Run kubeadm command with specific configuration file

Puppet manifests use the kubeadm command during initializing kubernetes nodes. However, it is not passing the --kubeconfig parameter to this command, so the command will search for the kubeconfig file. Normally it finds this file in /etc/kubernetes/admin.conf, but if a user accidentally (or intentionally) creates a config file at /root/.kube/config, this file can take precedence and cause the kubeadm command to fail. This commit updated the command with /etc/kubernetes/admin.conf as its configuration file explicitly. Change-Id: I2942fa4a275145cc3a1b6c6fdb0f3827a244f1bb Closes-Bug: 1882678 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-06-11 09:44:21 -04:00 · 2020-06-11 09:44:21 -04:00 · 6f23a813a3
commit 6f23a813a3
parent b1d78d1434
3 changed files with 9 additions and 9 deletions
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=101
+TIS_PATCH_VER=102
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@ -215,7 +215,7 @@ class platform::kubernetes::master::init
    $local_registry_auth = "${::platform::dockerdistribution::params::registry_username}:${::platform::dockerdistribution::params::registry_password}" # lint:ignore:140chars

    exec { 'pre pull k8s images':
-      command   => "kubeadm config images list --kubernetes-version ${version}  --image-repository registry.local:9001/k8s.gcr.io | xargs -i crictl pull --creds ${local_registry_auth} {}", # lint:ignore:140chars
+      command   => "kubeadm --kubeconfig=/etc/kubernetes/admin.conf config images list --kubernetes-version ${version}  --image-repository registry.local:9001/k8s.gcr.io | xargs -i crictl pull --creds ${local_registry_auth} {}", # lint:ignore:140chars
      logoutput => true,
    }

@ -323,7 +323,7 @@ class platform::kubernetes::worker::init

    # Get the pause image tag from kubeadm required images
    # list and replace with local registry
-    $get_k8s_pause_img = "kubeadm config images list 2>/dev/null |\
+    $get_k8s_pause_img = "kubeadm --kubeconfig=/etc/kubernetes/admin.conf config images list 2>/dev/null |\
      awk '/^k8s.gcr.io\\/pause:/{print \$1}' | sed 's#k8s.gcr.io#registry.local:9001\\/k8s.gcr.io#'"
    $k8s_pause_img = generate('/bin/sh', '-c', $get_k8s_pause_img)

@ -530,7 +530,7 @@ class platform::kubernetes::pre_pull_control_plane_images
  $local_registry_auth = "${::platform::dockerdistribution::params::registry_username}:${::platform::dockerdistribution::params::registry_password}" # lint:ignore:140chars

  exec { 'pre pull images':
-    command   => "kubeadm config images list --kubernetes-version ${upgrade_to_version} --image-repository=registry.local:9001/k8s.gcr.io | xargs -i crictl pull --creds ${local_registry_auth} {}", # lint:ignore:140chars
+    command   => "kubeadm --kubeconfig=/etc/kubernetes/admin.conf config images list --kubernetes-version ${upgrade_to_version} --image-repository=registry.local:9001/k8s.gcr.io | xargs -i crictl pull --creds ${local_registry_auth} {}", # lint:ignore:140chars
    logoutput => true,
  }
 }
@ -542,7 +542,7 @@ class platform::kubernetes::upgrade_first_control_plane

  # The --allow-*-upgrades options allow us to upgrade to any k8s release if necessary
  exec { 'upgrade first control plane':
-    command   => "kubeadm upgrade apply ${version} --allow-experimental-upgrades --allow-release-candidate-upgrades -y",
+    command   => "kubeadm --kubeconfig=/etc/kubernetes/admin.conf upgrade apply ${version} --allow-experimental-upgrades --allow-release-candidate-upgrades -y", # lint:ignore:140chars
    logoutput => true,
  }

@ -571,7 +571,7 @@ class platform::kubernetes::upgrade_control_plane
  inherits ::platform::kubernetes::params {

  exec { 'upgrade control plane':
-    command   => 'kubeadm upgrade node',
+    command   => 'kubeadm --kubeconfig=/etc/kubernetes/admin.conf upgrade node',
    logoutput => true,
  }
 }
@ -591,7 +591,7 @@ class platform::kubernetes::worker::upgrade_kubelet

  # Get the pause image tag from kubeadm required images
  # list and replace with local registry
-  $get_k8s_pause_img = "kubeadm config images list 2>/dev/null |\
+  $get_k8s_pause_img = "kubeadm --kubeconfig=/etc/kubernetes/admin.conf config images list 2>/dev/null |\
    awk '/^k8s.gcr.io\\/pause:/{print \$1}' | sed 's#k8s.gcr.io#registry.local:9001\\/k8s.gcr.io#'"
  $k8s_pause_img = generate('/bin/sh', '-c', $get_k8s_pause_img)

@ -604,7 +604,7 @@ class platform::kubernetes::worker::upgrade_kubelet
  }

  exec { 'upgrade kubelet':
-    command   => 'kubeadm upgrade node',
+    command   => 'kubeadm --kubeconfig=/etc/kubernetes/admin.conf upgrade node',
    logoutput => true,
  }

--- a/puppet-manifests/src/modules/platform/templates/kube-apiserver-change-params.erb
+++ b/puppet-manifests/src/modules/platform/templates/kube-apiserver-change-params.erb
@ -25,7 +25,7 @@ python /usr/share/puppet/modules/platform/files/change_kube_apiserver_params.py
 <%- end -%>

 kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch configmap kubeadm-config -p "$(cat <%= @configmap_temp_file %>)"
-kubeadm config view > <%= @configmap_temp_file %>
+kubeadm --kubeconfig=/etc/kubernetes/admin.conf config view > <%= @configmap_temp_file %>
 kubeadm init phase control-plane apiserver --config <%= @configmap_temp_file %>
 rm <%= @configmap_temp_file %>
 rm <%= @configview_temp_file %>