Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/kubernetes: ensure kubelet cert contains a well-formed user #73139

Closed
wants to merge 2 commits into from
Closed

nixos/kubernetes: ensure kubelet cert contains a well-formed user #73139

wants to merge 2 commits into from

Conversation

kragniz
Copy link
Member

@kragniz kragniz commented Nov 9, 2019

If the hostname is empty, this otherwise gets generated as
system:node:, which causes problems during node registration.

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

@kragniz
nixos/kubernetes: ensure kubelet cert contains a well-formed user
dfc97f7 
If the hostname is empty, this otherwise gets generated as
`system:node:`, which causes problems during node registration.
endocrimes
endocrimes reviewed Nov 10, 2019
View reviewed changes
Copy link
Member

@endocrimes endocrimes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small consistency suggestions but otherwise this LGTM.

nixos/modules/services/cluster/kubernetes/kubelet.nix Outdated Show resolved Hide resolved
nixos/modules/services/cluster/kubernetes/kubelet.nix Outdated Show resolved Hide resolved
@kragniz @endocrimes
Apply suggestions from code review
183a7f7 
Co-Authored-By: Danielle <dani@builds.terrible.systems>
@kragniz
Copy link
Member Author

kragniz commented Nov 10, 2019

@endocrimes good suggestion, applied

@stale
Copy link

stale bot commented Jun 1, 2020

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the
    related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
    irc.freenode.net.

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 1, 2020
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 1, 2020
@stale
Copy link

stale bot commented Nov 28, 2020

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Nov 28, 2020
@endocrimes
Copy link
Member

cc @johanot @saschagrunert @offlinehacker (because y'all are listed as maintainers of the k/k package)

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Nov 28, 2020
saschagrunert
saschagrunert approved these changes Nov 29, 2020
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stale
Copy link

stale bot commented Jun 2, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 2, 2021
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Sep 7, 2023
@wegank wegank added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Mar 19, 2024
skykanin
skykanin approved these changes Mar 24, 2024
View reviewed changes
Copy link
Contributor

@skykanin skykanin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Mar 24, 2024
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/should-old-prs-that-look-abandoned-be-closed/21193/9

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-already-reviewed/2617/1778

SuperSandro2000
SuperSandro2000 requested changes Jun 27, 2024
View reviewed changes
nixos/modules/services/cluster/kubernetes/kubelet.nix
@@ -6,6 +6,12 @@ let
top = config.services.kubernetes;
cfg = top.kubelet;

kubeletRbacUser =
if cfg.hostname == "" then
throw "kubelet.hostname must be set. This is probably caused by networking.hostName being empty."
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be done in an assertion (the module system assertion) and not halt the entire module system.

@wegank wegank added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jul 4, 2024
@AndersonTorres
Copy link
Member

Closing as dead.

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 requested changes

@saschagrunert saschagrunert saschagrunert approved these changes

@endocrimes endocrimes endocrimes approved these changes

@skykanin skykanin skykanin approved these changes

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0 12.approvals: 3+ awaiting_merger needs_merger
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@kragniz @endocrimes @nixos-discourse @AndersonTorres @saschagrunert @skykanin @SuperSandro2000 @wegank @Guekka