From 0119bd093db1d72ebf4fa00c4869979da2f9e2a1 Mon Sep 17 00:00:00 2001
From: Jim Gauld <James.Gauld@windriver.com>
Date: Wed, 12 Oct 2022 14:00:33 -0400
Subject: [PATCH 4/5] Revert "kubeadm: only apply the new "control-plane" label
 during init/join"

This reverts commit a3d5e5598290df09f4ffd5cf6813653a346c8f4c.
---
 .../phases/markcontrolplane/markcontrolplane.go    | 14 +++++++++++---
 .../markcontrolplane/markcontrolplane_test.go      |  9 ++++++---
 cmd/kubeadm/app/util/staticpod/utils.go            |  7 +++++++
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go
index dd4c89eca6d..c68f80f7fd6 100644
--- a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go
+++ b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane.go
@@ -19,23 +19,31 @@ package markcontrolplane
 import (
 	"fmt"
 
-	v1 "k8s.io/api/core/v1"
+	"k8s.io/api/core/v1"
 	clientset "k8s.io/client-go/kubernetes"
 
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
 )
 
-// labelsToAdd holds a list of labels that are applied on kubeadm managed control plane nodes
 var labelsToAdd = []string{
+	// TODO: remove this label:
+	// https://github.com/kubernetes/kubeadm/issues/2200
+	constants.LabelNodeRoleOldControlPlane,
 	constants.LabelNodeRoleControlPlane,
 	constants.LabelExcludeFromExternalLB,
 }
 
 // MarkControlPlane taints the control-plane and sets the control-plane label
 func MarkControlPlane(client clientset.Interface, controlPlaneName string, taints []v1.Taint) error {
+	// TODO: remove this "deprecated" amend and pass "labelsToAdd" directly:
+	// https://github.com/kubernetes/kubeadm/issues/2200
+	labels := make([]string, len(labelsToAdd))
+	copy(labels, labelsToAdd)
+	labels[0] = constants.LabelNodeRoleOldControlPlane + "(deprecated)"
+
 	fmt.Printf("[mark-control-plane] Marking the node %s as control-plane by adding the labels: %v\n",
-		controlPlaneName, labelsToAdd)
+		controlPlaneName, labels)
 
 	if len(taints) > 0 {
 		taintStrs := []string{}
diff --git a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go
index b171072f80a..cb9275124ab 100644
--- a/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go
+++ b/cmd/kubeadm/app/phases/markcontrolplane/markcontrolplane_test.go
@@ -49,25 +49,26 @@ func TestMarkControlPlane(t *testing.T) {
 			existingLabels: []string{""},
 			existingTaints: nil,
 			newTaints:      []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
-			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node.kubernetes.io/exclude-from-external-load-balancers":""}},"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]}}`,
+			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":"","node.kubernetes.io/exclude-from-external-load-balancers":""}},"spec":{"taints":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]}}`,
 		},
 		{
 			name:           "control-plane label and taint missing but taint not wanted",
 			existingLabels: []string{""},
 			existingTaints: nil,
 			newTaints:      nil,
-			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`,
+			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`,
 		},
 		{
 			name:           "control-plane label missing",
 			existingLabels: []string{""},
 			existingTaints: []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
 			newTaints:      []v1.Taint{kubeadmconstants.OldControlPlaneTaint},
-			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`,
+			expectedPatch:  `{"metadata":{"labels":{"node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":"","node.kubernetes.io/exclude-from-external-load-balancers":""}}}`,
 		},
 		{
 			name: "control-plane taint missing",
 			existingLabels: []string{
+				kubeadmconstants.LabelNodeRoleOldControlPlane,
 				kubeadmconstants.LabelNodeRoleControlPlane,
 				kubeadmconstants.LabelExcludeFromExternalLB,
 			},
@@ -78,6 +79,7 @@ func TestMarkControlPlane(t *testing.T) {
 		{
 			name: "nothing missing",
 			existingLabels: []string{
+				kubeadmconstants.LabelNodeRoleOldControlPlane,
 				kubeadmconstants.LabelNodeRoleControlPlane,
 				kubeadmconstants.LabelExcludeFromExternalLB,
 			},
@@ -88,6 +90,7 @@ func TestMarkControlPlane(t *testing.T) {
 		{
 			name: "has taint and no new taints wanted",
 			existingLabels: []string{
+				kubeadmconstants.LabelNodeRoleOldControlPlane,
 				kubeadmconstants.LabelNodeRoleControlPlane,
 				kubeadmconstants.LabelExcludeFromExternalLB,
 			},
diff --git a/cmd/kubeadm/app/util/staticpod/utils.go b/cmd/kubeadm/app/util/staticpod/utils.go
index 75efc4f0f98..f0d8fed0d46 100644
--- a/cmd/kubeadm/app/util/staticpod/utils.go
+++ b/cmd/kubeadm/app/util/staticpod/utils.go
@@ -287,6 +287,13 @@ func createHTTPProbe(host, path string, port int, scheme v1.URIScheme, initialDe
 
 // GetAPIServerProbeAddress returns the probe address for the API server
 func GetAPIServerProbeAddress(endpoint *kubeadmapi.APIEndpoint) string {
+	// In the case of a self-hosted deployment, the initial host on which kubeadm --init is run,
+	// will generate a DaemonSet with a nodeSelector such that all nodes with the label
+	// node-role.kubernetes.io/master='' will have the API server deployed to it. Since the init
+	// is run only once on an initial host, the API advertise address will be invalid for any
+	// future hosts that do not have the same address. Furthermore, since liveness and readiness
+	// probes do not support the Downward API we cannot dynamically set the advertise address to
+	// the node's IP. The only option then is to use localhost.
 	if endpoint != nil && endpoint.AdvertiseAddress != "" {
 		return getProbeAddress(endpoint.AdvertiseAddress)
 	}
-- 
2.25.1