Skip to content

[GEP-28] Bootstrap kubelet and make gardenadm init idempotent #11749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Mar 28, 2025
Merged

[GEP-28] Bootstrap kubelet and make gardenadm init idempotent #11749

merged 11 commits into from
Mar 28, 2025

Conversation

rfranzke
Copy link
Member

@rfranzke rfranzke commented Mar 26, 2025
edited
Loading

How to categorize this PR?

/area ipcei
/kind enhancement

What this PR does / why we need it:
This PR is the next increment for gardenadm init. It bootstraps the kubelet and makes the gardenadm init invocations idempotent (under the assumption that the initial control plane deployment worked - otherwise, you have to start from scratch).

Which issue(s) this PR fixes:
Part of #2906

Special notes for your reviewer:
Still in draft since it's based on #11701 which must be merged first.

/cc @ScheererJ

Release note:

NONE

@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 26, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@gardener-prow gardener-prow bot requested a review from ScheererJ March 26, 2025 10:54
@gardener-prow gardener-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. area/ipcei IPCEI (Important Project of Common European Interest) kind/enhancement Enhancement, improvement, extension cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels Mar 26, 2025
@rfranzke rfranzke mentioned this pull request Mar 26, 2025
Open
@gardener-prow gardener-prow bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Mar 26, 2025
@ScheererJ
Copy link
Member

/assign

@gardener-prow gardener-prow bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 26, 2025
ScheererJ
ScheererJ reviewed Mar 27, 2025
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the next big step towards working autonomous shoot clusters.

I found a few potential options for improvement.

@rfranzke rfranzke marked this pull request as ready for review March 27, 2025 13:38
@gardener-prow gardener-prow bot removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Mar 27, 2025
@rfranzke rfranzke requested a review from ScheererJ March 27, 2025 13:38
ScheererJ
ScheererJ approved these changes Mar 27, 2025
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes. Looks good apart from the unit tests.

/lgtm
/approve

@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 27, 2025
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 27, 2025

LGTM label has been added.

Git tree hash: 8d4df7fa448bd226c7a4a7a7fe6f5ab3c21cfb22

@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 27, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ScheererJ

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 27, 2025
rfranzke and others added 8 commits March 28, 2025 09:55
@rfranzke @ScheererJ
Do not duplicate extra API addresses into KAPI server cert SANs
7bc64d2 
The `ExtraIPAddresses` are already appended in L169

Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
Bootstrap kubelet
2c0499d 
- create client for cluster using admin kubeconfig
- create and write real bootstrap token
- create RBAC resources for TLS bootstrapping
- restart kubelet to pick up token and bootstrap

Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
Make gardenadm init idempotent
2a024fb 
- if kubernetes control plane has already been deployed, just use the
  kubeconfig, create a clientset, and continue from there
- import secrets from fake client into real cluster to prevent
  regeneration on new `gardenadm init` invocations

Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
Approve kubelet server CSR
dcc1465 
Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
etcd probe uses localhost
a2f54e9 
This gets relevant when the kubelet registers the node and creates
mirror pods for the static pods. It seems to use the node IP to connect
to the pods, however, etcd only binds to the loopback device.

Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
Prevent listing MachineDeployments when initializing Botanist
d4a7210 
Otherwise, we had to create the CRDs before we create the botanist
object.

Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
Drop all unrelated metadata when translating pods
6720173 
For example, finalizers/resourceVersion/... is not needed and should not
be considered when translating to a static pod manifest.

Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
Reconcile CRDs and Cluster resource
4ab1e5f 
Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
rfranzke and others added 3 commits March 28, 2025 09:55
@rfranzke @ScheererJ
Augment e2e test
a1bc70a 
Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke @ScheererJ
Fix port-forwarder
337ee76 
It was always using a free port, even if a local port was explicitly
specified.

Co-Authored-By: Johannes Scheerer <johannes.scheerer@sap.com>
@rfranzke
Address PR review feedback
a29f5ad
@gardener-prow gardener-prow bot removed the lgtm Indicates that a PR is ready to be merged. label Mar 28, 2025
@gardener-prow gardener-prow bot requested a review from ScheererJ March 28, 2025 08:55
@ScheererJ
Copy link
Member

/lgtm

@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 28, 2025
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Mar 28, 2025

LGTM label has been added.

Git tree hash: 1b2df350bd3166557d5764aa393ed5fdabed5263

@gardener-prow gardener-prow bot added cla: no Indicates the PR's author has not signed the cla-assistant.io CLA. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. and removed cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. cla: no Indicates the PR's author has not signed the cla-assistant.io CLA. labels Mar 28, 2025
@gardener-prow gardener-prow bot merged commit 9c10dab into gardener:master Mar 28, 2025
19 checks passed
@rfranzke rfranzke deleted the gep28/kubelet branch March 28, 2025 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScheererJ ScheererJ Awaiting requested review from ScheererJ

Assignees

@ScheererJ ScheererJ

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/ipcei IPCEI (Important Project of Common European Interest) cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/enhancement Enhancement, improvement, extension lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rfranzke @ScheererJ