mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-31 07:20:13 +00:00
Merge pull request #47339 from luxas/kubeadm_v18_cleanup_misc
Automatic merge from submit-queue (batch tested with PRs 48295, 48298, 47339, 44910, 48037) kubeadm: Remove v1.6 version gates, cleanup unused code, etc. **What this PR does / why we need it**: - Removes v1.6 version gates and requires a control plane version of v1.7.0 and above - Removes unused/unnecessary functions that got freed up as a consequence of that **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # Fixes: kubernetes/kubeadm#327 **Special notes for your reviewer**: This PR targets v1.8, can be merged first when the code freeze is lifted **Release note**: ```release-note NONE ``` @kubernetes/sig-cluster-lifecycle-pr-reviews @timothysc @mikedanese @pipejakob
This commit is contained in:
Kubernetes Submit Queue
GitHub
commit
2b190bd2f1
@ -107,11 +107,5 @@ var (
|
||||
DefaultTokenUsages = []string{"signing", "authentication"}
|
||||
|
||||
// MinimumControlPlaneVersion specifies the minimum control plane version kubeadm can deploy
|
||||
MinimumControlPlaneVersion = version.MustParseSemantic("v1.6.0")
|
||||
|
||||
// MinimumCSRSARApproverVersion specifies the minimum kubernetes version that can be used for enabling the new-in-v1.7 CSR approver based on a SubjectAccessReview
|
||||
MinimumCSRSARApproverVersion = version.MustParseSemantic("v1.7.0-beta.0")
|
||||
|
||||
// MinimumAPIAggregationVersion specifies the minimum kubernetes version that can be used enabling the API aggregation in the apiserver and the front proxy flags
|
||||
MinimumAPIAggregationVersion = version.MustParseSemantic("v1.7.0-alpha.1")
|
||||
MinimumControlPlaneVersion = version.MustParseSemantic("v1.7.0")
|
||||
)
|
||||
|
||||
@ -22,7 +22,6 @@ go_library(
|
||||
"//cmd/kubeadm/app/constants:go_default_library",
|
||||
"//cmd/kubeadm/app/images:go_default_library",
|
||||
"//cmd/kubeadm/app/util/kubeconfig:go_default_library",
|
||||
"//pkg/bootstrap/api:go_default_library",
|
||||
"//pkg/kubeapiserver/authorizer/modes:go_default_library",
|
||||
"//pkg/kubectl/cmd/util:go_default_library",
|
||||
"//pkg/kubelet/types:go_default_library",
|
||||
|
||||
@ -34,7 +34,6 @@ import (
|
||||
kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1"
|
||||
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/images"
|
||||
bootstrapapi "k8s.io/kubernetes/pkg/bootstrap/api"
|
||||
authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
|
||||
cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
|
||||
kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
|
||||
@ -48,14 +47,9 @@ const (
|
||||
defaultv17AdmissionControl = "Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota"
|
||||
|
||||
etcd = "etcd"
|
||||
apiServer = "apiserver"
|
||||
controllerManager = "controller-manager"
|
||||
scheduler = "scheduler"
|
||||
proxy = "proxy"
|
||||
kubeAPIServer = "kube-apiserver"
|
||||
kubeControllerManager = "kube-controller-manager"
|
||||
kubeScheduler = "kube-scheduler"
|
||||
kubeProxy = "kube-proxy"
|
||||
)
|
||||
|
||||
// WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk
|
||||
@ -313,22 +307,7 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod {
|
||||
}
|
||||
}
|
||||
|
||||
func getComponentBaseCommand(component string) []string {
|
||||
if kubeadmapi.GlobalEnvParams.HyperkubeImage != "" {
|
||||
return []string{"/hyperkube", component}
|
||||
}
|
||||
|
||||
return []string{"kube-" + component}
|
||||
}
|
||||
|
||||
