From 7d7ffdb602c0fbf883b2f201c777be2f8e415440 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Thu, 10 May 2018 17:01:58 -0400 Subject: [PATCH] kubeadm - add preflight warning when using systemd-resolved --- cmd/kubeadm/app/preflight/BUILD | 1 + cmd/kubeadm/app/preflight/checks.go | 31 ++++++++++++++++++++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/cmd/kubeadm/app/preflight/BUILD b/cmd/kubeadm/app/preflight/BUILD index ae8a3d5db8e..10d066b6843 100644 --- a/cmd/kubeadm/app/preflight/BUILD +++ b/cmd/kubeadm/app/preflight/BUILD @@ -59,6 +59,7 @@ go_library( "//pkg/kubeapiserver/authorizer/modes:go_default_library", "//pkg/registry/core/service/ipallocator:go_default_library", "//pkg/util/initsystem:go_default_library", + "//pkg/util/procfs:go_default_library", "//pkg/util/version:go_default_library", "//pkg/version:go_default_library", "//test/e2e_node/system:go_default_library", diff --git a/cmd/kubeadm/app/preflight/checks.go b/cmd/kubeadm/app/preflight/checks.go index 34cf9bdccf8..51f5018d8f0 100644 --- a/cmd/kubeadm/app/preflight/checks.go +++ b/cmd/kubeadm/app/preflight/checks.go @@ -54,6 +54,7 @@ import ( authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes" "k8s.io/kubernetes/pkg/registry/core/service/ipallocator" "k8s.io/kubernetes/pkg/util/initsystem" + "k8s.io/kubernetes/pkg/util/procfs" versionutil "k8s.io/kubernetes/pkg/util/version" kubeadmversion "k8s.io/kubernetes/pkg/version" "k8s.io/kubernetes/test/e2e_node/system" @@ -867,6 +868,33 @@ func getEtcdVersionResponse(client *http.Client, url string, target interface{}) return err } +// ResolveCheck tests for potential issues related to the system resolver configuration +type ResolveCheck struct{} + +// Name returns label for ResolveCheck +func (ResolveCheck) Name() string { + return "Resolve" +} + +// Check validates the system resolver configuration +func (ResolveCheck) Check() (warnings, errors []error) { + glog.V(1).Infoln("validating the system resolver configuration") + + warnings = []error{} + + // procfs.PidOf only returns an error if the string passed is empty + // or there is an issue compiling the regex, so we can ignore it here + pids, _ := procfs.PidOf("systemd-resolved") + if len(pids) > 0 { + warnings = append(warnings, fmt.Errorf( + "systemd-resolved was detected, for cluster dns resolution to work "+ + "properly --resolv-conf=/run/systemd/resolve/resolv.conf must be set "+ + "for the kubelet. (/etc/systemd/system/kubelet.service.d/10-kubeadm.conf should be edited for this purpose)\n")) + } + + return warnings, errors +} + // RunInitMasterChecks executes all individual, applicable to Master node checks. func RunInitMasterChecks(execer utilsexec.Interface, cfg *kubeadmapi.MasterConfiguration, ignorePreflightErrors sets.String) error { // First, check if we're root separately from the other preflight checks and fail fast @@ -1010,7 +1038,8 @@ func addCommonChecks(execer utilsexec.Interface, cfg kubeadmapi.CommonConfigurat InPathCheck{executable: "socat", mandatory: false, exec: execer}, InPathCheck{executable: "tc", mandatory: false, exec: execer}, InPathCheck{executable: "touch", mandatory: false, exec: execer}, - criCtlChecker) + criCtlChecker, + ResolveCheck{}) } checks = append(checks, SystemVerificationCheck{CRISocket: cfg.GetCRISocket()},