From a4a6878c633c8b0eebd4f893def41bd0d11f5702 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Wed, 30 Mar 2022 12:28:09 +0200 Subject: [PATCH 1/2] Enable the etcd corruption checks for etcd v3.5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- pkg/templates/kubeadm/v1beta3/kubeadm.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/pkg/templates/kubeadm/v1beta3/kubeadm.go b/pkg/templates/kubeadm/v1beta3/kubeadm.go index 32accdfcb..a04c9ca47 100644 --- a/pkg/templates/kubeadm/v1beta3/kubeadm.go +++ b/pkg/templates/kubeadm/v1beta3/kubeadm.go @@ -30,6 +30,7 @@ import ( kubeoneapi "k8c.io/kubeone/pkg/apis/kubeone" "k8c.io/kubeone/pkg/features" "k8c.io/kubeone/pkg/kubeflags" + "k8c.io/kubeone/pkg/semverutil" "k8c.io/kubeone/pkg/state" "k8c.io/kubeone/pkg/templates/kubeadm/kubeadmargs" "k8c.io/kubeone/pkg/templates/resources" @@ -46,6 +47,15 @@ const ( bootstrapTokenTTL = 60 * time.Minute ) +const ( + // greaterOrEqualThan122 defines a version constraint for the Kubernetes 1.22+ clusters + greaterOrEqualThan122 = ">= 1.22.0" +) + +var ( + etcdIntegrityCheckConstraint = semverutil.MustParseConstraint(greaterOrEqualThan122) +) + // NewConfig returns all required configs to init a cluster via a set of v1beta3 configs func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, error) { cluster := s.Cluster @@ -54,6 +64,16 @@ func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, er return nil, errors.Wrapf(err, "failed to parse generate config, wrong kubernetes version %s", cluster.Versions.Kubernetes) } + etcdExtraArgs := map[string]string{} + if etcdIntegrityCheckConstraint.Check(kubeSemVer) { + // This is required because etcd v3.5 (used for Kubernetes 1.22+) + // has an issue with the data integrity. + // See https://groups.google.com/a/kubernetes.io/g/dev/c/B7gJs88XtQc/m/rSgNOzV2BwAJ + // for more details. + etcdExtraArgs["experimental-initial-corrupt-check"] = "true" + etcdExtraArgs["experimental-corrupt-check-time"] = "240m" + } + nodeRegistration := newNodeRegistration(s, host) nodeRegistration.IgnorePreflightErrors = []string{ "DirAvailable--var-lib-etcd", @@ -149,6 +169,7 @@ func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, er ImageRepository: cluster.AssetConfiguration.Etcd.ImageRepository, ImageTag: cluster.AssetConfiguration.Etcd.ImageTag, }, + ExtraArgs: etcdExtraArgs, }, }, DNS: kubeadmv1beta3.DNS{ From 252be6528ccdea97b755709abe6243776874602c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Tue, 5 Apr 2022 16:27:08 +0200 Subject: [PATCH 2/2] Remove dependency on the semverutil package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- pkg/templates/kubeadm/v1beta3/kubeadm.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/templates/kubeadm/v1beta3/kubeadm.go b/pkg/templates/kubeadm/v1beta3/kubeadm.go index a04c9ca47..6ca573dff 100644 --- a/pkg/templates/kubeadm/v1beta3/kubeadm.go +++ b/pkg/templates/kubeadm/v1beta3/kubeadm.go @@ -30,7 +30,6 @@ import ( kubeoneapi "k8c.io/kubeone/pkg/apis/kubeone" "k8c.io/kubeone/pkg/features" "k8c.io/kubeone/pkg/kubeflags" - "k8c.io/kubeone/pkg/semverutil" "k8c.io/kubeone/pkg/state" "k8c.io/kubeone/pkg/templates/kubeadm/kubeadmargs" "k8c.io/kubeone/pkg/templates/resources" @@ -52,12 +51,13 @@ const ( greaterOrEqualThan122 = ">= 1.22.0" ) -var ( - etcdIntegrityCheckConstraint = semverutil.MustParseConstraint(greaterOrEqualThan122) -) - // NewConfig returns all required configs to init a cluster via a set of v1beta3 configs func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, error) { + etcdIntegrityCheckConstraint, err := semver.NewConstraint(greaterOrEqualThan122) + if err != nil { + return nil, err + } + cluster := s.Cluster kubeSemVer, err := semver.NewVersion(cluster.Versions.Kubernetes) if err != nil {