func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k8sVersion *version.Version) []string {
|
||||
var command []string
|
||||
|
||||
// self-hosted apiserver needs to wait on a lock
|
||||
if selfHosted {
|
||||
command = []string{"/usr/bin/flock", "--exclusive", "--timeout=30", "/var/lock/api-server.lock"}
|
||||
}
|
||||
|
||||
defaultArguments := map[string]string{
|
||||
"insecure-port": "0",
|
||||
"admission-control": defaultv17AdmissionControl,
|
||||
@ -350,14 +329,11 @@ func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k
|
||||
"requestheader-extra-headers-prefix": "X-Remote-Extra-",
|
||||
"requestheader-client-ca-file": filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyCACertName),
|
||||
"requestheader-allowed-names": "front-proxy-client",
|
||||
}
|
||||
if k8sVersion.AtLeast(kubeadmconstants.MinimumAPIAggregationVersion) {
|
||||
// add options which allow the kube-apiserver to act as a front-proxy to aggregated API servers
|
||||
defaultArguments["proxy-client-cert-file"] = filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientCertName)
|
||||
defaultArguments["proxy-client-key-file"] = filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientKeyName)
|
||||
"proxy-client-cert-file": filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientCertName),
|
||||
"proxy-client-key-file": filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientKeyName),
|
||||
}
|
||||
|
||||
command = getComponentBaseCommand(apiServer)
|
||||
command := []string{"kube-apiserver"}
|
||||
command = append(command, getExtraParameters(cfg.APIServerExtraArgs, defaultArguments)...)
|
||||
command = append(command, getAuthzParameters(cfg.AuthorizationModes)...)
|
||||
|
||||
@ -397,28 +373,18 @@ func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k
|
||||
}
|
||||
|
||||
func getEtcdCommand(cfg *kubeadmapi.MasterConfiguration) []string {
|
||||
var command []string
|
||||
|
||||
defaultArguments := map[string]string{
|
||||
"listen-client-urls": "http://127.0.0.1:2379",
|
||||
"advertise-client-urls": "http://127.0.0.1:2379",
|
||||
"data-dir": cfg.Etcd.DataDir,
|
||||
}
|
||||
|
||||
command = append(command, "etcd")
|
||||
command := []string{"etcd"}
|
||||
command = append(command, getExtraParameters(cfg.Etcd.ExtraArgs, defaultArguments)...)
|
||||
|
||||
return command
|
||||
}
|
||||
|
||||
func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k8sVersion *version.Version) []string {
|
||||
var command []string
|
||||
|
||||
// self-hosted controller-manager needs to wait on a lock
|
||||
if selfHosted {
|
||||
command = []string{"/usr/bin/flock", "--exclusive", "--timeout=30", "/var/lock/controller-manager.lock"}
|
||||
}
|
||||
|
||||
defaultArguments := map[string]string{
|
||||
"address": "127.0.0.1",
|
||||
"leader-elect": "true",
|
||||
@ -430,13 +396,8 @@ func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted
|
||||
"use-service-account-credentials": "true",
|
||||
"controllers": "*,bootstrapsigner,tokencleaner",
|
||||
}
|
||||
if k8sVersion.LessThan(kubeadmconstants.MinimumCSRSARApproverVersion) {
|
||||
// enable the former CSR group approver for v1.6 clusters.
|
||||
// TODO(luxas): Remove this once we're targeting v1.8 at HEAD
|
||||
defaultArguments["insecure-experimental-approve-all-kubelet-csrs-for-group"] = bootstrapapi.BootstrapGroup
|
||||
}
|
||||
|
||||
command = getComponentBaseCommand(controllerManager)
|
||||
command := []string{"kube-controller-manager"}
|
||||
command = append(command, getExtraParameters(cfg.ControllerManagerExtraArgs, defaultArguments)...)
