Refactor addons into multiple packages #50214
Conversation
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
cncf-cla: no
|
Hi @andrewrynhard. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-github-robot
added
size/XL
andrewrynhard
force-pushed
the
refactor_addons
branch
from
2259bfd to
d0dbc58
Compare
cmd/kubeadm/app/cmd/init.go
Outdated
| @@ -283,7 +284,11 @@ func (i *Init) Run(out io.Writer) error { | |||
| return err | |||
| } | |||
|
|
|||
| if err := addonsphase.CreateEssentialAddons(i.cfg, client); err != nil { | |||
| if err := dnsaddonphase.CreateEsentialDNSAddon(i.cfg, client); err != nil { | |||
There was a problem hiding this comment.
Wasn't certain if we wanted to keep this as just addonsphase. I can change if so.
There was a problem hiding this comment.
This is fine but can just be EnsureDNSAddon()
cmd/kubeadm/app/cmd/init.go
Outdated
| return err | ||
| } | ||
|
|
||
| if err := proxyaddonphase.CreateEssentialProxyAddon(i.cfg, client); err != nil { |
There was a problem hiding this comment.
Wasn't certain if we wanted to keep this as just addonsphase. I can change if so.
There was a problem hiding this comment.
proxyaddonphase is fine but maybe EnsureProxyAddon()
|
@luxas I have a few things I can clean up. Still a WIP. |
andrewrynhard
force-pushed
the
refactor_addons
branch
from
d0dbc58 to
b156470
Compare
There was a problem hiding this comment.
I know this is WIP, but left a couple of comments for guidance.
What I yet want to see here is moving the ServiceAccount generation from the apiconfig phase to each addon pkg respectively. The same goes for the kubeadm:node-proxier ClusterRoleBinding.
Sounds good to you? Thanks!
cmd/kubeadm/app/cmd/init.go
Outdated
| @@ -283,7 +284,11 @@ func (i *Init) Run(out io.Writer) error { | |||
| return err | |||
| } | |||
|
|
|||
| if err := addonsphase.CreateEssentialAddons(i.cfg, client); err != nil { | |||
| if err := dnsaddonphase.CreateEsentialDNSAddon(i.cfg, client); err != nil { | |||
There was a problem hiding this comment.
This is fine but can just be EnsureDNSAddon()
cmd/kubeadm/app/cmd/init.go
Outdated
| return err | ||
| } | ||
|
|
||
| if err := proxyaddonphase.CreateEssentialProxyAddon(i.cfg, client); err != nil { |
There was a problem hiding this comment.
proxyaddonphase is fine but maybe EnsureProxyAddon()
| } | ||
|
|
||
| // CreateEsentialDNSAddon creates the kube-dns addon | ||
| func CreateEsentialDNSAddon(cfg *kubeadmapi.MasterConfiguration, client clientset.Interface) error { |
| fmt.Println("[addons] Applied essential addon: kube-proxy") | ||
|
|
||
| err = CreateKubeDNSAddon(dnsDeploymentBytes, dnsServiceBytes, client) | ||
| err = createKubeDNSAddon(dnsDeploymentBytes, dnsServiceBytes, client) |
There was a problem hiding this comment.
And inline this in the if-clause below
| @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and | |||
| limitations under the License. | |||
| */ | |||
|
|
|||
| package addons | |||
| package dns | |||
There was a problem hiding this comment.
KubeProxy* shouldn't be left here, right?
| expected bool | ||
| }{ | ||
| { | ||
| manifest: KubeProxyConfigMap, |
There was a problem hiding this comment.
KubeProxy* shouldn't be here, right?
| path: /run/xtables.lock | ||
| ` | ||
|
|
||
| KubeDNSVersion = "1.14.4" |
There was a problem hiding this comment.
KubeDNS* shouldn't be in this file
| @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and | |||
| limitations under the License. | |||
| */ | |||
|
|
|||
| package addons | |||
| package proxy | |||
There was a problem hiding this comment.
Move over TestCompileManifests with the right test cases.
| return fmt.Errorf("error when parsing kube-proxy daemonset template: %v", err) | ||
| } | ||
|
|
||
| err = createKubeProxyAddon(proxyConfigMapBytes, proxyDaemonSetBytes, client) |
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
luxas
added
release-note
k8s-github-robot
added
the
needs-rebase
andrewrynhard
force-pushed
the
refactor_addons
branch
from
b156470 to
a4dbc2f
Compare
k8s-github-robot
removed
the
needs-rebase
andrewrynhard
force-pushed
the
refactor_addons
branch
from
a4dbc2f to
f3358ff
Compare
k8s-ci-robot
added
cncf-cla: yes
There was a problem hiding this comment.
