This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: HirazawaUi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Some comments from @neolit123:

• kubeadm: skip the ContainerRuntimeVersion check during upgrade when --dry-run is applied #135090 (review)
• kubeadm: skip the ContainerRuntimeVersion check during upgrade when --dry-run is applied #135090 (comment)

I've opened a draft PR where I removed the kubeadm.alpha.kubernetes.io/cri-socket annotation from the fake node object and executed the test job: https://github.com/neolit123/kubeadm-test/actions/runs/19072824492

if it can't autodetect, print a warning and return default

If so, ContainerRuntimeVersion cannot distinguish the difference between the dry run and the real run via comparing sock name. It will print an error message.
Our job needs to skip the ContainerRuntimeVersion error.

NVM, i deleted my last comment.

Haha, maybe sometimes it's better to communicate a bit slower. The reason @carlory and I were so quick to respond might be that it's very late in our time zone :)

Given the latest changes in this PR, we no longer need PR #135090, right? Because a "real" socket will always be returned now regardless.

if it can't autodetect, print a warning and return default

If so, ContainerRuntimeVersion cannot distinguish the difference between the dry run and the real run via comparing sock name. It will print an error message. Our job needs to skip the ContainerRuntimeVersion error.

@carlory in that case you should revert your PR to not compare socket names and use the dryRun argument passed to the preflight check, like you did before

...what a mess.

i think making the GetNodeRegistration dry-run aware just feels wrong.
it's an utility function.

LGTM label has been added.

https://github.com/neolit123/kubeadm-test/actions/runs/19074447580

Hi @neolit123, sorry for inconvenience after my PR was merged. I'm considering whether we should add a optional job for the k/k repo. Once the cmd/kubeadm code is changed, the dryrun job will be triggered.

The test result of this job doesn't block any other PRs from merging. Is it possible?

no worries.

yes, we can have non-blocking presubmit e2e jobs for k/k.
instead of running the external e2e each time.
https://github.com/neolit123/kubeadm-test/actions/workflows/k8s-test-pr.yaml

two jobs that we can add are
dryrun-latest
presubmit-upgrade-latest

two jobs that we can add are

Okay, I will do it tomorrow

I1104 16:03:56.269433     259 checks.go:120] validating the container runtime version compatibility
[preflight] Some fatal errors occurred:
	[ERROR ContainerRuntimeVersion]: could not connect to the container runtime: failed to create new CRI runtime service: validate service connection: validate CRI v1 runtime API for endpoint "unix://dry-run-cri-socket": rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix: missing address"
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
error: error execution phase preflight: preflight checks failed
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run.func1
	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow/runner.go:262
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).visitAll

https://github.com/neolit123/kubeadm-test/actions/runs/19074447580/job/54485941263

options:

• skip the preflight check on dry-run
• or only add the annotation on the fake node if the FG is disabled (i don't think this option works)

let's continue tomorrow

or only add the annotation on the fake node if the FG is disabled (i don't think this option works)

Based on this PR, I tested it with this option. The ci is green. https://github.com/neolit123/kubeadm-test/actions/runs/19088637811/job/54534316923

or only add the annotation on the fake node if the FG is disabled (i don't think this option works)

Based on this PR, I tested it with this option. The ci is green. https://github.com/neolit123/kubeadm-test/actions/runs/19088637811/job/54534316923

ok, let's use this option then, because it solves the issue with respect to the FG and doesn't force us to introduce the dryrun option for the preflight check.

I directly removed the kubeadm.alpha.kubernetes.io/cri-socket annotation from the fake node object. Thanks to the defensive mechanism in GetNodeRegistration, even if we delete it, there won't be any side effects, and the test job runs perfectly.
ref: https://github.com/kubernetes/kubernetes/pull/135100/files#diff-d9520473ad3de82e8118c7fb75b34ac28d71f3701ed91ca973e3d4c2e19e61ebR179-R183

Are there any other potential failure scenarios? I haven't thought of any at the moment.

Although there are only two days left until the code freeze, I'm already confident enough to merge this PR. Alternatively, should we keep it on hold and wait until we've thought it through more thoroughly before merging?

@neolit123 @carlory WDYT？

I directly removed the kubeadm.alpha.kubernetes.io/cri-socket annotation from the fake node object. Thanks to the defensive mechanism in GetNodeRegistration, even if we delete it, there won't be any side effects, and the test job runs perfectly. ref: https://github.com/kubernetes/kubernetes/pull/135100/files#diff-d9520473ad3de82e8118c7fb75b34ac28d71f3701ed91ca973e3d4c2e19e61ebR179-R183

Are there any other potential failure scenarios? I haven't thought of any at the moment.

Although there are only two days left until the code freeze, I'm already confident enough to merge this PR. Alternatively, should we keep it on hold and wait until we've thought it through more thoroughly before merging?

@neolit123 @carlory WDYT？

sgtm, thanks for testing and updating it
let's merge this soon.

the only thing that i am not so sure about is having the autodetect in the function. iirc, we explicitly didn't want to have something like that in the past.

the purpose of the cluster functions was to get existing config, so if we can't get existing config for the socket from annotation or instance file, then something must be wrong.

yet, i don't think this fallback to autodetect logic is too problematic.

I also ran a presubmit-upgrade-latest test: https://github.com/neolit123/kubeadm-test/actions/runs/19107770508

LGTM label has been added.

@HirazawaUi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

/retest
/hold cancel
/milestone v1.35

(we need to land this fix in 1.35)