feat: External cloud provider support for Azure Stack Cloud #4635
Changes from all commits
886878f
324d891
6a4d571
5afaa3a
c4d3fa1
96d013a
4a2796a
3bdd22f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -88,18 +88,52 @@ spec: | |
command: | ||
- cloud-node-manager | ||
- --node-name=$(NODE_NAME) | ||
{{- if IsAzureStackCloud}} | ||
- --use-instance-metadata=false | ||
- --cloud-config=/etc/kubernetes/azure.json | ||
- --kubeconfig=/var/lib/kubelet/kubeconfig | ||
{{end}} | ||
env: | ||
- name: NODE_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: spec.nodeName | ||
{{- if IsAzureStackCloud}} | ||
- name: AZURE_ENVIRONMENT_FILEPATH | ||
value: /etc/kubernetes/azurestackcloud.json | ||
- name: AZURE_GO_SDK_LOG_LEVEL | ||
value: INFO | ||
{{end}} | ||
resources: | ||
requests: | ||
cpu: 50m | ||
memory: 50Mi | ||
limits: | ||
cpu: 2000m | ||
memory: 512Mi | ||
{{- if IsAzureStackCloud}} | ||
volumeMounts: | ||
- name: etc-kubernetes | ||
mountPath: /etc/kubernetes | ||
readOnly: true | ||
- name: etc-ssl | ||
mountPath: /etc/ssl | ||
readOnly: true | ||
- name: path-kubeconfig | ||
mountPath: /var/lib/kubelet/kubeconfig | ||
readOnly: true | ||
volumes: | ||
- name: etc-kubernetes | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. when possible, I would just mount the file instead of the entire directory: volumes:
- name: etc-kubernetes
hostPath:
path: /etc/kubernetes/azurestackcloud.json
type: FileOrCreate volumeMounts:
- name: custom-environment
mountPath: /etc/kubernetes/azurestackcloud.json
readOnly: true There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The /etc/kubernetes directory also contains azure.json and cert, so I leave this one to folder level access. I updated the /var/lib/kubelet/kubeconfig to file level access. |
||
hostPath: | ||
path: /etc/kubernetes | ||
- name: etc-ssl | ||
hostPath: | ||
path: /etc/ssl | ||
- name: path-kubeconfig | ||
hostPath: | ||
path: /var/lib/kubelet/kubeconfig | ||
type: FileOrCreate | ||
{{end}} | ||
{{- if and HasWindows (IsKubernetesVersionGe "1.18.0")}} | ||
--- | ||
apiVersion: apps/v1 | ||
|
@@ -148,16 +182,40 @@ spec: | |
command: | ||
- /cloud-node-manager.exe | ||
- --node-name=$(NODE_NAME) | ||
- --kubeconfig=C:\k\config | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Did we want this new There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Based on my test on Azure, the windows node will also need this config to launch the cloud node manager pod. The default IP in external-cloud-provider is not working. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sample error: |
||
{{- if IsAzureStackCloud}} | ||
- --use-instance-metadata=false | ||
- --cloud-config=C:\k\azure.json | ||
lifecycle: | ||
postStart: | ||
exec: | ||
command: | ||
- C:\k\addazsroot.bat | ||
{{end}} | ||
env: | ||
- name: NODE_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: spec.nodeName | ||
{{- if IsAzureStackCloud}} | ||
- name: AZURE_ENVIRONMENT_FILEPATH | ||
value: C:\k\azurestackcloud.json | ||
- name: AZURE_GO_SDK_LOG_LEVEL | ||
value: INFO | ||
{{end}} | ||
resources: | ||
requests: | ||
cpu: 50m | ||
memory: 50Mi | ||
limits: | ||
cpu: 2000m | ||
memory: 512Mi | ||
{{end}} | ||
volumeMounts: | ||
- name: azure-config | ||
mountPath: C:\k | ||
volumes: | ||
- name: azure-config | ||
hostPath: | ||
path: C:\k | ||
type: Directory | ||
{{end}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you know why only ASH needs
cloud-config
andkubeconfig
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For
kubeconfig
, if not provided the ecp (external cloud provider) will use default value from environment variable ofKubernetes Service
(https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/vendor/k8s.io/client-go/rest/config.go#L488), which doesn't work for Azure Stack as well as Azure Windows node.For
cloud-config
, we need that to correct get cloud and tenant information.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should figure out which
KUBERNETES_SERVICE_HOST
andKUBERNETES_SERVICE_PORT
values work on ASH and Windows. The same for cloud and tenant info. The least access to the host file system, the better.