kubeadm: implement 'kubeadm upgrade apply phase'

Signed-off-by: SataQiu <[email protected]>

Author: SataQiu

cmd/kubeadm/app/cmd/phases/upgrade/apply/addons.go

@@ -0,0 +1,188 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package apply implements phases of 'kubeadm upgrade apply'.
+package apply
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/pkg/errors"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clientset "k8s.io/client-go/kubernetes"
+	"k8s.io/klog/v2"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
+	cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
+	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
+	dnsaddon "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns"
+	proxyaddon "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy"
+	"k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade"
+)
+
+// NewAddonPhase returns the addon Cobra command
+func NewAddonPhase() workflow.Phase {
+	return workflow.Phase{
+		Name:  "addon",
+		Short: "Install required addons for passing conformance tests",
+		Long:  cmdutil.MacroCommandLongDescription,
+		Phases: []workflow.Phase{
+			{
+				Name:           "all",
+				Short:          "Install all the addons",
+				InheritFlags:   getAddonPhaseFlags("all"),
+				RunAllSiblings: true,
+			},
+			{
+				Name:         "coredns",
+				Short:        "Install the CoreDNS addon to a Kubernetes cluster",
+				InheritFlags: getAddonPhaseFlags("coredns"),
+				Run:          runCoreDNSAddon,
+			},
+			{
+				Name:         "kube-proxy",
+				Short:        "Install the kube-proxy addon to a Kubernetes cluster",
+				InheritFlags: getAddonPhaseFlags("kube-proxy"),
+				Run:          runKubeProxyAddon,
+			},
+		},
+	}
+}
+
+func shouldUpgradeAddons(client clientset.Interface, cfg *kubeadmapi.InitConfiguration, out io.Writer) (bool, error) {
+	unupgradedControlPlanes, err := upgrade.UnupgradedControlPlaneInstances(client, cfg.NodeRegistration.Name)
+	if err != nil {
+		return false, errors.Wrapf(err, "failed to determine whether all the control plane instances have been upgraded")
+	}
+	if len(unupgradedControlPlanes) > 0 {
+		fmt.Fprintf(out, "[upgrade/addons] skip upgrade addons because control plane instances %v have not been upgraded\n", unupgradedControlPlanes)
+		return false, nil
+	}
+
+	return true, nil
+}
+
+func getInitData(c workflow.RunData) (*kubeadmapi.InitConfiguration, clientset.Interface, string, io.Writer, bool, error) {
+	data, ok := c.(Data)
+	if !ok {
+		return nil, nil, "", nil, false, errors.New("addon phase invoked with an invalid data struct")
+	}
+	return data.InitCfg(), data.Client(), data.PatchesDir(), data.OutputWriter(), data.DryRun(), nil
+}
+
+// runCoreDNSAddon installs CoreDNS addon to a Kubernetes cluster
+func runCoreDNSAddon(c workflow.RunData) error {
+	cfg, client, patchesDir, out, dryRun, err := getInitData(c)
+	if err != nil {
+		return err
+	}
+
+	shouldUpgradeAddons, err := shouldUpgradeAddons(client, cfg, out)
+	if err != nil {
+		return err
+	}
+	if !shouldUpgradeAddons {
+		return nil
+	}
+
+	// If the coredns ConfigMap is missing, show a warning and assume that the
+	// DNS addon was skipped during "kubeadm init", and that its redeployment on upgrade is not desired.
+	//
+	// TODO: remove this once "kubeadm upgrade apply" phases are supported:
+	//   https://github.com/kubernetes/kubeadm/issues/1318
+	if _, err := client.CoreV1().ConfigMaps(metav1.NamespaceSystem).Get(
+		context.TODO(),
+		kubeadmconstants.CoreDNSConfigMap,
+		metav1.GetOptions{},
+	); err != nil && apierrors.IsNotFound(err) {
+		klog.Warningf("the ConfigMaps %q in the namespace %q were not found. "+
+			"Assuming that a DNS server was not deployed for this cluster. "+
+			"Note that once 'kubeadm upgrade apply' supports phases you "+
+			"will have to skip the DNS upgrade manually",
+			kubeadmconstants.CoreDNSConfigMap,
+			metav1.NamespaceSystem)
+		return nil
+	}
+
+	// Upgrade CoreDNS
+	if err := dnsaddon.EnsureDNSAddon(&cfg.ClusterConfiguration, client, patchesDir, out, dryRun); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// runKubeProxyAddon installs KubeProxy addon to a Kubernetes cluster
+func runKubeProxyAddon(c workflow.RunData) error {
+	cfg, client, _, out, dryRun, err := getInitData(c)
+	if err != nil {
+		return err
+	}
+
+	shouldUpgradeAddons, err := shouldUpgradeAddons(client, cfg, out)
+	if err != nil {
+		return err
+	}
+	if !shouldUpgradeAddons {
+		return nil
+	}
+
+	// If the kube-proxy ConfigMap is missing, show a warning and assume that kube-proxy
+	// was skipped during "kubeadm init", and that its redeployment on upgrade is not desired.
+	//
+	// TODO: remove this once "kubeadm upgrade apply" phases are supported:
+	//   https://github.com/kubernetes/kubeadm/issues/1318
+	if _, err := client.CoreV1().ConfigMaps(metav1.NamespaceSystem).Get(
+		context.TODO(),
+		kubeadmconstants.KubeProxyConfigMap,
+		metav1.GetOptions{},
+	); err != nil && apierrors.IsNotFound(err) {
+		klog.Warningf("the ConfigMap %q in the namespace %q was not found. "+
+			"Assuming that kube-proxy was not deployed for this cluster. "+
+			"Note that once 'kubeadm upgrade apply' supports phases you "+
+			"will have to skip the kube-proxy upgrade manually",
+			kubeadmconstants.KubeProxyConfigMap,
+			metav1.NamespaceSystem)
+		return nil
+	}
+
+	// Upgrade kube-proxy
+	if err := proxyaddon.EnsureProxyAddon(&cfg.ClusterConfiguration, &cfg.LocalAPIEndpoint, client, out, dryRun); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func getAddonPhaseFlags(name string) []string {
+	flags := []string{
+		options.CfgPath,
+		options.KubeconfigPath,
+		options.DryRun,
+	}
+	if name == "all" || name == "coredns" {
+		flags = append(flags,
+			options.Patches,
+		)
+	}
+	return flags
+}

