kubeadm: remove the CoreDNS check for supported image digests

The isCoreDNSVersionSupported() check assumes that
there is a running kubelet, that manages the CoreDNS containers.

If the containers are being created it is not possible to fetch
their image digest. To workaround that, a poll can be used in
isCoreDNSVersionSupported() and wait for the CoreDNS Pods
are expected to be running. Depending on timing and CNI
yet to be installed this can cause problems related to
addon idempotency of "kubeadm init", because if the CoreDNS
Pods are waiting for another step they will never get running.

Remove the function isCoreDNSVersionSupported() and assume that
the version is always supported. Rely on the Corefile migration
library to error out if it must.
This commit is contained in:
Lubomir I. Ivanov 2020-09-04 04:37:53 +03:00
parent a9f1d72e1d
commit 4bb75a462f
2 changed files with 3 additions and 64 deletions

View File

@ -46,7 +46,6 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
"//vendor/github.com/caddyserver/caddy/caddyfile:go_default_library",

View File

@ -21,9 +21,7 @@ import (
"encoding/json"
"fmt"
"net"
"regexp"
"strings"
"time"
"github.com/caddyserver/caddy/caddyfile"
"github.com/coredns/corefile-migration/migration"
@ -35,7 +33,6 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kuberuntime "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
clientset "k8s.io/client-go/kubernetes"
clientsetscheme "k8s.io/client-go/kubernetes/scheme"
"k8s.io/klog/v2"
@ -270,22 +267,15 @@ func createCoreDNSAddon(deploymentBytes, serviceBytes, configBytes []byte, clien
return errors.Wrap(err, "unable to fetch CoreDNS current installed version and ConfigMap.")
}
canMigrateCorefile, err := isCoreDNSVersionSupported(client)
if err != nil {
return err
}
corefileMigrationRequired, err := isCoreDNSConfigMapMigrationRequired(corefile, currentInstalledCoreDNSVersion)
if err != nil {
return err
}
if !canMigrateCorefile {
klog.Warningf("the CoreDNS Configuration will not be migrated due to unsupported version of CoreDNS. " +
"The existing CoreDNS Corefile configuration and deployment has been retained.")
}
// Assume that migration is always possible, rely on migrateCoreDNSCorefile() to fail if not.
canMigrateCorefile := true
if corefileMigrationRequired && canMigrateCorefile {
if corefileMigrationRequired {
if err := migrateCoreDNSCorefile(client, coreDNSConfigMap, corefile, currentInstalledCoreDNSVersion); err != nil {
// Errors in Corefile Migration is verified during preflight checks. This part will be executed when a user has chosen
// to ignore preflight check errors.
@ -394,56 +384,6 @@ func isCoreDNSConfigMapMigrationRequired(corefile, currentInstalledCoreDNSVersio
return isMigrationRequired, nil
}
var (
// imageDigestMatcher is used to match the SHA256 digest from the ImageID of the CoreDNS pods
imageDigestMatcher = regexp.MustCompile(`^.*(?i:sha256:([[:alnum:]]{64}))$`)
)
func isCoreDNSVersionSupported(client clientset.Interface) (bool, error) {
var lastError error
var pods []v1.Pod
pollTimeout := 10 * time.Second
err := wait.PollImmediate(kubeadmconstants.APICallRetryInterval, pollTimeout, func() (bool, error) {
coreDNSPodList, err := client.CoreV1().Pods(metav1.NamespaceSystem).List(
context.TODO(),
metav1.ListOptions{
LabelSelector: "k8s-app=kube-dns",
},
)
if err != nil {
lastError = err
return false, nil
}
for _, pod := range coreDNSPodList.Items {
if pod.Status.Phase != v1.PodRunning {
lastError = errors.New("found non-running CoreDNS pods")
return false, nil
}
}
pods = coreDNSPodList.Items
return true, nil
})
if err != nil {
return false, errors.Wrapf(lastError, "could not list the running CoreDNS pods after %v", pollTimeout)
}
for _, pod := range pods {
imageID := imageDigestMatcher.FindStringSubmatch(pod.Status.ContainerStatuses[0].ImageID)
if len(imageID) != 2 {
return false, errors.Errorf("pod %s unable to match SHA256 digest ID in %q", pod.GetName(), pod.Status.ContainerStatuses[0].ImageID)
}
// The actual digest should be at imageID[1]
if !migration.Released(imageID[1]) {
return false, errors.Errorf("unknown digest %q for pod %s", imageID[1], pod.GetName())
}
}
return true, nil
}
func migrateCoreDNSCorefile(client clientset.Interface, cm *v1.ConfigMap, corefile, currentInstalledCoreDNSVersion string) error {
// Since the current configuration present is not the default version, try and migrate it.
updatedCorefile, err := migration.Migrate(currentInstalledCoreDNSVersion, kubeadmconstants.CoreDNSVersion, corefile, false)