Remove controllerManager from the kubeadm v1beta2 template

[wallrj]

Signed-off-by: Richard Wall [email protected]

Fixes: #7028

[k8s-ci-robot]

Welcome @wallrj!

It looks like this is your first PR to kubernetes/minikube 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/minikube has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @wallrj. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: wallrj
To complete the pull request process, please assign priyawadhwa
You can assign the PR to them by writing /assign @priyawadhwa in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[minikube-bot]

Can one of the admins verify this patch?

[wallrj]

I compiled minikube locally and verified that it fixes #7028

$ ./out/minikube-linux-amd64 -v=10 start --kubernetes-version=v1.18.0-beta.2  --extra-config 'controller-manager.experimental-cluster-signing-duration=120s' --extra-config 'controller-manager.controllers=*'
😄  minikube v1.8.1 on Fedora 31
✨  Using the kvm2 driver based on existing profile
⌛  Reconfiguring existing host ...
🏃  Using the running kvm2 "minikube" VM ...
🐳  Preparing Kubernetes v1.18.0-beta.2 on Docker 19.03.6 ...
    ▪ controller-manager.experimental-cluster-signing-duration=120s
    ▪ controller-manager.controllers=*
🚀  Launching Kubernetes ... 
🌟  Enabling addons: default-storageclass, storage-provisioner
🏄  Done! kubectl is now configured to use "minikube"

❗  /home/richard/.local/bin/kubectl is v1.16.0, which may be incompatible with Kubernetes v1.18.0-beta.2.
💡  You can also use 'minikube kubectl -- get pods' to invoke a matching version

$ kubectl -n kube-system describe pod kube-controller-manager-m01  
Name:                 kube-controller-manager-m01
Namespace:            kube-system
Containers:
  kube-controller-manager:
    Image:         k8s.gcr.io/kube-controller-manager:v1.18.0-beta.2
    Image ID:      docker-pullable://k8s.gcr.io/kube-controller-manager@sha256:9089eb7e3a36895f8d0cc65e802fc65a0b047c4963090c791905d63817852460
    Command:
      kube-controller-manager
      --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
      --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
      --bind-address=127.0.0.1
      --client-ca-file=/var/lib/minikube/certs/ca.crt
      --cluster-name=kubernetes
      --cluster-signing-cert-file=/var/lib/minikube/certs/ca.crt
      --cluster-signing-key-file=/var/lib/minikube/certs/ca.key
      --controllers=*
      --experimental-cluster-signing-duration=120s
      --kubeconfig=/etc/kubernetes/controller-manager.conf
      --leader-elect=true
      --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt
      --root-ca-file=/var/lib/minikube/certs/ca.crt
      --service-account-private-key-file=/var/lib/minikube/certs/sa.key
      --use-service-account-credentials=true

