zouy414
diff --git a/‎cmd/kubeadm/app/apis/kubeadm/BUILD‎
Lines changed: 2 additions & 0 deletions b/‎cmd/kubeadm/app/apis/kubeadm/BUILD‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎cmd/kubeadm/app/apis/kubeadm/apiendpoint.go‎
Lines changed: 44 additions & 0 deletions b/‎cmd/kubeadm/app/apis/kubeadm/apiendpoint.go‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎cmd/kubeadm/app/apis/kubeadm/apiendpoint_test.go‎
Lines changed: 50 additions & 0 deletions b/‎cmd/kubeadm/app/apis/kubeadm/apiendpoint_test.go‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎cmd/kubeadm/app/constants/BUILD‎
Lines changed: 1 addition & 0 deletions b/‎cmd/kubeadm/app/constants/BUILD‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cmd/kubeadm/app/constants/constants.go‎
Lines changed: 20 additions & 0 deletions b/‎cmd/kubeadm/app/constants/constants.go‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎cmd/kubeadm/app/phases/controlplane/manifests.go‎
Lines changed: 4 additions & 3 deletions b/‎cmd/kubeadm/app/phases/controlplane/manifests.go‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎cmd/kubeadm/app/phases/etcd/local.go‎
Lines changed: 16 additions & 11 deletions b/‎cmd/kubeadm/app/phases/etcd/local.go‎
Lines changed: 16 additions & 11 deletions
diff --git a/‎cmd/kubeadm/app/util/config/BUILD‎
Lines changed: 8 additions & 2 deletions b/‎cmd/kubeadm/app/util/config/BUILD‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎cmd/kubeadm/app/util/config/cluster.go‎
Lines changed: 75 additions & 13 deletions b/‎cmd/kubeadm/app/util/config/cluster.go‎
Lines changed: 75 additions & 13 deletions
@@ -9,6 +9,7 @@ load(
 go_library(
     name = "go_default_library",
     srcs = [
+        "apiendpoint.go",
         "bootstraptokenhelpers.go",
         "bootstraptokenstring.go",
         "doc.go",
@@ -52,6 +53,7 @@ filegroup(
 go_test(
     name = "go_default_test",
     srcs = [
+        "apiendpoint_test.go",
         "bootstraptokenhelpers_test.go",
         "bootstraptokenstring_test.go",
     ],
 
@@ -0,0 +1,44 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kubeadm
+
+import (
+	"net"
+	"strconv"
+
+	"github.com/pkg/errors"
+)
+
+// APIEndpointFromString returns an APIEndpoint struct based on a "host:port" raw string.
+func APIEndpointFromString(apiEndpoint string) (APIEndpoint, error) {
+	apiEndpointHost, apiEndpointPortStr, err := net.SplitHostPort(apiEndpoint)
+	if err != nil {
+		return APIEndpoint{}, errors.Wrapf(err, "invalid advertise address endpoint: %s", apiEndpoint)
+	}
+	apiEndpointPort, err := net.LookupPort("tcp", apiEndpointPortStr)
+	if err != nil {
+		return APIEndpoint{}, errors.Wrapf(err, "invalid advertise address endpoint port: %s", apiEndpointPortStr)
+	}
+	return APIEndpoint{
+		AdvertiseAddress: apiEndpointHost,
+		BindPort:         int32(apiEndpointPort),
+	}, nil
+}
+
+func (endpoint *APIEndpoint) String() string {
+	return net.JoinHostPort(endpoint.AdvertiseAddress, strconv.FormatInt(int64(endpoint.BindPort), 10))
+}
@@ -0,0 +1,50 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kubeadm
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestAPIEndpointFromString(t *testing.T) {
+	var tests = []struct {
+		apiEndpoint      string
+		expectedEndpoint APIEndpoint
+		expectedErr      bool
+	}{
+		{apiEndpoint: "1.2.3.4:1234", expectedEndpoint: APIEndpoint{AdvertiseAddress: "1.2.3.4", BindPort: 1234}},
+		{apiEndpoint: "1.2.3.4:-1", expectedErr: true},
+		{apiEndpoint: "1.2.::1234", expectedErr: true},
+		{apiEndpoint: "1.2.3.4:65536", expectedErr: true},
+		{apiEndpoint: "[::1]:1234", expectedEndpoint: APIEndpoint{AdvertiseAddress: "::1", BindPort: 1234}},
+		{apiEndpoint: "[::1]:-1", expectedErr: true},
+		{apiEndpoint: "[::1]:65536", expectedErr: true},
+		{apiEndpoint: "[::1:1234", expectedErr: true},
+	}
+	for _, rt := range tests {
+		t.Run(rt.apiEndpoint, func(t *testing.T) {
+			apiEndpoint, err := APIEndpointFromString(rt.apiEndpoint)
+			if (err != nil) != rt.expectedErr {
+				t.Errorf("expected error %v, got %v, error: %v", rt.expectedErr, err != nil, err)
+			}
+			if !reflect.DeepEqual(apiEndpoint, rt.expectedEndpoint) {
+				t.Errorf("expected API endpoint: %v; got: %v", rt.expectedEndpoint, apiEndpoint)
+			}
+		})
+	}
+}
@@ -18,6 +18,7 @@ go_library(
         "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/version:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
         "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
         "//vendor/github.com/pkg/errors:go_default_library",
         "//vendor/k8s.io/utils/net:go_default_library",
 
