Merge pull request #103063 from neolit123/1.22-add-patches-to-v1beta3

kubeadm: add support for patches in v1beta3; deprecate --experimental-patches

cmd/kubeadm/app/apis/kubeadm/fuzzer/fuzzer.go

@@ -58,6 +58,7 @@ func fuzzInitConfiguration(obj *kubeadm.InitConfiguration, c fuzz.Continue) {
 	}
 	obj.SkipPhases = nil
 	obj.NodeRegistration.ImagePullPolicy = ""
+	obj.Patches = nil
 }
 
 func fuzzNodeRegistration(obj *kubeadm.NodeRegistrationOptions, c fuzz.Continue) {
@@ -120,6 +121,7 @@ func fuzzJoinConfiguration(obj *kubeadm.JoinConfiguration, c fuzz.Continue) {
 	}
 	obj.SkipPhases = nil
 	obj.NodeRegistration.ImagePullPolicy = ""
+	obj.Patches = nil
 }
 
 func fuzzJoinControlPlane(obj *kubeadm.JoinControlPlane, c fuzz.Continue) {

cmd/kubeadm/app/apis/kubeadm/types.go

@@ -62,6 +62,10 @@ type InitConfiguration struct {
 	// The list of phases can be obtained with the "kubeadm init --help" command.
 	// The flag "--skip-phases" takes precedence over this field.
 	SkipPhases []string
+
+	// Patches contains options related to applying patches to components deployed by kubeadm during
+	// "kubeadm init".
+	Patches *Patches
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -334,6 +338,10 @@ type JoinConfiguration struct {
 	// The list of phases can be obtained with the "kubeadm join --help" command.
 	// The flag "--skip-phases" takes precedence over this field.
 	SkipPhases []string
+
+	// Patches contains options related to applying patches to components deployed by kubeadm during
+	// "kubeadm join".
+	Patches *Patches
 }
 
 // JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.
@@ -432,6 +440,18 @@ type HostPathMount struct {
 	PathType v1.HostPathType
 }
 
+// Patches contains options related to applying patches to components deployed by kubeadm.
+type Patches struct {
+	// Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+	// For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+	// "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+	// of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+	// The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+	// "suffix" is an optional string that can be used to determine which patches are applied
+	// first alpha-numerically.
+	Directory string
+}
+
 // DocumentMap is a convenient way to describe a map between a YAML document and its GVK type
 // +k8s:deepcopy-gen=false
 type DocumentMap map[schema.GroupVersionKind][]byte

cmd/kubeadm/app/apis/kubeadm/v1beta2/zz_generated.conversion.go

@@ -647,6 +647,7 @@ func autoConvert_kubeadm_InitConfiguration_To_v1beta2_InitConfiguration(in *kube
 	}
 	out.CertificateKey = in.CertificateKey
 	// WARNING: in.SkipPhases requires manual conversion: does not exist in peer-type
+	// WARNING: in.Patches requires manual conversion: does not exist in peer-type
 	return nil
 }
 
@@ -677,6 +678,7 @@ func autoConvert_kubeadm_JoinConfiguration_To_v1beta2_JoinConfiguration(in *kube
 	}
 	out.ControlPlane = (*JoinControlPlane)(unsafe.Pointer(in.ControlPlane))
 	// WARNING: in.SkipPhases requires manual conversion: does not exist in peer-type
+	// WARNING: in.Patches requires manual conversion: does not exist in peer-type
 	return nil
 }
 

cmd/kubeadm/app/apis/kubeadm/v1beta3/doc.go

@@ -34,7 +34,8 @@ limitations under the License.
 // - Add "InitConfiguration.NodeRegistration.ImagePullPolicy" and "JoinConfiguration.NodeRegistration.ImagePullPolicy"
 // to allow specifying the images pull policy during kubeadm "init" and "join". The value must be one of "Always", "Never" or
 // "IfNotPresent". "IfNotPresent" is the default, which has been the existing behavior prior to this addition.
-
+// - Add "InitConfiguration.Patches.Directory", "JoinConfiguration.Patches.Directory" to allow
+// the user to configure a directory from which to take patches for components deployed by kubeadm.
 //
 // Migration from old kubeadm config versions
 //

cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go

@@ -60,6 +60,11 @@ type InitConfiguration struct {
 	// The flag "--skip-phases" takes precedence over this field.
 	// +optional
 	SkipPhases []string `json:"skipPhases,omitempty"`
+
+	// Patches contains options related to applying patches to components deployed by kubeadm during
+	// "kubeadm init".
+	// +optional
+	Patches *Patches `json:"patches,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -358,6 +363,11 @@ type JoinConfiguration struct {
 	// The flag "--skip-phases" takes precedence over this field.
 	// +optional
 	SkipPhases []string `json:"skipPhases,omitempty"`
+
+	// Patches contains options related to applying patches to components deployed by kubeadm during
+	// "kubeadm join".
+	// +optional
+	Patches *Patches `json:"patches,omitempty"`
 }
 
 // JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.
@@ -445,3 +455,16 @@ type HostPathMount struct {
 	// +optional
 	PathType v1.HostPathType `json:"pathType,omitempty"`
 }
+
+// Patches contains options related to applying patches to components deployed by kubeadm.
+type Patches struct {
+	// Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+	// For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+	// "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+	// of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+	// The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+	// "suffix" is an optional string that can be used to determine which patches are applied
+	// first alpha-numerically.
+	// +optional
+	Directory string `json:"directory,omitempty"`
+}

cmd/kubeadm/app/apis/kubeadm/v1beta3/zz_generated.conversion.go

@@ -217,6 +217,16 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddGeneratedConversionFunc((*Patches)(nil), (*kubeadm.Patches)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1beta3_Patches_To_kubeadm_Patches(a.(*Patches), b.(*kubeadm.Patches), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*kubeadm.Patches)(nil), (*Patches)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_kubeadm_Patches_To_v1beta3_Patches(a.(*kubeadm.Patches), b.(*Patches), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*kubeadm.DNS)(nil), (*DNS)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_kubeadm_DNS_To_v1beta3_DNS(a.(*kubeadm.DNS), b.(*DNS), scope)
 	}); err != nil {
@@ -627,6 +637,7 @@ func autoConvert_v1beta3_InitConfiguration_To_kubeadm_InitConfiguration(in *Init
 	}
 	out.CertificateKey = in.CertificateKey
 	out.SkipPhases = *(*[]string)(unsafe.Pointer(&in.SkipPhases))
+	out.Patches = (*kubeadm.Patches)(unsafe.Pointer(in.Patches))
 	return nil
 }
 
@@ -641,6 +652,7 @@ func autoConvert_kubeadm_InitConfiguration_To_v1beta3_InitConfiguration(in *kube
 	}
 	out.CertificateKey = in.CertificateKey
 	out.SkipPhases = *(*[]string)(unsafe.Pointer(&in.SkipPhases))
+	out.Patches = (*Patches)(unsafe.Pointer(in.Patches))
 	return nil
 }
 
@@ -654,6 +666,7 @@ func autoConvert_v1beta3_JoinConfiguration_To_kubeadm_JoinConfiguration(in *Join
 	}
 	out.ControlPlane = (*kubeadm.JoinControlPlane)(unsafe.Pointer(in.ControlPlane))
 	out.SkipPhases = *(*[]string)(unsafe.Pointer(&in.SkipPhases))
+	out.Patches = (*kubeadm.Patches)(unsafe.Pointer(in.Patches))
 	return nil
 }
 
@@ -672,6 +685,7 @@ func autoConvert_kubeadm_JoinConfiguration_To_v1beta3_JoinConfiguration(in *kube
 	}
 	out.ControlPlane = (*JoinControlPlane)(unsafe.Pointer(in.ControlPlane))
 	out.SkipPhases = *(*[]string)(unsafe.Pointer(&in.SkipPhases))
+	out.Patches = (*Patches)(unsafe.Pointer(in.Patches))
 	return nil
 }
 