|
||||
|
||||
if cfg.CloudProvider != "" {
|
||||
@ -453,27 +414,18 @@ func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted
|
||||
if cfg.Networking.PodSubnet != "" {
|
||||
command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+cfg.Networking.PodSubnet)
|
||||
}
|
||||
|
||||
return command
|
||||
}
|
||||
|
||||
func getSchedulerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool) []string {
|
||||
var command []string
|
||||
|
||||
// self-hosted apiserver needs to wait on a lock
|
||||
if selfHosted {
|
||||
command = []string{"/usr/bin/flock", "--exclusive", "--timeout=30", "/var/lock/api-server.lock"}
|
||||
}
|
||||
|
||||
defaultArguments := map[string]string{
|
||||
"address": "127.0.0.1",
|
||||
"leader-elect": "true",
|
||||
"kubeconfig": filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.SchedulerKubeConfigFileName),
|
||||
}
|
||||
|
||||
command = getComponentBaseCommand(scheduler)
|
||||
command := []string{"kube-scheduler"}
|
||||
command = append(command, getExtraParameters(cfg.SchedulerExtraArgs, defaultArguments)...)
|
||||
|
||||
return command
|
||||
}
|
||||
|
||||
|
||||
@ -478,35 +478,6 @@ func TestComponentPod(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetComponentBaseCommand(t *testing.T) {
|
||||
var tests = []struct {
|
||||
c string
|
||||
expected []string
|
||||
}{
|
||||
{
|
||||
c: "foo",
|
||||
expected: []string{"kube-foo", "--v=2"},
|
||||
},
|
||||
{
|
||||
c: "bar",
|
||||
expected: []string{"kube-bar", "--v=2"},
|
||||
},
|
||||
}
|
||||
|
||||
for _, rt := range tests {
|
||||
actual := getComponentBaseCommand(rt.c)
|
||||
for i := range actual {
|
||||
if actual[i] != rt.expected[i] {
|
||||
t.Errorf(
|
||||
"failed getComponentBaseCommand:\n\texpected: %s\n\t actual: %s",
|
||||
rt.expected[i],
|
||||
actual[i],
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetAPIServerCommand(t *testing.T) {
|
||||
var tests = []struct {
|
||||
cfg *kubeadmapi.MasterConfiguration
|
||||
@ -567,9 +538,9 @@ func TestGetAPIServerCommand(t *testing.T) {
|
||||
"--secure-port=123",
|
||||
"--allow-privileged=true",
|
||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||
"--experimental-bootstrap-token-auth=true",
|
||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
||||
"--experimental-bootstrap-token-auth=true",
|
||||
"--requestheader-username-headers=X-Remote-User",
|
||||
"--requestheader-group-headers=X-Remote-Group",
|
||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||
@ -726,25 +697,6 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||
},
|
||||
},
|
||||
{
|
||||
cfg: &kubeadmapi.MasterConfiguration{
|
||||
CertificatesDir: testCertsDir,
|
||||
KubernetesVersion: "v1.6.4",
|
||||
},
|
||||
expected: []string{
|
||||
"kube-controller-manager",
|
||||
"--address=127.0.0.1",
|
||||
"--leader-elect=true",
|
||||
"--kubeconfig=" + kubeadmapi.GlobalEnvParams.KubernetesDir + "/controller-manager.conf",
|
||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
||||
"--use-service-account-credentials=true",
|
||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||
"--insecure-experimental-approve-all-kubelet-csrs-for-group=system:bootstrappers",
|
||||
},
|
||||
},
|
||||
{
|
||||
cfg: &kubeadmapi.MasterConfiguration{
|
||||
CloudProvider: "foo",
|
||||
@ -998,18 +950,3 @@ func TestGetExtraParameters(t *testing.T) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestVersionCompare(t *testing.T) {
|
||||
versions := []string{
|
||||
"v1.7.0-alpha.1",
|
||||
"v1.7.0-beta.0",
|
||||
"v1.7.0-rc.0",
|
||||
"v1.7.0",
|
||||
"v1.7.1",
|
||||
}
|
||||
for _, v := range versions {
|
||||
if !version.MustParseSemantic(v).AtLeast(kubeadmconstants.MinimumAPIAggregationVersion) {
|
||||
t.Errorf("err")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user