapi.ClusterConfiguration, kubeletDir, patches
 
 // CreateConfigMap creates a ConfigMap with the generic kubelet configuration.
 // Used at "kubeadm init" and "kubeadm upgrade" time
-func CreateConfigMap(cfg *kubeadmapi.ClusterConfiguration, patchesDir string, client clientset.Interface) error {
+func CreateConfigMap(cfg *kubeadmapi.ClusterConfiguration, client clientset.Interface) error {
+	configMapName := kubeadmconstants.KubeletBaseConfigurationConfigMap
+	fmt.Printf("[kubelet] Creating a ConfigMap %q in namespace %s with the configuration for the kubelets in the cluster\n", configMapName, metav1.NamespaceSystem)
+
 	kubeletCfg, ok := cfg.ComponentConfigs[componentconfigs.KubeletGroup]
 	if !ok {
 		return errors.New("no kubelet component config found in the active component config set")
@@ -79,17 +82,6 @@ func CreateConfigMap(cfg *kubeadmapi.ClusterConfiguration, patchesDir string, cl
 		return err
 	}
 
-	// Apply patches to the KubeletConfiguration
-	if len(patchesDir) != 0 {
-		kubeletBytes, err = applyKubeletConfigPatches(kubeletBytes, patchesDir, os.Stdout)
-		if err != nil {
-			return errors.Wrap(err, "could not apply patches to the KubeletConfiguration")
-		}
-	}
-
-	configMapName := kubeadmconstants.KubeletBaseConfigurationConfigMap
-	fmt.Printf("[kubelet] Creating a ConfigMap %q in namespace %s with the configuration for the kubelets in the cluster\n", configMapName, metav1.NamespaceSystem)
-
 	configMap := &v1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      configMapName,

cmd/kubeadm/app/phases/kubelet/config_test.go

@@ -58,7 +58,7 @@ func TestCreateConfigMap(t *testing.T) {
 		t.Fatalf("unexpected failure when defaulting InitConfiguration: %v", err)
 	}
 
-	if err := CreateConfigMap(&internalcfg.ClusterConfiguration, "", client); err != nil {
+	if err := CreateConfigMap(&internalcfg.ClusterConfiguration, client); err != nil {
 		t.Errorf("CreateConfigMap: unexpected error %v", err)
 	}
 }

cmd/kubeadm/app/phases/upgrade/postupgrade.go

@@ -61,7 +61,7 @@ func PerformPostUpgradeTasks(client clientset.Interface, cfg *kubeadmapi.InitCon
 	}
 
 	// Create the new, version-branched kubelet ComponentConfig ConfigMap
-	if err := kubeletphase.CreateConfigMap(&cfg.ClusterConfiguration, patchesDir, client); err != nil {
+	if err := kubeletphase.CreateConfigMap(&cfg.ClusterConfiguration, client); err != nil {
 		errs = append(errs, errors.Wrap(err, "error creating kubelet configuration ConfigMap"))
 	}
 

openshift-hack/images/hyperkube/Dockerfile.rhel

@@ -13,4 +13,4 @@ COPY --from=builder /tmp/build/* /usr/bin/
 LABEL io.k8s.display-name="OpenShift Kubernetes Server Commands" \
       io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \
       io.openshift.tags="openshift,hyperkube" \
-      io.openshift.build.versions="kubernetes=1.29.1"
+      io.openshift.build.versions="kubernetes=1.29.2"