@@ -29,6 +29,7 @@ import (
 	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/version"
+	"k8s.io/apimachinery/pkg/util/wait"
 	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	utilnet "k8s.io/utils/net"
@@ -370,6 +371,16 @@ const (
 	// May be overridden by a flag at startup.
 	KubeControllerManagerPort = 10257
 
+	// EtcdAdvertiseClientUrlsAnnotationKey is the annotation key on every etcd pod, describing the
+	// advertise client URLs
+	EtcdAdvertiseClientUrlsAnnotationKey = "kubeadm.kubernetes.io/etcd.advertise-client-urls"
+	// KubeAPIServerAdvertiseAddressEndpointAnnotationKey is the annotation key on every apiserver pod,
+	// describing the API endpoint (advertise address and bind port of the api server)
+	KubeAPIServerAdvertiseAddressEndpointAnnotationKey = "kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint"
+
+	// ControlPlaneTier is the value used in the tier label to identify control plane components
+	ControlPlaneTier = "control-plane"
+
 	// Mode* constants were copied from pkg/kubeapiserver/authorizer/modes
 	// to avoid kubeadm dependency on the internal module
 	// TODO: share Mode* constants in component config
@@ -432,6 +443,15 @@ var (
 	// KubeadmCertsClusterRoleName sets the name for the ClusterRole that allows
 	// the bootstrap tokens to access the kubeadm-certs Secret during the join of a new control-plane
 	KubeadmCertsClusterRoleName = fmt.Sprintf("kubeadm:%s", KubeadmCertsSecret)
+
+	// StaticPodMirroringDefaultRetry is used a backoff strategy for
+	// waiting for static pods to be mirrored to the apiserver.
+	StaticPodMirroringDefaultRetry = wait.Backoff{
+		Steps:    30,
+		Duration: 1 * time.Second,
+		Factor:   1.0,
+		Jitter:   0.1,
+	}
 )
 
 // EtcdSupportedVersion returns officially supported version of etcd for a specific Kubernetes release
 
