replace kube-core rendering with openshift operators render #420
Conversation
openshift-ci-robot
added
the
size/M
mfojtik
force-pushed
the
remove-kco-render
branch
from
d9904e6 to
a2884e2
Compare
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
mfojtik
force-pushed
the
remove-kco-render
branch
from
a2884e2 to
3209d52
Compare
openshift-ci-robot
added
size/L
| defaultReleaseImage = "registry.svc.ci.openshift.org/openshift/origin-release:v4.0" | ||
| rootDir = "/opt/tectonic" | ||
|
|
||
| // TODO: This should be decided by installer, not hard-coded |
There was a problem hiding this comment.
@smarterclayton how are we supposed to handle this? :-) Also what is the preferred registry for our images? The RHCOS seems to have RH registry hardcoded as default, so using the :latest tag does not work and we really don't want to pin this into stable tag, otherwise we won't be able to test the changes in our operator images....
I guess we want all images in quay.io at some point but we want a knob to switch that to registry.svc.ci.openshift.org for the CI?
mfojtik
force-pushed
the
remove-kco-render
branch
6 times, most recently
from
04a64c9 to
f2e6925
Compare
|
so the What is the plan for these? |
openshift-bot
added
the
needs-rebase
|
/cc @sjenning we need to discuss who shall install pod-checkpointer |
|
@derekwaynecarr: GitHub didn't allow me to request PR reviews from the following users: need, install, who, shall, we, to, discuss. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
mfojtik
force-pushed
the
remove-kco-render
branch
from
17f6a43 to
0d1dede
Compare
openshift-bot
removed
the
needs-rebase
/cc @ironcladlou |
| @@ -29,7 +29,9 @@ func (a *KubeletCertKey) Generate(dependencies asset.Parents) error { | |||
| dependencies.Get(kubeCA) | |||
|
|
|||
| cfg := &CertCfg{ | |||
| Subject: pkix.Name{CommonName: "system:serviceaccount:kube-system:default", Organization: []string{"system:serviceaccounts:kube-system"}}, | |||
| // system:masters is a hack to get the kubelet up without kube-core | |||
| // TODO(node): make kubelet bootstrapping secure with minimal permissions eventually switching to system:node:* CommonName | |||
mfojtik
force-pushed
the
remove-kco-render
branch
from
21eed3e to
c43391c
Compare
openshift-bot
added
the
needs-rebase
mfojtik
force-pushed
the
remove-kco-render
branch
from
7dbd330 to
7687262
Compare
|
/test all |
|
/retest |
|
@abhinavdahiya reported that issue here: https://github.com/openshift/release/issues/1955 |
|
the e2e is failing here Error: Error applying plan:
6 error(s) occurred:
* module.vpc.aws_eip.nat_eip[5]: 1 error(s) occurred:
* aws_eip.nat_eip.5: Error creating EIP: AddressLimitExceeded: The maximum number of addresses has been reached.
status code: 400, request id: c512d767-2493-4812-9561-5d1197723cf7
* module.vpc.aws_eip.nat_eip[0]: 1 error(s) occurred:
* aws_eip.nat_eip.0: Error creating EIP: AddressLimitExceeded: The maximum number of addresses has been reached.
status code: 400, request id: cac50c99-211c-49fc-9204-1c9e99f03ae7
* module.vpc.aws_eip.nat_eip[3]: 1 error(s) occurred:
* aws_eip.nat_eip.3: Error creating EIP: AddressLimitExceeded: The maximum number of addresses has been reached.
status code: 400, request id: 77877ad8-d126-4850-894c-01e31861aa08
* module.vpc.aws_eip.nat_eip[4]: 1 error(s) occurred:
* aws_eip.nat_eip.4: Error creating EIP: AddressLimitExceeded: The maximum number of addresses has been reached.
status code: 400, request id: 4ab4d76f-ae87-41d5-b51e-4905882fe710
* module.vpc.aws_eip.nat_eip[1]: 1 error(s) occurred:
* aws_eip.nat_eip.1: Error creating EIP: AddressLimitExceeded: The maximum number of addresses has been reached.
status code: 400, request id: 952b9a6f-5742-4d1d-87ea-44f5b80d796e
* module.vpc.aws_eip.nat_eip[2]: 1 error(s) occurred:
* aws_eip.nat_eip.2: Error creating EIP: AddressLimitExceeded: The maximum number of addresses has been reached.
status code: 400, request id: aaaed3f9-64d7-4d82-975c-81eeda85da7e
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.I am going to ask @wking to cleanup the CI account. :( |
|
/test e2e-aws |
|
/retest |
|
The previous e2e-aws error was: That's openshift/release#1955. |
|
|
https://github.com/openshift/origin/pull/21286/files merged. Missing the operator half maybe? |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
bootkube: override control-plane configs – fix kubectl logs
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, mfojtik, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| apiVersion: kubecontrolplane.config.openshift.io/v1 | ||
| kind: KubeAPIServerConfig | ||
| kubeletClientInfo: | ||
| ca: "" # kubelet uses self-signed serving certs. TODO: fix kubelet pki |
There was a problem hiding this comment.
@sjenning this is for you. We have self-signed kubelet serving certs right now. I.e. the kube-apiserver->kubelet communication is insecure because the kubelet identity is not checked.
There was a problem hiding this comment.
This is the old kube-core behaviour btw. So we are just copying that here, but should do better. I read @LiGgit commenting somewhere that up to kube 1.10 we don't support CSRs for properly signed kubelet serving certs. Has this changed upstream in 1.11 or 1.12?
| KubeControllerManagerConfigOverridesTemplate = template.Must(template.New("kube-controller-manager-config-overrides.yaml").Parse(` | ||
| apiVersion: kubecontrolplane.config.openshift.io/v1 | ||
| kind: KubeControllerManagerConfig | ||
| `)) |
There was a problem hiding this comment.
@squeed this file is also for you. You can override any setting related to networking here, like cluster CIDR for example.
Catching up with c9b0e2f (manifests: stop using kube core operator, 2018-10-08, openshift#420). Generated with: $ dep ensure using: $ dep version dep: version : v0.5.0 build date : git hash : 22125cf go version : go1.10.3 go compiler : gc platform : linux/amd64 features : ImportDuringSolve=false
Catching up with c9b0e2f (manifests: stop using kube core operator, 2018-10-08, openshift#420).
Adds ClusterK8sIO from e2dc955 (pkg/asset: add ClusterK8sIO, machines.Worker assets, 2018-10-15, openshift#468) and Master from 586ad45 (pkg/asset: Add asset for Master machines, 2018-10-18, openshift#491). Removes KubeCoreOperator from c9b0e2f (manifests: stop using kube core operator, 2018-10-08, openshift#420). Generated with: $ openshift-install graph | dot -Tsvg >docs/design/resource_dep.svg using: $ dot -V dot - graphviz version 2.30.1 (20170916.1124)
This change moves us away from kube-core renderer and use the kube-apiserver, kube-controller-manager and kube-scheduler operator renderers to gather all necessary bootstrap manifests.
@abhinavdahiya @smarterclayton this is what we want and we should make working.