$ less  /tmp/minikube-linux-amd64.drax.richard.log.INFO.20200313-170834.798904
I0313 17:08:48.762781  798904 ssh_runner.go:101] Run: /bin/bash -c "sudo env PATH=/var/lib/minikube/binaries/v1.18.0-beta.2:$PATH kubeadm init phase certs all --config /var/tmp/minikube/kubeadm.yaml"
I0313 17:08:48.909727  798904 ssh_runner.go:267] ! W0313 17:08:48.835119   30778 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
I0313 17:08:48.910220  798904 ssh_runner.go:267] > [certs] Using certificateDir folder "/var/lib/minikube/certs"
I0313 17:08:48.910243  798904 ssh_runner.go:267] > [certs] Using existing ca certificate authority
I0313 17:08:48.911875  798904 ssh_runner.go:267] > [certs] Using existing apiserver certificate and key on disk
I0313 17:08:48.911898  798904 ssh_runner.go:267] > [certs] Using existing apiserver-kubelet-client certificate and key on disk
I0313 17:08:48.911914  798904 ssh_runner.go:267] > [certs] Using existing front-proxy-ca certificate authority
I0313 17:08:48.911930  798904 ssh_runner.go:267] > [certs] Using existing front-proxy-client certificate and key on disk
I0313 17:08:48.911943  798904 ssh_runner.go:267] > [certs] Using existing etcd/ca certificate authority
I0313 17:08:48.916964  798904 ssh_runner.go:267] > [certs] Using existing etcd/server certificate and key on disk
I0313 17:08:48.917001  798904 ssh_runner.go:267] > [certs] Using existing etcd/peer certificate and key on disk
I0313 17:08:48.917022  798904 ssh_runner.go:267] > [certs] Using existing etcd/healthcheck-client certificate and key on disk
I0313 17:08:48.917041  798904 ssh_runner.go:267] > [certs] Using existing apiserver-etcd-client certificate and key on disk
I0313 17:08:48.917055  798904 ssh_runner.go:267] > [certs] Using the existing "sa" key
I0313 17:08:48.917091  798904 ssh_runner.go:101] Run: /bin/bash -c "sudo env PATH=/var/lib/minikube/binaries/v1.18.0-beta.2:$PATH kubeadm init phase kubeconfig all --config /var/tmp/minikube/kubeadm.yaml"
I0313 17:08:49.070193  798904 ssh_runner.go:267] ! W0313 17:08:48.995665   30810 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
I0313 17:08:49.070259  798904 ssh_runner.go:267] > [kubeconfig] Using kubeconfig folder "/etc/kubernetes"
I0313 17:08:49.571954  798904 ssh_runner.go:267] > [kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/admin.conf"
I0313 17:08:49.758850  798904 ssh_runner.go:267] > [kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/kubelet.conf"
I0313 17:08:50.300958  798904 ssh_runner.go:267] > [kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/controller-manager.conf"
I0313 17:08:51.018645  798904 ssh_runner.go:267] > [kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/scheduler.conf"
I0313 17:08:51.019845  798904 ssh_runner.go:141] Completed: /bin/bash -c "sudo env PATH=/var/lib/minikube/binaries/v1.18.0-beta.2:$PATH kubeadm init phase kubeconfig all --config /var/tmp/minikube/kubeadm.yaml": (2.10271598s)
I0313 17:08:51.019878  798904 ssh_runner.go:101] Run: /bin/bash -c "sudo env PATH=/var/lib/minikube/binaries/v1.18.0-beta.2:$PATH kubeadm init phase control-plane all --config /var/tmp/minikube/kubeadm.yaml"
I0313 17:08:51.093649  798904 ssh_runner.go:267] ! W0313 17:08:51.020512   30846 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
I0313 17:08:51.093699  798904 ssh_runner.go:267] > [control-plane] Using manifest folder "/etc/kubernetes/manifests"
I0313 17:08:51.093707  798904 ssh_runner.go:267] > [control-plane] Creating static Pod manifest for "kube-apiserver"
I0313 17:08:51.105772  798904 ssh_runner.go:267] > [control-plane] Creating static Pod manifest for "kube-controller-manager"
I0313 17:08:51.107423  798904 ssh_runner.go:267] ! W0313 17:08:51.034631   30846 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
I0313 17:08:51.109175  798904 ssh_runner.go:267] > [control-plane] Creating static Pod manifest for "kube-scheduler"
I0313 17:08:51.111424  798904 ssh_runner.go:267] ! W0313 17:08:51.038475   30846 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
I0313 17:08:51.115606  798904 ssh_runner.go:101] Run: /bin/bash -c "sudo env PATH=/var/lib/minikube/binaries/v1.18.0-beta.2:$PATH kubeadm init phase etcd local --config /var/tmp/minikube/kubeadm.yaml"
I0313 17:08:51.179612  798904 ssh_runner.go:267] > [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
I0313 17:08:51.179710  798904 ssh_runner.go:267] ! W0313 17:08:51.106360   30852 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
I0313 17:08:51.195092  798904 kverify.go:42] waiting for apiserver process to appear ...
I0313 17:08:51.195264  798904 ssh_runner.go:101] Run: sudo pgrep -xnf kube-apiserver.*minikube.*
I0313 17:08:51.206798  798904 ssh_runner.go:267] > 30515

[tstromberg]

/ok-to-test

[minikube-pr-bot]

Error: running mkcmp: exit status 1

[medyagh]

Thank you very much @wallrj for adding this feature in minikube to set controler manager.

Your pr looks good to me.
BTW I am curious could you share what is a use case of setting this option?

[wallrj]

Thank you very much @wallrj for adding this feature in minikube to set controler manager.
Your pr looks good to me.

Thanks. I'm not sure what to do about all the test failures. Are they flakes? I see that these also often fail on master: https://github.com/kubernetes/minikube/commits/master. Is there some way for me to retry these failed tests?

BTW I am curious could you share what is a use case of setting this option?

I'm trying to disable the built in CSR signer and replace it with one of my own. See https://github.com/cert-manager/signer-ca/