- Replace usage of pkg/errors with the local util/errors.
- Run kinder/hack/orderimports tool from kubeadm repo to
order the imports in the source tree.
pkg/errors is archived and while there is go-errors/errors as
an alternative, it lacks wraping methods. kubeadm has
specific neends and it's better to implement something
minimal locally instead of introducing another depedency.
- Implement basic wrapped errors and stack trace support.
cmd/kubeadm/app/util/errors.
- Remove unused error codes >1. At some point it seems we broke
these and 1 was returned for all error types.
- Remove the Error type in preflight and separate the printing
of '[preflight]' message and the error return from preflight
checks.
- Print an 'error:' prefix for all errors.
Recently in PR 131741 the kubeadm fixture for cluster-info
in dryrun.go was updated to remove the 'preferences' struct.
This means that the hardcoded JWS signature of the cluster-info
fixture must also be updated.
Update the signature to the expected one to fix e2e
failures in dryrun-latest.
https://testgrid.k8s.io/sig-cluster-lifecycle-kubeadm#kubeadm-kinder-dryrun-latest
This commit introduces support for using ECDSA P-384 as an encryption
algorithm for generating certificates and keys within kubeadm.
The following changes are included:
- Defined the `EncryptionAlgorithmECDSAP384` constant in the kubeadm API types.
- Updated API documentation to reflect the new algorithm option ("ECDSA-P384").
- Added validation for `ECDSA-P384` in the cluster configuration.
- Implemented key generation logic for ECDSA P-384 keys in `pkiutil`
(using `elliptic.P384()`).
- Added corresponding unit tests to verify the new algorithm's functionality
in `pkiutil`.
This allows users to choose ECDSA P-384 for
kubeadm-managed clusters.
Add metrics for compatibility version for kube-apiserver, kube-scheduler, and kube-controller-manager.
Signed-off-by: Michael Aspinwall <maspinwall@google.com>
kubectl command construction is slowly getting more functionality which
sometimes requires to log certain actions. Currently we parse the
verbosity only when actually running the command, so all of construction
code is not able to use -v=5. This commit adds the manual parsing and
loglevel setting berore we even start creating the kubectl command.
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
IPv6 should also be checked if it is globally enabled. On nftables, today this
is hardcoded, so if a Linux Kernel disables IPv6 during its boot or doesn't
have IPv6 compiled, it will still try to use IPv6, which can lead to some
unexpected errors.
This change verifies if IPv6 is enabled by checking if the IPv6 network interfaces
proc file is available
