From ebf163684a6eadaea028cc08363cc6503d837bcd Mon Sep 17 00:00:00 2001 From: "Lubomir I. Ivanov" Date: Wed, 19 Aug 2020 18:17:28 +0300 Subject: [PATCH] kubeadm: adjust the logic around etcd data directory creation - Ensure the directory is created with 0700 via a new function called CreateDataDirectory(). - Call this function in the init phases instead of the manual call to MkdirAll. - Call this function when joining control-plane nodes with local etcd. If the directory creation is left to the kubelet via the static Pod hostPath mounts, it will end up with 0755 which is not desired. --- cmd/kubeadm/app/cmd/phases/init/BUILD | 1 + cmd/kubeadm/app/cmd/phases/init/etcd.go | 7 +++-- cmd/kubeadm/app/cmd/phases/join/BUILD | 1 + .../app/cmd/phases/join/controlplanejoin.go | 6 ++++ cmd/kubeadm/app/util/etcd/BUILD | 5 ++- cmd/kubeadm/app/util/etcd/etcddata.go | 31 +++++++++++++++++++ 6 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 cmd/kubeadm/app/util/etcd/etcddata.go diff --git a/cmd/kubeadm/app/cmd/phases/init/BUILD b/cmd/kubeadm/app/cmd/phases/init/BUILD index d79f0cecef7..2891c075b92 100644 --- a/cmd/kubeadm/app/cmd/phases/init/BUILD +++ b/cmd/kubeadm/app/cmd/phases/init/BUILD @@ -44,6 +44,7 @@ go_library( "//cmd/kubeadm/app/preflight:go_default_library", "//cmd/kubeadm/app/util/apiclient:go_default_library", "//cmd/kubeadm/app/util/dryrun:go_default_library", + "//cmd/kubeadm/app/util/etcd:go_default_library", "//cmd/kubeadm/app/util/pkiutil:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", diff --git a/cmd/kubeadm/app/cmd/phases/init/etcd.go b/cmd/kubeadm/app/cmd/phases/init/etcd.go index b67a6023da9..c0d56b92493 100644 --- a/cmd/kubeadm/app/cmd/phases/init/etcd.go +++ b/cmd/kubeadm/app/cmd/phases/init/etcd.go @@ -18,7 +18,6 @@ package phases import ( "fmt" - "os" "github.com/pkg/errors" "k8s.io/klog/v2" @@ -26,6 +25,7 @@ import ( "k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow" cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util" etcdphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/etcd" + etcdutil "k8s.io/kubernetes/cmd/kubeadm/app/util/etcd" ) var ( @@ -87,8 +87,9 @@ func runEtcdPhaseLocal() func(c workflow.RunData) error { if cfg.Etcd.External == nil { // creates target folder if doesn't exist already if !data.DryRun() { - if err := os.MkdirAll(cfg.Etcd.Local.DataDir, 0700); err != nil { - return errors.Wrapf(err, "failed to create etcd directory %q", cfg.Etcd.Local.DataDir) + // Create the etcd data directory + if err := etcdutil.CreateDataDirectory(cfg.Etcd.Local.DataDir); err != nil { + return err } } else { fmt.Printf("[dryrun] Would ensure that %q directory is present\n", cfg.Etcd.Local.DataDir) diff --git a/cmd/kubeadm/app/cmd/phases/join/BUILD b/cmd/kubeadm/app/cmd/phases/join/BUILD index c4492d4cce3..df53cfb8253 100644 --- a/cmd/kubeadm/app/cmd/phases/join/BUILD +++ b/cmd/kubeadm/app/cmd/phases/join/BUILD @@ -29,6 +29,7 @@ go_library( "//cmd/kubeadm/app/phases/uploadconfig:go_default_library", "//cmd/kubeadm/app/preflight:go_default_library", "//cmd/kubeadm/app/util/apiclient:go_default_library", + "//cmd/kubeadm/app/util/etcd:go_default_library", "//cmd/kubeadm/app/util/kubeconfig:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", diff --git a/cmd/kubeadm/app/cmd/phases/join/controlplanejoin.go b/cmd/kubeadm/app/cmd/phases/join/controlplanejoin.go index 4b947ebe183..ae7000bec69 100644 --- a/cmd/kubeadm/app/cmd/phases/join/controlplanejoin.go +++ b/cmd/kubeadm/app/cmd/phases/join/controlplanejoin.go @@ -29,6 +29,7 @@ import ( etcdphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/etcd" markcontrolplanephase "k8s.io/kubernetes/cmd/kubeadm/app/phases/markcontrolplane" uploadconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig" + etcdutil "k8s.io/kubernetes/cmd/kubeadm/app/util/etcd" ) var controlPlaneJoinExample = cmdutil.Examples(` @@ -131,6 +132,11 @@ func runEtcdPhase(c workflow.RunData) error { return nil } + // Create the etcd data directory + if err := etcdutil.CreateDataDirectory(cfg.Etcd.Local.DataDir); err != nil { + return err + } + // Adds a new etcd instance; in order to do this the new etcd instance should be "announced" to // the existing etcd members before being created. // This operation must be executed after kubelet is already started in order to minimize the time diff --git a/cmd/kubeadm/app/util/etcd/BUILD b/cmd/kubeadm/app/util/etcd/BUILD index b548c0f98c6..cf257239c83 100644 --- a/cmd/kubeadm/app/util/etcd/BUILD +++ b/cmd/kubeadm/app/util/etcd/BUILD @@ -2,7 +2,10 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") go_library( name = "go_default_library", - srcs = ["etcd.go"], + srcs = [ + "etcd.go", + "etcddata.go", + ], importpath = "k8s.io/kubernetes/cmd/kubeadm/app/util/etcd", visibility = ["//visibility:public"], deps = [ diff --git a/cmd/kubeadm/app/util/etcd/etcddata.go b/cmd/kubeadm/app/util/etcd/etcddata.go new file mode 100644 index 00000000000..29538620ecd --- /dev/null +++ b/cmd/kubeadm/app/util/etcd/etcddata.go @@ -0,0 +1,31 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package etcd + +import ( + "os" + + "github.com/pkg/errors" +) + +// CreateDataDirectory creates the etcd data directory (commonly /var/lib/etcd) with the right permissions. +func CreateDataDirectory(dir string) error { + if err := os.MkdirAll(dir, 0700); err != nil { + return errors.Wrapf(err, "failed to create the etcd data directory: %q", dir) + } + return nil +}