Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

federation: Creating kubeconfig files to be used for creating secrets for clusters on aws and gke #27332

Merged
merged 3 commits into from
Jun 21, 2016
Merged

federation: Creating kubeconfig files to be used for creating secrets for clusters on aws and gke #27332

merged 3 commits into from
Jun 21, 2016

Conversation

nikhiljindal
Copy link
Contributor

@nikhiljindal nikhiljindal commented Jun 14, 2016
edited
Loading

Extension of #26914 which created the kubeconfig files for gce clusters.
This PR extends it to AWS, vagrant and GKE.

The change for AWS and vagrant is exactly same as GCE.
For GKE, since gcloud create clusters creates kubeconfig, we are just copying the generated kubeconfig to the desired location

cc @kubernetes/sig-cluster-federation @colhom
@roberthbailey for GKE

@nikhiljindal
Copy link
Contributor Author

Am testing it out

@nikhiljindal nikhiljindal added this to the v1.3 milestone Jun 14, 2016
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Jun 14, 2016
@nikhiljindal nikhiljindal added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Jun 14, 2016
@fejta
Copy link
Contributor

fejta commented Jun 14, 2016

@k8s-bot node e2e test this issue #24479

@nikhiljindal
Copy link
Contributor Author

Verified that it works as expected on GKE

madhusudancs
madhusudancs reviewed Jun 14, 2016
View reviewed changes
cluster/gke/util.sh
@@ -131,7 +131,6 @@ function validate-cluster {
# CLUSTER_IP_RANGE (optional)
# GKE_CREATE_FLAGS (optional, space delineated)
function kube-up() {
echo "... in gke:kube-up()" >&2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching.
reverted

@madhusudancs
Copy link
Contributor

One minor nit. LGTM otherwise. Please feel free to self-apply the label.

@nikhiljindal
Copy link
Contributor Author

Thanks fixed. Adding LGTM. Also adding P1 since this is for federation which is release blocker for 1.3

@nikhiljindal nikhiljindal added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Jun 14, 2016
@nikhiljindal
Copy link
Contributor Author

nikhiljindal commented Jun 14, 2016
edited
Loading

Turns out "_" is not allowed in secret names and the context that GKE script creates in kubeconfig is named gke_myprojectname_us-central1-f_nikhiljindal-gke. We use the same name to create the secret and hence it fails with the following error:

The Secret "gke_myprojectname_us-central1-f_nikhiljindal-gke" is invalid.
metadata.name: Invalid value: "gke_myprojectname_us-central1-f_nikhiljindal-gke": must match the regex [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* (e.g. 'example.com')

Removing LGTM.

@nikhiljindal nikhiljindal removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 14, 2016
@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 15, 2016
@nikhiljindal nikhiljindal removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 15, 2016
@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 15, 2016
@nikhiljindal
Copy link
Contributor Author

Pushed another commit to fix the context name before using it as cluster and secret names.
Fixing it by replacing "_" by "-" and truncating the string to 253 chars (so that it passes api validation).
Note that this only affects the test setup. For other users, they have to choose the name themselves while running the kubectl create commands.
Have updated E2EContext.Name to be this fixed name which is used everywhere. Added the original name as E2EContext.RawName which no one is using right now, but can be used for debugging.

PTAL.

@nikhiljindal nikhiljindal assigned ghost Jun 15, 2016
@ghost
Copy link

ghost commented Jun 16, 2016 

Jun 15 17:44:59.209: INFO: Couldn't delete ns "e2e-tests-limitrange-jap3s": namespace e2e-tests-limitrange-jap3s was not deleted within limit: timed out waiting for the condition, pods remaining: [pod-no-resources pod-partial-resources]


• Failure in Spec Teardown (AfterEach) [300.135 seconds]
[k8s.io] LimitRange
/go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:668
  should create a LimitRange with defaults and ensure pod has those defaults applied. [AfterEach]
  /go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/limit_range.go:102

  Jun 15 17:44:59.209: Couldn't delete ns "e2e-tests-limitrange-jap3s": namespace e2e-tests-limitrange-jap3s was not deleted within limit: timed out waiting for the condition, pods remaining: [pod-no-resources pod-partial-resources]

@ghost
Copy link

ghost commented Jun 16, 2016

Tracking issue for flake is #26290

@k8s-github-robot
Copy link

@quinton-hoole
You must link to the test flake issue which caused you to request this manual re-test.
Re-test requests should be in the form of: k8s-bot test this issue: #<number>
Here is the list of open test flakes.

