From 31b4c782c753f8d268d0cf8cbb805d74b8b24a26 Mon Sep 17 00:00:00 2001 From: "Rostislav M. Georgiev" Date: Mon, 2 Sep 2019 19:28:42 +0300 Subject: [PATCH] kubeadm: Fetching kube-proxy's config map is now optional Whenever kubeadm needs to fetch its configuration from the cluster, it gets the component configuration of all supported components (currently only kubelet and kube-proxy). However, kube-proxy is deemed an optional component and its installation may be skipped (by skipping the addon/kube-proxy phase on init). When kube-proxy's installation is skipped, its config map is not created and all kubeadm operations, that fetch the config from the cluster, are bound to fail with "not found" or "forbidden" (because of missing RBAC rules) errors. To fix this issue, we have to ignore the 403 and 404 errors, returned on an attempt to fetch kube-proxy's component config from the cluster. The `GetFromKubeProxyConfigMap` function now supports returning nil for both error and object to indicate just such a case. Signed-off-by: Rostislav M. Georgiev --- cmd/kubeadm/app/componentconfigs/BUILD | 1 + cmd/kubeadm/app/componentconfigs/config.go | 9 +++++++++ cmd/kubeadm/app/componentconfigs/config_test.go | 13 +++++++------ cmd/kubeadm/app/util/config/cluster.go | 5 +++++ cmd/kubeadm/app/util/config/cluster_test.go | 4 ---- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/cmd/kubeadm/app/componentconfigs/BUILD b/cmd/kubeadm/app/componentconfigs/BUILD index 446bd12ac81..ef4ae6e163c 100644 --- a/cmd/kubeadm/app/componentconfigs/BUILD +++ b/cmd/kubeadm/app/componentconfigs/BUILD @@ -24,6 +24,7 @@ go_library( "//pkg/proxy/apis/config:go_default_library", "//pkg/proxy/apis/config/v1alpha1:go_default_library", "//pkg/proxy/apis/config/validation:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", diff --git a/cmd/kubeadm/app/componentconfigs/config.go b/cmd/kubeadm/app/componentconfigs/config.go index ac4fa804912..7722092ee3d 100644 --- a/cmd/kubeadm/app/componentconfigs/config.go +++ b/cmd/kubeadm/app/componentconfigs/config.go @@ -18,7 +18,9 @@ package componentconfigs import ( "github.com/pkg/errors" + "k8s.io/klog" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/version" @@ -63,6 +65,13 @@ func GetFromKubeProxyConfigMap(client clientset.Interface, version *version.Vers // Read the ConfigMap from the cluster kubeproxyCfg, err := apiclient.GetConfigMapWithRetry(client, metav1.NamespaceSystem, kubeadmconstants.KubeProxyConfigMap) if err != nil { + // The Kube-Proxy config map may be non-existent, because the user has decided to manage it by themselves + // or to use other proxy solution. It may also be forbidden - if the kube-proxy phase was skipped we have neither + // the config map, nor the RBAC rules allowing join access to it. + if apierrors.IsNotFound(err) || apierrors.IsForbidden(err) { + klog.Warningf("Warning: No kube-proxy config is loaded. Continuing without it: %v", err) + return nil, nil + } return nil, err } diff --git a/cmd/kubeadm/app/componentconfigs/config_test.go b/cmd/kubeadm/app/componentconfigs/config_test.go index d15a9b91ae8..8d0dada420a 100644 --- a/cmd/kubeadm/app/componentconfigs/config_test.go +++ b/cmd/kubeadm/app/componentconfigs/config_test.go @@ -47,6 +47,7 @@ func TestGetFromConfigMap(t *testing.T) { component RegistrationKind configMap *fakeConfigMap expectedError bool + expectedNil bool }{ { name: "valid kube-proxy", @@ -59,10 +60,10 @@ func TestGetFromConfigMap(t *testing.T) { }, }, { - name: "invalid kube-proxy - missing ConfigMap", - component: KubeProxyConfigurationKind, - configMap: nil, - expectedError: true, + name: "valid kube-proxy - missing ConfigMap", + component: KubeProxyConfigurationKind, + configMap: nil, + expectedNil: true, }, { name: "invalid kube-proxy - missing key", @@ -123,8 +124,8 @@ func TestGetFromConfigMap(t *testing.T) { return } - if obj == nil { - t.Error("unexpected nil return value") + if rt.expectedNil != (obj == nil) { + t.Error("unexpected return value") } }) } diff --git a/cmd/kubeadm/app/util/config/cluster.go b/cmd/kubeadm/app/util/config/cluster.go index cc02bbbf838..528973fa267 100644 --- a/cmd/kubeadm/app/util/config/cluster.go +++ b/cmd/kubeadm/app/util/config/cluster.go @@ -203,6 +203,11 @@ func getComponentConfigs(client clientset.Interface, clusterConfiguration *kubea return err } + // Some components may not be installed or managed by kubeadm, hence GetFromConfigMap won't return an error or an object + if obj == nil { + continue + } + if ok := registration.SetToInternalConfig(obj, clusterConfiguration); !ok { return errors.Errorf("couldn't save componentconfig value for kind %q", string(kind)) } diff --git a/cmd/kubeadm/app/util/config/cluster_test.go b/cmd/kubeadm/app/util/config/cluster_test.go index 56159c11165..2d36d694e6b 100644 --- a/cmd/kubeadm/app/util/config/cluster_test.go +++ b/cmd/kubeadm/app/util/config/cluster_test.go @@ -449,7 +449,6 @@ func TestGetComponentConfigs(t *testing.T) { }, }, }, - expectedError: true, }, } @@ -483,9 +482,6 @@ func TestGetComponentConfigs(t *testing.T) { if cfg.ComponentConfigs.Kubelet == nil { t.Errorf("invalid cfg.ComponentConfigs.Kubelet") } - if cfg.ComponentConfigs.KubeProxy == nil { - t.Errorf("invalid cfg.ComponentConfigs.KubeProxy") - } }) } }