-
Notifications
You must be signed in to change notification settings - Fork 40k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: Make kube-proxy tolerate the uninitialized cloud taint #49017
kubeadm: Make kube-proxy tolerate the uninitialized cloud taint #49017
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: luxas, timothysc No associated issue. Update pull-request body to add a reference to an issue, or get approval with The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
@luxas should we cherry-pick this one? |
a2baf1c
to
d0ab597
Compare
@timothysc yes |
Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808) |
@luxas - cherrypicking it makes sense to me, but it's not possible to automatically cherrypick it. If you want it, please created the cherrypick on your own. |
@wojtek-t I will do that. It makes sense to be able to run the cloud-controller-manager on kubeadm without having to change anything. |
Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
What this PR does / why we need it:
This is needed in order to start the cloud-controller-manager successfully. The cloud controller manager should run as a DaemonSet with a nodeSelector for master nodes. The cloud controller manager should run on the hostNetwork to avoid the bootstrap problem when there is no CNI network yet. But the cloud controller manager needs to know how to address the master. It does this by talking to the kubernetes service (e.g. 10.96.0.1). That iptables rule must exist at the time, which now isn't the case when kube-proxy isn't running. kube-proxy isn't running due to that the kubelet is tainted with the external cloud taint.
This PR makes kube-proxy tolerate the cloud taint, so that the cloud controller manager can run easily on kubeadm clusters.
This was found by @prydie, thanks!
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #Special notes for your reviewer:
This should probably be a cherrypick candidate so folks can use kubeadm to easily create external cloud clusters. The change is small and isolated.
cc @wojtek-t
Release note:
cc @kubernetes/sig-cluster-lifecycle-pr-reviews @wlan0 @thockin