@@ -791,3 +805,23 @@ func autoConvert_kubeadm_NodeRegistrationOptions_To_v1beta3_NodeRegistrationOpti
 func Convert_kubeadm_NodeRegistrationOptions_To_v1beta3_NodeRegistrationOptions(in *kubeadm.NodeRegistrationOptions, out *NodeRegistrationOptions, s conversion.Scope) error {
 	return autoConvert_kubeadm_NodeRegistrationOptions_To_v1beta3_NodeRegistrationOptions(in, out, s)
 }
+
+func autoConvert_v1beta3_Patches_To_kubeadm_Patches(in *Patches, out *kubeadm.Patches, s conversion.Scope) error {
+	out.Directory = in.Directory
+	return nil
+}
+
+// Convert_v1beta3_Patches_To_kubeadm_Patches is an autogenerated conversion function.
+func Convert_v1beta3_Patches_To_kubeadm_Patches(in *Patches, out *kubeadm.Patches, s conversion.Scope) error {
+	return autoConvert_v1beta3_Patches_To_kubeadm_Patches(in, out, s)
+}
+
+func autoConvert_kubeadm_Patches_To_v1beta3_Patches(in *kubeadm.Patches, out *Patches, s conversion.Scope) error {
+	out.Directory = in.Directory
+	return nil
+}
+
+// Convert_kubeadm_Patches_To_v1beta3_Patches is an autogenerated conversion function.
+func Convert_kubeadm_Patches_To_v1beta3_Patches(in *kubeadm.Patches, out *Patches, s conversion.Scope) error {
+	return autoConvert_kubeadm_Patches_To_v1beta3_Patches(in, out, s)
+}

cmd/kubeadm/app/apis/kubeadm/v1beta3/zz_generated.deepcopy.go

@@ -373,6 +373,11 @@ func (in *InitConfiguration) DeepCopyInto(out *InitConfiguration) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.Patches != nil {
+		in, out := &in.Patches, &out.Patches
+		*out = new(Patches)
+		**out = **in
+	}
 	return
 }
 
@@ -410,6 +415,11 @@ func (in *JoinConfiguration) DeepCopyInto(out *JoinConfiguration) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.Patches != nil {
+		in, out := &in.Patches, &out.Patches
+		*out = new(Patches)
+		**out = **in
+	}
 	return
 }
 
@@ -532,3 +542,19 @@ func (in *NodeRegistrationOptions) DeepCopy() *NodeRegistrationOptions {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Patches) DeepCopyInto(out *Patches) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Patches.
+func (in *Patches) DeepCopy() *Patches {
+	if in == nil {
+		return nil
+	}
+	out := new(Patches)
+	in.DeepCopyInto(out)
+	return out
+}

cmd/kubeadm/app/apis/kubeadm/validation/validation.go

@@ -568,6 +568,8 @@ func isAllowedFlag(flagName string) bool {
 		kubeadmcmdoptions.KubeconfigDir,
 		kubeadmcmdoptions.UploadCerts,
 		kubeadmcmdoptions.Patches,
+		// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+		kubeadmcmdoptions.ExperimentalPatches,
 		"print-join-command", "rootfs", "v", "log-file")
 	if allowedFlags.Has(flagName) {
 		return true

cmd/kubeadm/app/apis/kubeadm/zz_generated.deepcopy.go

@@ -403,6 +403,11 @@ func (in *InitConfiguration) DeepCopyInto(out *InitConfiguration) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.Patches != nil {
+		in, out := &in.Patches, &out.Patches
+		*out = new(Patches)
+		**out = **in
+	}
 	return
 }
 
@@ -440,6 +445,11 @@ func (in *JoinConfiguration) DeepCopyInto(out *JoinConfiguration) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.Patches != nil {
+		in, out := &in.Patches, &out.Patches
+		*out = new(Patches)
+		**out = **in
+	}
 	return
 }
 
@@ -562,3 +572,19 @@ func (in *NodeRegistrationOptions) DeepCopy() *NodeRegistrationOptions {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Patches) DeepCopyInto(out *Patches) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Patches.
+func (in *Patches) DeepCopy() *Patches {
+	if in == nil {
+		return nil
+	}
+	out := new(Patches)
+	in.DeepCopyInto(out)
+	return out
+}

cmd/kubeadm/app/cmd/init.go

@@ -556,7 +556,14 @@ func (d *initData) Tokens() []string {
 
 // PatchesDir returns the folder where patches for components are stored
 func (d *initData) PatchesDir() string {
-	return d.patchesDir
+	// If provided, make the flag value override the one in config.
+	if len(d.patchesDir) > 0 {
+		return d.patchesDir
+	}
+	if d.cfg.Patches != nil {
+		return d.cfg.Patches.Directory
+	}
+	return ""
 }
 
 func printJoinCommand(out io.Writer, adminKubeConfigPath, token string, i *initData) error {

cmd/kubeadm/app/cmd/join.go

@@ -516,7 +516,14 @@ func (j *joinData) OutputWriter() io.Writer {
 
 // PatchesDir returns the folder where patches for components are stored
 func (j *joinData) PatchesDir() string {
-	return j.patchesDir
+	// If provided, make the flag value override the one in config.
+	if len(j.patchesDir) > 0 {
+		return j.patchesDir
+	}
+	if j.cfg.Patches != nil {
+		return j.cfg.Patches.Directory
+	}
+	return ""
 }
 
