Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificates copy for join --control-plane #2502

Closed
4 tasks
shekhar-rajak opened this issue Feb 12, 2021 · 8 comments · Fixed by #3150
Closed
4 tasks

Certificates copy for join --control-plane #2502

shekhar-rajak opened this issue Feb 12, 2021 · 8 comments · Fixed by #3150
Labels
kind/feature Categorizes issue or PR as related to a new feature. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status

Comments

@shekhar-rajak
Copy link
Contributor

shekhar-rajak commented Feb 12, 2021
edited by neolit123

parent issue: #2500

Enhancement Description

  • One-line enhancement description (can be used as a release note): Certificates copy for join --control-plane
  • Kubernetes Enhancement Proposal:

https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2502-Certificates-copy-for-join-control-plane

Automatic certificates copy makes easier to create HA clusters with the kubeadm tool using exactly
the same kubeadm init and kubeadm join commands the users are familiar with.

Motivation

As confirmed by the recent kubeadm survey,
support for high availability cluster is one of the most requested features for kubeadm.

A lot of effort was already done in kubeadm for achieving this goal, among them the redesign
of the kubeadm config file and its graduation to beta and the implementation of the
kubeadm join --control-plane workflow (KEP0015),
but the solution currently in place stills requires the manual copy of cluster certificates from
the bootstrap control-plane node to secondary control-plane nodes.

This KEP introduces automatic certificates copy, eliminating the manual operation described
above and completing the kubeadm solution for creating HA clusters.

  • Discussion Link:
  • Primary contact (assignee): @fabriziopandini
  • Responsible SIGs: sig-cluster-lifecycle
  • Enhancement target (which target equals to which milestone):
    • Alpha release target (x.y): 1.14
    • Beta release target (x.y): -
    • Stable release target (x.y): 1.24
  • Alpha
    • KEP (k/enhancements) update PR(s):
    • Code (k/k) update PR(s):
    • Docs (k/website) update PR(s):

Implementation History

  • 22 Jan 2019 - first release of this KEP
  • v1.14 implementation as alpha feature without
    • Extension of the kubeadm config file for allowing usage of pre-generated certificate keys
    • TokenCleaner enforcement
    • E2E tests

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.
@shekhar-rajak
Copy link
Contributor Author

Migrating all the old template keps to new template : #2499

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Feb 12, 2021
@neolit123 neolit123 added kind/feature Categorizes issue or PR as related to a new feature. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. labels Feb 13, 2021
@k8s-ci-robot k8s-ci-robot removed the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Feb 13, 2021
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 9, 2021
@fabriziopandini
Copy link
Member

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 10, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 8, 2021
@fabriziopandini
Copy link
Member

/remove-lifecycle stale

@neolit123 WDYT about graduating this feature?

GA criteria are already met:

  • To create a periodic E2E tests for HA clusters creation
  • To create a periodic E2E tests to ensure upgradability of HA clusters
  • To document the kubeadm support for HA in kubernetes.io

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 10, 2021
@neolit123
Copy link
Member

a formal graduation to GA in 1.23 makes sense.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 9, 2021
@fabriziopandini
Copy link
Member

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 9, 2021
@neolit123 neolit123 mentioned this issue Jan 17, 2022
Merged
@neolit123 neolit123 added the stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status label Jan 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

kubeadm: retroactively update old KEPs neolit123/enhancements
6 participants
@neolit123 @fabriziopandini @k8s-ci-robot @fejta-bot @k8s-triage-robot @shekhar-rajak