kubeadm: Remove old feature gates and unused functions

cmd/kubeadm/app/constants/constants.go

@@ -107,11 +107,5 @@ var (
 	DefaultTokenUsages = []string{"signing", "authentication"}
 
 	// MinimumControlPlaneVersion specifies the minimum control plane version kubeadm can deploy
-	MinimumControlPlaneVersion = version.MustParseSemantic("v1.6.0")
-
-	// MinimumCSRSARApproverVersion specifies the minimum kubernetes version that can be used for enabling the new-in-v1.7 CSR approver based on a SubjectAccessReview
-	MinimumCSRSARApproverVersion = version.MustParseSemantic("v1.7.0-beta.0")
-
-	// MinimumAPIAggregationVersion specifies the minimum kubernetes version that can be used enabling the API aggregation in the apiserver and the front proxy flags
-	MinimumAPIAggregationVersion = version.MustParseSemantic("v1.7.0-alpha.1")
+	MinimumControlPlaneVersion = version.MustParseSemantic("v1.7.0")
 )

cmd/kubeadm/app/master/BUILD

@@ -22,7 +22,6 @@ go_library(
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/images:go_default_library",
         "//cmd/kubeadm/app/util/kubeconfig:go_default_library",
-        "//pkg/bootstrap/api:go_default_library",
         "//pkg/kubeapiserver/authorizer/modes:go_default_library",
         "//pkg/kubectl/cmd/util:go_default_library",
         "//pkg/kubelet/types:go_default_library",

cmd/kubeadm/app/master/manifests.go

@@ -34,7 +34,6 @@ import (
 	kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/images"
-	bootstrapapi "k8s.io/kubernetes/pkg/bootstrap/api"
 	authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
 	cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 	kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
@@ -48,14 +47,9 @@ const (
 	defaultv17AdmissionControl = "Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota"
 
 	etcd                  = "etcd"
-	apiServer             = "apiserver"
-	controllerManager     = "controller-manager"
-	scheduler             = "scheduler"
-	proxy                 = "proxy"
 	kubeAPIServer         = "kube-apiserver"
 	kubeControllerManager = "kube-controller-manager"
 	kubeScheduler         = "kube-scheduler"
-	kubeProxy             = "kube-proxy"
 )
 
 // WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk
@@ -313,22 +307,7 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod {
 	}
 }
 
-func getComponentBaseCommand(component string) []string {
-	if kubeadmapi.GlobalEnvParams.HyperkubeImage != "" {
-		return []string{"/hyperkube", component}
-	}
-
-	return []string{"kube-" + component}
-}
-
 func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k8sVersion *version.Version) []string {
-	var command []string
-
-	// self-hosted apiserver needs to wait on a lock
-	if selfHosted {
-		command = []string{"/usr/bin/flock", "--exclusive", "--timeout=30", "/var/lock/api-server.lock"}
-	}
-
 	defaultArguments := map[string]string{
 		"insecure-port":                     "0",
 		"admission-control":                 defaultv17AdmissionControl,
@@ -350,14 +329,11 @@ func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k
 		"requestheader-extra-headers-prefix": "X-Remote-Extra-",
 		"requestheader-client-ca-file":       filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyCACertName),
 		"requestheader-allowed-names":        "front-proxy-client",
-	}
-	if k8sVersion.AtLeast(kubeadmconstants.MinimumAPIAggregationVersion) {
-		// add options which allow the kube-apiserver to act as a front-proxy to aggregated API servers
-		defaultArguments["proxy-client-cert-file"] = filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientCertName)
-		defaultArguments["proxy-client-key-file"] = filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientKeyName)
+		"proxy-client-cert-file":             filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientCertName),
+		"proxy-client-key-file":              filepath.Join(cfg.CertificatesDir, kubeadmconstants.FrontProxyClientKeyName),
 	}
 
-	command = getComponentBaseCommand(apiServer)
+	command := []string{"kube-apiserver"}
 	command = append(command, getExtraParameters(cfg.APIServerExtraArgs, defaultArguments)...)
 	command = append(command, getAuthzParameters(cfg.AuthorizationModes)...)
 
@@ -397,28 +373,18 @@ func getAPIServerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k
 }
 
 func getEtcdCommand(cfg *kubeadmapi.MasterConfiguration) []string {
-	var command []string
-
 	defaultArguments := map[string]string{
 		"listen-client-urls":    "http://127.0.0.1:2379",
 		"advertise-client-urls": "http://127.0.0.1:2379",
 		"data-dir":              cfg.Etcd.DataDir,
 	}
 
-	command = append(command, "etcd")
+	command := []string{"etcd"}
 	command = append(command, getExtraParameters(cfg.Etcd.ExtraArgs, defaultArguments)...)
-
 	return command
 }
 
 func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool, k8sVersion *version.Version) []string {
-	var command []string
-
-	// self-hosted controller-manager needs to wait on a lock
-	if selfHosted {
-		command = []string{"/usr/bin/flock", "--exclusive", "--timeout=30", "/var/lock/controller-manager.lock"}
-	}
-
 	defaultArguments := map[string]string{
 		"address":                          "127.0.0.1",
 		"leader-elect":                     "true",
@@ -430,13 +396,8 @@ func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted
 		"use-service-account-credentials":  "true",
 		"controllers":                      "*,bootstrapsigner,tokencleaner",
 	}
-	if k8sVersion.LessThan(kubeadmconstants.MinimumCSRSARApproverVersion) {
-		// enable the former CSR group approver for v1.6 clusters.
-		// TODO(luxas): Remove this once we're targeting v1.8 at HEAD
-		defaultArguments["insecure-experimental-approve-all-kubelet-csrs-for-group"] = bootstrapapi.BootstrapGroup
-	}
 