Thanks a bunch! Only one primary comment; and some small nits to fix:
From golint:
W0814 06:27:07.535] cmd/kubeadm/app/phases/addons/dns/manifests.go:20:2: exported const KubeDNSVersion should have comment (or a comment on this block) or be unexported
W0814 06:27:07.535] cmd/kubeadm/app/phases/addons/proxy/manifests.go:20:2: exported const KubeProxyConfigMap should have comment (or a comment on this block) or be unexported
From unit/bazel:
cmd/kubeadm/app/phases/apiconfig/clusterroles_test.go:60: undefined: CreateServiceAccounts
| if err := kuberuntime.DecodeInto(api.Codecs.UniversalDecoder(), daemonSetbytes, kubeproxyDaemonSet); err != nil { | ||
| return fmt.Errorf("unable to decode kube-proxy daemonset %v", err) | ||
| // CreateServiceAccount creates the necessary serviceaccounts that kubeadm uses/might use, if they don't already exist. | ||
| func CreateServiceAccount(client clientset.Interface) error { |
There was a problem hiding this comment.
I don't think this needs to be exposed separately.
Well, if we do that it's fine by me, but at least EnsureDNSAddon should call it.
(EnsureDNSAddon should not have dependencies)
|
|
||
| const ( | ||
| // KubeProxyClusterRoleName sets the name for the kube-proxy ClusterRole | ||
| KubeProxyClusterRoleName = "system:node-proxier" |
There was a problem hiding this comment.
nit: Add // TODO: This k8s-generic, well-known constant should be fetchable from an other source, not be in this package
| ) | ||
|
|
||
| // EnsureProxyAddon creates the kube-proxy and kube-dns addons | ||
| func EnsureProxyAddon(cfg *kubeadmapi.MasterConfiguration, client clientset.Interface) error { |
There was a problem hiding this comment.
Again, the serviceaccount should be created as the first step here
| } | ||
|
|
||
| func createClusterRoleBindings(client clientset.Interface) error { | ||
| // TODO: This ClusterRoleBinding should be created by the kube-proxy phase, not here |
| return err | ||
| } | ||
|
|
||
| fmt.Println("[proxy] Created RBAC rules") |
There was a problem hiding this comment.
I don't think we should print this; one line per addon phase is enough
|
|
||
| // CreateRBACRules creates the essential RBAC rules for a minimally set-up cluster | ||
| func CreateRBACRules(client clientset.Interface, k8sVersion *k8sversion.Version) error { | ||
| if err := createClusterRoleBindings(client); err != nil { |
There was a problem hiding this comment.
I really like the idea of having EnsureFooAddon, CreateServiceAccount and CreateRBACRules as the three exported funcs of every addon phase (even if some of them no-op).
cmd/kubeadm/app/cmd/init.go
Outdated
| return err | ||
| } | ||
|
|
||
| if err := apiconfigphase.CreateRBACRules(client, k8sVersion); err != nil { | ||
| if err := dnsaddonphase.CreateServiceAccount(client); err != nil { |
andrewrynhard
force-pushed
the
refactor_addons
branch
from
f3358ff to
bbbf530
Compare
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andrewrynhard, luxas Associated issue: 348 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
k8s-github-robot
removed
the
lgtm
luxas
added
the
lgtm
|
@andrewrynhard kind of annoying, but please fix this |
k8s-github-robot
removed
approved
luxas
added
approved
|
Automatic merge from submit-queue (batch tested with PRs 49904, 50484, 50214) |
Automatic merge from submit-queue (batch tested with PRs 49904, 50484, 50214) Refactor addons into multiple packages **What this PR does / why we need it**: kubernetes/kubeadm#348 **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # kubernetes/kubeadm#348
Automatic merge from submit-queue (batch tested with PRs 50626, 50683, 50679, 50684, 50460) kubeadm: Centralize client create-or-update logic in one package **What this PR does / why we need it**: Moves all Create-or-Update logic into one package instead of duplicating that logic all around in the codebase. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: This PR depends on #50214. Note that commit 2 is the only one that needs reviewing. This PR is required for #48899 (kubeadm upgrade) **Release note**: ```release-note NONE ``` @kubernetes/sig-cluster-lifecycle-pr-reviews @mattmoyer @fabriziopandini
What this PR does / why we need it:
kubernetes/kubeadm#348
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #kubernetes/kubeadm#348