Bumping k8s dependencies to 1.13

vendor/k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig/BUILD

@@ -13,13 +13,16 @@ go_library(
     deps = [
         "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
         "//cmd/kubeadm/app/apis/kubeadm/scheme:go_default_library",
-        "//cmd/kubeadm/app/apis/kubeadm/v1alpha2:go_default_library",
         "//cmd/kubeadm/app/constants:go_default_library",
-        "//cmd/kubeadm/app/util:go_default_library",
         "//cmd/kubeadm/app/util/apiclient:go_default_library",
-        "//vendor/k8s.io/api/core/v1:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
-        "//vendor/k8s.io/client-go/kubernetes:go_default_library",
+        "//cmd/kubeadm/app/util/config:go_default_library",
+        "//pkg/apis/rbac/v1:go_default_library",
+        "//staging/src/k8s.io/api/core/v1:go_default_library",
+        "//staging/src/k8s.io/api/rbac/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
     ],
 )
 
@@ -43,12 +46,16 @@ go_test(
     deps = [
         "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
         "//cmd/kubeadm/app/apis/kubeadm/scheme:go_default_library",
-        "//cmd/kubeadm/app/apis/kubeadm/v1alpha2:go_default_library",
+        "//cmd/kubeadm/app/apis/kubeadm/v1alpha3:go_default_library",
         "//cmd/kubeadm/app/constants:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-        "//vendor/k8s.io/client-go/kubernetes/fake:go_default_library",
-        "//vendor/k8s.io/client-go/testing:go_default_library",
+        "//cmd/kubeadm/app/util/apiclient:go_default_library",
+        "//cmd/kubeadm/app/util/config:go_default_library",
+        "//staging/src/k8s.io/api/core/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes/fake:go_default_library",
+        "//staging/src/k8s.io/client-go/testing:go_default_library",
     ],
 )

vendor/k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go

@@ -20,43 +20,131 @@ import (
 	"fmt"
 
 	"k8s.io/api/core/v1"
+	rbac "k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	clientset "k8s.io/client-go/kubernetes"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
-	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
 	kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
-	kubeadmapiv1alpha2 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha2"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
-	"k8s.io/kubernetes/cmd/kubeadm/app/util"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
+	configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config"
+	rbachelper "k8s.io/kubernetes/pkg/apis/rbac/v1"
 )
 
-// UploadConfiguration saves the MasterConfiguration used for later reference (when upgrading for instance)
-func UploadConfiguration(cfg *kubeadmapi.MasterConfiguration, client clientset.Interface) error {
+const (
+	// NodesKubeadmConfigClusterRoleName sets the name for the ClusterRole that allows
+	// the bootstrap tokens to access the kubeadm-config ConfigMap during the node bootstrap/discovery
+	// or during upgrade nodes
+	NodesKubeadmConfigClusterRoleName = "kubeadm:nodes-kubeadm-config"
+)
 
-	fmt.Printf("[uploadconfig] storing the configuration used in ConfigMap %q in the %q Namespace\n", kubeadmconstants.MasterConfigurationConfigMap, metav1.NamespaceSystem)
+// UploadConfiguration saves the InitConfiguration used for later reference (when upgrading for instance)
+func UploadConfiguration(cfg *kubeadmapi.InitConfiguration, client clientset.Interface) error {
+	fmt.Printf("[uploadconfig] storing the configuration used in ConfigMap %q in the %q Namespace\n", kubeadmconstants.InitConfigurationConfigMap, metav1.NamespaceSystem)
 
-	// Convert cfg to the external version as that's the only version of the API that can be deserialized later
-	externalcfg := &kubeadmapiv1alpha2.MasterConfiguration{}
-	kubeadmscheme.Scheme.Convert(cfg, externalcfg, nil)
+	// Prepare the ClusterConfiguration for upload
+	// The components store their config in their own ConfigMaps, then reset the .ComponentConfig struct;
+	// We don't want to mutate the cfg itself, so create a copy of it using .DeepCopy of it first
+	clusterConfigurationToUpload := cfg.ClusterConfiguration.DeepCopy()
+	clusterConfigurationToUpload.ComponentConfigs = kubeadmapi.ComponentConfigs{}
 
-	// Removes sensitive info from the data that will be stored in the config map
-	externalcfg.BootstrapTokens = nil
-	// Clear the NodeRegistration object.
-	externalcfg.NodeRegistration = kubeadmapiv1alpha2.NodeRegistrationOptions{}
-
-	cfgYaml, err := util.MarshalToYamlForCodecs(externalcfg, kubeadmapiv1alpha2.SchemeGroupVersion, scheme.Codecs)
+	// Marshal the ClusterConfiguration into YAML
+	clusterConfigurationYaml, err := configutil.MarshalKubeadmConfigObject(clusterConfigurationToUpload)
 	if err != nil {
 		return err
 	}
 
