Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

graduate kubeadm patch support to GA #2046

Closed
14 tasks done
neolit123 opened this issue Feb 28, 2020 · 16 comments
Closed
14 tasks done

graduate kubeadm patch support to GA #2046

neolit123 opened this issue Feb 28, 2020 · 16 comments
Assignees
@neolit123
Labels
kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/design Categorizes issue or PR as related to design. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
Next

Comments

@neolit123
Copy link
Member

neolit123 commented Feb 28, 2020
edited
Loading

some projects in the ecosystem are moving away from kustomize:

i personally question some of the approaches the project has taken WRT support of API types.

i think a goal for us should be to continue supporting the same mechanic for user "customization" in kubeadm, but possibly change the backend.

TODO:

  • support multiple API versions - e.g. kubelet v1beta1 / v1.

ALPHA (1.19)

1.20:

1.22

1.23

/kind design
/priority important-longterm
@k8s-ci-robot k8s-ci-robot added kind/design Categorizes issue or PR as related to design. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Feb 28, 2020
@neolit123 neolit123 added this to the v1.19 milestone Feb 28, 2020
@timothysc
Copy link
Member

I'm almost thinking to have a plug-able template approach might be the best option, but we would need to spec this out.

/cc @frapposelli

@BenTheElder
Copy link
Member

I think @neolit123 is already quite familiar with this but for others I want to add a little context regarding kind's move FWIW:

kind moved off of kustomize both to make it cheaper for projects like cluster-api to embed kind (need to follow up on that) ... it seriously dropped the binary weight of kind (down to around 9MB total) and avoids issues like the "k8sdep" packages that have the kubernetes API types at some version ...

We hope that it will be easier to embed in test-runners, kinder, etc. as the API improves and the dependencies are kept minimal. kustomize is significantly larger and more dependency heavy.

The deps are probably reasonable enough for the kustomize primary use case (kubernetes API object patching...), but since we were / are only patching objects for which kustomize is NOT API aware I.E. just plain merge patch and 6902 patch on kubeadm types, we could just use the underlying patch libraries with a pretty small custom package to implement patch <-> target matching etc.

This also enabled us to add TOML patching which has proven handy (for containerd config) and doesn't make sense for tools like kustomize.

We also wanted to enable looser matching requirements, given that kubeadm's API types are nearly the same across some versions. We support matching on only the kind field between a patch and a target object if apiVersion is unset in the patch. That way you can write trivial patches that target multiple versions instead of repeating the same patch for every version.

All of those points may or may or may not make sense in other contexts such as kubeadm.

I think the semantics are not quite complete yet (in particular kubernetes-sigs/kind#1332) but it could make sense to export for re-use if others are interested in the same behavior. My main concern is that other users would probably want to drag back in the k8s runtime schemes, and we explicitly do not want kubernetes/kubernetes as a kind binary dependency.

https://github.com/kubernetes-sigs/kind/tree/268d5057533333c6f84434a29f1824d44f621b04/pkg/cluster/internal/patch

i personally question some of the approaches the project has taken WRT support of API types.

... +1. this was one of the biggest blockers for us. The API also just is much more complicated than the naive merge-patch / 6902 patch runtime we needed.

@neolit123 neolit123 self-assigned this May 1, 2020
@neolit123 neolit123 added lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. kind/feature Categorizes issue or PR as related to a new feature. labels May 1, 2020
This was referenced May 4, 2020
Open
Merged
@neolit123 neolit123 mentioned this issue Jun 11, 2020
Merged
@neolit123 neolit123 added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Jun 11, 2020
@neolit123 neolit123 changed the title kustomize: investigate alternatives such as patches and templates replace kustomize support with raw patches Jun 11, 2020
This was referenced Jun 14, 2020
Merged
Merged
@neolit123 neolit123 mentioned this issue Jun 30, 2020
Closed
@neolit123 neolit123 modified the milestones: v1.19, v1.20 Jul 27, 2020
@neolit123 neolit123 removed the lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. label Aug 11, 2020
@neolit123 neolit123 added the kind/deprecation Categorizes issue or PR as related to a feature/enhancement marked for deprecation. label Sep 14, 2020
@neolit123 neolit123 mentioned this issue Sep 18, 2020
Merged
@neolit123 neolit123 added the lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. label Sep 18, 2020
This was referenced Sep 21, 2020
Merged
Merged
@neolit123 neolit123 changed the title replace kustomize support with raw patches graduate kubeadm patch support to GA Sep 24, 2020
@neolit123 neolit123 removed the lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. label Sep 24, 2020
@neolit123 neolit123 modified the milestones: v1.20, Next Sep 24, 2020
@neolit123 neolit123 added the kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API label Sep 24, 2020
@neolit123 neolit123 mentioned this issue Jun 21, 2021
Merged
@neolit123 neolit123 modified the milestones: v1.22, v1.23 Jul 5, 2021
This was referenced Aug 2, 2021
Merged
Merged
@neolit123
Copy link
Member Author

@pacoxu
looks like the recent changes broke the patches e2e test jobs for 1.22 and latest:
https://testgrid.k8s.io/sig-cluster-lifecycle-kubeadm#kubeadm-kinder-patches-latest
https://testgrid.k8s.io/sig-cluster-lifecycle-kubeadm#kubeadm-kinder-patches-1-22

both show errors such as:

