Merge pull request kubernetes#126032 from SataQiu/imp-apply-phase-20240711

kubeadm: implement 'kubeadm upgrade apply phase'

Author: k8s-ci-robot

cmd/kubeadm/app/cmd/phases/upgrade/apply/addons.go

@@ -0,0 +1,144 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package apply implements phases of 'kubeadm upgrade apply'.
+package apply
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/pkg/errors"
+
+	clientset "k8s.io/client-go/kubernetes"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
+	cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
+	dnsaddon "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns"
+	proxyaddon "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy"
+	"k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade"
+)
+
+// NewAddonPhase returns a new addon phase.
+func NewAddonPhase() workflow.Phase {
+	return workflow.Phase{
+		Name:  "addon",
+		Short: "Upgrade the default kubeadm addons",
+		Long:  cmdutil.MacroCommandLongDescription,
+		Phases: []workflow.Phase{
+			{
+				Name:           "all",
+				Short:          "Upgrade all the addons",
+				InheritFlags:   getAddonPhaseFlags("all"),
+				RunAllSiblings: true,
+			},
+			{
+				Name:         "coredns",
+				Short:        "Upgrade the CoreDNS addon",
+				InheritFlags: getAddonPhaseFlags("coredns"),
+				Run:          runCoreDNSAddon,
+			},
+			{
+				Name:         "kube-proxy",
+				Short:        "Upgrade the kube-proxy addon",
+				InheritFlags: getAddonPhaseFlags("kube-proxy"),
+				Run:          runKubeProxyAddon,
+			},
+		},
+	}
+}
+
+func shouldUpgradeAddons(client clientset.Interface, cfg *kubeadmapi.InitConfiguration, out io.Writer) (bool, error) {
+	unupgradedControlPlanes, err := upgrade.UnupgradedControlPlaneInstances(client, cfg.NodeRegistration.Name)
+	if err != nil {
+		return false, errors.Wrapf(err, "failed to determine whether all the control plane instances have been upgraded")
+	}
+	if len(unupgradedControlPlanes) > 0 {
+		fmt.Fprintf(out, "[upgrade/addon] Skipping upgrade of addons because control plane instances %v have not been upgraded\n", unupgradedControlPlanes)
+		return false, nil
+	}
+	return true, nil
+}
+
+func getInitData(c workflow.RunData) (*kubeadmapi.InitConfiguration, clientset.Interface, string, io.Writer, bool, error) {
+	data, ok := c.(Data)
+	if !ok {
+		return nil, nil, "", nil, false, errors.New("addon phase invoked with an invalid data struct")
+	}
+	return data.InitCfg(), data.Client(), data.PatchesDir(), data.OutputWriter(), data.DryRun(), nil
+}
+
+// runCoreDNSAddon upgrades the CoreDNS addon.
+func runCoreDNSAddon(c workflow.RunData) error {
+	cfg, client, patchesDir, out, dryRun, err := getInitData(c)
+	if err != nil {
+		return err
+	}
+
+	shouldUpgradeAddons, err := shouldUpgradeAddons(client, cfg, out)
+	if err != nil {
+		return err
+	}
+	if !shouldUpgradeAddons {
+		return nil
+	}
+
+	// Upgrade CoreDNS
+	if err := dnsaddon.EnsureDNSAddon(&cfg.ClusterConfiguration, client, patchesDir, out, dryRun); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// runKubeProxyAddon upgrades the kube-proxy addon.
+func runKubeProxyAddon(c workflow.RunData) error {
+	cfg, client, _, out, dryRun, err := getInitData(c)
+	if err != nil {
+		return err
+	}
+
+	shouldUpgradeAddons, err := shouldUpgradeAddons(client, cfg, out)
+	if err != nil {
+		return err
+	}
+	if !shouldUpgradeAddons {
+		return nil
+	}
+
+	// Upgrade kube-proxy
+	if err := proxyaddon.EnsureProxyAddon(&cfg.ClusterConfiguration, &cfg.LocalAPIEndpoint, client, out, dryRun); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func getAddonPhaseFlags(name string) []string {
+	flags := []string{
+		options.CfgPath,
+		options.KubeconfigPath,
+		options.DryRun,
+	}
+	if name == "all" || name == "coredns" {
+		flags = append(flags,
+			options.Patches,
+		)
+	}
+	return flags
+}

