openshift · openshift-merge-bot · Oct 17, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025
diff --git a/assets/core/kubelet.yaml b/assets/core/kubelet.yaml
@@ -18,14 +18,14 @@ featureGates:
   APIPriorityAndFairness: true
   DownwardAPIHugePages: true
   PodSecurity: true
-  RotateKubeletServerCertificate: false # TODO
+  RotateKubeletServerCertificate: false
 kubeAPIBurst: 100
 kubeAPIQPS: 50
 maxPods: 250
 nodeStatusReportFrequency: 5m
-rotateCertificates: false # TODO
+rotateCertificates: false
 serializeImagePulls: false
-serverTLSBootstrap: false # TODO
+serverTLSBootstrap: false
 tlsCertFile: "{{ .tlsCertFile }}"
 tlsCipherSuites: [{{ .tlsCipherSuites }}]
 tlsMinVersion: "{{ .tlsMinVersion }}"

diff --git a/cmd/microshift/main.go b/cmd/microshift/main.go
@@ -41,5 +41,6 @@ func newCommand() *cobra.Command {
 	cmd.AddCommand(cmds.NewBackupCommand())
 	cmd.AddCommand(cmds.NewRestoreCommand())
 	cmd.AddCommand(cmds.NewHealthcheckCommand())
+	cmd.AddCommand(cmds.NewAddNodeCommand())
 	return cmd
 }
diff --git a/etcd/cmd/microshift-etcd/run.go b/etcd/cmd/microshift-etcd/run.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"os/signal"
 	"path/filepath"
+	"strings"
 	"syscall"
 	"time"
 
@@ -75,20 +76,17 @@ func (s *EtcdService) configure(cfg *config.Config) {
 	// based on https://github.com/openshift/cluster-etcd-operator/blob/master/bindata/bootkube/bootstrap-manifests/etcd-member-pod.yaml#L19
 	s.etcdCfg = etcd.NewConfig()
 	s.etcdCfg.ClusterState = "new"
-	//s.etcdCfg.ForceNewCluster = true //TODO
 	s.etcdCfg.Logger = "zap"
 	s.etcdCfg.Dir = dataDir
 	s.etcdCfg.QuotaBackendBytes = cfg.Etcd.QuotaBackendBytes
-	url2380 := setURL([]string{"localhost"}, "2380")
-	url2379 := setURL([]string{"localhost"}, "2379")
-	s.etcdCfg.AdvertisePeerUrls = url2380
-	s.etcdCfg.ListenPeerUrls = url2380
-	s.etcdCfg.AdvertiseClientUrls = url2379
-	s.etcdCfg.ListenClientUrls = url2379
-	s.etcdCfg.ListenMetricsUrls = setURL([]string{"localhost"}, "2381")
+	s.etcdCfg.AdvertisePeerUrls = setURL([]string{cfg.Node.NodeIP}, "2380")
+	s.etcdCfg.ListenPeerUrls = setURL([]string{"0.0.0.0"}, "2380")
+	s.etcdCfg.AdvertiseClientUrls = setURL([]string{cfg.Node.NodeIP}, "2379")
+	s.etcdCfg.ListenClientUrls = setURL([]string{"0.0.0.0"}, "2379")
+	s.etcdCfg.ListenMetricsUrls = setURL([]string{cfg.Node.NodeIP}, "2381")
 
 	s.etcdCfg.Name = cfg.Node.HostnameOverride
-	s.etcdCfg.InitialCluster = fmt.Sprintf("%s=https://%s:2380", cfg.Node.HostnameOverride, "localhost")
+	s.etcdCfg.InitialCluster = fmt.Sprintf("%s=https://%s", cfg.Node.HostnameOverride, net.JoinHostPort(cfg.Node.NodeIP, "2380"))
 
 	s.etcdCfg.TlsMinVersion = getTLSMinVersion(cfg.ApiServer.TLS.MinVersion)
 	if cfg.ApiServer.TLS.MinVersion != string(configv1.VersionTLS13) {
@@ -103,6 +101,8 @@ func (s *EtcdService) configure(cfg *config.Config) {
 	s.etcdCfg.PeerTLSInfo.TrustedCAFile = etcdSignerCertPath
 
 	s.etcdCfg.ExperimentalMaxLearners = MaxLearners
+
+	updateConfigFromFile(s.etcdCfg, getConfigFilePath())
 }
 
 func (s *EtcdService) Run() error {
@@ -217,3 +217,35 @@ func checkFragmentationPercentage(ondisk, inuse int64) float64 {
 	fragmentedPercentage := (diff / float64(ondisk)) * 100
 	return math.Round(fragmentedPercentage*100) / 100
 }
+
+func getConfigFilePath() string {
+	return filepath.Join(config.DataDir, "etcd", "config")
+}
+
+func updateConfigFromFile(etcdCfg *etcd.Config, configPath string) {
+	data, err := os.ReadFile(configPath)
+	if err != nil {
+		klog.Errorf("failed to read config file: %v", err)
+		return
+	}
+	lines := strings.Split(string(data), "\n")
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		}
+		eqIdx := strings.Index(line, "=")
+		if eqIdx == -1 {
+			continue
+		}
+		parts := []string{line[:eqIdx], line[eqIdx+1:]}
+		key := strings.TrimSpace(parts[0])
+		val := strings.TrimSpace(parts[1])
+		switch key {
+		case "ETCD_INITIAL_CLUSTER":
+			etcdCfg.InitialCluster = val
+		case "ETCD_INITIAL_CLUSTER_STATE":
+			etcdCfg.ClusterState = val
+		}
+	}
+}
diff --git a/pkg/admin/prerun/version.go b/pkg/admin/prerun/version.go
@@ -109,24 +109,9 @@ func getVersions() (versions, error) {
 		// error is something else than "file does not exist", like permissions
 		return versions{}, fmt.Errorf("failed to get version of existing MicroShift data: %w", err)
 	}
-
-	// Ignoring .nodename to not get false positives from mere existence of the path
-	dataExists, err := util.PathExistsAndIsNotEmpty(config.DataDir, ".nodename")
-	if err != nil {
-		return versions{}, err
-	}
-
-	if !dataExists {
-		// Data directory does not exist so it's first run of MicroShift
-		klog.InfoS("Version file does not exist yet - assuming first run of MicroShift")
-		vs.data = nil // repeated for clarity
-		return vs, nil
-	}
-
-	// Data exists but without version file, let's assume 4.13 and compare versions
-	klog.InfoS("MicroShift data directory exists, but doesn't contain version file" +
-		" - assuming 4.13.0 and proceeding with version compatibility checks")
-	vs.data = &versionMetadata{Major: 4, Minor: 13, Patch: 0}
+	// Data directory or version does not exist
+	klog.InfoS("Version file does not exist yet - assuming first run of MicroShift")
+	vs.data = nil // repeated for clarity
 	return vs, nil
 }