-
Notifications
You must be signed in to change notification settings - Fork 715
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm-join: don't re-add etcd member if it already exists #2095
Comments
/assign |
I've encountered this and the only step that caused problems for me was etcd. If I aborted a prior attempt while etcd was waiting to connect, it connects, then go to re-run
I've worked around this by manually running the final steps:
For context, how I've run into this: etcd failed on the host and was automatically removed from the member list. I went to re-add the host by re-running |
hi, @MikaelSmith
i think this error only happens if the new member already exist in the cluster.
did you use
i don't think etcd local storage is something we considered in terms of idempotency, so we might have to revise here.
to clarify, you got the error from join even after clearing the data directory? |
I did use Yes, I got the error even after clearing the data directory, I think because the etcd pod still existed from the prior run and succeeded in joining the cluster before I re-ran |
i see that this is a core principle of the service: but overall not a recommended security practice.
the idea of "join" for control-plane being idempotent is tricky, if you did a |
@fabriziopandini |
@neolit123 my idea was to simply check if the etcd member does not already exist before adding the member, so if the command is executed again the operations become a NOP |
ok, makes sense. i will rename this ticket slightly /retitle kubeadm-join: don't re-add etcd member if it already exists |
/lifecycle active |
@fabriziopandini i have not tested if this idea works... if the member is in the cluster already, the new code should detect that. but my assumption here is that existing member would be unhealthy. so, i don't know if just creating this new server instance, without re-adding the member would make the existing member healthy. if you know this works for sure, fine by me. |
cherry picks: |
this was cherry picked but someone mentioned that there could be an issue WRT how we get the list of etcd members in kubeadm. so let's keep an eye on that but open a new issue. /close |
@neolit123: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is this a BUG REPORT or FEATURE REQUEST?
FEATURE REQUEST
Versions
kubeadm version: v1.17.*
What happened?
While executing Cluster API tests, in some cases it was observed kubeadm join failures.
xref kubernetes-sigs/cluster-api#2769
What you expected to happen?
I would like to re-run kubeadm join and the command to complete the join process and this behavior to be guaranteed in the future versions
Anything else we need to know?
Most of all the phases should be already idempotent. However, this behavior should be verified (especially for add new etcd member phase)
NB. it is not required that preflight checks are idempotent
The text was updated successfully, but these errors were encountered: