probably better %v: to be %q?

done

hm, did we investigate if this approach is safe?
what happens if the port is already taken on that endpoint?

That's the default peer port and "shouldn't collide" but we should definitely add a check here.

added check

Member -> member:

done

possibly creating should be uppercase for consistency?

There was a recent issue about golang 1.11 as well needing to use Infof vs. Infoln.

using Infoln

should we make such ports into constants?

Yes we should add them to the default consts file.

done in a separated PR to keep the scope of this PR as small as possible

for of -> for or of only.

done

i wonder if the connection times increase with the number of etcd pods.

I would up the timeout for new connection. Default client inside the api-server is 20 seconds.

increased timeout to 20

"(when there the etcd cluster is empty)" => "(when the etcd cluster is empty)"

done

I almost want this map[string]string to be a struct, something like etcdClusterConfiguration or similar. Do you think that would add anything here?

I don't feel strongly here b/c we're re-wrapping an etcd member struct. I would change it to [string]IP at a minimum though.

Also testability of this function will require using some of the etcd utils I built eons ago under apiserver/storage

done using a struct

I think this is a good approach with one minor concern: there is a race condition that the PodIP may change after the PodIP lookup and before our client access, but I'm ok living with that possibility.

I wonder if there is a clean way to solve this by managing etcd as a statefulset. The other thought I had was adding a Service object to the static manifest and managing that by hand (by kubeadm). The goal of these two ideas is to provide a stable DNS name instead of a PodIP lookup. Either way, those types of changes would be way out of scope for this PR.

So the ClusterStatus should have the endpoints.
Or as discussed on the call put the meta-data in an annotation for the pod to make it easier to extract.

+1 to using ClusterStatus or a pre-set annotation to use as a starting point.

After we have the initial endpoint list, we should use that to query the etcd cluster itself for the list of endpoints.

Potentially, we should also raise an error if the queried endpoints do not match the expected endpoints, or if the cluster is not in a healthy state to start.

done reading from cluster status + calling sync to get the real list of endpoints from etcd

Why are you removing loopback from the SAN?

I'd have to dig through history but I remember us adding it on purpose.

sound strange, but restored

That's the default peer port and "shouldn't collide" but we should definitely add a check here.

We should do a local client member check, to verify it's correct, and to list the current members in the log line.

There was a recent issue about golang 1.11 as well needing to use Infof vs. Infoln.

Yes we should add them to the default consts file.

So the ClusterStatus should have the endpoints.
Or as discussed on the call put the meta-data in an annotation for the pod to make it easier to extract.

I would up the timeout for new connection. Default client inside the api-server is 20 seconds.

I don't feel strongly here b/c we're re-wrapping an etcd member struct. I would change it to [string]IP at a minimum though.

Also testability of this function will require using some of the etcd utils I built eons ago under apiserver/storage

Is this method used during upgrade? If so, it seems odd to call 'AddMember()' for an instance that is already a member of the etcd cluster.

No, this is used only when adding a new control plane instance

+1 to using ClusterStatus or a pre-set annotation to use as a starting point.

After we have the initial endpoint list, we should use that to query the etcd cluster itself for the list of endpoints.

Potentially, we should also raise an error if the queried endpoints do not match the expected endpoints, or if the cluster is not in a healthy state to start.