Merge pull request #9911 from hakman/fix-gossip

Allow the BootstrapClient task to run after Protokube

nodeup/pkg/model/kube_proxy.go

@@ -93,10 +93,11 @@ func (b *KubeProxyBuilder) Build(c *fi.ModelBuilderContext) error {
 		}
 
 		c.AddTask(&nodetasks.File{
-			Path:     "/var/lib/kube-proxy/kubeconfig",
+			Path:           "/var/lib/kube-proxy/kubeconfig",
-			Contents: kubeconfig,
+			Contents:       kubeconfig,
-			Type:     nodetasks.FileType_File,
+			Type:           nodetasks.FileType_File,
-			Mode:     s("0400"),
+			Mode:           s("0400"),
+			BeforeServices: []string{kubeletService},
 		})
 	}
 

nodeup/pkg/model/kubelet.go

@@ -42,6 +42,9 @@ import (
 const (
 	// containerizedMounterHome is the path where we install the containerized mounter (on ContainerOS)
 	containerizedMounterHome = "/home/kubernetes/containerized_mounter"
+
+	// kubeletService is the name of the kubelet service
+	kubeletService = "kubelet.service"
 )
 
 // KubeletBuilder installs kubelet
@@ -118,10 +121,11 @@ func (b *KubeletBuilder) Build(c *fi.ModelBuilderContext) error {
 			}
 
 			c.AddTask(&nodetasks.File{
-				Path:     b.KubeletKubeConfig(),
+				Path:           b.KubeletKubeConfig(),
-				Contents: kubeconfig,
+				Contents:       kubeconfig,
-				Type:     nodetasks.FileType_File,
+				Type:           nodetasks.FileType_File,
-				Mode:     s("0400"),
+				Mode:           s("0400"),
+				BeforeServices: []string{kubeletService},
 			})
 		}
 	}
@@ -272,7 +276,7 @@ func (b *KubeletBuilder) buildSystemdService() *nodetasks.Service {
 	klog.V(8).Infof("Built service manifest %q\n%s", "kubelet", manifestString)
 
 	service := &nodetasks.Service{
-		Name:       "kubelet.service",
+		Name:       kubeletService,
 		Definition: s(manifestString),
 	}
 

nodeup/pkg/model/networking/kube_router.go

@@ -51,10 +51,11 @@ func (b *KuberouterBuilder) Build(c *fi.ModelBuilderContext) error {
 	}
 
 	c.AddTask(&nodetasks.File{
-		Path:     "/var/lib/kube-router/kubeconfig",
+		Path:           "/var/lib/kube-router/kubeconfig",
-		Contents: kubeconfig,
+		Contents:       kubeconfig,
-		Type:     nodetasks.FileType_File,
+		Type:           nodetasks.FileType_File,
-		Mode:     fi.String("0400"),
+		Mode:           fi.String("0400"),
+		BeforeServices: []string{"kubelet.service"},
 	})
 
 	return nil

nodeup/pkg/model/node_authorizer.go

@@ -77,7 +77,7 @@ func (b *NodeAuthorizationBuilder) Build(c *fi.ModelBuilderContext) error {
 		man := &systemd.Manifest{}
 		man.Set("Unit", "Description", "Node Authorization Client")
 		man.Set("Unit", "Documentation", "https://github.com/kubernetes/kops")
-		man.Set("Unit", "Before", "kubelet.service")
+		man.Set("Unit", "Before", kubeletService)
 		switch b.Cluster.Spec.ContainerRuntime {
 		case "docker":
 			man.Set("Unit", "After", "docker.service")

nodeup/pkg/model/tests/golden/minimal/tasks-kube-proxy.yaml

@@ -72,6 +72,8 @@ contents: |
 path: /etc/kubernetes/manifests/kube-proxy.manifest
 type: file
 ---
+beforeServices:
+- kubelet.service
 contents:
   task:
     CA:

nodeup/pkg/model/tests/golden/side-loading/tasks-kube-proxy-amd64.yaml

@@ -72,6 +72,8 @@ contents: |
 path: /etc/kubernetes/manifests/kube-proxy.manifest
 type: file
 ---
+beforeServices:
+- kubelet.service
 contents:
   task:
     CA:

nodeup/pkg/model/tests/golden/side-loading/tasks-kube-proxy-arm64.yaml

@@ -72,6 +72,8 @@ contents: |
 path: /etc/kubernetes/manifests/kube-proxy.manifest
 type: file
 ---
+beforeServices:
+- kubelet.service
 contents:
   task:
     CA:

pkg/model/iam.go

@@ -22,6 +22,7 @@ import (
 
 	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/dns"
 	"k8s.io/kops/pkg/model/iam"
 	"k8s.io/kops/pkg/util/stringorslice"
 	"k8s.io/kops/upup/pkg/fi"
@@ -164,11 +165,13 @@ func (b *IAMModelBuilder) buildIAMRolePolicy(role iam.Subject, iamName string, i
 		},
 	}
 
