Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: relax the validation of kubeconfig server URLs #94816

Merged
merged 1 commit into from
Sep 21, 2020
Merged

kubeadm: relax the validation of kubeconfig server URLs #94816

merged 1 commit into from
Sep 21, 2020

Conversation

neolit123
Copy link
Member

What this PR does / why we need it:

For external CA users that have prepared the kubeconfig files
for components, they might wish to provide a custom API server URL.
When performing validation on these kubeconfig files, instead of
erroring out on such custom URLs, show a klog Warning.

This allows flexibility around topology setup, where users
wish to make the kubeconfigs point to the ControlPlaneEndpoint instead
of the LocalAPIEndpoint.

Fix validation in ValidateKubeconfigsForExternalCA expecting
all kubeconfig files to use the CPE. The kube-scheduler and
kube-controller-manager now use LAE.

Which issue(s) this PR fixes:

xref kubernetes/kubeadm#2271

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

kubeadm: relax the validation of kubeconfig server URLs. Allow the user to define custom kubeconfig server URLs without erroring out during validation of existing kubeconfig files (e.g. when using external CA mode).

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@neolit123
kubeadm: relax the validation of kubeconfig server URLs
edaef35 
For external CA users that have prepared the kubeconfig files
for components, they might wish to provide a custom API server URL.
When performing validation on these kubeconfig files, instead of
erroring out on such custom URLs, show a klog Warning.

This allows flexibility around topology setup, where users
wish to make the kubeconfigs point to the ControlPlaneEndpoint instead
of the LocalAPIEndpoint.

Fix validation in ValidateKubeconfigsForExternalCA expecting
all kubeconfig files to use the CPE. The kube-scheduler and
kube-controller-manager now use LAE.
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 15, 2020
@neolit123 neolit123 mentioned this pull request Sep 15, 2020
Open
2 tasks
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 15, 2020
@k8s-ci-robot k8s-ci-robot added area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 15, 2020
@neolit123
Copy link
Member Author

/kind regression
/priority important-soon

@k8s-ci-robot k8s-ci-robot added kind/regression Categorizes issue or PR as related to a regression from a prior release. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 15, 2020
@neolit123
Copy link
Member Author

/hold
/assign @fabriziopandini

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 15, 2020
@neolit123
Copy link
Member Author

should be backported to 1.19 where this was regressed, even if there are workarounds.

@neolit123
Copy link
Member Author

pull-kubernetes-bazel-test — Job failed.

flake:

go_test: //pkg/kubelet/volumemanager/reconciler/go_default_test:run_1_of_2

/retest

@neolit123
Copy link
Member Author

neolit123 commented Sep 15, 2020
edited
Loading

flake:

go_test: //pkg/kubelet/volumemanager/reconciler/go_default_test:run_1_of_2

xref #94567

fabriziopandini
fabriziopandini reviewed Sep 16, 2020
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@neolit123 thanks for this PR!
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 16, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini, neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@oldthreefeng oldthreefeng mentioned this pull request Sep 18, 2020
Closed
@neolit123
Copy link
Member Author

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 18, 2020
@neolit123 neolit123 mentioned this pull request Sep 18, 2020
Merged
@neolit123
Copy link
Member Author

/milestone v1.20

@k8s-ci-robot k8s-ci-robot added this to the v1.20 milestone Sep 21, 2020
@k8s-ci-robot k8s-ci-robot merged commit f682c4f into kubernetes:master Sep 21, 2020
@github-actions github-actions bot mentioned this pull request Sep 22, 2020
Open
k8s-ci-robot added a commit that referenced this pull request Sep 30, 2020
@k8s-ci-robot
Merge pull request #94890 from neolit123/automated-cherry-pick-of-#94…
e07ba6d 
…816-origin-release-1.19

Automated cherry pick of #94816: kubeadm: relax the validation of kubeconfig server URLs
@liggitt liggitt removed the kind/regression Categorizes issue or PR as related to a regression from a prior release. label Sep 9, 2023
@k8s-ci-robot k8s-ci-robot added the do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. label Sep 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabriziopandini fabriziopandini fabriziopandini left review comments

@ereslibre ereslibre Awaiting requested review from ereslibre

@yastij yastij Awaiting requested review from yastij

Assignees

@fabriziopandini fabriziopandini

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.20
Development

Successfully merging this pull request may close these issues.
4 participants
@neolit123 @k8s-ci-robot @fabriziopandini @liggitt