kubeadm: Fetching kube-proxy's config map is now optional

Whenever kubeadm needs to fetch its configuration from the cluster, it gets the component configuration of all supported components (currently only kubelet and kube-proxy). However, kube-proxy is deemed an optional component and its installation may be skipped (by skipping the addon/kube-proxy phase on init). When kube-proxy's installation is skipped, its config map is not created and all kubeadm operations, that fetch the config from the cluster, are bound to fail with "not found" or "forbidden" (because of missing RBAC rules) errors. To fix this issue, we have to ignore the 403 and 404 errors, returned on an attempt to fetch kube-proxy's component config from the cluster. The `GetFromKubeProxyConfigMap` function now supports returning nil for both error and object to indicate just such a case. Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
2025-07-22 03:11:40 +00:00 · 2019-09-02 19:28:42 +03:00 · 2019-09-02 19:28:42 +03:00 · 31b4c782c7
commit 31b4c782c7
parent b327a729c5
5 changed files with 22 additions and 10 deletions
--- a/cmd/kubeadm/app/componentconfigs/BUILD
+++ b/cmd/kubeadm/app/componentconfigs/BUILD
@ -24,6 +24,7 @@ go_library(
        "//pkg/proxy/apis/config:go_default_library",
        "//pkg/proxy/apis/config/v1alpha1:go_default_library",
        "//pkg/proxy/apis/config/validation:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
--- a/cmd/kubeadm/app/componentconfigs/config.go
+++ b/cmd/kubeadm/app/componentconfigs/config.go
@ -18,7 +18,9 @@ package componentconfigs

 import (
 	"github.com/pkg/errors"
+	"k8s.io/klog"

+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/version"
@ -63,6 +65,13 @@ func GetFromKubeProxyConfigMap(client clientset.Interface, version *version.Vers
 	// Read the ConfigMap from the cluster
 	kubeproxyCfg, err := apiclient.GetConfigMapWithRetry(client, metav1.NamespaceSystem, kubeadmconstants.KubeProxyConfigMap)
 	if err != nil {
+		// The Kube-Proxy config map may be non-existent, because the user has decided to manage it by themselves
+		// or to use other proxy solution. It may also be forbidden - if the kube-proxy phase was skipped we have neither
+		// the config map, nor the RBAC rules allowing join access to it.
+		if apierrors.IsNotFound(err) || apierrors.IsForbidden(err) {
+			klog.Warningf("Warning: No kube-proxy config is loaded. Continuing without it: %v", err)
+			return nil, nil
+		}
 		return nil, err
 	}

--- a/cmd/kubeadm/app/componentconfigs/config_test.go
+++ b/cmd/kubeadm/app/componentconfigs/config_test.go
@ -47,6 +47,7 @@ func TestGetFromConfigMap(t *testing.T) {
 		component     RegistrationKind
 		configMap     *fakeConfigMap
 		expectedError bool
+		expectedNil   bool
 	}{
 		{
 			name:      "valid kube-proxy",
@ -59,10 +60,10 @@ func TestGetFromConfigMap(t *testing.T) {
 			},
 		},
 		{
-			name:          "invalid kube-proxy - missing ConfigMap",
-			component:     KubeProxyConfigurationKind,
-			configMap:     nil,
-			expectedError: true,
+			name:        "valid kube-proxy - missing ConfigMap",
+			component:   KubeProxyConfigurationKind,
+			configMap:   nil,
+			expectedNil: true,
 		},
 		{
 			name:      "invalid kube-proxy - missing key",
@ -123,8 +124,8 @@ func TestGetFromConfigMap(t *testing.T) {
 				return
 			}

-			if obj == nil {
-				t.Error("unexpected nil return value")
+			if rt.expectedNil != (obj == nil) {
+				t.Error("unexpected return value")
 			}
 		})
 	}
--- a/cmd/kubeadm/app/util/config/cluster.go
+++ b/cmd/kubeadm/app/util/config/cluster.go
@ -203,6 +203,11 @@ func getComponentConfigs(client clientset.Interface, clusterConfiguration *kubea
 			return err
 		}

+		// Some components may not be installed or managed by kubeadm, hence GetFromConfigMap won't return an error or an object
+		if obj == nil {
+			continue
+		}
+
 		if ok := registration.SetToInternalConfig(obj, clusterConfiguration); !ok {
 			return errors.Errorf("couldn't save componentconfig value for kind %q", string(kind))
 		}
--- a/cmd/kubeadm/app/util/config/cluster_test.go
+++ b/cmd/kubeadm/app/util/config/cluster_test.go
@ -449,7 +449,6 @@ func TestGetComponentConfigs(t *testing.T) {
 					},
 				},
 			},
-			expectedError: true,
 		},
 	}

@ -483,9 +482,6 @@ func TestGetComponentConfigs(t *testing.T) {
 			if cfg.ComponentConfigs.Kubelet == nil {
 				t.Errorf("invalid cfg.ComponentConfigs.Kubelet")
 			}
-			if cfg.ComponentConfigs.KubeProxy == nil {
-				t.Errorf("invalid cfg.ComponentConfigs.KubeProxy")
-			}
 		})
 	}
 }