-	command = getComponentBaseCommand(controllerManager)
+	command := []string{"kube-controller-manager"}
 	command = append(command, getExtraParameters(cfg.ControllerManagerExtraArgs, defaultArguments)...)
 
 	if cfg.CloudProvider != "" {
@@ -453,27 +414,18 @@ func getControllerManagerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted
 	if cfg.Networking.PodSubnet != "" {
 		command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+cfg.Networking.PodSubnet)
 	}
-
 	return command
 }
 
 func getSchedulerCommand(cfg *kubeadmapi.MasterConfiguration, selfHosted bool) []string {
-	var command []string
-
-	// self-hosted apiserver needs to wait on a lock
-	if selfHosted {
-		command = []string{"/usr/bin/flock", "--exclusive", "--timeout=30", "/var/lock/api-server.lock"}
-	}
-
 	defaultArguments := map[string]string{
 		"address":      "127.0.0.1",
 		"leader-elect": "true",
 		"kubeconfig":   filepath.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeadmconstants.SchedulerKubeConfigFileName),
 	}
 
-	command = getComponentBaseCommand(scheduler)
+	command := []string{"kube-scheduler"}
 	command = append(command, getExtraParameters(cfg.SchedulerExtraArgs, defaultArguments)...)
-
 	return command
 }
 

cmd/kubeadm/app/master/manifests_test.go

@@ -478,35 +478,6 @@ func TestComponentPod(t *testing.T) {
 	}
 }
 
-func TestGetComponentBaseCommand(t *testing.T) {
-	var tests = []struct {
-		c        string
-		expected []string
-	}{
-		{
-			c:        "foo",
-			expected: []string{"kube-foo", "--v=2"},
-		},
-		{
-			c:        "bar",
-			expected: []string{"kube-bar", "--v=2"},
-		},
-	}
-
-	for _, rt := range tests {
-		actual := getComponentBaseCommand(rt.c)
-		for i := range actual {
-			if actual[i] != rt.expected[i] {
-				t.Errorf(
-					"failed getComponentBaseCommand:\n\texpected: %s\n\t  actual: %s",
-					rt.expected[i],
-					actual[i],
-				)
-			}
-		}
-	}
-}
-
 func TestGetAPIServerCommand(t *testing.T) {
 	var tests = []struct {
 		cfg      *kubeadmapi.MasterConfiguration
@@ -567,9 +538,9 @@ func TestGetAPIServerCommand(t *testing.T) {
 				"--secure-port=123",
 				"--allow-privileged=true",
 				"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
+				"--experimental-bootstrap-token-auth=true",
 				"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
 				"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
-				"--experimental-bootstrap-token-auth=true",
 				"--requestheader-username-headers=X-Remote-User",
 				"--requestheader-group-headers=X-Remote-Group",
 				"--requestheader-extra-headers-prefix=X-Remote-Extra-",
@@ -726,25 +697,6 @@ func TestGetControllerManagerCommand(t *testing.T) {
 				"--controllers=*,bootstrapsigner,tokencleaner",
 			},
 		},
-		{
-			cfg: &kubeadmapi.MasterConfiguration{
-				CertificatesDir:   testCertsDir,
-				KubernetesVersion: "v1.6.4",
-			},
-			expected: []string{
-				"kube-controller-manager",
-				"--address=127.0.0.1",
-				"--leader-elect=true",
-				"--kubeconfig=" + kubeadmapi.GlobalEnvParams.KubernetesDir + "/controller-manager.conf",
-				"--root-ca-file=" + testCertsDir + "/ca.crt",
-				"--service-account-private-key-file=" + testCertsDir + "/sa.key",
-				"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
-				"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
-				"--use-service-account-credentials=true",
-				"--controllers=*,bootstrapsigner,tokencleaner",
-				"--insecure-experimental-approve-all-kubelet-csrs-for-group=system:bootstrappers",
-			},
-		},
 		{
 			cfg: &kubeadmapi.MasterConfiguration{
 				CloudProvider:     "foo",
@@ -998,18 +950,3 @@ func TestGetExtraParameters(t *testing.T) {
 		}
 	}
 }
-
-func TestVersionCompare(t *testing.T) {
-	versions := []string{
-		"v1.7.0-alpha.1",
-		"v1.7.0-beta.0",
-		"v1.7.0-rc.0",
-		"v1.7.0",
-		"v1.7.1",
-	}
-	for _, v := range versions {
-		if !version.MustParseSemantic(v).AtLeast(kubeadmconstants.MinimumAPIAggregationVersion) {
-			t.Errorf("err")
-		}
-	}
-}