 // fetchInitConfigurationFromJoinConfiguration retrieves the init configuration from a join configuration, performing the discovery

cmd/kubeadm/app/cmd/options/constant.go

@@ -144,5 +144,9 @@ const (
 	EtcdUpgrade = "etcd-upgrade"
 
 	// Patches flag sets the folder where kubeadm component patches are stored
-	Patches = "experimental-patches"
+	Patches = "patches"
+
+	// ExperimentalPatches (DEPRECATED) is the same as Patches
+	// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+	ExperimentalPatches = "experimental-patches"
 )

cmd/kubeadm/app/cmd/options/generic.go

@@ -91,12 +91,16 @@ func AddKubeadmOtherFlags(flagSet *pflag.FlagSet, rootfsPath *string) {
 
 // AddPatchesFlag adds the --patches flag to the given flagset
 func AddPatchesFlag(fs *pflag.FlagSet, patchesDir *string) {
-	fs.StringVar(patchesDir, Patches, *patchesDir, `Path to a directory that contains files named `+
-		`"target[suffix][+patchtype].extension". For example, `+
-		`"kube-apiserver0+merge.yaml" or just "etcd.json". `+
-		`"patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats `+
-		`supported by kubectl. The default "patchtype" is "strategic". "extension" must be either `+
-		`"json" or "yaml". "suffix" is an optional string that can be used to determine `+
-		`which patches are applied first alpha-numerically.`,
-	)
+	const usage = `Path to a directory that contains files named ` +
+		`"target[suffix][+patchtype].extension". For example, ` +
+		`"kube-apiserver0+merge.yaml" or just "etcd.json". ` +
+		`"target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". ` +
+		`"patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats ` +
+		`supported by kubectl. The default "patchtype" is "strategic". "extension" must be either ` +
+		`"json" or "yaml". "suffix" is an optional string that can be used to determine ` +
+		`which patches are applied first alpha-numerically.`
+	fs.StringVar(patchesDir, Patches, *patchesDir, usage)
+	// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+	fs.StringVar(patchesDir, ExperimentalPatches, *patchesDir, usage)
+	fs.MarkDeprecated(ExperimentalPatches, "This flag will be removed in a future version. Please use '--patches' instead.")
 }

cmd/kubeadm/app/cmd/phases/init/controlplane.go

@@ -101,6 +101,8 @@ func getControlPlanePhaseFlags(name string) []string {
 		options.KubernetesVersion,
 		options.ImageRepository,
 		options.Patches,
+		// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+		options.ExperimentalPatches,
 		options.DryRun,
 	}
 	if name == "all" || name == kubeadmconstants.KubeAPIServer {

cmd/kubeadm/app/cmd/phases/join/controlplanejoin.go

@@ -44,6 +44,8 @@ func getControlPlaneJoinPhaseFlags(name string) []string {
 	}
 	if name == "etcd" || name == "all" {
 		flags = append(flags, options.Patches)
+		// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+		flags = append(flags, options.ExperimentalPatches)
 	}
 	if name != "mark-control-plane" {
 		flags = append(flags, options.APIServerAdvertiseAddress)

cmd/kubeadm/app/cmd/phases/join/controlplaneprepare.go

@@ -79,6 +79,8 @@ func getControlPlanePreparePhaseFlags(name string) []string {
 			options.TokenStr,
 			options.CertificateKey,
 			options.Patches,
+			// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+			options.ExperimentalPatches,
 		}
 	case "download-certs":
 		flags = []string{
@@ -124,6 +126,8 @@ func getControlPlanePreparePhaseFlags(name string) []string {
 			options.CfgPath,
 			options.ControlPlane,
 			options.Patches,
+			// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+			options.ExperimentalPatches,
 		}
 	default:
 		flags = []string{}

cmd/kubeadm/app/cmd/phases/upgrade/node/controlplane.go

@@ -40,6 +40,8 @@ func NewControlPlane() workflow.Phase {
 			options.CertificateRenewal,
 			options.EtcdUpgrade,
 			options.Patches,
+			// TODO: https://github.com/kubernetes/kubeadm/issues/2046 remove in 1.23
+			options.ExperimentalPatches,
 		},
 	}
 	return phase