Skip to content

Commit 49b8535

Browse files
authored
Merge pull request kubernetes#131036 from neolit123/1.33-fix-anonymous-auth-wait-all-cp-comp
kubeadm: fix WaitForAllControlPlaneComponents with anonymous auth
2 parents ee41b03 + 2037f39 commit 49b8535

File tree

3 files changed

+64
-47
lines changed

3 files changed

+64
-47
lines changed

cmd/kubeadm/app/cmd/phases/join/waitcontrolplane.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,12 @@ func runWaitControlPlanePhase(c workflow.RunData) error {
6767
return nil
6868
}
6969

70-
waiter, err := newControlPlaneWaiter(data.DryRun(), 0, nil, data.OutputWriter())
70+
client, err := data.Client()
71+
if err != nil {
72+
return err
73+
}
74+
75+
waiter, err := newControlPlaneWaiter(data.DryRun(), 0, client, data.OutputWriter())
7176
if err != nil {
7277
return errors.Wrap(err, "error creating waiter")
7378
}

cmd/kubeadm/app/util/apiclient/wait.go

Lines changed: 49 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -117,8 +117,9 @@ func NewKubeWaiter(client clientset.Interface, timeout time.Duration, writer io.
117117
// controlPlaneComponent holds a component name and an URL
118118
// on which to perform health checks.
119119
type controlPlaneComponent struct {
120-
name string
121-
url string
120+
name string
121+
addressPort string
122+
endpoint string
122123
}
123124

124125
// getControlPlaneComponentAddressAndPort parses the command in a static Pod
@@ -181,7 +182,6 @@ func getControlPlaneComponents(podMap map[string]*v1.Pod, addressAPIServer strin
181182

182183
type componentConfig struct {
183184
name string
184-
podKey string
185185
args []string
186186
defaultAddr string
187187
defaultPort string
@@ -190,24 +190,21 @@ func getControlPlaneComponents(podMap map[string]*v1.Pod, addressAPIServer strin
190190

191191
components := []componentConfig{
192192
{
193-
name: "kube-apiserver",
194-
podKey: constants.KubeAPIServer,
193+
name: constants.KubeAPIServer,
195194
args: []string{argAdvertiseAddress, argPort},
196195
defaultAddr: addressAPIServer,
197196
defaultPort: portAPIServer,
198197
endpoint: endpointLivez,
199198
},
200199
{
201-
name: "kube-controller-manager",
202-
podKey: constants.KubeControllerManager,
200+
name: constants.KubeControllerManager,
203201
args: []string{argBindAddress, argPort},
204202
defaultAddr: addressKCM,
205203
defaultPort: portKCM,
206204
endpoint: endpointHealthz,
207205
},
208206
{
209-
name: "kube-scheduler",
210-
podKey: constants.KubeScheduler,
207+
name: constants.KubeScheduler,
211208
args: []string{argBindAddress, argPort},
212209
defaultAddr: addressScheduler,
213210
defaultPort: portScheduler,
@@ -219,8 +216,8 @@ func getControlPlaneComponents(podMap map[string]*v1.Pod, addressAPIServer strin
219216
address, port := component.defaultAddr, component.defaultPort
220217

221218
values, err := getControlPlaneComponentAddressAndPort(
222-
podMap[component.podKey],
223-
component.podKey,
219+
podMap[component.name],
220+
component.name,
224221
component.args,
225222
)
226223
if err != nil {
@@ -235,8 +232,9 @@ func getControlPlaneComponents(podMap map[string]*v1.Pod, addressAPIServer strin
235232
}
236233

237234
result = append(result, controlPlaneComponent{
238-
name: component.name,
239-
url: fmt.Sprintf("https://%s/%s", net.JoinHostPort(address, port), component.endpoint),
235+
name: component.name,
236+
addressPort: net.JoinHostPort(address, port),
237+
endpoint: component.endpoint,
240238
})
241239
}
242240

