Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kubeadm: Make kube-proxy tolerate the uninitialized cloud taint #49017

Merged

Conversation

luxas
Copy link
Member

@luxas luxas commented Jul 17, 2017

What this PR does / why we need it:

This is needed in order to start the cloud-controller-manager successfully. The cloud controller manager should run as a DaemonSet with a nodeSelector for master nodes. The cloud controller manager should run on the hostNetwork to avoid the bootstrap problem when there is no CNI network yet. But the cloud controller manager needs to know how to address the master. It does this by talking to the kubernetes service (e.g. 10.96.0.1). That iptables rule must exist at the time, which now isn't the case when kube-proxy isn't running. kube-proxy isn't running due to that the kubelet is tainted with the external cloud taint.

This PR makes kube-proxy tolerate the cloud taint, so that the cloud controller manager can run easily on kubeadm clusters.

This was found by @prydie, thanks!

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

This should probably be a cherrypick candidate so folks can use kubeadm to easily create external cloud clusters. The change is small and isolated.

cc @wojtek-t

Release note:

kubeadm: Make kube-proxy tolerate the external cloud provider taint so that an external cloud provider can be easily used on top of kubeadm

cc @kubernetes/sig-cluster-lifecycle-pr-reviews @wlan0 @thockin

@k8s-ci-robot k8s-ci-robot added sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jul 17, 2017
@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Jul 17, 2017
@luxas luxas assigned timothysc and thockin and unassigned justinsb Jul 17, 2017
@timothysc timothysc added this to the v1.8 milestone Jul 17, 2017
Copy link
Member

@timothysc timothysc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 17, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: luxas, timothysc

No associated issue. Update pull-request body to add a reference to an issue, or get approval with /approve no-issue

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@timothysc
Copy link
Member

@luxas should we cherry-pick this one?

@luxas luxas force-pushed the kubeadm_proxy_cloud_toleration branch from a2baf1c to d0ab597 Compare July 17, 2017 20:23
@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 17, 2017
@luxas
Copy link
Member Author

luxas commented Jul 17, 2017

@timothysc yes

@luxas luxas added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Jul 17, 2017
@luxas luxas modified the milestones: v1.7, v1.8 Jul 17, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 49017, 45440, 48384, 45894, 48808)

@k8s-github-robot k8s-github-robot merged commit a50aed7 into kubernetes:master Jul 17, 2017
@wojtek-t
Copy link
Member

@luxas - cherrypicking it makes sense to me, but it's not possible to automatically cherrypick it. If you want it, please created the cherrypick on your own.

@luxas luxas added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jul 18, 2017
@luxas
Copy link
Member Author

luxas commented Jul 18, 2017

@wojtek-t I will do that. It makes sense to be able to run the cloud-controller-manager on kubeadm without having to change anything.

k8s-github-robot pushed a commit that referenced this pull request Jul 19, 2017
…49073-upstream-release-1.7

Automatic merge from submit-queue

Automated cherry pick of #49017 #49073

Cherry pick of #49017 #49073 on release-1.7.

#49017: kubeadm: Make kube-proxy tolerate the uninitialized cloud
#49073: pass nodename in join checks
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants