Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add conversion for SecretReference to string #937

Merged
merged 1 commit into from
Jul 16, 2021
Merged

✨ Add conversion for SecretReference to string #937

merged 1 commit into from
Jul 16, 2021

Conversation

tobiasgiese
Copy link
Member

@tobiasgiese tobiasgiese commented Jul 13, 2021
edited
Loading

Signed-off-by: Tobias Giese [email protected]

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #920

Special notes for your reviewer:

  1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

  • squashed commits
  • if necessary:
    • includes documentation
    • adds unit tests

/hold

Tobias Giese [email protected], Daimler TSS GmbH, legal info/Impressum

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jul 13, 2021
@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 13, 2021
@k8s-ci-robot
Copy link
Contributor

Hi @tobiasgiese. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jul 13, 2021
@tobiasgiese tobiasgiese changed the title ✨ Add conversion for SecretReference to string WIP: ✨ Add conversion for SecretReference to string Jul 13, 2021
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 13, 2021
@seanschneeweiss
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 13, 2021
seanschneeweiss
seanschneeweiss reviewed Jul 13, 2021
View reviewed changes
api/v1alpha3/conversion.go Outdated Show resolved Hide resolved
api/v1alpha3/conversion.go Show resolved Hide resolved
@tobiasgiese tobiasgiese changed the title WIP: ✨ Add conversion for SecretReference to string ✨ Add conversion for SecretReference to string Jul 13, 2021
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 13, 2021
@tobiasgiese tobiasgiese force-pushed the tobiasgiese/v1alpha4-multi-tenancy branch from f80a98b to 58a597e Compare July 13, 2021 17:44
@sbueringer
Copy link
Member

sbueringer commented Jul 13, 2021
edited
Loading

/lgtm

/cc @jichenjc @hidekazuna
I know this is probably not popular, but standardised with CAPI v1alpha4. They only allow referencing secrets in the local Namespace. The only way to reference something external would be via a cluster-wide CRD, ... .

So to get v1alpha4 done I suggest to just drop the namespace as implemented in this PR. If there are demands for a more flexible solution, it should be implemented according to the new guidelines later on.

@k8s-ci-robot k8s-ci-robot requested a review from jichenjc July 13, 2021 20:54
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 13, 2021
@chrischdi
Copy link
Member

/lgtm

@hidekazuna
Copy link
Contributor

@sbueringer Thanks, I understand.

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hidekazuna, tobiasgiese

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 14, 2021
@tobiasgiese
Copy link
Member Author

Will wait with merge until it's clarified if we have to migrate to identityRef

xref: https://github.com/kubernetes-sigs/cluster-api/pull/4514/files#r669431287
xref2: https://kubernetes.slack.com/archives/C8TSNPY4T/p1626254145233500

@tobiasgiese tobiasgiese changed the title ✨ Add conversion for SecretReference to string ✨ WIP: Add conversion for SecretReference to string Jul 14, 2021
@tobiasgiese tobiasgiese changed the title ✨ WIP: Add conversion for SecretReference to string WIP: ✨ Add conversion for SecretReference to string Jul 14, 2021
@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jul 14, 2021
@tobiasgiese tobiasgiese force-pushed the tobiasgiese/v1alpha4-multi-tenancy branch 2 times, most recently from ae5d465 to 0c6e367 Compare July 15, 2021 06:46
@hidekazuna hidekazuna mentioned this pull request Jul 15, 2021
Closed
3 tasks
@tobiasgiese tobiasgiese force-pushed the tobiasgiese/v1alpha4-multi-tenancy branch from a2013bb to a42f525 Compare July 15, 2021 09:17
@tobiasgiese tobiasgiese changed the title WIP: ✨ Add conversion for SecretReference to string ✨ Add conversion for SecretReference to string Jul 15, 2021
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 15, 2021
@tobiasgiese
Copy link
Member Author

@hidekazuna @jichenjc can you please take a look? :)

chrischdi
chrischdi reviewed Jul 15, 2021
View reviewed changes
Copy link
Member

@chrischdi chrischdi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

:-)

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 15, 2021
@sbueringer
Copy link
Member

/lgtm
/test pull-cluster-api-provider-openstack-e2e-test

(retest required after the merge of the sshuttle fix)

@tobiasgiese
Copy link
Member Author

/test pull-cluster-api-provider-openstack-e2e-test

E0715 11:26:47.430140       1 openstackcluster_controller.go:490]  "msg"="Failed to get OpenStack cluster" "error"="OpenStackCluster.infrastructure.cluster.x-k8s.io \"cluster-e2e-djk5fk\" not found"  
E0715 11:26:47.468274       1 openstackcluster_controller.go:490]  "msg"="Failed to get OpenStack cluster" "error"="OpenStackCluster.infrastructure.cluster.x-k8s.io \"cluster-e2e-z9iisd\" not found"  
E0715 12:00:24.027679       1 controller.go:302] controller-runtime/manager/controller/openstackcluster "msg"="Reconciler error" "error"="openstackclusters.infrastructure.cluster.x-k8s.io \"cluster-e2e-z9iisd\" not found" "name"="cluster-e2e-z9iisd" "namespace"="e2e-z9iisd" "reconciler group"="infrastructure.cluster.x-k8s.io" "reconciler kind"="OpenStackCluster" 
E0715 12:00:24.505714       1 controller.go:302] controller-runtime/manager/controller/openstackcluster "msg"="Reconciler error" "error"="openstackclusters.infrastructure.cluster.x-k8s.io \"cluster-e2e-djk5fk\" not found" "name"="cluster-e2e-djk5fk" "namespace"="e2e-djk5fk" "reconciler group"="infrastructure.cluster.x-k8s.io" "reconciler kind"="OpenStackCluster" 
E0715 12:00:30.064010       1 openstackcluster_controller.go:490]  "msg"="Failed to get OpenStack cluster" "error"="OpenStackCluster.infrastructure.cluster.x-k8s.io \"cluster-e2e-j4dkpw\" not found"  
E0715 12:00:30.068982       1 openstackcluster_controller.go:490]  "msg"="Failed to get OpenStack cluster" "error"="OpenStackCluster.infrastructure.cluster.x-k8s.io \"cluster-e2e-ypxojv\" not found"  
E0715 12:31:57.065629       1 controller.go:302] controller-runtime/manager/controller/openstackcluster "msg"="Reconciler error" "error"="openstackclusters.infrastructure.cluster.x-k8s.io \"cluster-e2e-ypxojv\" not found" "name"="cluster-e2e-ypxojv" "namespace"="e2e-ypxojv" "reconciler group"="infrastructure.cluster.x-k8s.io" "reconciler kind"="OpenStackCluster" 
E0715 12:32:02.437357       1 openstackcluster_controller.go:490]  "msg"="Failed to get OpenStack cluster" "error"="OpenStackCluster.infrastructure.cluster.x-k8s.io \"cluster-e2e-4wtumg\" not found"  
E0715 12:33:49.456497       1 controller.go:302] controller-runtime/manager/controller/openstackcluster "msg"="Reconciler error" "error"="openstackclusters.infrastructure.cluster.x-k8s.io \"cluster-e2e-j4dkpw\" not found" "name"="cluster-e2e-j4dkpw" "namespace"="e2e-j4dkpw" "reconciler group"="infrastructure.cluster.x-k8s.io" "reconciler kind"="OpenStackCluster" 
E0715 13:05:23.238587       1 controller.go:302] controller-runtime/manager/controller/openstackcluster "msg"="Reconciler error" "error"="openstackclusters.infrastructure.cluster.x-k8s.io \"cluster-e2e-4wtumg\" not found" "name"="cluster-e2e-4wtumg" "namespace"="e2e-4wtumg" "reconciler group"="infrastructure.cluster.x-k8s.io" "reconciler kind"="OpenStackCluster"

xref: https://storage.googleapis.com/kubernetes-jenkins/pr-logs/pull/kubernetes-sigs_cluster-api-provider-openstack/937/pull-cluster-api-provider-openstack-e2e-test/1415626186213560320/artifacts/clusters/bootstrap/controllers/capo-controller-manager/capo-controller-manager-6f4cdd5947-qwm97/manager.log

Unfortunately, I don't know if it has something todo with my implementation. I'll turnup my devstack anyway today. if the test fails again, I'll take a deeper look.

@tobiasgiese
Copy link
Member Author

tobiasgiese commented Jul 15, 2021
edited
Loading

Found the error...

  - lastTransitionTime: "2021-07-15T14:25:26Z"
    message: 'Internal error occurred: failed calling webhook "default.openstackmachine.infrastructure.cluster.x-k8s.io":
      Post "https://capo-webhook-service.capo-system.svc:443/mutate-infrastructure-cluster-x-k8s-io-v1alpha4-openstackmachine?timeout=10s":
      x509: certificate signed by unknown authority'
    reason: InfrastructureTemplateCloningFailed
    severity: Error
    status: "False"
    type: Ready

Will fix that

@tobiasgiese tobiasgiese force-pushed the tobiasgiese/v1alpha4-multi-tenancy branch from a42f525 to b90aebb Compare July 15, 2021 14:51
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 15, 2021
@tobiasgiese tobiasgiese force-pushed the tobiasgiese/v1alpha4-multi-tenancy branch from b90aebb to de98749 Compare July 15, 2021 15:17
@jichenjc
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 16, 2021
@sbueringer
Copy link
Member

/lgtm

@jichenjc
Copy link
Contributor

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 16, 2021
@tobiasgiese tobiasgiese mentioned this pull request Jul 16, 2021
Closed
6 tasks
@k8s-ci-robot k8s-ci-robot merged commit 9a849c8 into kubernetes-sigs:master Jul 16, 2021
@tobiasgiese tobiasgiese deleted the tobiasgiese/v1alpha4-multi-tenancy branch July 16, 2021 08:06
@tobiasgiese tobiasgiese mentioned this pull request Nov 27, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanschneeweiss seanschneeweiss seanschneeweiss left review comments

@sbueringer sbueringer sbueringer left review comments

@chrischdi chrischdi chrischdi left review comments

@prankul88 prankul88 Awaiting requested review from prankul88

@jichenjc jichenjc Awaiting requested review from jichenjc

Assignees

@chrischdi chrischdi

@sbueringer sbueringer

@jichenjc jichenjc

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

v1alpha4: Clarify and possibly implement changes to multi-tenancy.
7 participants
@tobiasgiese @k8s-ci-robot @seanschneeweiss @sbueringer @chrischdi @hidekazuna @jichenjc