validate AdvertiseAddress in kubeadm init and other case #56956
Conversation
k8s-ci-robot
added
release-note-none
|
/sig kubeadm |
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
|
@Lion-Wei, thanks for this PR!
What do you think about? |
|
@fabriziopandini Thanks for replying. I'm not sure if make |
|
@Lion-Wei I'm not completely sure where apiserver-advertise-address is used. I know it's used in the kube-proxy config where supporting a DNS name should be trivial and is required to connect to a ELB on AWS since they don't have static IPs. The apiserver-advertise-address might be used in other place where it's harder to support this. If that's the case, maybe we should have a different flag for 'everything it can use a DNS name'? |
|
So this is a requirement for HA and probably blocking kubernetes/kubeadm#261 /cc @luxas |
|
@discordianfish : you're refering to kubernetes/kubeadm#261, right? |
|
@petergardfjall Oops, right. Thanks, fixed it! |
|
@Lion-Wei @discordianfish Even if the advertise address is used in few parts of the kubeadm codebase, in the majority of cases no change are required because the value is used as a string.
|
|
@fabriziopandini Thanks. |
|
@Lion-Wei as discussed in SIG-meeting today, we should go for raising a validation error if a dns name is passed to If the user should use dns names he can always use Thanks again for your availability to change the PR in this direction; if you need additional info or help in changing the PR feel free to ping me on slack. |
|
@fabriziopandini Should I open a new issue for a option to set the kube-proxy endpoint? |
|
@fabriziopandini Thanks for your attention. I will do that ASAP. |
|
To clarify this:
|
|
@discordianfish please open a issue for the the kube-proxy endpoint in https://github.com/kubernetes/kubeadm/issues |
|
@fabriziopandini , I found it's little complicated. Because we will set |
|
@Lion-Wei |
k8s-ci-robot
added
size/M
| @@ -51,6 +52,10 @@ func EnsureProxyAddon(cfg *kubeadmapi.MasterConfiguration, client clientset.Inte | |||
| return fmt.Errorf("error when creating kube-proxy service account: %v", err) | |||
| } | |||
|
|
|||
| // validate cfg.API.AdvertiseAddress. | |||
| if err := validation.ValidateApiserverAdvertiseAddress(cfg.API.AdvertiseAddress); err != nil { | |||
There was a problem hiding this comment.
The addon phase is called by three commands: init, upgrade, and phase addon; all this command executes
SetInitDynamicDefaults (that executes a first validation of the apiserver) before invoking EnsureProxyAddon (that execute a second validation)
If possible, please remove the second validation; the same apply to other phases as well
There was a problem hiding this comment.
That't true, thanks, sorry didn't notice. : (
Then I guess there don't have other case to validate this flag.
There was a problem hiding this comment.
@fabriziopandini Besides, need I add unit test of this case? Seems like masterconfig.go don't have any unit test.
k8s-github-robot
removed
the
lgtm
|
@fabriziopandini , kindly ping, need another /lgtm. : ) |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
ping @krousey @luxas @timothysc for approval |
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
added
size/XS
k8s-github-robot
removed
the
lgtm
|
Friendly ping @fabriziopandini @krousey . Since this has been ready for a while. |
|
@Lion-Wei sorry I missed the lgtm removed |
k8s-ci-robot
added
sig/cluster-lifecycle
|
/test pull-kubernetes-typecheck |
|
/test all |
|
friendly ping @jbeda @timothysc ,looking forward for approve. : ) |
|
/test all |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fabriziopandini, Lion-Wei, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
@Lion-Wei: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
When using
kubeadm init --apiserver-advertise-address=****,apiserver-advertise-address` can only be ipv4 or ipv6 address, if people use domain name in this field, will not use it and silently get hostIP.Add a warning in this case.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes kubernetes/kubeadm#590
Special notes for your reviewer:
Release note: