feat: support setting kubeadm ignorePreflightErrors #1097
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dkoshkin
force-pushed
the
dkoshkin/feat-nodeRegistration
branch
2 times, most recently
from
fda72a5 to
389ca11
Compare
dkoshkin
force-pushed
the
dkoshkin/feat-nodeRegistration
branch
from
389ca11 to
60207a2
Compare
dkoshkin
changed the title
faiq
reviewed
Apr 4, 2025
Set default ignorePreflightErrors: ["SystemVerification"]
dlipovetsky
reviewed
Apr 9, 2025
jimmidyson
reviewed
Apr 9, 2025
dkoshkin
force-pushed
the
dkoshkin/feat-nodeRegistration
branch
from
26509f1 to
45a9cc2
Compare
dkoshkin
force-pushed
the
dkoshkin/feat-nodeRegistration
branch
from
baebaad to
136090b
Compare
jimmidyson
approved these changes
Apr 10, 2025
Merged
faiq
pushed a commit
that referenced
this pull request
Apr 10, 2025
🤖 I have created a release *beep* *boop* --- ## 0.28.0 (2025-04-10) <!-- Release notes generated using configuration in .github/release.yaml at main --> ## What's Changed ### Exciting New Features 🎉 * feat: Update all addon versions by @jimmidyson in #1054 * feat: go 1.24.1 and update all other tools by @jimmidyson in #1066 * feat: bumped frr-routing to 9.1.3 by @ArvinderPal09 in #1067 * feat: properly support kube-vip upgrades by @dkoshkin in #1062 * feat: update addons by @dkoshkin in #1072 * feat: enable Cilium's hubble relay mTLS by @dkoshkin in #1086 * feat: adds image tempalting for capx by @faiq in #1096 * feat: support setting kubeadm ignorePreflightErrors by @dkoshkin in #1097 * feat: go 1.24.2 to fix CVE by @jimmidyson in #1100 * feat: update Calico to v3.29.3 by @dkoshkin in #1101 ### Fixes 🔧 * fix: correctly handle multiple registries with the same Host by @dkoshkin in #1063 * fix: Tolerate all NoSchedule taints for NFD and CSI deployments by @jimmidyson in #1074 * fix: Retain existing join and init kubeadm config when adding taints by @jimmidyson in #1073 ### Other Changes * build: Update k8s versions for tests by @jimmidyson in #1052 * docs: updates cilium doc with link to its default spec by @manoj-nutanix in #1036 * ci: Replace deprecated blackduck scan action by @jimmidyson in #1070 * build: Update k8s.io/{kubelet,utils} deps by @jimmidyson in #1078 * revert: "build: Update k8s.io/{kubelet,utils} deps" by @jimmidyson in #1080 * ci: Enable dependabot for hack/tools module by @jimmidyson in #1082 * build: Update k8s.io/kubelet dep by @jimmidyson in #1081 * ci: Use Kubernetes minor in e2e check name by @jimmidyson in #1090 ## New Contributors * @ArvinderPal09 made their first contribution in #1067 **Full Changelog**: v0.27.1...v0.28.0 --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Dimitri Koshkin <[email protected]>
dkoshkin
added a commit
that referenced
this pull request
Apr 14, 2025
…#1104) **What problem does this PR solve?**: When adding #1097, we effectively enabled this handler by default through API defaults. I wrongly assumed that the worker and control-plane handlers were behind a new version of the handlers registration. And because its not, this caused a rollout of all Machines when CAREN is upgraded on the management cluster. This PR puts the worker and control-plane handlers behind a new version of the hooks and does not include the new `noderegistration` handler in the older version of the hooks. **Which issue(s) this PR fixes**: Fixes # **How Has This Been Tested?**: <!-- Please describe the tests that you ran to verify your changes. Provide output from the tests and any manual steps needed to replicate the tests. --> Tested locally by upgrading the handler version and observing that Machines were NOT rolled out. We will need some strategy to test this in an e2e test, or possibly think of a different approach for this, e.g. running multiple versions of the controller instead of embedding it in a single handler. **Special notes for your reviewer**: <!-- Use this to provide any additional information to the reviewers. This may include: - Best way to review the PR. - Where the author wants the most review attention on. - etc. -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?:
Exposes CAPI's API to configure kubeadm.
This enables working around kubernetes/kubernetes#129462 or ignoring any other kubeadm preflight check.
I intentionally added it as this to mimic CAPIs APIs under a single handler so that we can expose additional configuration in the future.
Which issue(s) this PR fixes:
Fixes #
How Has This Been Tested?:
Tested with a Docker cluster and verified the generated templates.
Also unit tests.
Special notes for your reviewer:
Eventhough in CAPI's API
taintsare also part ofnodeRegistration, there is more nuance there that deserves its own handler. KeepingtaintsandnodeRegistrationalso allows to change the implementation of taints in the future to a controller based approach that doesn't require a rollout of new Machines.