@@ -59,7 +59,8 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap
 			LivenessProbe:   staticpodutil.LivenessProbe(staticpodutil.GetAPIServerProbeAddress(endpoint), "/healthz", int(endpoint.BindPort), v1.URISchemeHTTPS),
 			Resources:       staticpodutil.ComponentResources("250m"),
 			Env:             kubeadmutil.GetProxyEnvVars(),
-		}, mounts.GetVolumes(kubeadmconstants.KubeAPIServer)),
+		}, mounts.GetVolumes(kubeadmconstants.KubeAPIServer),
+			map[string]string{kubeadmconstants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey: endpoint.String()}),
 		kubeadmconstants.KubeControllerManager: staticpodutil.ComponentPod(v1.Container{
 			Name:            kubeadmconstants.KubeControllerManager,
 			Image:           images.GetKubernetesImage(kubeadmconstants.KubeControllerManager, cfg),
@@ -69,7 +70,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap
 			LivenessProbe:   staticpodutil.LivenessProbe(staticpodutil.GetControllerManagerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeControllerManagerPort, v1.URISchemeHTTPS),
 			Resources:       staticpodutil.ComponentResources("200m"),
 			Env:             kubeadmutil.GetProxyEnvVars(),
-		}, mounts.GetVolumes(kubeadmconstants.KubeControllerManager)),
+		}, mounts.GetVolumes(kubeadmconstants.KubeControllerManager), nil),
 		kubeadmconstants.KubeScheduler: staticpodutil.ComponentPod(v1.Container{
 			Name:            kubeadmconstants.KubeScheduler,
 			Image:           images.GetKubernetesImage(kubeadmconstants.KubeScheduler, cfg),
@@ -79,7 +80,7 @@ func GetStaticPodSpecs(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmap
 			LivenessProbe:   staticpodutil.LivenessProbe(staticpodutil.GetSchedulerProbeAddress(cfg), "/healthz", kubeadmconstants.KubeSchedulerPort, v1.URISchemeHTTPS),
 			Resources:       staticpodutil.ComponentResources("100m"),
 			Env:             kubeadmutil.GetProxyEnvVars(),
-		}, mounts.GetVolumes(kubeadmconstants.KubeScheduler)),
+		}, mounts.GetVolumes(kubeadmconstants.KubeScheduler), nil),
 	}
 	return staticPodSpecs
 }
 
@@ -181,18 +181,23 @@ func GetEtcdPodSpec(cfg *kubeadmapi.ClusterConfiguration, endpoint *kubeadmapi.A
 	}
 	// probeHostname returns the correct localhost IP address family based on the endpoint AdvertiseAddress
 	probeHostname, probePort, probeScheme := staticpodutil.GetEtcdProbeEndpoint(&cfg.Etcd, utilsnet.IsIPv6String(endpoint.AdvertiseAddress))
-	return staticpodutil.ComponentPod(v1.Container{
-		Name:            kubeadmconstants.Etcd,
-		Command:         getEtcdCommand(cfg, endpoint, nodeName, initialCluster),
-		Image:           images.GetEtcdImage(cfg),
-		ImagePullPolicy: v1.PullIfNotPresent,
-		// Mount the etcd datadir path read-write so etcd can store data in a more persistent manner
-		VolumeMounts: []v1.VolumeMount{
-			staticpodutil.NewVolumeMount(etcdVolumeName, cfg.Etcd.Local.DataDir, false),
-			staticpodutil.NewVolumeMount(certsVolumeName, cfg.CertificatesDir+"/etcd", false),
+	return staticpodutil.ComponentPod(
+		v1.Container{
+			Name:            kubeadmconstants.Etcd,
+			Command:         getEtcdCommand(cfg, endpoint, nodeName, initialCluster),
+			Image:           images.GetEtcdImage(cfg),
+			ImagePullPolicy: v1.PullIfNotPresent,
+			// Mount the etcd datadir path read-write so etcd can store data in a more persistent manner
+			VolumeMounts: []v1.VolumeMount{
+				staticpodutil.NewVolumeMount(etcdVolumeName, cfg.Etcd.Local.DataDir, false),
+				staticpodutil.NewVolumeMount(certsVolumeName, cfg.CertificatesDir+"/etcd", false),
+			},
+			LivenessProbe: staticpodutil.LivenessProbe(probeHostname, "/health", probePort, probeScheme),
 		},
-		LivenessProbe: staticpodutil.LivenessProbe(probeHostname, "/health", probePort, probeScheme),
-	}, etcdMounts)
+		etcdMounts,
+		// etcd will listen on the advertise address of the API server, in a different port (2379)
+		map[string]string{kubeadmconstants.EtcdAdvertiseClientUrlsAnnotationKey: etcdutil.GetClientURL(endpoint)},
+	)
 }
 