-	return apiclient.CreateOrUpdateConfigMap(client, &v1.ConfigMap{
+	// Prepare the ClusterStatus for upload
+	// Gets the current cluster status
+	// TODO: use configmap locks on this object on the get before the update.
+	clusterStatus, err := getClusterStatus(client)
+	if err != nil {
+		return err
+	}
+
+	// Updates the ClusterStatus with the current control plane instance
+	if clusterStatus.APIEndpoints == nil {
+		clusterStatus.APIEndpoints = map[string]kubeadmapi.APIEndpoint{}
+	}
+	clusterStatus.APIEndpoints[cfg.NodeRegistration.Name] = cfg.APIEndpoint
+
+	// Marshal the ClusterStatus back into into YAML
+	clusterStatusYaml, err := configutil.MarshalKubeadmConfigObject(clusterStatus)
+	if err != nil {
+		return err
+	}
+
+	err = apiclient.CreateOrUpdateConfigMap(client, &v1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      kubeadmconstants.MasterConfigurationConfigMap,
+			Name:      kubeadmconstants.InitConfigurationConfigMap,
 			Namespace: metav1.NamespaceSystem,
 		},
 		Data: map[string]string{
-			kubeadmconstants.MasterConfigurationConfigMapKey: string(cfgYaml),
+			kubeadmconstants.ClusterConfigurationConfigMapKey: string(clusterConfigurationYaml),
+			kubeadmconstants.ClusterStatusConfigMapKey:        string(clusterStatusYaml),
+		},
+	})
+	if err != nil {
+		return err
+	}
+
+	// Ensure that the NodesKubeadmConfigClusterRoleName exists
+	err = apiclient.CreateOrUpdateRole(client, &rbac.Role{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      NodesKubeadmConfigClusterRoleName,
+			Namespace: metav1.NamespaceSystem,
+		},
+		Rules: []rbac.PolicyRule{
+			rbachelper.NewRule("get").Groups("").Resources("configmaps").Names(kubeadmconstants.InitConfigurationConfigMap).RuleOrDie(),
+		},
+	})
+	if err != nil {
+		return err
+	}
+
+	// Binds the NodesKubeadmConfigClusterRoleName to all the bootstrap tokens
+	// that are members of the system:bootstrappers:kubeadm:default-node-token group
+	// and to all nodes
+	return apiclient.CreateOrUpdateRoleBinding(client, &rbac.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      NodesKubeadmConfigClusterRoleName,
+			Namespace: metav1.NamespaceSystem,
+		},
+		RoleRef: rbac.RoleRef{
+			APIGroup: rbac.GroupName,
+			Kind:     "Role",
+			Name:     NodesKubeadmConfigClusterRoleName,
+		},
+		Subjects: []rbac.Subject{
+			{
+				Kind: rbac.GroupKind,
+				Name: kubeadmconstants.NodeBootstrapTokenAuthGroup,
+			},
+			{
+				Kind: rbac.GroupKind,
+				Name: kubeadmconstants.NodesGroup,
+			},
 		},
 	})
 }
+
+func getClusterStatus(client clientset.Interface) (*kubeadmapi.ClusterStatus, error) {
+	obj := &kubeadmapi.ClusterStatus{}
+
+	// Read the ConfigMap from the cluster
+	configMap, err := client.CoreV1().ConfigMaps(metav1.NamespaceSystem).Get(kubeadmconstants.InitConfigurationConfigMap, metav1.GetOptions{})
+	if apierrors.IsNotFound(err) {
+		return obj, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// Decode the file content  using the componentconfig Codecs that knows about all APIs
+	if err := runtime.DecodeInto(kubeadmscheme.Codecs.UniversalDecoder(), []byte(configMap.Data[kubeadmconstants.ClusterStatusConfigMapKey]), obj); err != nil {
+		return nil, err
+	}
+	return obj, nil
+}

vendor/k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go

@@ -17,17 +17,22 @@ limitations under the License.
 package uploadconfig
 
 import (
+	"reflect"
 	"testing"
 