ERROR: /etc/kubernetes/manifests/etcd.yaml is not patched
ERROR: /etc/kubernetes/manifests/kube-apiserver.yaml is not patched
ERROR: /etc/kubernetes/manifests/kube-controller-manager.yaml is not patched
ERROR: /etc/kubernetes/manifests/kube-scheduler.yaml is not patched

this means the patches were not applied.

looking at the output of kubeadm init here:
https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-e2e-kubeadm-kinder-patches-latest/1425504851701272576/build-log.txt

i don't see the patches field present in the config:

time="17:16:13" level=debug msg="generated config:\napiServer:\n  certSANs:\n  - localhost\n  - 172.17.0.2\napiVersion: kubeadm.k8s.io/v1beta3\nclusterName: kinder-patches\ncontrolPlaneEndpoint: 172.17.0.5:6443\ncontrollerManager:\n  extraArgs:\n    enable-hostpath-provisioner: \"true\"\nkind: ClusterConfiguration\nkubernetesVersion: v1.23.0-alpha.0.408+53d24cd0b4fc45\nmetadata:\n  name: config\nnetworking:\n  podSubnet: 192.168.0.0/16\n  serviceSubnet: \"\"\nscheduler:\n  extraArgs: null\n---\napiVersion: kubeadm.k8s.io/v1beta3\nbootstrapTokens:\n- token: abcdef.0123456789abcdef\nkind: InitConfiguration\nlocalAPIEndpoint:\n  advertiseAddress: 172.17.0.2\n  bindPort: 6443\nmetadata:\n  name: config\nnodeRegistration:\n  criSocket: /var/run/dockershim.sock\n  kubeletExtraArgs:\n    node-ip: 172.17.0.2\n---\napiVersion: kubelet.config.k8s.io/v1beta1\ncgroupDriver: systemd\nevictionHard:\n  imagefs.available: 0%\n  nodefs.available: 0%\n  nodefs.inodesFree: 0%\nfailSwapOn: false\nimageGCHighThresholdPercent: 100\nkind: KubeletConfiguration\nmetadata:\n  name: config\n---\napiVersion: kubeproxy.config.k8s.io/v1alpha1\nkind: KubeProxyConfiguration\nmetadata:\n  name: config\n"

this means our kinder logic for adding the "patches patch" is not working - e.g. this part:
https://github.com/kubernetes/kubeadm/pull/2537/files#diff-062b4ae3122d567dd3ac6e475bdf4b16739710f584ef380706728745fae94c75R279-R285

i think the problem is here:
https://github.com/kubernetes/kubeadm/pull/2537/files#diff-733eb3862c9c82106d657cb00e06246a0881a564637307ed45dd2329b078ade5R113-R119

during "init" the function must return an InitConfiguration patch.
and during "join" a JoinConfiguration patch.
currently it always returns a JoinConfiguration patch.

i think we should also move the function to a new file e.g. componentpatches.go because "discovery" is only a concept during join, while patches also work on init and upgrade.

there could be other problems lurking too...

@pacoxu
Copy link
Member

pacoxu commented Aug 11, 2021

let me check

@pacoxu pacoxu mentioned this issue Aug 12, 2021
Merged
@pacoxu
Copy link
Member

pacoxu commented Aug 12, 2021

I tried to fix it in #2545.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 10, 2021
@neolit123
Copy link
Member Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 10, 2021
@neolit123 neolit123 modified the milestones: v1.23, v1.24 Nov 23, 2021
@neolit123 neolit123 modified the milestones: v1.24, Next Jan 11, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 11, 2022
@neolit123 neolit123 added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 11, 2022
@pacoxu
Copy link
Member

pacoxu commented Aug 25, 2022

There seem to be no bugs or further feature requests for patch support now.

@neolit123
Copy link
Member Author

we discussed with Fabrizio to tie the graduation to the kubeadm api which is still beta. i think we can keep this issue open in case new features are requested for the patches.

@bavarianbidi bavarianbidi mentioned this issue Oct 17, 2022
Closed
@pacoxu pacoxu mentioned this issue May 16, 2023
Closed
@chendave chendave mentioned this issue Jun 9, 2023
Closed
26 tasks
@chendave
Copy link
Member

we discussed with Fabrizio to tie the graduation to the kubeadm api which is still beta. i think we can keep this issue open in case new features are requested for the patches.

this doesn't seems like a candidate for v1beta4, right? if not, I will remove this from the v1bata4 candidate list. @pacoxu @neolit123

@neolit123
Copy link
Member Author

we discussed with Fabrizio to tie the graduation to the kubeadm api which is still beta. i think we can keep this issue open in case new features are requested for the patches.

this doesn't seems like a candidate for v1beta4, right? if not, I will remove this from the v1bata4 candidate list. @pacoxu @neolit123

yes

@neolit123
Copy link
Member Author

this has been a working feature in the kubeadm API and the CLI for a number of releases.
"graduation to GA" at this point seems artificial.
the feature is stable...
the API field can graduate to GA once the API graduates to GA.

i think we can keep this issue open in case new features are requested for the patches.

it seems better to open new issues for such change requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neolit123 neolit123

Labels
kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/design Categorizes issue or PR as related to design. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
Next
Development

No branches or pull requests
9 participants
@timothysc @neolit123 @BenTheElder @pacoxu @fabriziopandini @chendave @k8s-ci-robot @fejta-bot @k8s-triage-robot