Merge pull request #42780 from Random-Liu/handle-npd-in-cluster-upgrade

Automatic merge from submit-queue (batch tested with PRs 42024, 42780, 42808, 42640) Handle NPD during cluster upgrade. Generate NPD token during upgrade. I could not fully verify this change because of https://github.com/kubernetes/kubernetes/issues/42199. However, at least I tried upgrade master, and the corresponding environment variables are correctly generated. ``` ... ENABLE_NODE_PROBLEM_DETECTOR: 'standalone' ... KUBELET_TOKEN: 'PKNgAaVXeL3VojND2s0KMleELjzGK0oW' ``` @maisem @dchen1107
2025-07-25 12:43:23 +00:00 · 2017-03-09 16:41:50 -08:00 · 2017-03-09 16:41:50 -08:00 · dcdf11a914
commit dcdf11a914
parent 9498a1270f cf41dcaeec
3 changed files with 24 additions and 2 deletions
--- a/cluster/gce/config-default.sh
+++ b/cluster/gce/config-default.sh
@ -148,7 +148,6 @@ ENABLE_CLUSTER_UI="${KUBE_ENABLE_CLUSTER_UI:-true}"
 #   standalone     - Run node problem detector as standalone system daemon.
 if [[ "${NODE_OS_DISTRIBUTION}" == "gci" ]]; then
  # Enable standalone mode by default for gci.
-  # TODO: Consider upgrade test.
  ENABLE_NODE_PROBLEM_DETECTOR="${KUBE_ENABLE_NODE_PROBLEM_DETECTOR:-standalone}"
 else
  ENABLE_NODE_PROBLEM_DETECTOR="${KUBE_ENABLE_NODE_PROBLEM_DETECTOR:-daemonset}"
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@ -173,7 +173,6 @@ ENABLE_CLUSTER_UI="${KUBE_ENABLE_CLUSTER_UI:-true}"
 #   standalone     - Run node problem detector as standalone system daemon.
 if [[ "${NODE_OS_DISTRIBUTION}" == "gci" ]]; then
  # Enable standalone mode by default for gci.
-  # TODO: Consider upgrade test.
  ENABLE_NODE_PROBLEM_DETECTOR="${KUBE_ENABLE_NODE_PROBLEM_DETECTOR:-standalone}"
 else
  ENABLE_NODE_PROBLEM_DETECTOR="${KUBE_ENABLE_NODE_PROBLEM_DETECTOR:-daemonset}"
--- a/cluster/gce/upgrade.sh
+++ b/cluster/gce/upgrade.sh
@ -88,6 +88,8 @@ function upgrade-master() {

  detect-master
  parse-master-env
+  upgrade-master-env
+
  backfile-kubeletauth-certs

  # Delete the master instance. Note that the master-pd is created
@ -102,6 +104,15 @@ function upgrade-master() {
  wait-for-master
 }

+function upgrade-master-env() {
+  echo "== Upgrading master environment variables. =="
+  # Generate the node problem detector token if it isn't present on the original
+  # master.
+ if [[ "${ENABLE_NODE_PROBLEM_DETECTOR:-}" == "standalone" && "${NODE_PROBLEM_DETECTOR_TOKEN:-}" == "" ]]; then
+    NODE_PROBLEM_DETECTOR_TOKEN=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null)
+  fi
+}
+
 # TODO(mikedanese): delete when we don't support < 1.6
 function backfile-kubeletauth-certs() {
  if [[ ! -z "${KUBEAPISERVER_CERT_BASE64:-}" && ! -z "${KUBEAPISERVER_CERT_BASE64:-}" ]]; then
@ -282,6 +293,8 @@ function prepare-node-upgrade() {
  KUBELET_CERT_BASE64=$(get-env-val "${node_env}" "KUBELET_CERT")
  KUBELET_KEY_BASE64=$(get-env-val "${node_env}" "KUBELET_KEY")

+  upgrade-node-env
+
  # TODO(zmerlynn): How do we ensure kube-env is written in a ${version}-
  #                 compatible way?
  write-node-env
@ -295,6 +308,17 @@ function prepare-node-upgrade() {
  echo "== Finished preparing node upgrade (to ${KUBE_VERSION}). ==" >&2
 }

+function upgrade-node-env() {
+  echo "== Upgrading node environment variables. =="
+  # Get the node problem detector token from master if it isn't present on
+  # the original node.
+  if [[ "${ENABLE_NODE_PROBLEM_DETECTOR:-}" == "standalone" && "${NODE_PROBLEM_DETECTOR_TOKEN:-}" == "" ]]; then
+    detect-master
+    local master_env=$(get-master-env)
+    NODE_PROBLEM_DETECTOR_TOKEN=$(get-env-val "${master_env}" "NODE_PROBLEM_DETECTOR_TOKEN")
+  fi
+}
+
 # Prereqs:
 # - prepare-node-upgrade should have been called successfully
 function do-node-upgrade() {