+	"k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	clientset "k8s.io/client-go/kubernetes"
 	clientsetfake "k8s.io/client-go/kubernetes/fake"
 	core "k8s.io/client-go/testing"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
-	kubeadmapiv1alpha2 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha2"
+	kubeadmapiv1alpha3 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
+	"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
+	configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config"
 )
 
 func TestUploadConfiguration(t *testing.T) {
@@ -61,22 +66,38 @@ func TestUploadConfiguration(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			cfg := &kubeadmapi.MasterConfiguration{
-				KubernetesVersion: "v1.10.3",
-				BootstrapTokens: []kubeadmapi.BootstrapToken{
+		t.Run(tt.name, func(t2 *testing.T) {
+			initialcfg := &kubeadmapiv1alpha3.InitConfiguration{
+				APIEndpoint: kubeadmapiv1alpha3.APIEndpoint{
+					AdvertiseAddress: "1.2.3.4",
+				},
+				ClusterConfiguration: kubeadmapiv1alpha3.ClusterConfiguration{
+					KubernetesVersion: "v1.11.10",
+				},
+				BootstrapTokens: []kubeadmapiv1alpha3.BootstrapToken{
 					{
-						Token: &kubeadmapi.BootstrapTokenString{
+						Token: &kubeadmapiv1alpha3.BootstrapTokenString{
 							ID:     "abcdef",
 							Secret: "abcdef0123456789",
 						},
 					},
 				},
-				NodeRegistration: kubeadmapi.NodeRegistrationOptions{
+				NodeRegistration: kubeadmapiv1alpha3.NodeRegistrationOptions{
 					Name:      "node-foo",
 					CRISocket: "/var/run/custom-cri.sock",
 				},
 			}
+			cfg, err := configutil.ConfigFileAndDefaultsToInternalConfig("", initialcfg)
+			if err != nil {
+				t2.Fatalf("UploadConfiguration() error = %v", err)
+			}
+
+			status := &kubeadmapi.ClusterStatus{
+				APIEndpoints: map[string]kubeadmapi.APIEndpoint{
+					"node-foo": cfg.APIEndpoint,
+				},
+			}
+
 			client := clientsetfake.NewSimpleClientset()
 			if tt.errOnCreate != nil {
 				client.PrependReactor("create", "configmaps", func(action core.Action) (bool, runtime.Object, error) {
@@ -85,7 +106,7 @@ func TestUploadConfiguration(t *testing.T) {
 			}
 			// For idempotent test, we check the result of the second call.
 			if err := UploadConfiguration(cfg, client); !tt.updateExisting && (err != nil) != tt.errExpected {
-				t.Errorf("UploadConfiguration() error = %v, wantErr %v", err, tt.errExpected)
+				t2.Fatalf("UploadConfiguration() error = %v, wantErr %v", err, tt.errExpected)
 			}
 			if tt.updateExisting {
 				if tt.errOnUpdate != nil {
@@ -94,51 +115,101 @@ func TestUploadConfiguration(t *testing.T) {
 					})
 				}
 				if err := UploadConfiguration(cfg, client); (err != nil) != tt.errExpected {
-					t.Errorf("UploadConfiguration() error = %v", err)
+					t2.Fatalf("UploadConfiguration() error = %v", err)
 				}
 			}
 			if tt.verifyResult {
-				masterCfg, err := client.CoreV1().ConfigMaps(metav1.NamespaceSystem).Get(kubeadmconstants.MasterConfigurationConfigMap, metav1.GetOptions{})
+				masterCfg, err := client.CoreV1().ConfigMaps(metav1.NamespaceSystem).Get(kubeadmconstants.InitConfigurationConfigMap, metav1.GetOptions{})
 				if err != nil {
-					t.Errorf("Fail to query ConfigMap error = %v", err)
+					t2.Fatalf("Fail to query ConfigMap error = %v", err)
 				}
-				configData := masterCfg.Data[kubeadmconstants.MasterConfigurationConfigMapKey]
+				configData := masterCfg.Data[kubeadmconstants.ClusterConfigurationConfigMapKey]
 				if configData == "" {
-					t.Errorf("Fail to find ConfigMap key")
+					t2.Fatal("Fail to find ClusterConfigurationConfigMapKey key")
 				}
 
-				decodedExtCfg := &kubeadmapiv1alpha2.MasterConfiguration{}
-				decodedCfg := &kubeadmapi.MasterConfiguration{}
-
-				if err := runtime.DecodeInto(kubeadmscheme.Codecs.UniversalDecoder(), []byte(configData), decodedExtCfg); err != nil {
-					t.Errorf("unable to decode config from bytes: %v", err)
-				}
-				// Default and convert to the internal version
-				kubeadmscheme.Scheme.Default(decodedExtCfg)
-				kubeadmscheme.Scheme.Convert(decodedExtCfg, decodedCfg, nil)
-
-				if decodedCfg.KubernetesVersion != cfg.KubernetesVersion {
-					t.Errorf("Decoded value doesn't match, decoded = %#v, expected = %#v", decodedCfg.KubernetesVersion, cfg.KubernetesVersion)
+				decodedCfg := &kubeadmapi.ClusterConfiguration{}
+				if err := runtime.DecodeInto(kubeadmscheme.Codecs.UniversalDecoder(), []byte(configData), decodedCfg); err != nil {
+					t2.Fatalf("unable to decode config from bytes: %v", err)
 				}
 
