mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #64665 from stealthybox/feature/kubeadm_845-systemd-resolved
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: Set the kubelet `--resolv-conf` flag conditionally on init **What this PR does / why we need it**: `kubeadm init` detects if systemd-resolved is running and configures the kubelet to use a working resolv.conf. This patch also removes the warning message prompting manual user action for this configuration. /area kubeadm /area kubelet /area dns /kind bug /priority important-soon /sig cluster-lifecycle /assign @timothysc **Which issue(s) this PR fixes** Fixes https://github.com/kubernetes/kubeadm/issues/845 **Special notes for your reviewer**: See the difference in `KUBELET_KUBEADM_ARGS` when running with this build and enabling the resolved daemon on Ubuntu 17.10: ```bash root@vagrant:/vagrant/bin# bash << EOF systemctl start systemd-resolved ./845_kubeadm init |& tail -n5 cat /var/lib/kubelet/kubeadm-flags.env ./845_kubeadm reset --force |& tail -n2 systemctl stop systemd-resolved echo nameserver 8.8.8.8 > /etc/resolv.conf ./845_kubeadm init |& tail -n5 cat /var/lib/kubelet/kubeadm-flags.env EOF You can now join any number of machines by running the following on each node as root: kubeadm join 10.0.2.15:6443 --token 77q84j.0342evur7rrfrwwx --discovery-token-ca-cert-hash sha256:190040f9c3adf8410bc6766dac79f8679870190564e15e8f8d1704fafa03f678 KUBELET_KUBEADM_ARGS=--cgroup-driver=cgroupfs --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d --network-plugin=cni --resolv-conf=/run/systemd/resolve/resolv.conf I0603 06:49:16.592482 14106 reset.go:276] [reset] deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki] I0603 06:49:16.592858 14106 reset.go:290] [reset] deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf] You can now join any number of machines by running the following on each node as root: kubeadm join 10.0.2.15:6443 --token 8mdart.gp67vq3nh9urq4z5 --discovery-token-ca-cert-hash sha256:da6b2e5841546eae134524b045e782f0dd91a6b53becc8d69c15d9eab9c88758 KUBELET_KUBEADM_ARGS=--cgroup-driver=cgroupfs --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d --network-plugin=cni ``` **Release note**: ```release-note `kubeadm init` detects if systemd-resolved is running and configures the kubelet to use a working resolv.conf. ```
This commit is contained in:
commit
86ae84b10e
@ -19,6 +19,7 @@ go_library(
|
||||
"//pkg/apis/rbac/v1:go_default_library",
|
||||
"//pkg/kubelet/apis/kubeletconfig/scheme:go_default_library",
|
||||
"//pkg/kubelet/apis/kubeletconfig/v1beta1:go_default_library",
|
||||
"//pkg/util/procfs:go_default_library",
|
||||
"//pkg/util/version:go_default_library",
|
||||
"//vendor/github.com/golang/glog:go_default_library",
|
||||
"//vendor/k8s.io/api/core/v1:go_default_library",
|
||||
|
@ -28,6 +28,7 @@ import (
|
||||
kubeadmapiv1alpha2 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha2"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
||||
"k8s.io/kubernetes/pkg/util/procfs"
|
||||
utilsexec "k8s.io/utils/exec"
|
||||
)
|
||||
|
||||
@ -72,8 +73,12 @@ func buildKubeletArgMap(nodeRegOpts *kubeadmapi.NodeRegistrationOptions, registe
|
||||
kubeletFlags["register-with-taints"] = strings.Join(taintStrs, ",")
|
||||
}
|
||||
|
||||
if pids, _ := procfs.PidOf("systemd-resolved"); len(pids) > 0 {
|
||||
// procfs.PidOf only returns an error if the regex is empty or doesn't compile, so we can ignore it
|
||||
kubeletFlags["resolv-conf"] = "/run/systemd/resolve/resolv.conf"
|
||||
}
|
||||
|
||||
// TODO: Pass through --hostname-override if a custom name is used?
