mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
kubeadm: remove the CoreDNS check for supported image digests
The isCoreDNSVersionSupported() check assumes that there is a running kubelet, that manages the CoreDNS containers. If the containers are being created it is not possible to fetch their image digest. To workaround that, a poll can be used in isCoreDNSVersionSupported() and wait for the CoreDNS Pods are expected to be running. Depending on timing and CNI yet to be installed this can cause problems related to addon idempotency of "kubeadm init", because if the CoreDNS Pods are waiting for another step they will never get running. Remove the function isCoreDNSVersionSupported() and assume that the version is always supported. Rely on the Corefile migration library to error out if it must.
This commit is contained in:
Lubomir I. Ivanov
parent
a9f1d72e1d
commit
4bb75a462f
@ -46,7 +46,6 @@ go_library(
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes/scheme:go_default_library",
|
||||
"//vendor/github.com/caddyserver/caddy/caddyfile:go_default_library",
|
||||
|
||||
@ -21,9 +21,7 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
"regexp"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/caddyserver/caddy/caddyfile"
|
||||
"github.com/coredns/corefile-migration/migration"
|
||||
@ -35,7 +33,6 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
kuberuntime "k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
clientsetscheme "k8s.io/client-go/kubernetes/scheme"
|
||||
"k8s.io/klog/v2"
|
||||
@ -270,22 +267,15 @@ func createCoreDNSAddon(deploymentBytes, serviceBytes, configBytes []byte, clien
|
||||
return errors.Wrap(err, "unable to fetch CoreDNS current installed version and ConfigMap.")
|
||||
}
|
||||
|
||||
canMigrateCorefile, err := isCoreDNSVersionSupported(client)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
corefileMigrationRequired, err := isCoreDNSConfigMapMigrationRequired(corefile, currentInstalledCoreDNSVersion)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !canMigrateCorefile {
|
||||
klog.Warningf("the CoreDNS Configuration will not be migrated due to unsupported version of CoreDNS. " +
|
||||
"The existing CoreDNS Corefile configuration and deployment has been retained.")
|
||||
}
|
||||
// Assume that migration is always possible, rely on migrateCoreDNSCorefile() to fail if not.
|
||||
canMigrateCorefile := true
|
||||
|
||||
if corefileMigrationRequired && canMigrateCorefile {
|
||||
if corefileMigrationRequired {
|
||||
if err := migrateCoreDNSCorefile(client, coreDNSConfigMap, corefile, currentInstalledCoreDNSVersion); err != nil {
|
||||
// Errors in Corefile Migration is verified during preflight checks. This part will be executed when a user has chosen
|
||||
// to ignore preflight check errors.
|
||||
@ -394,56 +384,6 @@ func isCoreDNSConfigMapMigrationRequired(corefile, currentInstalledCoreDNSVersio
|
||||
return isMigrationRequired, nil
|
||||
}
|
||||
|
||||
var (
|
||||
// imageDigestMatcher is used to match the SHA256 digest from the ImageID of the CoreDNS pods
|
||||
imageDigestMatcher = regexp.MustCompile(`^.*(?i:sha256:([[:alnum:]]{64}))$`)
|
||||
)
|
||||
|
||||
func isCoreDNSVersionSupported(client clientset.Interface) (bool, error) {
|
||||
var lastError error
|
||||
var pods []v1.Pod
|
||||
|
||||
pollTimeout := 10 * time.Second
|
||||
err := wait.PollImmediate(kubeadmconstants.APICallRetryInterval, pollTimeout, func() (bool, error) {
|
||||
coreDNSPodList, err := client.CoreV1().Pods(metav1.NamespaceSystem).List(
|
||||
context.TODO(),
|
||||
metav1.ListOptions{
|
||||
LabelSelector: "k8s-app=kube-dns",
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
lastError = err
|
||||
return false, nil
|
||||
}
|
||||
|
||||
for _, pod := range coreDNSPodList.Items {
|
||||
if pod.Status.Phase != v1.PodRunning {
|
||||
lastError = errors.New("found non-running CoreDNS pods")
|
||||
return false, nil
|
||||
}
|
||||
}
|
||||
pods = coreDNSPodList.Items
|
||||
return true, nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return false, errors.Wrapf(lastError, "could not list the running CoreDNS pods after %v", pollTimeout)
|
||||
}
|
||||
|
||||
for _, pod := range pods {
|
||||
imageID := imageDigestMatcher.FindStringSubmatch(pod.Status.ContainerStatuses[0].ImageID)
|
||||
if len(imageID) != 2 {
|
||||
return false, errors.Errorf("pod %s unable to match SHA256 digest ID in %q", pod.GetName(), pod.Status.ContainerStatuses[0].ImageID)
|
||||
}
|
||||
// The actual digest should be at imageID[1]
|
||||
if !migration.Released(imageID[1]) {
|
||||
return false, errors.Errorf("unknown digest %q for pod %s", imageID[1], pod.GetName())
|
||||
}
|
||||
}
|
||||
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func migrateCoreDNSCorefile(client clientset.Interface, cm *v1.ConfigMap, corefile, currentInstalledCoreDNSVersion string) error {
|
||||
// Since the current configuration present is not the default version, try and migrate it.
|
||||
updatedCorefile, err := migration.Migrate(currentInstalledCoreDNSVersion, kubeadmconstants.CoreDNSVersion, corefile, false)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user