kubeadm: add configuration option to not taint master #55479
Conversation
k8s-ci-robot
added
release-note
|
/area kubeadm |
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
k8s-github-robot
added
the
needs-rebase
ijc
force-pushed
the
kubeadm-optional-master-taint
branch
from
c97d7ff to
6fe3505
Compare
k8s-github-robot
removed
the
needs-rebase
There was a problem hiding this comment.
cc @kubernetes/sig-cluster-lifecycle-pr-reviews
I'm sorry @ijc, it might be too late to get this into v1.9 at this time I think.
If you can make the SIG meeting tomorrow or the kubeadm meeting on Weds though; we might be able to briefly discuss it and prioritize accordingly.
I'm sorry that no-one responded to this earlier, but we didn't get notified. ^ is the Github team tag to use for getting the notification across to the right people
k8s-ci-robot
added
the
sig/cluster-lifecycle
|
@luxas thanks, I think this isn't terribly urgent for 1.9, so long as it is on the train for 1.10, we can live with the workaround we have for now. I'll aim to make it to the |
|
Sorry, I never made it to the Wednesday meeting last year, things were a bit hectic. Is now the right time in the v1.10 release cycle to revisit this? (I think/hope so based on kubeadm). Despite being 1500+ commits behind this still appears to still merge cleanly. Perhaps I should rebase nonetheless? (I'll check it still builds when merged with master in any case) cc @luxas @kubernetes/sig-cluster-lifecycle-pr-reviews |
|
@ijc: Reiterating the mentions to trigger a notification: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@ijc have you had a chance to do that yet? |
Nope. Shall I infer from your question that you think I should? |
ijc
force-pushed
the
kubeadm-optional-master-taint
branch
from
6fe3505 to
38fa58a
Compare
@errordeveloper I decided that I could/should and have rebased and done a force push. |
|
/test pull-kubernetes-verify |
|
/test pull-kubernetes-verify |
|
see also: prometheus/common#17 |
|
Lets see if bitbucket became happier overnight: |
|
@errordeveloper seems the tests are passing now. |
| @@ -75,7 +75,7 @@ func NewCmdMarkMaster() *cobra.Command { | |||
| client, err := kubeconfigutil.ClientSetFromFile(kubeConfigFile) | |||
| kubeadmutil.CheckErr(err) | |||
|
|
|||
| err = markmasterphase.MarkMaster(client, internalcfg.NodeName) | |||
| err = markmasterphase.MarkMaster(client, internalcfg.NodeName, true) | |||
There was a problem hiding this comment.
Does this means a master taint is added by default?
Shall we add an option NoTaintMaster for this as well?
There was a problem hiding this comment.
I suppose we might as well, I'll do this too.
| @@ -383,7 +383,7 @@ func (i *Init) Run(out io.Writer) error { | |||
| } | |||
|
|
|||
| // PHASE 4: Mark the master with the right label/taint | |||
| if err := markmasterphase.MarkMaster(client, i.cfg.NodeName); err != nil { | |||
| if err := markmasterphase.MarkMaster(client, i.cfg.NodeName, !i.cfg.NoTaintMaster); err != nil { | |||
There was a problem hiding this comment.
Should add a BoolVar flag no-taint-master to AddInitConfigFlags.
If not, cfg.NoTaintMaster will always be false and cannot be override by parsing arguments.
There was a problem hiding this comment.
cfg.NoTaintMaster can be set in the config file. For testing I have /etc/kubeadm/kubeadm.yaml containing:
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
kubernetesVersion: v1.9.1
noTaintMaster: trueand am running kubeadm init --config /etc/kubeadm/kubeadm.yaml.
My understanding was that the config file mechanism was the future and the CLI variants were deprecated, perhaps I understood wrongly? I'll add the lines to AddInitConfigFlags, it looks like it will be pretty straightforward.
There was a problem hiding this comment.
