Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change clientset of service controller to versioned #26694

Merged
merged 2 commits into from
Jun 8, 2016
Merged

change clientset of service controller to versioned #26694

merged 2 commits into from
Jun 8, 2016

Conversation

mfanjie
Copy link

@mfanjie mfanjie commented Jun 2, 2016

  1. create a public function BuildClusterConfig() to build cluster config so that service controller can reuse
  2. Current implement always requires POD_NAMESPACE to be set and always require federation control plane be placed in k8s cluster. Per my understanding if use did not provide secretRef and want to use unsecure connection, then we should not call KubeconfigGetterForCluster(), instead of we should create the clientset by clientcmd.BuildConfigFromFlags().

@nikhiljindal please correct me if I am wrong for bullet 2.

@k8s-bot
Copy link

k8s-bot commented Jun 2, 2016

Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test".
(Note: "add to whitelist" is no longer supported. Please update configurations in kubernetes/test-infra/jenkins/job-configs/kubernetes-jenkins-pull instead.)

This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry.

Otherwise, if this message is too spammy, please complain to ixdy.

2 similar comments
@k8s-bot
Copy link

k8s-bot commented Jun 2, 2016

Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test".
(Note: "add to whitelist" is no longer supported. Please update configurations in kubernetes/test-infra/jenkins/job-configs/kubernetes-jenkins-pull instead.)

This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry.

Otherwise, if this message is too spammy, please complain to ixdy.

@k8s-bot
Copy link

k8s-bot commented Jun 2, 2016

Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test".
(Note: "add to whitelist" is no longer supported. Please update configurations in kubernetes/test-infra/jenkins/job-configs/kubernetes-jenkins-pull instead.)

This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry.

Otherwise, if this message is too spammy, please complain to ixdy.

@k8s-github-robot k8s-github-robot assigned ghost Jun 2, 2016
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Jun 2, 2016
@mfanjie mfanjie force-pushed the extract_func_for_build_cluster_config branch from 6517394 to 5bc1d55 Compare June 3, 2016 05:23
@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 3, 2016
@mfanjie
Copy link
Author

mfanjie commented Jun 3, 2016
edited
Loading

added further changes:

  1. moved the function BuildClusterConfig() and KubeconfigGetterForCluster() to federation/pkg/federation-controller/util/cluster_util.go
  2. changed clientset and objects in service controller to versioned.
  3. fixed a panic in dns.go#L284 when zone is not configured on the zones is not properly configured
  4. changed the expect object in clustercontroller to versioned.
  5. changed copyright of info cluster controller code to 2016
    @quinton-hoole, please help to add 1.3 milestone, it should be merged to 1.3. Thanks.

@mfanjie mfanjie changed the title extract public function for build cluster config change clientset of service controller to versioned Jun 3, 2016
@mfanjie mfanjie force-pushed the extract_func_for_build_cluster_config branch from 5bc1d55 to fd193bb Compare June 3, 2016 07:40
@mfanjie mfanjie mentioned this pull request Jun 3, 2016
Closed
@ghost ghost added area/cluster-federation release-note-none Denotes a PR that doesn't merit a release note. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Jun 4, 2016
@ghost ghost added this to the v1.3 milestone Jun 4, 2016
@ghost
Copy link

ghost commented Jun 4, 2016

cc @nikhiljindal

@ghost
Copy link

ghost commented Jun 4, 2016

@kubernetes/sig-cluster-federation

@ghost
Copy link

ghost commented Jun 4, 2016

@k8s-bot ok to test

ghost
ghost reviewed Jun 4, 2016
View reviewed changes
federation/pkg/federation-controller/service/dns.go
@@ -254,6 +254,9 @@ func (s *ServiceController) ensureDnsRecords(clusterName string, cachedService *
// the state of the service when we last successfully sync'd it's DNS records.
// So this time around we only need to patch that (add new records, remove deleted records, and update changed records.
//
if s.dns == nil {
return nil
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should return an error here, as the record sets are not sync'd?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dns equals nil means the nds provider initialization failed, right? Even I did not setup dnsprovider I can still run the service controller now. If we want to throw error, we should throw it in init phase. The reason I added this line is that with the change, I can still test the service controller without dns provider

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that your code should not call ensureDnsRecords if the DNS provider is not initialized. And if it does, ensureDnsRecords should return an error (as it originally did), not nil like this. But again, I can fix this in a followup PR if you prefer.

@ghost
Copy link

ghost commented Jun 4, 2016

I've reviewed the DNS-related changes. Jesse, let me know what you think.
@nikhiljindal could you review the API versioning and config changes, as you have more recent context on that. I remain somewhat uncomfortable with the explicitly versioned API's (because all of this code will presumably need to be changed when we want to use later API version), but I don't have enough context to know whether there's a better way.

@ghost ghost assigned nikhiljindal and unassigned ghost Jun 4, 2016
@ghost ghost added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Jun 4, 2016
@mfanjie mfanjie mentioned this pull request Jun 4, 2016
Closed
@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 4, 2016
nikhiljindal
nikhiljindal reviewed Jun 5, 2016
View reviewed changes
federation/pkg/federation-controller/util/cluster_util.go

// This is to inject a different kubeconfigGetter in tests.
// We dont use the standard one which calls NewInCluster in tests to avoid having to setup service accounts and mount files with secret tokens.
var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.KubeconfigGetter {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You will get KubeconfigGetterForSecret as well when you rebase

@nikhiljindal
Copy link
Contributor

Thanks for sending this change @mfanjie
Looks good.

Regarding point 2. It is fine to call KubeconfigGetterForCluster for unsecured connection. It can just return clientcmd.Load(data) if c.Spec.SecretRef == nil. No need to read POD_NAMESPACE env var or create a client in that case.

nikhiljindal
nikhiljindal reviewed Jun 5, 2016
View reviewed changes
federation/pkg/federation-controller/util/cluster_util.go
if serverAddress != "" {
if c.Spec.SecretRef == nil {
glog.Infof("didnt find secretRef for cluster %s. Trying insecure access", c.Name)
clusterConfig, err = clientcmd.BuildConfigFromFlags(serverAddress, "")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fine. But using BuildConfigFromKubeconfigGetter is fine as well. We can update BuildConfigFromKubeconfigGetter to not create the client and read POD_NAMESPACE if c.Spec.SecretRef is nil.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am keeping this, as

  1. we need serverAddress to build the cluster configure, we we put the logic into BuildConfigFromKubeconfigGetter, we need either pass serverAddress into it, or we need to parse the serverAddress inside BuildConfigFromKubeconfigGetter again.
  2. the clientcmd.load need data which is bytes array representing the how client config, but we only have serverAddress. if we use clientcmd.load(), we need extra logic to build the byte array. From my view, we can simply use clientcmd.BuildConfigFromFlags(serverAddress, "")

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I didnt understand, BuildConfigFromKubeconfigGetter already takes a serverAddress.
We can always call clientcmd.BuildConfigFromKubeconfigGetter(serverAddress, kubeconfigGetter) here.
And ensure that BuildConfigFromKubeconfigGetter works fine even if c.Spec.SecretRef is nil.

What you have is fine as well.

@mfanjie mfanjie force-pushed the extract_func_for_build_cluster_config branch from fd193bb to 7b3f0d8 Compare June 6, 2016 05:39
mfanjie
mfanjie reviewed Jun 6, 2016
View reviewed changes
federation/cmd/federation-controller-manager/app/controllermanager.go
@@ -77,7 +77,7 @@ func Run(s *options.CMServer) error {
glog.Errorf("unable to register configz: %s", err)
}
// Create the config to talk to federation-apiserver.
kubeconfigGetter := clustercontroller.KubeconfigGetterForSecret(FederationAPIServerSecretName)
kubeconfigGetter := util.KubeconfigGetterForSecret(FederationAPIServerSecretName)
Copy link
Author

@mfanjie mfanjie Jun 6, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nikhiljindal is this a prerequisite for starting controller manager? do we need always create secret for kubeconfig of federation controller plane? I keep this as is but want to let you know , originally, we can simply run ./federation-controller-manager --v=5 to start controller manager without any preconfiguration, but now I have to create secret for kubeconfig.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes federation-controller-manager needs the kubeconfig of federation-apiserver to be able to talk to it.

We can update this code to try insecure access if secret does not exist, which will ensure that your local setup will work without secret. For clusters on GCE/GKE or any other cloud provider, we will need the secret.

@k8s-github-robot k8s-github-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jun 6, 2016
@mfanjie
Copy link
Author

mfanjie commented Jun 6, 2016
edited
Loading

@nikhiljindal @quinton-hoole I modified the code based on your comments and the most reasonable way from my view point. please review again, thanks.

@mfanjie mfanjie force-pushed the extract_func_for_build_cluster_config branch from 7b3f0d8 to 6dde087 Compare June 6, 2016 09:04
@nikhiljindal
Copy link
Contributor

The controller changes LGTM. I will let @quinton-hoole have a look at the DNS changes

@ghost
Copy link

ghost commented Jun 6, 2016

I'm still not happy with the DNS changes, as detailed in comments. But I can fix that in a followup PR. So lets get this merged to unblock Jesse.

@ghost ghost added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 6, 2016
@ghost ghost mentioned this pull request Jun 6, 2016
Closed
@mfanjie
Copy link
Author

mfanjie commented Jun 7, 2016

@quinton-hoole ok, thanks

@mfanjie
Copy link
Author

mfanjie commented Jun 7, 2016

e2e failed, but the logs did not show anything related to this PR.

@yujuhong
Copy link
Contributor

yujuhong commented Jun 7, 2016

@k8s-bot node e2e test this issue: #26431

@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Jun 8, 2016

GCE e2e build/test passed for commit 6dde087.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit e5da972 into kubernetes:master Jun 8, 2016
@irfanurrehman irfanurrehman mentioned this pull request Oct 30, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nikhiljindal nikhiljindal

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.
6 participants
@mfanjie @k8s-bot @nikhiljindal @yujuhong @k8s-github-robot @googlebot