 // getEtcdCommand builds the right etcd command from the given config object
 
@@ -31,8 +31,10 @@ go_library(
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/version:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
         "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
         "//staging/src/k8s.io/client-go/tools/clientcmd:go_default_library",
         "//staging/src/k8s.io/client-go/util/cert:go_default_library",
@@ -60,14 +62,18 @@ go_test(
         "//cmd/kubeadm/app/componentconfigs:go_default_library",
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/util:go_default_library",
-        "//cmd/kubeadm/app/util/apiclient:go_default_library",
+        "//cmd/kubeadm/test/resources:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/version:go_default_library",
-        "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
         "//staging/src/k8s.io/client-go/kubernetes/fake:go_default_library",
+        "//staging/src/k8s.io/client-go/testing:go_default_library",
         "//vendor/github.com/lithammer/dedent:go_default_library",
+        "//vendor/github.com/pkg/errors:go_default_library",
         "//vendor/github.com/pmezard/go-difflib/difflib:go_default_library",
         "//vendor/sigs.k8s.io/yaml:go_default_library",
     ],
 
@@ -29,6 +29,8 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	errorsutil "k8s.io/apimachinery/pkg/util/errors"
+	"k8s.io/apimachinery/pkg/util/wait"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
 	certutil "k8s.io/client-go/util/cert"
@@ -90,8 +92,8 @@ func getInitConfigurationFromCluster(kubeconfigDir string, client clientset.Inte
 		if err := getNodeRegistration(kubeconfigDir, client, &initcfg.NodeRegistration); err != nil {
 			return nil, errors.Wrap(err, "failed to get node registration")
 		}
-		// gets the APIEndpoint for the current node from then ClusterStatus in the kubeadm-config ConfigMap
-		if err := getAPIEndpoint(configMap.Data, initcfg.NodeRegistration.Name, &initcfg.LocalAPIEndpoint); err != nil {
+		// gets the APIEndpoint for the current node
+		if err := getAPIEndpoint(client, initcfg.NodeRegistration.Name, &initcfg.LocalAPIEndpoint); err != nil {
 			return nil, errors.Wrap(err, "failed to getAPIEndpoint")
 		}
 	} else {
@@ -181,23 +183,83 @@ func getNodeNameFromKubeletConfig(kubeconfigDir string) (string, error) {
 	return strings.TrimPrefix(cert.Subject.CommonName, constants.NodesUserPrefix), nil
 }
 
