kubeadm: update documentation for 1.30 #45156
Conversation
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
sig/docs
neolit123
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
👷 Deploy Preview for kubernetes-io-vnext-staging processing.
|
neolit123
changed the title
|
/sig cluster-lifecycle |
k8s-ci-robot
added
the
sig/cluster-lifecycle
|
/milestone 1.30 |
neolit123
force-pushed
the
1.30-update-kubeadm-docs
branch
from
c710e61 to
18aa143
Compare
k8s-ci-robot
added
size/S
| @@ -1,7 +1,4 @@ | |||
| --- | |||
| reviewers: | |||
| - luxas | |||
| - jbeda | |||
|
Hey @neolit123 👋 please take a look at Documenting for a release - PR Ready for Review to get your PR ready for review before Tuesday March 12th 2024 18:00 PST. Thank you! |
thanks, i think this is ready for review unless we are missing something else? i don't think we have any FG changes or any other docs in 1.30, do we? |
|
/hold |
k8s-ci-robot
added
the
do-not-merge/hold
neolit123
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
neolit123
force-pushed
the
1.30-update-kubeadm-docs
branch
from
18aa143 to
0622c5e
Compare
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 2380b1a3b3ed38e604fec8572a4702ca3397fa6d
|
|
/assign @tengqm |
|
/assign @sftim |
| @@ -184,6 +182,14 @@ for `kube-apiserver`, `kube-controller-manager`, `kube-scheduler` and `etcd` to | |||
| If the flag is not set, those components run as root. You can change the value of this feature gate before | |||
| you upgrade to a newer version of Kubernetes. | |||
|
|
|||
| `WaitForAllControlPlaneComponents` | |||
There was a problem hiding this comment.
When does this wait starts and ends?
Why should I care about this gate?
There was a problem hiding this comment.
When does this wait starts and ends?
NewWaitControlPlanePhase is a hidden phase that runs after the control-plane and etcd phases. It is a phase in kubeadm init and kubeadm join for a control-plane node.
It is after etcd&control-plane and before upload-config.
In kubeadm init, this hidden phase is after NewEtcdPhase and NewControlPlanePhase.
- before this FG, we only wait for API server ready.
- with this FG enabled, we will wait for all control-plane components including KCM and Scheduler.
https://github.com/kubernetes/kubernetes/blob/87412809b7df44da06c5fa54f8b29d37012693af/cmd/kubeadm/app/cmd/init.go#L156-L158
In kubeadm join, it is the last phase after general control-plane joins(in the joining, etcd is ready and node is marked as control-plane and )
https://github.com/kubernetes/kubernetes/blob/87412809b7df44da06c5fa54f8b29d37012693af/cmd/kubeadm/app/cmd/join.go#L222-L224
Why should I care about this gate?
We add the FG to keep the old behavior without enabling it. In v1.30, it will be tested in alpha level. Later we will shift to beta and GA.
If users want to wait for all components to be ready before init/join control-plan exits, they can enable their FG now.
kubernetes/kubeadm#2907 is a use case.
There was a problem hiding this comment.
this explains it well, @pacoxu thanks.
i personally think the level of detail in the pr diff is enough for the users, but happy to amend something.
There was a problem hiding this comment.
adding the sentence:
The wait process starts right after the kubelet on the host is started by kubeadm
|
@neolit123 this PR is held, you mentioned “for review“. When would it be OK to unhold it? (we always review PRs before merge) |
| : With this feature gate enabled kubeadm will wait for all control plane components (kube-apiserver, | ||
| kube-controller-manager, kube-scheduler) on a control plane node to report status 200 on their `/healthz` | ||
| endpoints. These checks are performed on `https://127.0.0.1:PORT/healthz`, where `PORT` is taken from | ||
| `--secure-port` of a component. If you specify custom `--secure-port` values in the kubeadm configuration | ||
| they will be respected. Without the feature gate enabled, kubeadm will only wait for the kube-apiserver | ||
| on a control plane node to become ready. |
There was a problem hiding this comment.
It's quite declarative / descriptive and there is room to make it more informative.
This text doesn't give the reader a clue about whether we advise them to run with it enabled or disabled (which is different from what the default setting is). Readers also don't get to learn under what circumstances they should think about turning it back off.
There was a problem hiding this comment.
adding the sentence
You are advised to enable this feature gate in case you wish to observe a ready
state from all control plane components during thekubeadm initorkubeadm joincommand execution.
There was a problem hiding this comment.
This text doesn't give the reader a clue about whether we advise them to run with it enabled or disabled (which is different from what the default setting is). Readers also don't get to learn under what circumstances they should think about turning it back off.
i think this is a detail missing in most documented core k8s feature gates.
- Add feature gate WaitForAllControlPlaneComponents
neolit123
force-pushed
the
1.30-update-kubeadm-docs
branch
from
0622c5e to
c9618c7
Compare
k8s-ci-robot
removed
the
lgtm
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 363584cf922b32ce429acf1263a28603e46afaeb
|
|
Thank you for adding the explanation, it will help users |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: reylejano, SataQiu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/milestone 1.30 |
Add feature gate WaitForAllControlPlaneComponents
graduate WaitForAllControlPlaneComponents to GA kubeadm#2907
kubeadm: introduce the WaitForAllControlPlaneComponents feature gate kubernetes#123341
https://testgrid.k8s.io/sig-cluster-lifecycle-kubeadm#kubeadm-kinder-wait-for-all-control-plane-components-latest