|
||||
// TODO: Check if `systemd-resolved` is running, and set `--resolv-conf` based on that
|
||||
// TODO: Conditionally set `--cgroup-driver` to either `systemd` or `cgroupfs` for CRI other than Docker
|
||||
|
||||
return kubeletFlags
|
||||
|
@ -57,7 +57,6 @@ go_library(
|
||||
"//pkg/registry/core/service/ipallocator:go_default_library",
|
||||
"//pkg/util/initsystem:go_default_library",
|
||||
"//pkg/util/ipvs:go_default_library",
|
||||
"//pkg/util/procfs:go_default_library",
|
||||
"//pkg/util/version:go_default_library",
|
||||
"//pkg/version:go_default_library",
|
||||
"//test/e2e_node/system:go_default_library",
|
||||
|
@ -51,7 +51,6 @@ import (
|
||||
"k8s.io/kubernetes/pkg/registry/core/service/ipallocator"
|
||||
"k8s.io/kubernetes/pkg/util/initsystem"
|
||||
ipvsutil "k8s.io/kubernetes/pkg/util/ipvs"
|
||||
"k8s.io/kubernetes/pkg/util/procfs"
|
||||
versionutil "k8s.io/kubernetes/pkg/util/version"
|
||||
kubeadmversion "k8s.io/kubernetes/pkg/version"
|
||||
"k8s.io/kubernetes/test/e2e_node/system"
|
||||
@ -830,33 +829,6 @@ func getEtcdVersionResponse(client *http.Client, url string, target interface{})
|
||||
return err
|
||||
}
|
||||
|
||||
// ResolveCheck tests for potential issues related to the system resolver configuration
|
||||
type ResolveCheck struct{}
|
||||
|
||||
// Name returns label for ResolveCheck
|
||||
func (ResolveCheck) Name() string {
|
||||
return "Resolve"
|
||||
}
|
||||
|
||||
// Check validates the system resolver configuration
|
||||
func (ResolveCheck) Check() (warnings, errors []error) {
|
||||
glog.V(1).Infoln("validating the system resolver configuration")
|
||||
|
||||
warnings = []error{}
|
||||
|
||||
// procfs.PidOf only returns an error if the string passed is empty
|
||||
// or there is an issue compiling the regex, so we can ignore it here
|
||||
pids, _ := procfs.PidOf("systemd-resolved")
|
||||
if len(pids) > 0 {
|
||||
warnings = append(warnings, fmt.Errorf(
|
||||
"systemd-resolved was detected, for cluster dns resolution to work "+
|
||||
"properly --resolv-conf=/run/systemd/resolve/resolv.conf must be set "+
|
||||
"for the kubelet. (/etc/systemd/system/kubelet.service.d/10-kubeadm.conf should be edited for this purpose)\n"))
|
||||
}
|
||||
|
||||
return warnings, errors
|
||||
}
|
||||
|
||||
// ImagePullCheck will pull container images used by kubeadm
|
||||
type ImagePullCheck struct {
|
||||
Images images.Images
|
||||
@ -1011,8 +983,7 @@ func addCommonChecks(execer utilsexec.Interface, cfg kubeadmapi.CommonConfigurat
|
||||
InPathCheck{executable: "ethtool", mandatory: false, exec: execer},
|
||||
InPathCheck{executable: "socat", mandatory: false, exec: execer},
|
||||
InPathCheck{executable: "tc", mandatory: false, exec: execer},
|
||||
InPathCheck{executable: "touch", mandatory: false, exec: execer},
|
||||
ResolveCheck{})
|
||||
InPathCheck{executable: "touch", mandatory: false, exec: execer})
|
||||
}
|
||||
checks = append(checks,
|
||||
SystemVerificationCheck{CRISocket: cfg.GetCRISocket()},
|
||||
|
Loading…
Reference in New Issue
Block a user