Skip to content

⚠️ Remove redundant fields from CABPK / KCP ClusterConfiguration #12319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 10, 2025
Merged

⚠️ Remove redundant fields from CABPK / KCP ClusterConfiguration #12319

merged 3 commits into from
Jun 10, 2025

Conversation

@sbueringer
Copy link
Member

@sbueringer sbueringer commented Jun 4, 2025
edited
Loading

Signed-off-by: Stefan Büringer [email protected]

What this PR does / why we need it:

The PR drops fields that can be configured by other means and thus don't have to exist redundantly on the ClusterConfiguration struct.

The removed fields are:

  • Networking.ServiceSubnet
  • Networking.PodSubnet
  • Networking.DNSDomain
  • KubernetesVersion
  • ControlPlaneEndpoint
  • ClusterName

WIP for now because it contains #12303

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Part of #10852

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-area PR is missing an area label labels Jun 4, 2025
@k8s-ci-robot k8s-ci-robot requested a review from chrischdi June 4, 2025 14:48
@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 4, 2025
@k8s-ci-robot k8s-ci-robot requested a review from elmiko June 4, 2025 14:48
@sbueringer sbueringer mentioned this pull request May 30, 2025
Closed
62 tasks
@sbueringer sbueringer changed the title [WIP] ⚠️ Remove unused fields from ClusterConfiguration [WIP] ⚠️ Remove redundant fields from ClusterConfiguration Jun 4, 2025
@sbueringer sbueringer force-pushed the pr-kubeadm-kubernetes-version branch 4 times, most recently from ca99ede to 08651fe Compare June 4, 2025 16:08
@sbueringer
Copy link
Member Author

/test pull-cluster-api-e2e-conformance-ci-latest-main
/test pull-cluster-api-e2e-conformance-main
/test pull-cluster-api-e2e-latestk8s-main
/test pull-cluster-api-e2e-main
/test pull-cluster-api-e2e-mink8s-main
/test pull-cluster-api-e2e-upgrade-1-33-1-34-main

@sbueringer sbueringer added area/provider/control-plane-kubeadm Issues or PRs related to KCP area/provider/bootstrap-kubeadm Issues or PRs related to CAPBK labels Jun 4, 2025
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-area PR is missing an area label label Jun 4, 2025
@sbueringer
Copy link
Member Author

/test pull-cluster-api-e2e-upgrade-1-33-1-34-main

1 similar comment
@sbueringer
Copy link
Member Author

/test pull-cluster-api-e2e-upgrade-1-33-1-34-main

@sbueringer sbueringer force-pushed the pr-kubeadm-kubernetes-version branch from 08651fe to ab59897 Compare June 5, 2025 08:18
@sbueringer
Copy link
Member Author

/test pull-cluster-api-e2e-conformance-ci-latest-main
/test pull-cluster-api-e2e-conformance-main
/test pull-cluster-api-e2e-latestk8s-main
/test pull-cluster-api-e2e-main
/test pull-cluster-api-e2e-mink8s-main
/test pull-cluster-api-e2e-upgrade-1-33-1-34-main

@sbueringer sbueringer changed the title [WIP] ⚠️ Remove redundant fields from ClusterConfiguration ⚠️ Remove redundant fields from ClusterConfiguration Jun 5, 2025
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 5, 2025
@sbueringer
Copy link
Member Author

/hold
for rebase after #12303 merges.

Only the last commit of this PR will remain (and is ready for review now)

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 5, 2025
@sbueringer
Copy link
Member Author

/assign @fabriziopandini @chrischdi

@chrischdi
Copy link
Member

lgtm for the last commit

@sbueringer sbueringer force-pushed the pr-kubeadm-kubernetes-version branch from ab59897 to 45c844c Compare June 6, 2025 13:40
fabriziopandini
fabriziopandini reviewed Jun 9, 2025
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if we should give a stronger warning about this change (or generalizing all the changes where we loose info in the v1beta1 (old client)->v1beta2 (storage) -> v1beta1 (old client) e.g.

