-
Notifications
You must be signed in to change notification settings - Fork 715
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
skip image pull for addons that are skipped #2603
Comments
/cc @wangyysde |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
|
Yep, like i said in the OP
Upgrade already does skip if the CMs for the addons are not present. On problem for join i think is that it requires constructing a client to check CMs way too early. The image pull is one of the earliest things in the join phases. That is problematic. |
|
/cc |
sorry for missing your message.
this can work, i guess. technically the same applies to the images for the control plane in static pods.
this can also work and i think i like this option more, because the error will happen in kubeadm and users don't have to "look at kubelet or "kubectl describe" logs". it would be a matter of excluding kube-proxy and coredns from https://github.com/kubernetes/kubernetes/blob/79cef12276522232edb444f4493226466664327a/cmd/kubeadm/app/images/images.go#L90-L111 and adding separate pull checks for control plane proxy and dns. thoughts from others? a partial workaround today is the following:
|
The addons are |
I am +1 on moving the image pulling of the addons to the phases which they belong to, since now that kubeadm has phases innovated, each phase should be idempotent and shouldn't be coupled with each other. I think this is also the reason why I want to move the cleanup to it's phases (kubernetes/kubernetes#110972). |
no, kubeadm does not support external addons. |
as mentioned it would disagree with the preflight purpose, but that's likely the best we can do. arguably 'config images' should continue working with all images. |
so that storing the addon state in ClusterConfiguration as you said should be acceptable, at least we cannot foresee is there any problem with this approach atm. for this issue, storing the addon state in
agree! |
i would like to read a kep if we are touching the cluster config. the exact approach is not clear to me at this stage. |
/assign I or @ruquanzhao will send a google doc for review in next few weeks. |
/assign |
@ruquanzhao thanks for the doc, left some question or comments for you in the doc |
….15 tries to pull the official image incorrectly While kubeadm is buggy (kubernetes/kubernetes#114978) and tries to download the CoreDNS image despite us skipping that addon (kubernetes/kubeadm#2603), we try to use the new official repository already. This fixes `kubeadm join` for new Kubernetes versions and therefore avoids stuck node upgrades.
…s to pull the official image incorrectly While kubeadm is buggy (kubernetes/kubernetes#114978) and tries to download the CoreDNS image despite us skipping that addon (kubernetes/kubeadm#2603), we try to use the new official repository already. This fixes `kubeadm join` for new Kubernetes versions and therefore avoids stuck node upgrades. CAPI propagates this value before attempting the node upgrade.
…s to pull the official image incorrectly While kubeadm is buggy (kubernetes/kubernetes#114978) and tries to download the CoreDNS image despite us skipping that addon (kubernetes/kubeadm#2603), we try to use the new official repository already. This fixes `kubeadm join` for new Kubernetes versions and therefore avoids stuck node upgrades. CAPI propagates this value before attempting the node upgrade.
…s to pull the official image incorrectly (#197) While kubeadm is buggy (kubernetes/kubernetes#114978) and tries to download the CoreDNS image despite us skipping that addon (kubernetes/kubeadm#2603), we try to use the new official repository already. This fixes `kubeadm join` for new Kubernetes versions and therefore avoids stuck node upgrades. CAPI propagates this value before attempting the node upgrade.
/kind api-change |
@ruquanzhao does this still work? I’m using kubeadm v1.30.3 and init doesn’t pull images but join does. Because of that my deployment stuck. Thanks |
this feature is in milestone 1.31, so you may need to use v1.31. |
To make it clear, the feature PR kubernetes/kubernetes#114534 was merged in v1.29 for v1beta4(at that time, kubeadm only enabled v1beta3), but v1beta4 is officially released in v1.31, see https://kubernetes.io/blog/2024/08/23/kubernetes-1-31-kubeadm-v1beta4/ or kubernetes/kubernetes#125029. |
during
init
, if the user passes aInitConfiguration
with skipped addons (e.g.skipPhases: - addon/kube-proxy
) the preflight phase still pulls the addon container image.we can support skipping the image for the addon in
init
, but supporting this is injoin
andupgrade
is a bit complicated because these commands would not know ifinit
skipped the addon. they'd have to look at ConfigMaps in the cluster before making the decision to skip image pull.opening this issue for discussion if this is something that we want to implement and how complicated it would be.
storing the addon state in
ClusterConfiguration
would make sense, but if addons will become external we wouldn't want to add named fields inClusterConfiguration
for addon availability control.current workarounds for users that don't want to download addon image Foo:
--ignore-preflight-errors=ImagePull
forinit
,join
,upgrade
.kubeadm config images pull
to avoid errors (e.g. if there is no connection to gcr.io).The text was updated successfully, but these errors were encountered: