Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: Upgrade Bootstrap Tokens to beta when upgrading to v1.8 #51956

Merged
merged 1 commit into from
Sep 6, 2017
Merged

kubeadm: Upgrade Bootstrap Tokens to beta when upgrading to v1.8 #51956

merged 1 commit into from
Sep 6, 2017

Conversation

luxas
Copy link
Member

@luxas luxas commented Sep 5, 2017
edited
Loading

What this PR does / why we need it:

Makes sure the v1.7 -> v1.8 upgrade works regarding the Bootstrap Token alpha -> beta graduation.
Not much have to be done, but some LoC are needed to preserve the behaivor

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

Release note:

NONE

@kubernetes/sig-cluster-lifecycle-pr-reviews

@luxas luxas added this to the v1.8 milestone Sep 5, 2017
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Sep 5, 2017
@luxas luxas added the kind/bug Categorizes issue or PR as related to a bug. label Sep 5, 2017
@k8s-github-robot k8s-github-robot added the release-note-none Denotes a PR that doesn't merit a release note. label Sep 5, 2017
@jbeda
Copy link
Contributor

jbeda commented Sep 5, 2017

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 5, 2017
@dims
Copy link
Member

dims commented Sep 6, 2017

@jbeda - this needs a /approve no-issue please

@dims
Copy link
Member

dims commented Sep 6, 2017

/retest

@dims
Copy link
Member

dims commented Sep 6, 2017

@luxas looks like gofmt problems in verify. PTAL

@luxas luxas force-pushed the kubeadm_upgrade_bootstraptokens branch from 90484b8 to 311d748 Compare September 6, 2017 15:11
@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 6, 2017
@luxas
Copy link
Member Author

luxas commented Sep 6, 2017

@jbeda PTAL.
In v1.7 we used system:bootstrap-signer-clusterinfo as the Role name for cluster-info.
This PR now deletes that Role as well (it's now created as kubeadm:bootstrap-signer-clusterinfo), and deletes the associated RoleBinding so that it can be recreated with the right roleRef.

cc @mattmoyer

timothysc
timothysc reviewed Sep 6, 2017
View reviewed changes
cmd/kubeadm/app/constants/constants.go Outdated
@@ -123,8 +123,7 @@ const (
KubeConfigVolumeName = "kubeconfig"

// NodeBootstrapTokenAuthGroup specifies which group a Node Bootstrap Token should be authenticated in
// TODO: This should be changed in the v1.8 dev cycle to a node-BT-specific group instead of the generic Bootstrap Token group that is used now
NodeBootstrapTokenAuthGroup = "system:bootstrappers"
NodeBootstrapTokenAuthGroup = "system:bootstrappers:kubeadm:default-node-token"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if you use a kubeadm 1.8 version to deploy a 1.7 cluster will this work?

@jbeda
Copy link
Contributor

jbeda commented Sep 6, 2017

/approve no-issue

Please address comment from Tim before lgtm.

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 6, 2017
@roberthbailey
Copy link
Contributor

Please make sure kubeadm released with 1.8 still supports deploying 1.7 clusters as they are done today (e.g. with the same token names).

@luxas luxas force-pushed the kubeadm_upgrade_bootstraptokens branch from 311d748 to a455f99 Compare September 6, 2017 18:04
@luxas
Copy link
Member Author

luxas commented Sep 6, 2017

/retest

@mattmoyer @timothysc PTAL
This now works with v1.7 as well, thanks for spotting!

timothysc
timothysc approved these changes Sep 6, 2017
View reviewed changes
Copy link
Member

@timothysc timothysc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 6, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jbeda, luxas, timothysc

Associated issue requirement bypassed by: jbeda

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link
Contributor

@luxas: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-e2e-gce-bazel a455f99 link /test pull-kubernetes-e2e-gce-bazel

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 51956, 50708)

@k8s-github-robot k8s-github-robot merged commit 213c8c8 into kubernetes:master Sep 6, 2017
@luxas luxas mentioned this pull request Sep 7, 2017
Merged
k8s-github-robot pushed a commit that referenced this pull request Sep 7, 2017
Merge pull request #52086 from luxas/kubeadm_new_init_token_group
54d0d85 
Automatic merge from submit-queue

kubeadm: Set the new BT auth group on the init token

**What this PR does / why we need it**:

What I forgot to do in #51956 😅 
When we now have the new group, we should also set it on the token, otherwise nodes can't be joined

On the good side, our CI testing broke https://k8s-testgrid.appspot.com/sig-cluster-lifecycle#kubeadm-gce
Great to see that it actually works :)

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
@kubernetes/sig-cluster-lifecycle-pr-reviews
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timothysc timothysc timothysc approved these changes

@jbeda jbeda jbeda approved these changes

Assignees

@jbeda jbeda

@timothysc timothysc

@mattmoyer mattmoyer

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.8
Development

Successfully merging this pull request may close these issues.
8 participants
@luxas @jbeda @dims @roberthbailey @k8s-github-robot @k8s-ci-robot @timothysc @mattmoyer