If you are using git ops tools, either migrate to v1beta2 or make sure to drop following fields to prevent issues:

@sbueringer sbueringer added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Jun 10, 2025
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 10, 2025
@sbueringer
Copy link
Member Author

/test pull-cluster-api-e2e-conformance-ci-latest-main
/test pull-cluster-api-e2e-conformance-main
/test pull-cluster-api-e2e-latestk8s-main
/test pull-cluster-api-e2e-main
/test pull-cluster-api-e2e-mink8s-main
/test pull-cluster-api-e2e-upgrade-1-33-1-34-main

@fabriziopandini
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 10, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 712ff84d071d051d01e9bff541d8cdbcf3bf3132

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 10, 2025
@k8s-ci-robot k8s-ci-robot merged commit 686d66b into kubernetes-sigs:main Jun 10, 2025
25 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.11 milestone Jun 10, 2025
@sbueringer sbueringer deleted the pr-kubeadm-kubernetes-version branch June 10, 2025 12:11
@Karthik-K-N
Copy link
Contributor

@sbueringer A question regarding setting ControlPlaneEndpoint when using v1beta2 ,

In CAPIBM we use kube-vip and used to set one external IP for control-plane endpoint and internal IP for cluster, The cluster config looks like below

apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
kind: IBMPowerVSCluster
metadata:
  labels:
    cluster.x-k8s.io/cluster-name: ibm-powervs-1
  name: ibm-powervs-1
  namespace: default
spec:
  controlPlaneEndpoint:
    host: 163.68.77.203 // External IP
    port: 6443
  network:
    name: karthik-capi-test
  serviceInstanceID: 10b1000b-da8d-4e18-ad1f-6b2a56a8c130

In kube-vip we use internal ip

apiVersion: controlplane.cluster.x-k8s.io/v1beta2
kind: KubeadmControlPlane
metadata:
  name: ibm-powervs-1-control-plane
  namespace: default
spec:
  kubeadmConfigSpec:
    clusterConfiguration:
      apiServer:
        certSANs:
        - 192.168.169.203
        - 163.68.77.203
        extraArgs:
        - name: cloud-provider
          value: external
      controlPlaneEndpoint: 192.168.169.203:6443 // Internal IP
      controllerManager:
        extraArgs:
        - name: cloud-provider
          value: external
    files:
    - content: |
        apiVersion: v1
        kind: Pod
        metadata:
          creationTimestamp: null
          name: kube-vip
          namespace: kube-system
          .
          .

With this field omission, IIUC the cluster.spec.controlplaneendpoint will be used in kubeadm config spec, So we are not able to use two different IPs. Or is there any other better way to manage this.

@sbueringer
Copy link
Member Author

Wow. I did not know that this is possible

(cc @fabriziopandini)

@mkumatag
Copy link
Member

With this field omission, IIUC the cluster.spec.controlplaneendpoint will be used in kubeadm config spec, So we are not able to use two different IPs. Or is there any other better way to manage this.

lets explore if these fields are helpful

cluster-api/api/bootstrap/kubeadm/v1beta2/kubeadm_types.go

Line 97 in 7a22509

LocalAPIEndpoint APIEndpoint `json:"localAPIEndpoint,omitempty"`

cluster-api/api/bootstrap/kubeadm/v1beta2/kubeadm_types.go

Line 539 in 7a22509

LocalAPIEndpoint APIEndpoint `json:"localAPIEndpoint,omitempty"`

@Amulyam24
Copy link
Contributor

Amulyam24 commented Jun 26, 2025
edited
Loading

lets explore if these fields are helpful
cluster-api/api/bootstrap/kubeadm/v1beta2/kubeadm_types.go
LocalAPIEndpoint APIEndpoint json:"localAPIEndpoint,omitempty"

cluster-api/api/bootstrap/kubeadm/v1beta2/kubeadm_types.go
LocalAPIEndpoint APIEndpoint json:"localAPIEndpoint,omitempty"

It did not work upon configuring with this.

Upon debugging further with @Karthik-K-N, the only work around which worked to get a successful cluster creation was adding a script in preKubeadmCommands to change the controlPlaneEndpoint in /run/kubeadm/kubeadm.yaml

After removing the field from kubeadmConfigSpec. clusterConfiguration, it was set to the external IP which was being taken from IBMPowerVSCluster.spec.controlPlaneEndpoint.

Replacing it with the internal IP which is configured with kube-vip

sed -i 's#controlPlaneEndpoint: {EXTERNAL_IP}:6443#controlPlaneEndpoint: {INTERNAL_IP}:6443#' /run/kubeadm/kubeadm.yaml

@sbueringer, would this be recommended or is there a better way to handle this?

@mkumatag
Copy link
Member

It did not work upon configuring with this.

interesting! as per the api doc it should work, may be we need to explore why it is not working?!

@sbueringer
Copy link
Member Author

@mkumatag @Amulyam24 @Karthik-K-N

Hey folks,
thx for the feedback and thx for looking into this. I looked into this with Fabrizio as well. We're basically going to revert the PR for this field (I"ll have a PR open in a bit)

@sbueringer sbueringer mentioned this pull request Jun 30, 2025
Merged
@sbueringer
Copy link
Member Author

@mkumatag @Amulyam24 @Karthik-K-N Please see: #12423

@nikParasyr
Copy link
Contributor

Hello.
Was wondering about the removal of:

  • Networking.ServiceSubnet
  • Networking.PodSubnet
  • Networking.DNSDomain

On v1beta1 we were heavily using these together with RunTimeSDK to:

  1. set sane defaults for our users ( and thus keep cluster definition minimal as 90% of our users are not "power-users" )
  2. ensure correctness of various subnets through XValidations ( together with the infrastructure node subnet )
  3. the above was done in a single "point" (ClusterClass variable) making it easier for us and users to check/configure these settings when needed

With the removal of them on v1beta2 the above are not possible as easily (and the upgrade will be more heavy).
In contrast to the endpoint problem discussed above, I expect we can achieve the same result/functionality using some admissionController (opa-gatekeeper/kyverno/...) but it will require more work and there wont be a single point (spec.clusterNetworking + variables.nodeSubnet for users, opa-gatekeeper policy for these checks + CC Validations for the rest for admins).

So I guess my question would be, is there a "strong" reason for removing them and would you consider re-adding them?
( again i don't expect this to be breaking our use-case, just making it a bit less "friendly" )

thanks a lot :)

@fabriziopandini
Copy link
Member

Sorry if this caused impact for you

The main reason we did this was to make sure there is a single source of truth for those information, because having them in two places was confusing and potentially leading to other kind of issues

The approach we are using to keep cluster configuration minimal is to leverage on cluster class, but as of today there is no way in CC to control those cluster settings.

I would suggest to open an issue to track this as a feature request

@sbueringer
Copy link
Member Author

sbueringer commented Oct 29, 2025
edited
Loading

I'm not sure if we should use ClusterClass to write fields on the Cluster spec (which is the only way I could see that ClusterClass could influence the fields on the Cluster)

@fabriziopandini
Copy link
Member

yep, it needs discussion, this is why I asked to open an issue

@nikParasyr nikParasyr mentioned this pull request Oct 30, 2025
Open
@nikParasyr
Copy link
Contributor

Thank you for the quick replies. This is the related issue i created

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elmiko elmiko Awaiting requested review from elmiko

@chrischdi chrischdi Awaiting requested review from chrischdi

@fabriziopandini fabriziopandini Awaiting requested review from fabriziopandini

Assignees

@chrischdi chrischdi

@fabriziopandini fabriziopandini

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/provider/bootstrap-kubeadm Issues or PRs related to CAPBK area/provider/control-plane-kubeadm Issues or PRs related to KCP cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.

Projects

None yet

Milestone

v1.11

Development

Successfully merging this pull request may close these issues.

8 participants

@sbueringer @chrischdi @k8s-ci-robot @fabriziopandini @Karthik-K-N @mkumatag @Amulyam24 @nikParasyr