cmd/kubeadm/app/cmd/phases/upgrade/apply/bootstraptoken.go

@@ -0,0 +1,90 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package apply implements phases of 'kubeadm upgrade apply'.
+package apply
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+
+	errorsutil "k8s.io/apimachinery/pkg/util/errors"
+
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
+	clusterinfophase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
+	nodebootstraptoken "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
+)
+
+// NewBootstrapTokenPhase returns the phase to bootstrapToken
+func NewBootstrapTokenPhase() workflow.Phase {
+	return workflow.Phase{
+		Name:    "bootstrap-token",
+		Aliases: []string{"bootstraptoken"},
+		Short:   "Generates bootstrap tokens used to join a node to a cluster",
+		InheritFlags: []string{
+			options.CfgPath,
+			options.KubeconfigPath,
+			options.DryRun,
+		},
+		Run: runBootstrapToken,
+	}
+}
+
+func runBootstrapToken(c workflow.RunData) error {
+	data, ok := c.(Data)
+	if !ok {
+		return errors.New("bootstrap-token phase invoked with an invalid data struct")
+	}
+
+	if data.DryRun() {
+		fmt.Println("[dryrun] Would config cluster-info ConfigMap, RBAC Roles")
+		return nil
+	}
+
+	fmt.Println("[bootstrap-token] Configuring cluster-info ConfigMap, RBAC Roles")
+
+	client := data.Client()
+
+	var errs []error
+	// Create RBAC rules that makes the bootstrap tokens able to get nodes
+	if err := nodebootstraptoken.AllowBootstrapTokensToGetNodes(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the bootstrap tokens able to post CSRs
+	if err := nodebootstraptoken.AllowBootstrapTokensToPostCSRs(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
+	if err := nodebootstraptoken.AutoApproveNodeBootstrapTokens(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
+	if err := nodebootstraptoken.AutoApproveNodeCertificateRotation(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the cluster-info ConfigMap reachable
+	if err := clusterinfophase.CreateClusterInfoRBACRules(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	return errorsutil.NewAggregate(errs)
+}

cmd/kubeadm/app/cmd/phases/upgrade/apply/controlplane.go

@@ -0,0 +1,74 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package apply implements phases of 'kubeadm upgrade apply'.
+package apply
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/pkg/errors"
+
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
+	"k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade"
+	"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
+)
+
+// NewControlPlanePhase creates a kubeadm workflow phase that implements handling of control-plane upgrade.
+func NewControlPlanePhase() workflow.Phase {
+	phase := workflow.Phase{
+		Name:  "control-plane",
+		Short: "Upgrade the control plane",
+		Run:   runControlPlane,
+		InheritFlags: []string{
+			options.CfgPath,
+			options.KubeconfigPath,
+			options.DryRun,
+			options.CertificateRenewal,
+			options.EtcdUpgrade,
+			options.Patches,
+		},
+	}
+	return phase
+}
+
+func runControlPlane(c workflow.RunData) error {
+	data, ok := c.(Data)
+	if !ok {
+		return errors.New("control-plane phase invoked with an invalid data struct")
+	}
+
+	initCfg, upgradeCfg, client, patchesDir := data.InitCfg(), data.Cfg(), data.Client(), data.PatchesDir()
+
+	if data.DryRun() {
+		fmt.Printf("[dryrun] Would upgrade your Static Pod-hosted control plane to version %q", initCfg.KubernetesVersion)
+		return upgrade.DryRunStaticPodUpgrade(patchesDir, initCfg)
+	}
+
+	fmt.Printf("[upgrade/apply] Upgrading your Static Pod-hosted control plane to version %q (timeout: %v)...\n",
+		initCfg.KubernetesVersion, upgradeCfg.Timeouts.UpgradeManifests.Duration)
+
+	waiter := apiclient.NewKubeWaiter(client, upgradeCfg.Timeouts.UpgradeManifests.Duration, os.Stdout)
+	if err := upgrade.PerformStaticPodUpgrade(client, waiter, initCfg, data.EtcdUpgrade(), data.RenewCerts(), patchesDir); err != nil {
+		return errors.Wrap(err, "couldn't complete the static pod upgrade")
+	}
+
+	fmt.Println("[upgrade] The control plane instance for this node was successfully updated!")
+
+	return nil
+}