Add warning when --certificate-key is set and --control-plane is not. #83661
Conversation
k8s-ci-robot
added
release-note-none
|
Hi @jfbai. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
There was a problem hiding this comment.
Thanks @jfbai !
Indeed this is a known UX problem. Unfortunately, I don't think, that this is the correct way of solving it.
The best way, in my opinion, is to just force JoinConfiguration.ControlPlane to be non-nil in case some of the control plane phases of join are invoked manually (as is the case here).
@fabriziopandini @neolit123 @ereslibre WDYT?
| @@ -342,6 +342,9 @@ func newJoinData(cmd *cobra.Command, args []string, opt *joinOptions, out io.Wri | |||
|
|
|||
| // if not joining a control plane, unset the ControlPlane object | |||
| if !opt.controlPlane { | |||
| if len(opt.externalcfg.ControlPlane.CertificateKey) > 0 { | |||
| klog.Warningf("[preflight] WARNING: %s will be ignored when %s is not set.", options.CertificateKey, options.ControlPlane) | |||
| } | |||
There was a problem hiding this comment.
long term, we should not bind more logic related to flags and flags mixtures.
some day, ideally, we should move all flags to configuration-only and configuration patching.
cmd/kubeadm/app/cmd/join.go
Outdated
| @@ -342,6 +342,9 @@ func newJoinData(cmd *cobra.Command, args []string, opt *joinOptions, out io.Wri | |||
|
|
|||
| // if not joining a control plane, unset the ControlPlane object | |||
| if !opt.controlPlane { | |||
| if len(opt.externalcfg.ControlPlane.CertificateKey) > 0 { | |||
There was a problem hiding this comment.
i think ControlPlane can be nil here?
There was a problem hiding this comment.
If --control-plane is false, we are ignoring all the configurations under opt.externalcfg.ControlPlane (bot certificateKey and localAPIEndpoint)
So IMO the check and the message should be made more generic e.g
if !opt.controlPlane {
if opt.externalcfg.ControlPlane!=nil {
klog.Warningf("[preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when %s flag is not set.", options.ControlPlane)
}
}
i would prefer a different solution instead of the flag mixture warning.
this would make the |
cmd/kubeadm/app/cmd/join.go
Outdated
| @@ -342,6 +342,9 @@ func newJoinData(cmd *cobra.Command, args []string, opt *joinOptions, out io.Wri | |||
|
|
|||
| // if not joining a control plane, unset the ControlPlane object | |||
| if !opt.controlPlane { | |||
| if len(opt.externalcfg.ControlPlane.CertificateKey) > 0 { | |||
| @@ -342,6 +342,9 @@ func newJoinData(cmd *cobra.Command, args []string, opt *joinOptions, out io.Wri | |||
|
|
|||
| // if not joining a control plane, unset the ControlPlane object | |||
| if !opt.controlPlane { | |||
| if len(opt.externalcfg.ControlPlane.CertificateKey) > 0 { | |||
| klog.Warningf("[preflight] WARNING: %s will be ignored when %s is not set.", options.CertificateKey, options.ControlPlane) | |||
| } | |||
cmd/kubeadm/app/cmd/join.go
Outdated
| @@ -342,6 +342,9 @@ func newJoinData(cmd *cobra.Command, args []string, opt *joinOptions, out io.Wri | |||
|
|
|||
| // if not joining a control plane, unset the ControlPlane object | |||
| if !opt.controlPlane { | |||
| if len(opt.externalcfg.ControlPlane.CertificateKey) > 0 { | |||
| klog.Warningf("[preflight] WARNING: %s will be ignored when %s is not set.", options.CertificateKey, options.ControlPlane) | |||
There was a problem hiding this comment.
If we think that we should force --control-plane when providing cert. key, I think we should error here.
There was a problem hiding this comment.
Sorry, I am a bit confused. Do we prefer to force ControlPlane to non-nil or error and exits?
There was a problem hiding this comment.
i will add this for a discussion for our next kubeadm meeting and we will hopefully have a good answer in the next couple of days.
|
/assign @fabriziopandini |
There was a problem hiding this comment.
@jfbai thanks for this contribution
I think that while we get agreement on a more generalized solution (sew issue kubernetes/kubeadm#1442 for a similar use case), I think that giving a warning to users is a good idea.
I only added a suggestion to make the check/the warning more generic, then lgtm from my side
cmd/kubeadm/app/cmd/join.go
Outdated
| @@ -342,6 +342,9 @@ func newJoinData(cmd *cobra.Command, args []string, opt *joinOptions, out io.Wri | |||
|
|
|||
| // if not joining a control plane, unset the ControlPlane object | |||
| if !opt.controlPlane { | |||
| if len(opt.externalcfg.ControlPlane.CertificateKey) > 0 { | |||
There was a problem hiding this comment.
If --control-plane is false, we are ignoring all the configurations under opt.externalcfg.ControlPlane (bot certificateKey and localAPIEndpoint)
So IMO the check and the message should be made more generic e.g
if !opt.controlPlane {
if opt.externalcfg.ControlPlane!=nil {
klog.Warningf("[preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when %s flag is not set.", options.ControlPlane)
}
}
jfbai
force-pushed
the
fix-kubeadm-join
branch
from
62c9765 to
0aa88af
Compare
@fabriziopandini Thanks a lot and your comment has been fixed. :) |
|
Great! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fabriziopandini, jfbai The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
/priority important-soon |
k8s-ci-robot
added
priority/important-soon
|
/test pull-kubernetes-kubemark-e2e-gce-big |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
jfbai
force-pushed
the
fix-kubeadm-join
branch
from
0aa88af to
6dbf154
Compare
k8s-ci-robot
removed
the
lgtm
|
@neolit123 I fixed the gofmt, could you please help add LGTM again? thanks a lot. :) |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/test pull-kubernetes-integration |
Add warning when --certificate-key is set and --control-plane is not.
What type of PR is this?
/kind feature
What this PR does / why we need it:
Print warning when
--certificate-keyis set and--control-planeis not to notify users what happens.For example, when users try to download certs via
kubeadm join phase control-plane-prepare download-certs <ip>:<port> --certificate-key <key> --discovery-token <token> --discovery-token-unsafe -skip-ca-verification, this command exits with no error and the certs will not be downloaded successfully, because--control-planeis not set. I was confused for hours and got to know the cause via reading source code. So, it would be helpful for users to print a warning.Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
None
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
/sig cluster-lifecycle
/assign @rosti
/assign @neolit123