error out empty hostname #64815
error out empty hostname #64815
Conversation
k8s-ci-robot
added
the
release-note
k8s-ci-robot
added
size/S
|
root@server-01:~# cat /proc/sys/kernel/hostname
server-01
root@server-01:~# vim /proc/sys/kernel/hostname
root@server-01:~# echo " " > /proc/sys/kernel/hostname
root@server-01:~# cat /proc/sys/kernel/hostname
After overwritten, |
|
@seh FYI. |
|
My hostnames don’t have any white space in them, but kubeadm still fails to detect them properly. echo "|$(cat /proc/sys/kernel/hostname)|"
|ip-10-103-0-147|Hence, this patch cannot fix kubernetes/kubeadm#835. |
pkg/util/node/node.go
Outdated
| // For linux, the hostname is read from file /proc/sys/kernel/hostname directly | ||
| hostname = strings.TrimSpace(hostname) | ||
| if len(hostname) == 0 { | ||
| glog.Fatalf("Empty hostname is invalid") |
There was a problem hiding this comment.
I don't like the use of glog.Fatalf here. It calls os.Exit and I perceive this as a bad thing. It does not allow for any error handling or recovery here. A panic or returning an error might be better.
There was a problem hiding this comment.
+1 we should Errorf and pass back the error like everything else.
There was a problem hiding this comment.
@dixudx - re-ping are you going to fix this ^
pkg/util/node/node.go
Outdated
| // For linux, the hostname is read from file /proc/sys/kernel/hostname directly | ||
| hostname = strings.TrimSpace(hostname) | ||
| if len(hostname) == 0 { | ||
| glog.Fatalf("Empty hostname is invalid") |
There was a problem hiding this comment.
+1 we should Errorf and pass back the error like everything else.
Right. So
We could surface the fix in kubeadm. But IMO that's not a real fix. |
|
@dixudx at this point, the only thing we can do is to try to surface the fix in kubeadm. We can't go ahead and do a large potentially very disruptive change now. If we have some easy fix locally in the kubeadm code to ease this problem we can do it, otherwise not. |
@seh Have you tried to test locally with this fix. |
|
No, I haven't tested it. The solution to kubernetes/kubeadm#835 is not have kubeadm fail more frequently; it's to have kubeadm detect the machine's hostname properly. The machines in question have a hostname, those hostnames do not contain spaces, and the /proc/sys/kernel/hostname files do not contain any whitespace. Hence, this fix is not pertinent to the problem I described in kubernetes/kubeadm#835. I'm not saying that your change here isn't worthy of inclusion, but let's not claim that it fixes kubernetes/kubeadm#835. |
k8s-ci-robot
added
the
needs-rebase
|
@dixudx should we close this? |
|
@luxas Shall we make this as a common check, not only for |
k8s-ci-robot
removed
the
needs-rebase
|
@luxas The hostname checking is necessary, not only for kubeadm. For users that deploying clusters using other scripts, tightening the checking will help avoid potential issues. |
|
@smarterclayton PTAL. Thanks |
|
The comment about returning an error is appropriate. Utility code should not invoke glog.Fatalf or panic. |
k8s-ci-robot
added
the
lgtm
|
/retest |
1 similar comment
|
/retest |
|
/test pull-kubernetes-local-e2e-containerized poke @smarterclayton for approval. |
k8s-ci-robot
removed
the
lgtm
|
@timothysc @smarterclayton Rebased. PTAL. Thanks. |
|
/retest |
k8s-ci-robot
added
the
lgtm
|
@dixudx suggesting release note: |
cmd/kubelet/app/server.go
Outdated
| @@ -784,7 +788,11 @@ func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletCo | |||
| return nil, err | |||
| } | |||
| if !canReadCertAndKey { | |||
| cert, key, err := certutil.GenerateSelfSignedCertKey(nodeutil.GetHostname(kf.HostnameOverride), nil, nil) | |||
| nodeName, err := nodeutil.GetHostname(kf.HostnameOverride) | |||
There was a problem hiding this comment.
This is the wrong name for the variable.
|
Can this break existing clusters that have empty hostnames? If I have a 1.11 cluster, won't my nodes start? If so, when they upgrade to 1.12 with this PR, wouldn't it break those clusters? |
|
New changes are detected. LGTM label has been removed. |
k8s-ci-robot
removed
the
lgtm
@smarterclayton No, it won't break any existing clusters. The reason is that, for running clusters, the node name won't be empty. Because k8s won't allow node with empty node name when registering, right? kubernetes/pkg/apis/core/validation/validation.go Lines 4076 to 4080 in 8e2d37e This means for existing clusters with empty hostnames, the node name must be override already. And for those clusters with hostname override, this PR has no effect at all. IMO, it's quite safe to merge this PR. |
|
ok /approve |
k8s-ci-robot
added
the
approved
|
ping @timothysc for lgtm. Thanks. |
|
/lgtm . Thx for your patience @dixudx ! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dixudx, smarterclayton, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
timothysc
added
the
lgtm
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
For linux, the hostname is read from file
/proc/sys/kernel/hostnamedirectly, which can be overwritten with whitespaces.Should error out such invalid hostnames.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes kubernetes/kubeadm#835
Special notes for your reviewer:
/cc luxas timothysc
Release note: