Fix kubeadm etcd manifests to use brackets around IPv6 addrs #70633
Conversation
k8s-ci-robot
added
kind/bug
k8s-ci-robot
added
the
cncf-cla: yes
|
/area ipv6 |
k8s-ci-robot
added
area/ipv6
release-note-none
There was a problem hiding this comment.
@leblancd thanks for your contribution! Looks OK to me.
One tiny nit though. It looks to me, that we have too many times code in the spirit of:
fmt.Sprintf("https://%s", net.JoinHostPort(cfg.APIEndpoint.AdvertiseAddress, strconv.Itoa(kubeadmconstants.EtcdListenClientPort)))Perhaps we should add an utility function to k8s.io/kubernetes/cmd/kubeadm/app/util/etcd that takes AdvertiseAddress as an argument?
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
|
@rosti - I can create a utility function for generating the URLs. This would need to be passed the port as well as the IP address / host. Any preference for name, e.g. etcdutil.URL() or etcdutil.genURL()? |
There was a problem hiding this comment.
BTW, I see there is a TestGetEtcdCommand() that at least tests some of the URLs generated. Could you add some test cases there, for IPv6? Can you check the other areas to see if there are existing tests that could be adapted to test IPv6 variants?
It looks like there are only two ports used. It would be useful to have a pair of helper methods to generate the URL strings, and use them, to reduce duplication.
|
@leblancd you can add a couple of tiny utility funcs in there, named |
|
@rosti - Roger that, I understand your earlier comment now, thanks. |
|
/priority important-longterm |
k8s-ci-robot
added
priority/important-longterm
leblancd
force-pushed
the
kubeadm_etcd_v6_fix
branch
from
9b63f43 to
d28e564
Compare
k8s-ci-robot
added
size/L
|
@neolit123 - @pmichali 's PR #70659 is temporarily including my changes because his fix depends on my fix being in place. This change (PR #70633) should be considered the fix for IPv6 errors in kubeadm etcd.yaml . |
|
@neolit123 , @pmichali - I've added unit test cases for local.go and etcd.go. |
leblancd
force-pushed
the
kubeadm_etcd_v6_fix
branch
from
d28e564 to
b3821fb
Compare
|
thanks for the update. |
cmd/kubeadm/app/util/etcd/etcd.go
Outdated
There was a problem hiding this comment.
I'd do simpler "https://" + net.JoinHostPort(...) instead of calling that function, but this not critical.
There was a problem hiding this comment.
@leblancd please just remove the utility as per the above comments then LGTM.
thanks!
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: leblancd, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
When 'kubeadm init ...' is used with an IPv6 kubeadm configuration,
kubeadm currently generates an etcd.yaml manifest that uses IP:port
combinatins where the IP is an IPv6 address, but it is not enclosed
in square brackets, e.g.:
- --advertise-client-urls=https://fd00:20::2:2379
For IPv6 advertise addresses, this should be of the form:
- --advertise-client-urls=https://[fd00:20::2]:2379
The lack of brackets around IPv6 addresses in cases like this is
causing failures to bring up IPv6-only clusters with Kubeadm as
described in kubernetes/kubeadm Issues kubernetes#1212.
This format error is fixed by using net.JoinHostPort() to generate
URLs as shown above.
Fixes kubernetes/kubeadm Issue kubernetes#1212
leblancd
force-pushed
the
kubeadm_etcd_v6_fix
branch
from
b3821fb to
9988771
Compare
k8s-ci-robot
removed
the
needs-rebase
| // GetClientURL creates an HTTPS URL that uses the configured advertise | ||
| // address and client port for the API controller | ||
| func GetClientURL(cfg *kubeadmapi.InitConfiguration) string { | ||
| return "https://" + net.JoinHostPort(cfg.LocalAPIEndpoint.AdvertiseAddress, strconv.Itoa(constants.EtcdListenClientPort)) |
There was a problem hiding this comment.
Could have used GetClientURLByIP here, but it's not bad the way it is either.
|
/test pull-kubernetes-e2e-gce-100-performance |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
timothysc
added
priority/critical-urgent
What type of PR is this?
/kind bug
What this PR does / why we need it:
Kubeadm init with an IPv6-only configuration is currently failing to bring up a cluster. In this failure condition, kubeadm is waiting forever for the control plane to come up. This failure is described in kubernetes/kubeadm Issue # 1212. The root cause is that kubeadm is generating an erroneous etcd.yaml manifest that has entries of the form:
And this is causing the etcd server to crash.
For IPv6 addresses, this URL should use square brackets around the IPv6 address, e.g.:
The fix is to use net.JoinHostPort() to generate URLs such as the above.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes kubernetes/kubeadm # 1212
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
NONE