Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

federation: Updating federation-controller-manager to use secret to get federation-apiserver's kubeconfig #26819

Merged
merged 1 commit into from
Jun 4, 2016
Merged

federation: Updating federation-controller-manager to use secret to get federation-apiserver's kubeconfig #26819

merged 1 commit into from
Jun 4, 2016
+23 −5

Conversation

nikhiljindal
Copy link
Contributor

@nikhiljindal nikhiljindal commented Jun 3, 2016
edited
Loading

Fixing the credentials problem: #26762 (comment).

Admin will create a secret with the name "federation-apiserver-secret" in the k8s cluster hosting the federation control plane. This secret will contain the kubeconfig to access federation-apiserver.
federation-controller-manager will use this secret to contact the federation-apiserver.
This flow is same as the one used by all federation-controllers to contact k8s apiservers that are part of the federation.

cc @kubernetes/sig-cluster-federation @lavalamp @erictune @colhom

@nikhiljindal nikhiljindal added area/cluster-federation release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. labels Jun 3, 2016
@k8s-github-robot k8s-github-robot assigned ghost Jun 3, 2016
@k8s-github-robot k8s-github-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 3, 2016
@ghost
Copy link

ghost commented Jun 3, 2016

LGTM. Thanks @nikhiljindal!

@ghost ghost added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 3, 2016
@ghost ghost added this to the v1.3 milestone Jun 3, 2016
@ghost ghost added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Jun 3, 2016
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Jun 4, 2016

GCE e2e build/test passed for commit 98c9fbb.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 15b382b into kubernetes:master Jun 4, 2016
@nikhiljindal nikhiljindal mentioned this pull request Jun 5, 2016
Closed
@mfanjie
Copy link

mfanjie commented Jun 6, 2016

@nikhiljindal I am a little confused for this change, per my understand we did not support secret in federation-apiserver right? how can you create the secret and retrieve it? are we going to add the support?

curl localhost:8080/api/v1
{
  "kind": "APIResourceList",
  "groupVersion": "v1",
  "resources": [
    {
      "name": "services",
      "namespaced": true,
      "kind": "Service"
    },
    {
      "name": "services/status",
      "namespaced": true,
      "kind": "Service"
    }
  ]

@mfanjie
Copy link

mfanjie commented Jun 6, 2016

By reading the e2e code, it seems now we already require a bootstrap k8s cluster to boot federation? and the code is load the info from the bootstrap cluster. sorry for the noise as my info is out-of-date.

@nikhiljindal
Copy link
Contributor Author

Yes you are right. We need a bootstrap k8s cluster. The secret containing kubeconfig for federation-apiserver is stored in the bootstrap k8s apiserver. But it is not intuitive. We will move it to federation-apiserver when we start supporting secrets in federation-apiserver.

@nikhiljindal nikhiljindal mentioned this pull request Jun 6, 2016
Merged
@lavalamp
Copy link
Member

lavalamp commented Jun 6, 2016

Yeah, it's super important to move those secrets into the ubernetes control
plane asap.

On Mon, Jun 6, 2016 at 10:37 AM, Nikhil Jindal notifications@github.com
wrote:

Yes you are right. We need a bootstrap k8s cluster. The secret containing
kubeconfig for federation-apiserver is stored in the bootstrap k8s
apiserver. But it is not intuitive. We will move it to federation-apiserver
when we start supporting secrets in federation-apiserver.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#26819 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAngloclz7fyi8Gv6SavD421nOtBeWT6ks5qJFrVgaJpZM4It8wP
.

@erictune erictune mentioned this pull request Jul 2, 2016
Closed
@erictune
Copy link
Member

erictune commented Jul 2, 2016

@nikhiljindal Does this PR require action by the user when upgrading from 1.2.x to 1.3.0? (Think about non-developer users.) If so, please edit your first comment to have a release-note block, like in #28132. If it is just an optional feature, please change the label to just release-note. If it is not a complete feature by itself, then apply "release-note-none" label instead.

@madhusudancs madhusudancs added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. labels Jul 5, 2016
@madhusudancs
Copy link
Contributor

@erictune Changed the label to release-note-none

@nikhiljindal and others who might be interested.
Reason: federation-controller-manager did not even exist in 1.2. So there is no action to be taken by the users while going from 1.2 to 1.3. Also, it is not a feature by itself. So it is not that useful to have it in the release note.

Thought: we should consider maintaining a federation change log (or keep the federation release note compiled) to make the life of release czar easier.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.
8 participants
@nikhiljindal @k8s-github-robot @k8s-bot @mfanjie @lavalamp @erictune @madhusudancs @googlebot