My understanding was that the config file mechanism was the future and the CLI variants were deprecated
I agree. But for now, we still use arguments. @luxas WDYT?
|
@dixudx I added |
|
Why is the post provision step not sufficient? |
k8s-github-robot
added
the
needs-rebase
|
@timothysc I figured minikube and docker for mac between them were not that all that exceptional and a post provision step is one more thing to do wrong/differently or to bit rot. d4m would certainly use this functionality if it were available (I don't know about minikube, I'm only speculating that it would be useful for that use case too). I'll hold off on the rebase until we've decided whether or not this is a worthwhile change. |
timothysc
assigned timothysc and errordeveloper and unassigned lukemarsden and mikedanese
|
I agree that this is very useful. |
|
Ping @luxas / @timothysc — is it worth my rebasing this PR? |
|
@ijc yes please. |
ijc
force-pushed
the
kubeadm-optional-master-taint
branch
from
2cda9bc to
52af642
Compare
k8s-github-robot
removed
the
needs-rebase
|
@timothysc rebase done and force pushed, thanks. |
cmd/kubeadm/app/cmd/init.go
Outdated
| @@ -197,6 +197,8 @@ func AddInitConfigFlags(flagSet *flag.FlagSet, cfg *kubeadmapiext.MasterConfigur | |||
| flagSet.Var(utilflag.NewMapStringString(&cfg.APIServerExtraArgs), "apiserver-extra-args", "A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value>") | |||
| flagSet.Var(utilflag.NewMapStringString(&cfg.ControllerManagerExtraArgs), "controller-manager-extra-args", "A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value>") | |||
| flagSet.Var(utilflag.NewMapStringString(&cfg.SchedulerExtraArgs), "scheduler-extra-args", "A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value>") | |||
|
|
|||
| flagSet.BoolVar(&cfg.NoTaintMaster, "no-taint-master", cfg.NoTaintMaster, "Do not taint the master node.") | |||
There was a problem hiding this comment.
@errordeveloper - ping here, b/c you were making the case for it, but there is a push to try and not add any new flags. /cc @luxas
There was a problem hiding this comment.
I added the flags after it was requested in #55479 (comment), but I deliberately kept it as a separate commit which could easily be dropped.
There was a problem hiding this comment.
I agree with the push back on new flags, so perhaps we could add just the config file field for now.
k8s-github-robot
added
the
needs-rebase
ijc
force-pushed
the
kubeadm-optional-master-taint
branch
from
52af642 to
24bb0d5
Compare
k8s-github-robot
removed
the
needs-rebase
Although tainting the master is normally a good and proper thing to do in some situations (docker for mac in our case, but I suppose minikube and such as well) having a single host configuration is desirable. In linuxkit we have a [workaround](https://github.com/linuxkit/linuxkit/blob/443e47c408cad0f1b29a457700d15b2c85ec407f/projects/kubernetes/kubernetes/kubeadm-init.sh#L19...L22) to remove the taint after initialisation. With the change here we could simply populate /etc/kubeadm/kubeadm.yaml` with `noTaintMaster: true` instead and have it never be tainted in the first place. I have only added this to the config file and not to the CLI since AIUI the latter is somewhat deprecated. The code also arranges to _remove_ an existing taint if it is unwanted. I'm unsure if this behaviour is correct or desirable, I think a reasonable argument could be made for leaving an existing taint in place too. Signed-off-by: Ian Campbell <ijc@docker.com>
ijc
force-pushed
the
kubeadm-optional-master-taint
branch
from
24bb0d5 to
a4e00ff
Compare
|
I've backed out the commit which added the new flags. I kept one of the hunks in cmd/kubeadm/app/cmd/phases/markmaster.go (by folding it into the first patch) since I think it is clearer that way than hardcoding |
|
/lgtm Thanks, Ian :) |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: errordeveloper, ijc, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these OWNERS Files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
Automatic merge from submit-queue (batch tested with PRs 59767, 56454, 59237, 59730, 55479). If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
Although tainting the master is normally a good and proper thing to do in some situations (docker for mac in our case, but I suppose minikube and such as well) having a single host configuration is desirable.
In linuxkit we have a workaround to remove the taint after initialisation. With the change here we could simply populate
/etc/kubeadm/kubeadm.yamlwithnoTaintMaster: trueinstead and have it never be tainted in the first place.I have only added this to the config file and not to the CLI since AIUI the latter is somewhat deprecated.
The code also arranges to remove an existing taint if it is unwanted. I'm unsure if this behaviour is correct or desirable, I think a reasonable argument could be made for leaving an existing taint in place too.
Signed-off-by: Ian Campbell ijc@docker.com
Release note:
Since the requirement for this option is rather niche and not best practice in the majority of cases I'm not sure if it warrants mentioning in the release notes? If it were then perhaps