@@ -248,7 +246,7 @@ func getControlPlaneComponents(podMap map[string]*v1.Pod, addressAPIServer strin
248246

249247
// WaitForControlPlaneComponents waits for all control plane components to report "ok".
250248
func (w *KubeWaiter) WaitForControlPlaneComponents(podMap map[string]*v1.Pod, apiSeverAddress string) error {
251-
fmt.Printf("[control-plane-check] Waiting for healthy control plane components."+
249+
_, _ = fmt.Fprintf(w.writer, "[control-plane-check] Waiting for healthy control plane components."+
252250
" This can take up to %v\n", w.timeout)
253251

254252
components, err := getControlPlaneComponents(podMap, apiSeverAddress)
@@ -260,44 +258,58 @@ func (w *KubeWaiter) WaitForControlPlaneComponents(podMap map[string]*v1.Pod, ap
260258
errChan := make(chan error, len(components))
261259

262260
for _, comp := range components {
263-
fmt.Printf("[control-plane-check] Checking %s at %s\n", comp.name, comp.url)
261+
url := fmt.Sprintf("https://%s/%s", comp.addressPort, comp.endpoint)
262+
_, _ = fmt.Fprintf(w.writer, "[control-plane-check] Checking %s at %s\n", comp.name, url)
264263

265264
go func(comp controlPlaneComponent) {
266265
tr := &http.Transport{
267266
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
268267
}
269268
client := &http.Client{Transport: tr}
270269
start := time.Now()
270+
statusCode := 0
271271
var lastError error
272272

273273
err := wait.PollUntilContextTimeout(
274274
context.Background(),
275275
constants.KubernetesAPICallRetryInterval,
276276
w.timeout,
277277
true, func(ctx context.Context) (bool, error) {
278-
resp, err := client.Get(comp.url)
279-
if err != nil {
280-
lastError = errors.WithMessagef(err, "%s check failed at %s", comp.name, comp.url)
281-
return false, nil
278+
// The kube-apiserver check should use the client defined in the waiter
279+
// or otherwise the regular http client can fail when anonymous auth is enabled.
280+
if comp.name == constants.KubeAPIServer {
281+
result := w.client.Discovery().RESTClient().
282+
Get().AbsPath(comp.endpoint).Do(ctx).StatusCode(&statusCode)
283+
if err := result.Error(); err != nil {
284+
lastError = errors.WithMessagef(err, "%s check failed at %s", comp.name, url)
285+
return false, nil
286+
}
287+
} else {
288+
resp, err := client.Get(url)
289+
if err != nil {
290+
lastError = errors.WithMessagef(err, "%s check failed at %s", comp.name, url)
291+
return false, nil
292+
}
293+
defer func() {
294+
_ = resp.Body.Close()
295+
}()
296+
statusCode = resp.StatusCode
282297
}
283298

284-
defer func() {
285-
_ = resp.Body.Close()
286-
}()
287-
if resp.StatusCode != http.StatusOK {
299+
if statusCode != http.StatusOK {
288300
lastError = errors.Errorf("%s check failed at %s with status: %d",
289-
comp.name, comp.url, resp.StatusCode)
301+
comp.name, url, statusCode)
290302
return false, nil
291303
}
292304

293305
return true, nil
294306
})
295307
if err != nil {
296-
fmt.Printf("[control-plane-check] %s is not healthy after %v\n", comp.name, time.Since(start))
308+
_, _ = fmt.Fprintf(w.writer, "[control-plane-check] %s is not healthy after %v\n", comp.name, time.Since(start))
297309
errChan <- lastError
298310
return
299311
}
300-
fmt.Printf("[control-plane-check] %s is healthy after %v\n", comp.name, time.Since(start))
312+
_, _ = fmt.Fprintf(w.writer, "[control-plane-check] %s is healthy after %v\n", comp.name, time.Since(start))
301313
errChan <- nil
302314
}(comp)
303315
}
@@ -312,7 +324,7 @@ func (w *KubeWaiter) WaitForControlPlaneComponents(podMap map[string]*v1.Pod, ap
312324