-// getAPIEndpoint returns the APIEndpoint for the current node
-func getAPIEndpoint(data map[string]string, nodeName string, apiEndpoint *kubeadmapi.APIEndpoint) error {
-	// gets the ClusterStatus from kubeadm-config
-	clusterStatus, err := UnmarshalClusterStatus(data)
+func getAPIEndpoint(client clientset.Interface, nodeName string, apiEndpoint *kubeadmapi.APIEndpoint) error {
+	return getAPIEndpointWithBackoff(client, nodeName, apiEndpoint, constants.StaticPodMirroringDefaultRetry)
+}
+
+func getAPIEndpointWithBackoff(client clientset.Interface, nodeName string, apiEndpoint *kubeadmapi.APIEndpoint, backoff wait.Backoff) error {
+	var err error
+	var errs []error
+
+	if err = getAPIEndpointFromPodAnnotation(client, nodeName, apiEndpoint, backoff); err == nil {
+		return nil
+	}
+	errs = append(errs, errors.WithMessagef(err, "could not retrieve API endpoints for node %q using pod annotations", nodeName))
+
+	// NB: this is a fallback when there is no annotation found in the API server pod that contains
+	//     the API endpoint, and so we fallback to reading the ClusterStatus struct present in the
+	//     kubeadm-config ConfigMap. This can happen for example, when performing the first
+	//     `kubeadm upgrade apply` and `kubeadm upgrade node` cycle on the whole cluster. This logic
+	//     will be removed when the cluster status struct is removed from the kubeadm-config ConfigMap.
+	if err = getAPIEndpointFromClusterStatus(client, nodeName, apiEndpoint); err == nil {
+		return nil
+	}
+	errs = append(errs, errors.WithMessagef(err, "could not retrieve API endpoints for node %q using cluster status", nodeName))
+
+	return errorsutil.NewAggregate(errs)
+}
+
+func getAPIEndpointFromPodAnnotation(client clientset.Interface, nodeName string, apiEndpoint *kubeadmapi.APIEndpoint, backoff wait.Backoff) error {
+	var rawAPIEndpoint string
+	var lastErr error
+	// Let's tolerate some unexpected transient failures from the API server or load balancers. Also, if
+	// static pods were not yet mirrored into the API server we want to wait for this propagation.
+	err := wait.ExponentialBackoff(backoff, func() (bool, error) {
+		rawAPIEndpoint, lastErr = getRawAPIEndpointFromPodAnnotationWithoutRetry(client, nodeName)
+		return lastErr == nil, nil
+	})
 	if err != nil {
 		return err
 	}
+	parsedAPIEndpoint, err := kubeadmapi.APIEndpointFromString(rawAPIEndpoint)
+	if err != nil {
+		return errors.Wrapf(err, "could not parse API endpoint for node %q", nodeName)
+	}
+	*apiEndpoint = parsedAPIEndpoint
+	return nil
+}
 
-	// gets the APIEndpoint for the current machine from the ClusterStatus
-	e, ok := clusterStatus.APIEndpoints[nodeName]
-	if !ok {
-		return errors.New("failed to get APIEndpoint information for this node")
+func getRawAPIEndpointFromPodAnnotationWithoutRetry(client clientset.Interface, nodeName string) (string, error) {
+	podList, err := client.CoreV1().Pods(metav1.NamespaceSystem).List(
+		context.TODO(),
+		metav1.ListOptions{
+			FieldSelector: fmt.Sprintf("spec.nodeName=%s", nodeName),
+			LabelSelector: fmt.Sprintf("component=%s,tier=%s", constants.KubeAPIServer, constants.ControlPlaneTier),
+		},
+	)
+	if err != nil {
+		return "", errors.Wrap(err, "could not retrieve list of pods to determine api server endpoints")
+	}
+	if len(podList.Items) != 1 {
+		return "", errors.Errorf("API server pod for node name %q has %d entries, only one was expected", nodeName, len(podList.Items))
+	}
+	if apiServerEndpoint, ok := podList.Items[0].Annotations[constants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey]; ok {
+		return apiServerEndpoint, nil
 	}
+	return "", errors.Errorf("API server pod for node name %q hasn't got a %q annotation, cannot retrieve API endpoint", nodeName, constants.KubeAPIServerAdvertiseAddressEndpointAnnotationKey)
+}
 
-	apiEndpoint.AdvertiseAddress = e.AdvertiseAddress
-	apiEndpoint.BindPort = e.BindPort
-	return nil
+// TODO: remove after 1.20, when the ClusterStatus struct is removed from the kubeadm-config ConfigMap.
+func getAPIEndpointFromClusterStatus(client clientset.Interface, nodeName string, apiEndpoint *kubeadmapi.APIEndpoint) error {
+	clusterStatus, err := GetClusterStatus(client)
+	if err != nil {
+		return errors.Wrap(err, "could not retrieve cluster status")
+	}
+	if statusAPIEndpoint, ok := clusterStatus.APIEndpoints[nodeName]; ok {
+		*apiEndpoint = statusAPIEndpoint
+		return nil
+	}
+	return errors.Errorf("could not find node %s in the cluster status", nodeName)
 }
 
 // GetClusterStatus returns the kubeadm cluster status read from the kubeadm-config ConfigMap