kubeadm: kubeadm join for worker should not require identifying a bind address
BUG REPORT
Versions
kubeadm version (use kubeadm version): 1.12.1
Environment:
- Kubernetes version : 1.12.1
- Cloud provider or hardware configuration: bare metal
- OS (e.g. from /etc/os-release): CentOS 7
What happened?
When attempting to join a worker node that lacks a default route to an existing cluster by executing the kubeadm join ... command output from kubeadm token create <token> --print-join-command, the join fails because it can’t deduce a valid API server bind address. These lines are emitted on stderr from the kubeadm join ... command:
common.go:168] WARNING: could not obtain a bind address for the API Server: no default routes found in "/proc/net/route" or "/proc/net/ipv6_route"; using: 0.0.0.0
cannot use "0.0.0.0" as the bind address for the API Server
The VerifyAPIServerBindAddress(...) check was introduced to NewJoin(...) by 682b1b3.
What you expected to happen?
The kubeadm join ... command for a worker node should succeed because it doesn’t need to identify an API server bind address.
At first glance, my expectation is that the VerifyAPIServerBindAddress(...) check in NewJoin(...) should be conditional based on if internalcfg.ControlPlane == true.
How to reproduce it (as minimally and precisely as possible)?
On control plane node:
$ kubeadm token create <token> --print-join-command
On candidate worker node:
$ kubeadm join <apiserver> --token <token> --discovery-token-ca-cert-hash <hash> # output from above 'kubadm token create' command
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 19 (13 by maintainers)
@yagonobre thanks, noted! my suggestion would be to file the PR later in the 1.13 cycle so that you don’t have to rebase multiple times.
/lifecycle active
I’ll work on it
in the kubeadm office hours it was decided that this can go in k8s 1.14. contributions are welcome! (added help-wanted label), instructions here)