@colhom
Copy link

colhom commented Jun 16, 2016
edited
Loading

@nikhiljindal the kubeconfig contexts should already be created for you- I don't understand why you are creating additional kubeconfig files in the various cluster/<provider>/util.sh files.

By the time the e2e framework is running GetUnderlyingFederatedContexts is all ready to go without any additional changes on to of master.

@ghost ghost mentioned this pull request Jun 16, 2016
Closed
@nikhiljindal
Copy link
Contributor Author

@colhom You are right. By the time the e2e framework is done, the default kubeconfig is setup with credentials for all the clusters. That enables kubectl to be able to talk to any cluster. That flow is working great.

This change is to be able to create a secret. This secret is used by the federation controller manager (specifically the cluster controller) to be able to talk to each k8s cluster that is part of federation. There is a secret for each k8s cluster. The secret contains the kubeconfig record corresponding to that cluster. For this we create a new kubeconfig file that contains record for only one cluster (vs the default kubeconfig which contains records for all clusters) and then use that newly created kubeconfig file to create the secret.

@nikhiljindal
Copy link
Contributor Author

And yes to be clear, there is another way to do this. Instead of creating those individual kubeconfigs in these shell scripts at cluster bring up time, we can extract those individual records from the single unified kubeconfig (which framework.GetUnderlyingFederatedContexts uses). That way we wont have to write cloud provider specific code and it will be go code so we can have good tests.
But then we will depend on kubeconfig structure and will break if that changes. With the current code, we are immune to that.

Changing the shell script for GCE was easy enough (just 4 lines of code) and the changes were a lot less brittle than the alternative so I went that route.
We can revisit this if maintaining code for all cloud providers turns out too complex.

@colhom
Copy link

colhom commented Jun 16, 2016

@nikhiljindal the format that comes out of cluster/kubectl.sh config view is guaranteed to match what federation-apiserver is expecting, as they're using the same resource models and parsing logic?

I don't see the advantage of keeping redundant copies of the kubeconfig around on a per-provider basis. I do see a number of detriments (maintainability, further bloating artifact tree, more potentially non-portable build state, etc)

@colhom
Copy link

colhom commented Jun 16, 2016

@nikhiljindal and I discussed this offline- I agree that this is the "least bad" way of doing this as of now.

@colhom
Copy link

colhom commented Jun 16, 2016

LGTM

@roberthbailey
Copy link
Contributor

[sorry for the late comment]

@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 17, 2016
@k8s-github-robot k8s-github-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 20, 2016
@nikhiljindal
Copy link
Contributor Author

Updated the code to use kubectl config view --minify --flatten everywhere.
PTAL

@j3ffml
Copy link
Contributor

j3ffml commented Jun 20, 2016

lgtm

@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jun 20, 2016
@k8s-bot
Copy link

k8s-bot commented Jun 20, 2016

GCE e2e build/test passed for commit 864b267.

@ghost
Copy link

ghost commented Jun 21, 2016

LGTM.

@ghost ghost added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 21, 2016
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Jun 21, 2016

GCE e2e build/test passed for commit 864b267.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 70ad689 into kubernetes:master Jun 21, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@madhusudancs madhusudancs

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.
10 participants
@nikhiljindal @fejta @madhusudancs @k8s-github-robot @colhom @roberthbailey @j3ffml @k8s-bot @mikedanese @googlebot