-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
change clientset of service controller to versioned #26694
change clientset of service controller to versioned #26694
Conversation
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
2 similar comments
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
6517394
to
5bc1d55
Compare
added further changes:
|
5bc1d55
to
fd193bb
Compare
@kubernetes/sig-cluster-federation |
@k8s-bot ok to test |
@@ -254,6 +254,9 @@ func (s *ServiceController) ensureDnsRecords(clusterName string, cachedService * | |||
// the state of the service when we last successfully sync'd it's DNS records. | |||
// So this time around we only need to patch that (add new records, remove deleted records, and update changed records. | |||
// | |||
if s.dns == nil { | |||
return nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should return an error here, as the record sets are not sync'd?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dns equals nil means the nds provider initialization failed, right? Even I did not setup dnsprovider I can still run the service controller now. If we want to throw error, we should throw it in init phase. The reason I added this line is that with the change, I can still test the service controller without dns provider
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that your code should not call ensureDnsRecords if the DNS provider is not initialized. And if it does, ensureDnsRecords should return an error (as it originally did), not nil like this. But again, I can fix this in a followup PR if you prefer.
I've reviewed the DNS-related changes. Jesse, let me know what you think. |
|
||
// This is to inject a different kubeconfigGetter in tests. | ||
// We dont use the standard one which calls NewInCluster in tests to avoid having to setup service accounts and mount files with secret tokens. | ||
var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.KubeconfigGetter { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You will get KubeconfigGetterForSecret as well when you rebase
Thanks for sending this change @mfanjie Regarding point 2. It is fine to call KubeconfigGetterForCluster for unsecured connection. It can just return clientcmd.Load(data) if c.Spec.SecretRef == nil. No need to read POD_NAMESPACE env var or create a client in that case. |
if serverAddress != "" { | ||
if c.Spec.SecretRef == nil { | ||
glog.Infof("didnt find secretRef for cluster %s. Trying insecure access", c.Name) | ||
clusterConfig, err = clientcmd.BuildConfigFromFlags(serverAddress, "") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fine. But using BuildConfigFromKubeconfigGetter is fine as well. We can update BuildConfigFromKubeconfigGetter to not create the client and read POD_NAMESPACE if c.Spec.SecretRef is nil.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am keeping this, as
- we need serverAddress to build the cluster configure, we we put the logic into BuildConfigFromKubeconfigGetter, we need either pass serverAddress into it, or we need to parse the serverAddress inside BuildConfigFromKubeconfigGetter again.
- the clientcmd.load need data which is bytes array representing the how client config, but we only have serverAddress. if we use clientcmd.load(), we need extra logic to build the byte array. From my view, we can simply use clientcmd.BuildConfigFromFlags(serverAddress, "")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I didnt understand, BuildConfigFromKubeconfigGetter already takes a serverAddress.
We can always call clientcmd.BuildConfigFromKubeconfigGetter(serverAddress, kubeconfigGetter) here.
And ensure that BuildConfigFromKubeconfigGetter works fine even if c.Spec.SecretRef is nil.
What you have is fine as well.
fd193bb
to
7b3f0d8
Compare
@@ -77,7 +77,7 @@ func Run(s *options.CMServer) error { | |||
glog.Errorf("unable to register configz: %s", err) | |||
} | |||
// Create the config to talk to federation-apiserver. | |||
kubeconfigGetter := clustercontroller.KubeconfigGetterForSecret(FederationAPIServerSecretName) | |||
kubeconfigGetter := util.KubeconfigGetterForSecret(FederationAPIServerSecretName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nikhiljindal is this a prerequisite for starting controller manager? do we need always create secret for kubeconfig of federation controller plane? I keep this as is but want to let you know , originally, we can simply run ./federation-controller-manager --v=5 to start controller manager without any preconfiguration, but now I have to create secret for kubeconfig.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes federation-controller-manager needs the kubeconfig of federation-apiserver to be able to talk to it.
We can update this code to try insecure access if secret does not exist, which will ensure that your local setup will work without secret. For clusters on GCE/GKE or any other cloud provider, we will need the secret.
@nikhiljindal @quinton-hoole I modified the code based on your comments and the most reasonable way from my view point. please review again, thanks. |
7b3f0d8
to
6dde087
Compare
The controller changes LGTM. I will let @quinton-hoole have a look at the DNS changes |
I'm still not happy with the DNS changes, as detailed in comments. But I can fix that in a followup PR. So lets get this merged to unblock Jesse. |
@quinton-hoole ok, thanks |
e2e failed, but the logs did not show anything related to this PR. |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
GCE e2e build/test passed for commit 6dde087. |
Automatic merge from submit-queue |
@nikhiljindal please correct me if I am wrong for bullet 2.