search

vexxhost / magnum-cluster-api

Cluster API driver for OpenStack Magnum
Apache License 2.0
41 stars 16 forks source link

`kube-proxy``metricsBindAddress` potentially lost on upgrade #386

Closed mnaser closed 3 weeks ago

mnaser commented 3 weeks ago

I am noticing that potentially metricsBindAddres is getting lost on cluster upgrades, so potentially we can add into this.

jessica-hofmeister commented 3 weeks ago

on creating a new cluster, we checked the configmap for kube-proxy in the kube-system namespace. The metrics bind address is showing as empty upon create. metricsBindAddress: ""

Per @mnaser's request, here is the contents of the kubeadm.yaml file found in /run/kubeadm

sudo cat kubeadm.yaml 
---
apiServer:
  certSANs:
  - kube-qy42f
  - kube-qy42f.magnum-system
  - kube-qy42f.magnum-system.svc
  - kube-qy42f.magnum-system.svc.cluster.local
  extraArgs:
    audit-log-maxage: "30"
    audit-log-maxbackup: "10"
    audit-log-maxsize: "100"
    audit-log-path: /var/log/audit/kube-apiserver-audit.log
    audit-policy-file: /etc/kubernetes/audit-policy/apiserver-audit-policy.yaml
    authentication-token-webhook-config-file: /etc/kubernetes/webhooks/webhookconfig.yaml
    authorization-mode: Node,RBAC,Webhook
    authorization-webhook-config-file: /etc/kubernetes/webhooks/webhookconfig.yaml
    cloud-provider: external
    profiling: "false"
    tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
  extraVolumes:
  - hostPath: /etc/kubernetes/webhooks
    mountPath: /etc/kubernetes/webhooks
    name: webhooks
  - hostPath: /etc/kubernetes/audit-policy
    mountPath: /etc/kubernetes/audit-policy
    name: audit-policy
  - hostPath: /var/log/kubernetes/audit
    mountPath: /var/log/audit
    name: audit-logs
apiVersion: kubeadm.k8s.io/v1beta3
clusterName: kube-qy42f
controlPlaneEndpoint: 10.10.10.108:6443
controllerManager:
  extraArgs:
    bind-address: 0.0.0.0
    cloud-provider: external
    profiling: "false"
dns: {}
etcd:
  local:
    dataDir: ""
    extraArgs:
      listen-metrics-urls: http://0.0.0.0:2381
kind: ClusterConfiguration
kubernetesVersion: v1.27.4
networking:
  dnsDomain: cluster.local
  podSubnet: 10.100.0.0/16
  serviceSubnet: 10.254.0.0/16
scheduler:
  extraArgs:
    bind-address: 0.0.0.0
    profiling: "false"

---
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint: {}
nodeRegistration:
  imagePullPolicy: IfNotPresent
  kubeletExtraArgs:
    cloud-provider: external
    tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
  name: 'kube-qy42f-control-plane-7hz2r-8dbbf'
  taints: null