-				// If the decoded cfg has a BootstrapTokens array, verify the sensitive information we had isn't still there.
-				if len(decodedCfg.BootstrapTokens) > 0 && decodedCfg.BootstrapTokens[0].Token != nil && decodedCfg.BootstrapTokens[0].Token.String() == cfg.BootstrapTokens[0].Token.String() {
-					t.Errorf("Decoded value contains .BootstrapTokens (sensitive info), decoded = %#v, expected = empty", decodedCfg.BootstrapTokens)
+				if !reflect.DeepEqual(decodedCfg, &cfg.ClusterConfiguration) {
+					t2.Errorf("the initial and decoded ClusterConfiguration didn't match")
 				}
 
-				// Make sure no information from NodeRegistrationOptions was uploaded.
-				if decodedCfg.NodeRegistration.Name == cfg.NodeRegistration.Name || decodedCfg.NodeRegistration.CRISocket != kubeadmapiv1alpha2.DefaultCRISocket {
-					t.Errorf("Decoded value contains .NodeRegistration (node-specific info shouldn't be uploaded), decoded = %#v, expected = empty", decodedCfg.NodeRegistration)
+				statusData := masterCfg.Data[kubeadmconstants.ClusterStatusConfigMapKey]
+				if statusData == "" {
+					t2.Fatal("failed to find ClusterStatusConfigMapKey key")
 				}
 
-				if decodedExtCfg.Kind != "MasterConfiguration" {
-					t.Errorf("Expected kind MasterConfiguration, got %v", decodedExtCfg.Kind)
+				decodedStatus := &kubeadmapi.ClusterStatus{}
+				if err := runtime.DecodeInto(kubeadmscheme.Codecs.UniversalDecoder(), []byte(statusData), decodedStatus); err != nil {
+					t2.Fatalf("unable to decode status from bytes: %v", err)
 				}
 
-				if decodedExtCfg.APIVersion != "kubeadm.k8s.io/v1alpha2" {
-					t.Errorf("Expected apiVersion kubeadm.k8s.io/v1alpha2, got %v", decodedExtCfg.APIVersion)
+				if !reflect.DeepEqual(decodedStatus, status) {
+					t2.Error("the initial and decoded ClusterStatus didn't match")
 				}
 			}
 		})
 	}
 }
+
+func TestGetClusterStatus(t *testing.T) {
+	var tests = []struct {
+		name                     string
+		clusterStatus            *kubeadmapi.ClusterStatus
+		expectedClusterEndpoints int
+	}{
+		{
+			name: "return empty ClusterStatus if cluster kubeadm-config doesn't exist (e.g init)",
+			expectedClusterEndpoints: 0,
+		},
+		{
+			name: "return ClusterStatus if cluster kubeadm-config exist (e.g upgrade)",
+			clusterStatus: &kubeadmapi.ClusterStatus{
+				APIEndpoints: map[string]kubeadmapi.APIEndpoint{
+					"dummy": {AdvertiseAddress: "1.2.3.4", BindPort: 1234},
+				},
+			},
+			expectedClusterEndpoints: 1,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := clientsetfake.NewSimpleClientset()
+
+			if tt.clusterStatus != nil {
+				createConfigMapWithStatus(tt.clusterStatus, client)
+			}
+
+			actual, err := getClusterStatus(client)
+			if err != nil {
+				t.Error("GetClusterStatus returned unexpected error")
+				return
+			}
+			if tt.expectedClusterEndpoints != len(actual.APIEndpoints) {
+				t.Error("actual ClusterStatus doesn't return expected endpoints")
+			}
+		})
+	}
+}
+
+// createConfigMapWithStatus create a ConfigMap with ClusterStatus for TestGetClusterStatus
+func createConfigMapWithStatus(statusToCreate *kubeadmapi.ClusterStatus, client clientset.Interface) error {
+	statusYaml, err := configutil.MarshalKubeadmConfigObject(statusToCreate)
+	if err != nil {
+		return err
+	}
+
+	return apiclient.CreateOrUpdateConfigMap(client, &v1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      kubeadmconstants.InitConfigurationConfigMap,
+			Namespace: metav1.NamespaceSystem,
+		},
+		Data: map[string]string{
+			kubeadmconstants.ClusterStatusConfigMapKey: string(statusYaml),
+		},
+	})
+}