313325
// WaitForAPI waits for the API Server's /healthz endpoint to report "ok"
314326
func (w *KubeWaiter) WaitForAPI() error {
315-
fmt.Printf("[api-check] Waiting for a healthy API server. This can take up to %v\n", w.timeout)
327+
_, _ = fmt.Fprintf(w.writer, "[api-check] Waiting for a healthy API server. This can take up to %v\n", w.timeout)
316328

317329
start := time.Now()
318330
err := wait.PollUntilContextTimeout(
@@ -328,11 +340,11 @@ func (w *KubeWaiter) WaitForAPI() error {
328340
return true, nil
329341
})
330342
if err != nil {
331-
fmt.Printf("[api-check] The API server is not healthy after %v\n", time.Since(start))
343+
_, _ = fmt.Fprintf(w.writer, "[api-check] The API server is not healthy after %v\n", time.Since(start))
332344
return err
333345
}
334346

335-
fmt.Printf("[api-check] The API server is healthy after %v\n", time.Since(start))
347+
_, _ = fmt.Fprintf(w.writer, "[api-check] The API server is healthy after %v\n", time.Since(start))
336348
return nil
337349
}
338350

@@ -347,12 +359,12 @@ func (w *KubeWaiter) WaitForPodsWithLabel(kvLabel string) error {
347359
listOpts := metav1.ListOptions{LabelSelector: kvLabel}
348360
pods, err := w.client.CoreV1().Pods(metav1.NamespaceSystem).List(context.TODO(), listOpts)
349361
if err != nil {
350-
fmt.Fprintf(w.writer, "[apiclient] Error getting Pods with label selector %q [%v]\n", kvLabel, err)
362+
_, _ = fmt.Fprintf(w.writer, "[apiclient] Error getting Pods with label selector %q [%v]\n", kvLabel, err)
351363
return false, nil
352364
}
353365

354366
if lastKnownPodNumber != len(pods.Items) {
355-
fmt.Fprintf(w.writer, "[apiclient] Found %d Pods for label selector %s\n", len(pods.Items), kvLabel)
367+
_, _ = fmt.Fprintf(w.writer, "[apiclient] Found %d Pods for label selector %s\n", len(pods.Items), kvLabel)
356368
lastKnownPodNumber = len(pods.Items)
357369
}
358370

@@ -379,10 +391,10 @@ func (w *KubeWaiter) WaitForKubelet(healthzAddress string, healthzPort int32) er
379391
)
380392

381393
if healthzPort == 0 {
382-
fmt.Println("[kubelet-check] Skipping the kubelet health check because the healthz port is set to 0")
394+
_, _ = fmt.Fprintln(w.writer, "[kubelet-check] Skipping the kubelet health check because the healthz port is set to 0")
383395
return nil
384396
}
385-
fmt.Printf("[kubelet-check] Waiting for a healthy kubelet at %s. This can take up to %v\n",
397+
_, _ = fmt.Fprintf(w.writer, "[kubelet-check] Waiting for a healthy kubelet at %s. This can take up to %v\n",
386398
healthzEndpoint, w.timeout)
387399

388400
formatError := func(cause string) error {
@@ -417,11 +429,11 @@ func (w *KubeWaiter) WaitForKubelet(healthzAddress string, healthzPort int32) er
417429
return true, nil
418430
})
419431
if err != nil {
420-
fmt.Printf("[kubelet-check] The kubelet is not healthy after %v\n", time.Since(start))
432+
_, _ = fmt.Fprintf(w.writer, "[kubelet-check] The kubelet is not healthy after %v\n", time.Since(start))
421433
return lastError
422434
}
423435

