During kubeadm join in 1.30 kubeadm started respecting
the kubeletconfiguration healthz address/port. Previously
it hardcoded the health check to localhost:defaultport.
A corner case was not handled where the user applies --patches
on join to modify the local kubeletconfiguration. This results
in kubeletconfiguration patch target patches not being applied to
the KubeletConfiguration in memory and the health check
running on the address:port which are present in the kubelet-config
configmap.
Fix that by explicitly calling a new function to patch the
KubeletConfiguration in memory. This is scoped to only handle
the healthz checks *after* the kubelet config.yaml was already
patched and written to disk.
Currently, there are some unit tests that are failing on Windows due
to various reasons:
- IPVS proxy mode is not supported on Windows.
- pkg/kubelet/cri/remote was moved to cri-client.
v1beta3.ClusterConfiguration.APIServer.TimeoutForControlPlane
must be migrated to {Init|Join}Configuration.Timeouts.
.ControlPlaneComponentHealthCheck.
To achieve this sort of cross-Kind migration do the following:
- Use a temporary, thread-safe variable in timeoututils.go
- Make the order of GVKs in documentMapToInitConfiguration
deterministic.
Flags for kubeadm init such as --apiserver-extra-args prior
to v1beta4 used a map[string]string for pflag.Value storage. This no
longer works since v1beta4 extra args are a slice of Arg.
Add a new flag type argSlice and implement a solution for
parsing these flags.
At the same time deprecate these flags and show a warning
that users should use config.
Instead of defaulting ExtraEnvs for CP components to an empty
slice when converting from/to v1beta3 keep it nil.
This allows for expecting a nil value in the internal
config, similarly to ExtraArgs.
- Include some more examples related to v1beta4 in the doc.go.
- Fix some typos in v1beta4 field comments.
- Add missing JSON tag for UpgradeConfiguration.Apply.SkipPhases.
After the introduction of v1beta4 if the user inputs the old
v1beta3 discovery timeout the value is ignored. Fix that
by introducing a conversion to v1beta4.
Co-authored-by: penghez (GitHub handle)
When the PublicKeysECDSA feature gate is used or the new
v1beta4.ClusterConfiguration.EncryptionAlgorithm field is used
with "ECDSA-P256" as value, make sure that this is reflected
in the "cert spec" used to generate private keys and they end
up as "EC keys".
When doing a kubelet health check on init/join, do not
hardcode the "localhost" address. Instead, use the
KubeletConfiguration HealthzBindAddress and HealthzPort
fields.