cmd/kubeadm/app/cmd/phases/upgrade/apply/bootstraptoken.go

@@ -0,0 +1,89 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package apply implements phases of 'kubeadm upgrade apply'.
+package apply
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+
+	errorsutil "k8s.io/apimachinery/pkg/util/errors"
+
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
+	clusterinfophase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
+	nodebootstraptoken "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
+)
+
+// NewBootstrapTokenPhase returns a new bootstrap-token phase.
+func NewBootstrapTokenPhase() workflow.Phase {
+	return workflow.Phase{
+		Name:  "bootstrap-token",
+		Short: "Configures bootstrap token and cluster-info RBAC rules",
+		InheritFlags: []string{
+			options.CfgPath,
+			options.KubeconfigPath,
+			options.DryRun,
+		},
+		Run: runBootstrapToken,
+	}
+}
+
+func runBootstrapToken(c workflow.RunData) error {
+	data, ok := c.(Data)
+	if !ok {
+		return errors.New("bootstrap-token phase invoked with an invalid data struct")
+	}
+
+	if data.DryRun() {
+		fmt.Println("[dryrun] Would configure bootstrap token and cluster-info RBAC rules")
+		return nil
+	}
+
+	fmt.Println("[upgrade/bootstrap-token] Configuring bootstrap token and cluster-info RBAC rules")
+
+	client := data.Client()
+
+	var errs []error
+	// Create RBAC rules that makes the bootstrap tokens able to get nodes
+	if err := nodebootstraptoken.AllowBootstrapTokensToGetNodes(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the bootstrap tokens able to post CSRs
+	if err := nodebootstraptoken.AllowBootstrapTokensToPostCSRs(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
+	if err := nodebootstraptoken.AutoApproveNodeBootstrapTokens(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
+	if err := nodebootstraptoken.AutoApproveNodeCertificateRotation(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Create/update RBAC rules that makes the cluster-info ConfigMap reachable
+	if err := clusterinfophase.CreateClusterInfoRBACRules(client); err != nil {
+		errs = append(errs, err)
+	}
+
+	return errorsutil.NewAggregate(errs)
+}

cmd/kubeadm/app/cmd/phases/upgrade/apply/controlplane.go

@@ -0,0 +1,74 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package apply implements phases of 'kubeadm upgrade apply'.
+package apply
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/pkg/errors"
+
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
+	"k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade"
+	"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
+)
+
+// NewControlPlanePhase returns a new control-plane phase.
+func NewControlPlanePhase() workflow.Phase {
+	phase := workflow.Phase{
+		Name:  "control-plane",
+		Short: "Upgrade the control plane",
+		Run:   runControlPlane,
+		InheritFlags: []string{
+			options.CfgPath,
+			options.KubeconfigPath,
+			options.DryRun,
+			options.CertificateRenewal,
+			options.EtcdUpgrade,
+			options.Patches,
+		},
+	}
+	return phase
+}
+
+func runControlPlane(c workflow.RunData) error {
+	data, ok := c.(Data)
+	if !ok {
+		return errors.New("control-plane phase invoked with an invalid data struct")
+	}
+
+	initCfg, upgradeCfg, client, patchesDir := data.InitCfg(), data.Cfg(), data.Client(), data.PatchesDir()
+
+	if data.DryRun() {
+		fmt.Printf("[dryrun] Would upgrade your static Pod-hosted control plane to version %q", initCfg.KubernetesVersion)
+		return upgrade.DryRunStaticPodUpgrade(patchesDir, initCfg)
+	}
+
+	fmt.Printf("[upgrade/control-plane] Upgrading your static Pod-hosted control plane to version %q (timeout: %v)...\n",
+		initCfg.KubernetesVersion, upgradeCfg.Timeouts.UpgradeManifests.Duration)
+
+	waiter := apiclient.NewKubeWaiter(client, upgradeCfg.Timeouts.UpgradeManifests.Duration, os.Stdout)
+	if err := upgrade.PerformStaticPodUpgrade(client, waiter, initCfg, data.EtcdUpgrade(), data.RenewCerts(), patchesDir); err != nil {
+		return errors.Wrap(err, "couldn't complete the static pod upgrade")
+	}
+
+	fmt.Println("[upgrade/control-plane] The control plane instance for this node was successfully upgraded!")
+
+	return nil
+}

cmd/kubeadm/app/cmd/phases/upgrade/apply/data.go

@@ -0,0 +1,45 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package apply implements phases of 'kubeadm upgrade apply'.
+package apply
+
+import (
+	"io"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+	clientset "k8s.io/client-go/kubernetes"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+)
+
+// Data is the interface to use for kubeadm upgrade apply phases.
+// The "applyData" type from "cmd/upgrade/apply.go" must satisfy this interface.
+type Data interface {
+	EtcdUpgrade() bool
+	RenewCerts() bool
+	DryRun() bool
+	Cfg() *kubeadmapi.UpgradeConfiguration
+	InitCfg() *kubeadmapi.InitConfiguration
+	Client() clientset.Interface
+	IgnorePreflightErrors() sets.Set[string]
+	PatchesDir() string
+	OutputWriter() io.Writer
+	SessionIsInteractive() bool
+	AllowExperimentalUpgrades() bool
+	AllowRCUpgrades() bool
+	ForceUpgrade() bool
+}