424-
fmt.Printf("[kubelet-check] The kubelet is healthy after %v\n", time.Since(start))
436+
_, _ = fmt.Fprintf(w.writer, "[kubelet-check] The kubelet is healthy after %v\n", time.Since(start))
425437
return nil
426438
}
427439

@@ -528,10 +540,10 @@ func PrintControlPlaneErrorHelpScreen(outputWriter io.Writer, criSocket string)
528540
Socket: criSocket,
529541
}
530542
_ = controlPlaneFailTempl.Execute(outputWriter, context)
531-
fmt.Println("")
543+
_, _ = fmt.Fprintln(outputWriter, "")
532544
}
533545

534546
// PrintKubeletErrorHelpScreen prints help text on kubelet errors.
535547
func PrintKubeletErrorHelpScreen(outputWriter io.Writer) {
536-
fmt.Fprintln(outputWriter, kubeletFailMsg)
548+
_, _ = fmt.Fprintln(outputWriter, kubeletFailMsg)
537549
}

cmd/kubeadm/app/util/apiclient/wait_test.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -73,9 +73,9 @@ func TestGetControlPlaneComponents(t *testing.T) {
7373
return podMap
7474
},
7575
expected: []controlPlaneComponent{
76-
{name: "kube-apiserver", url: fmt.Sprintf("https://[fd00:1::]:1111/%s", endpointLivez)},
77-
{name: "kube-controller-manager", url: fmt.Sprintf("https://127.0.0.1:2222/%s", endpointHealthz)},
78-
{name: "kube-scheduler", url: fmt.Sprintf("https://127.0.0.1:3333/%s", endpointLivez)},
76+
{name: "kube-apiserver", addressPort: "[fd00:1::]:1111", endpoint: endpointLivez},
77+
{name: "kube-controller-manager", addressPort: "127.0.0.1:2222", endpoint: endpointHealthz},
78+
{name: "kube-scheduler", addressPort: "127.0.0.1:3333", endpoint: endpointLivez},
7979
},
8080
},
8181
{
@@ -106,9 +106,9 @@ func TestGetControlPlaneComponents(t *testing.T) {
106106
return podMap
107107
},
108108
expected: []controlPlaneComponent{
109-
{name: "kube-apiserver", url: fmt.Sprintf("https://[fd00:1::]:1111/%s", endpointLivez)},
110-
{name: "kube-controller-manager", url: fmt.Sprintf("https://127.0.0.1:2222/%s", endpointHealthz)},
111-
{name: "kube-scheduler", url: fmt.Sprintf("https://127.0.0.1:3333/%s", endpointLivez)},
109+
{name: "kube-apiserver", addressPort: "[fd00:1::]:1111", endpoint: endpointLivez},
110+
{name: "kube-controller-manager", addressPort: "127.0.0.1:2222", endpoint: endpointHealthz},
111+
{name: "kube-scheduler", addressPort: "127.0.0.1:3333", endpoint: endpointLivez},
112112
},
113113
},
114114
{
@@ -133,9 +133,9 @@ func TestGetControlPlaneComponents(t *testing.T) {
133133
return podMap
134134
},
135135
expected: []controlPlaneComponent{
136-
{name: "kube-apiserver", url: fmt.Sprintf("https://192.168.0.1:6443/%s", endpointLivez)},
137-
{name: "kube-controller-manager", url: fmt.Sprintf("https://127.0.0.1:10257/%s", endpointHealthz)},
138-
{name: "kube-scheduler", url: fmt.Sprintf("https://127.0.0.1:10259/%s", endpointLivez)},
136+
{name: "kube-apiserver", addressPort: "192.168.0.1:6443", endpoint: endpointLivez},
137+
{name: "kube-controller-manager", addressPort: "127.0.0.1:10257", endpoint: endpointHealthz},
138+
{name: "kube-scheduler", addressPort: "127.0.0.1:10259", endpoint: endpointLivez},
139139
},
140140
},
141141
{

0 commit comments

Comments
 (0)