-	// This is slightly tricky; we need to know the hosted zone id,
+	if !dns.IsGossipHostname(b.Cluster.ObjectMeta.Name) {
-	// but we might be creating the hosted zone dynamically.
+		// This is slightly tricky; we need to know the hosted zone id,
-	// We create a stub-reference which will be combined by the execution engine.
+		// but we might be creating the hosted zone dynamically.
-	iamPolicy.DNSZone = &awstasks.DNSZone{
+		// We create a stub-reference which will be combined by the execution engine.
-		Name: fi.String(b.NameForDNSZone()),
+		iamPolicy.DNSZone = &awstasks.DNSZone{
+			Name: fi.String(b.NameForDNSZone()),
+		}
 	}
 
 	t := &awstasks.IAMRolePolicy{

upup/pkg/fi/nodeup/nodetasks/bootstrap_client.go

@@ -59,7 +59,14 @@ var _ fi.HasName = &BootstrapClient{}
 var _ fi.HasDependencies = &BootstrapClient{}
 
 func (b *BootstrapClient) GetDependencies(tasks map[string]fi.Task) []fi.Task {
-	return nil
+	// BootstrapClient depends on the protokube service to ensure gossip DNS
+	var deps []fi.Task
+	for _, v := range tasks {
+		if svc, ok := v.(*Service); ok && svc.Name == protokubeService {
+			deps = append(deps, v)
+		}
+	}
+	return deps
 }
 
 func (b *BootstrapClient) GetName() *string {

upup/pkg/fi/nodeup/nodetasks/file.go

@@ -41,7 +41,8 @@ const (
 )
 
 type File struct {
-	AfterFiles      []string    `json:"afterfiles,omitempty"`
+	AfterFiles      []string    `json:"afterFiles,omitempty"`
+	BeforeServices  []string    `json:"beforeServices,omitempty"`
 	Contents        fi.Resource `json:"contents,omitempty"`
 	Group           *string     `json:"group,omitempty"`
 	IfNotExists     bool        `json:"ifNotExists,omitempty"`
@@ -60,6 +61,7 @@ var _ fi.HasName = &File{}
 // GetDependencies implements HasDependencies::GetDependencies
 func (e *File) GetDependencies(tasks map[string]fi.Task) []fi.Task {
 	var deps []fi.Task
+
 	if e.Owner != nil {
 		ownerTask := tasks["UserTask/"+*e.Owner]
 		if ownerTask == nil {

upup/pkg/fi/nodeup/nodetasks/load_image.go

@@ -33,11 +33,6 @@ import (
 	"k8s.io/kops/util/pkg/hashing"
 )
 
-const (
-	containerdService = "containerd.service"
-	dockerService     = "docker.service"
-)
-
 // LoadImageTask is responsible for downloading a docker image
 type LoadImageTask struct {
 	Name    string

upup/pkg/fi/nodeup/nodetasks/service.go

@@ -43,6 +43,11 @@ const (
 	flatcarSystemdSystemPath = "/etc/systemd/system"
 
 	containerosSystemdSystemPath = "/etc/systemd/system"
+
+	containerdService = "containerd.service"
+	dockerService     = "docker.service"
+	kubeletService    = "kubelet.service"
+	protokubeService  = "protokube.service"
 )
 
 type Service struct {
@@ -67,11 +72,21 @@ func (p *Service) GetDependencies(tasks map[string]fi.Task) []fi.Task {
 		// LoadImageTask or IssueCert. If there are any LoadImageTasks (e.g. we're
 		// launching a custom Kubernetes build), they all depend on
 		// the "docker.service" Service task.
-		switch v.(type) {
+		switch v := v.(type) {
-		case *File, *Package, *UpdatePackages, *UserTask, *GroupTask, *Chattr, *BindMount, *Archive:
+		case *Package, *UpdatePackages, *UserTask, *GroupTask, *Chattr, *BindMount, *Archive:
 			deps = append(deps, v)
-		case *Service, *LoadImageTask, *IssueCert:
+		case *Service, *LoadImageTask, *IssueCert, *BootstrapClient, *KubeConfig:
 			// ignore
+		case *File:
+			if len(v.BeforeServices) > 0 {
+				for _, s := range v.BeforeServices {
+					if p.Name == s {
+						deps = append(deps, v)
+					}
+				}
+			} else {
+				deps = append(deps, v)
+			}
 		default:
 			klog.Warningf("Unhandled type %T in Service::GetDependencies: %v", v, v)
 			deps = append(deps, v)