Add OpenShift's recycler templates to Kubernetes controller config #16139
Conversation
openshift-ci-robot
added
the
size/M
jsafrane
force-pushed
the
tmpfile-template
branch
from
2496bdf
to
e057e33
Compare
|
Split into two commits to make travis happy. |
|
|
pkg/cmd/server/start/start_master.go
Outdated
| @@ -478,6 +476,25 @@ func (m *Master) Start() error { | |||
| // continuously run the scheduler while we have the primary lease | |||
| go runEmbeddedScheduler(m.config.MasterClients.OpenShiftLoopbackKubeConfig, m.config.KubernetesMasterConfig.SchedulerConfigFile, m.config.KubernetesMasterConfig.SchedulerArguments) | |||
|
|
|||
| // OpenShift uses a different default volume recycler template than | |||
There was a problem hiding this comment.
You need to remove newPersistentVolumeRecyclerPodTemplate from pkg/cmd/server/start/start_kube_controller_manager.go, right?
| // adds it into PersistentVolumeRecyclerConfiguration if it is not set. It | ||
| // returns name of the template file that should be deleted after controllers | ||
| // start. | ||
| func AddRecyclerTemplates(masterConfig configapi.MasterConfig, cmserver *cmapp.CMServer) (string, error) { |
There was a problem hiding this comment.
This is all a mutation of BuildControllerManagerServer right?
There was a problem hiding this comment.
This is all a mutation of BuildControllerManagerServer right?
I mean, we should call it from that method and construct the one we want.
There was a problem hiding this comment.
Sort of. I tried it and it looked extremely ugly. If I create a temp file in BuildControllerManagerServer, I need to delete it in all error paths between BuildControllerManagerServer call and startControllers. I can't use defer because startControllers runs in a separate goroutine and Master.Start might actually finish earlier than startControllers is called.
| return "", err | ||
| } | ||
|
|
||
| f, err := ioutil.TempFile("", "openshift-recycler-template-") |
There was a problem hiding this comment.
What permissions do we end up with. We need to make sure that most people can't mutate it.
There was a problem hiding this comment.
ioutil.TempFile leads to os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600) which looks paranoid enough to me.
| template.Spec.Containers[0].SecurityContext = &kapiv1.SecurityContext{RunAsUser: &uid} | ||
| template.Spec.Containers[0].ImagePullPolicy = kapiv1.PullIfNotPresent | ||
|
|
||
| templateBytes, err := json.Marshal(template) |
There was a problem hiding this comment.
Needs to go through our normal encoding path. runtime.Encode(kapi.Codecs.LegacyCodec( would do I think.
jsafrane
force-pushed
the
tmpfile-template
branch
from
e057e33
to
7b5c48c
Compare
openshift-ci-robot
added
size/L
jsafrane
force-pushed
the
tmpfile-template
branch
3 times, most recently
from
c917a57
to
3760284
Compare
|
/retest |
|
filled #16278 |
openshift-merge-robot
added
the
needs-rebase
When user did not specify any recycler template files, create OpenShift one and let Kubernetes use it. The template file is created in /tmp and is deleted after controller initialization (which is safe).
jsafrane
force-pushed
the
tmpfile-template
branch
from
3760284
to
02572ea
Compare
openshift-merge-robot
removed
the
needs-rebase
|
Rebased a lot, it's almost a new PR. |
|
Umm, @deads2k, any ideas? Will we always stick to patch we have now? |
| @@ -67,10 +49,11 @@ func kubeControllerManagerAddFlags(cmserver *controlleroptions.CMServer) func(fl | |||
| } | |||
| } | |||
|
|
|||
| func newKubeControllerManager(kubeconfigFile, saPrivateKeyFile, saRootCAFile, podEvictionTimeout string, dynamicProvisioningEnabled bool, cmdLineArgs map[string][]string) (*controlleroptions.CMServer, error) { | |||
| func newKubeControllerManager(kubeconfigFile, saPrivateKeyFile, saRootCAFile, podEvictionTimeout, recyclerImage string, dynamicProvisioningEnabled bool, cmdLineArgs map[string][]string) (*controlleroptions.CMServer, []string, error) { | |||
There was a problem hiding this comment.
mind making this return a cleanupFn func()? Doesn't have to be typed. Just keeping all the cleanup logic in one spot with the thing making it.
|
Sorry, this fell of my radar. One minor comment, lgtm otherwise. Feel free to tag once done. /approve |
openshift-merge-robot
added
the
approved
|
@deads2k As I wrote earlier this PR won't work. I don't think there is a sane way out of this. |
Alright. I may fiddle around in here later. /lgtm |
…cycler template override" This reverts bc8249c
jsafrane
force-pushed
the
tmpfile-template
branch
from
02572ea
to
d2d3175
Compare
openshift-merge-robot
removed
the
lgtm
|
Ok, I reworked the cleanup to []func() instead of []string with filenames + I added TODO to the code. PTAL |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, jsafrane The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
1 similar comment
|
/retest |
|
flake: #16248 I wonder if this PR makes it more reproducible. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
1 similar comment
|
/retest |
|
Automatic merge from submit-queue (batch tested with PRs 16411, 16139, 16430, 16435, 15794) |
When user did not specify any recycler template files, create OpenShift one and let Kubernetes use it. The template file is created in /tmp and is deleted after controller initialization (which is safe).
This removes any OpenShift recycler <carry> patches in Kubernetes.
/assign @deads2k