kubeadm: decouple the bootstraptoken API from the kubeadm API #102964
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
approved
neolit123
force-pushed
the
1.22-decouple-bootstraptoken-api
branch
from
8c97641 to
6363000
Compare
|
/kind cleanup /cc @fabriziopandini |
k8s-ci-robot
added
kind/cleanup
|
/hold for review |
k8s-ci-robot
added
the
do-not-merge/hold
| @@ -0,0 +1,212 @@ | |||
| /* | |||
There was a problem hiding this comment.
these and the tests in utils_test.go are copied from the versioned / internal bootstrap* files.
| ) | ||
|
|
||
| // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. | ||
| func (in *BootstrapToken) DeepCopyInto(out *BootstrapToken) { |
There was a problem hiding this comment.
DeepCopyInto is needed because the BootstrapToken type is used in conversion in the "kubeadm" group.
neolit123
force-pushed
the
1.22-decouple-bootstraptoken-api
branch
3 times, most recently
from
28b7eac to
cb41d8f
Compare
k8s-ci-robot
added
the
lgtm
|
/retest |
| // and internal usage. It also automatically validates that the given token | ||
| // is of the right format | ||
| func NewBootstrapTokenString(token string) (*BootstrapTokenString, error) { | ||
| substrs := bootstraputil.BootstrapTokenRegexp.FindStringSubmatch(token) |
There was a problem hiding this comment.
Overall LGTM
/lgtm
When I go thought the code, I find IsValidBootstrapToken , BootstrapTokenRegexp are only used in /cmd/
Not sure if we need to move Regexp and isVaild func in kubernetes/staging/src/k8s.io/cluster-bootstrap/token/util/helpers.go to this utils.
And there is an old comment:
There was a problem hiding this comment.
originally we wanted the kubeadm bootstraptoken utils to live in k8s.io/cluster-bootstrap, but the idea was rejected with the argument that these introduce wrapper APIs that are kubeadm specific. only the bootstrap token Secret format matters as a specification and not the kubeadm originated BootstrapTokenString.
so what we ended up having is:
- generic utils that can be used outside of kubeadm and residing in a library under k8s.io/cluster-bootstrap
- kubeadm specific code in /cmd/kubeadm/...api including the one responsible converting token data <-> secret
overall what is in k8s.io/cluster-bootstrap is a library API at this point and moving it can be a breaking change to users, so we rather not do it.
things like BootstrapTokenRegexp and IsValidBootstrapToken makes sense to be in k8s.io/cluster-bootstrap. if someone wishes to use bootstrap tokens with their own bootstrap mechanism and without kubeadm.
the kubeadm "token data <-> secret" and other utils are quite useful but were not accepted in k8s.io/cluster-bootstrap.
There was a problem hiding this comment.
// TODO(dixudx): refactor this to util/secrets and util/tokens
this TODO seems still relevant as something that can be done in /staging/... /cluster-bootstrap, e.g. having to separate files tokens.go and secrets.go. i don't remember the discussions about it.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, pacoxu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
needs-rebase
|
i will rebase this later today. |
Package bootstraptoken contains an API and utilities wrapping the "bootstrap.kubernetes.io/token" Secret type to ease its usage in kubeadm. The API is released as v1, since these utilities have been part of a GA workflow for 10+ releases. The "bootstrap.kubernetes.io/token" Secret type is also GA.
- Make v1beta3 use bootstraptoken/v1 instead of local copies - Make the internal API use bootstraptoken/v1 - Update validation, /cmd, /util and other packages - Update v1beta2 conversion
Given bootstraptoken/v1 is now a separate GV, there is no need to duplicate the API and utilities inside v1beta3 and the internal version. v1beta2 must continue to use its internal copy due, since output/v1alpha1 embeds the v1beta2.BootstrapToken object. See issue 2427 in k/kubeadm.
neolit123
force-pushed
the
1.22-decouple-bootstraptoken-api
branch
from
41be23d to
622f69b
Compare
k8s-ci-robot
removed
lgtm
|
@pacoxu rebased; conflict was in v1beta3/doc.go |
|
/lgtm |
k8s-ci-robot
added
lgtm
|
/retest |
|
/retest Review the full test history for this PR. Silence the bot with an |
What this PR does / why we need it:
Since kubeadm started using bootstrap tokens for bootstrap, it included a wrapper API (BoostrapToken and BoostrapTokenString) + some utilities to convert to and from a v1.Secret.
This API + utilities were duplicated in both the public main kubeadm API (versioned) and the internal API used for conversion.
This is completely not needed if the same API + utilities are extracted to their own group, so that kubeadm can use this both externally and internally the same way it is using metav1 or corev1.
Which issue(s) this PR fixes:
xref kubernetes/kubeadm#2427
xref kubernetes/kubeadm#1796
Special notes for your reviewer:
better to review one commit at a time.
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: