Use separate cloud.config file for in-tree vs out-of-tree components #12435
Conversation
|
Skipping CI for Draft Pull Request. |
k8s-ci-robot
added
do-not-merge/work-in-progress
|
/test pull-kops-e2e-ipv6-ci |
|
(oops wrong one) EDIT: sorry I was getting mixed up. the ipv6-ci job is the relevant job for this issue because the issue occurs when NodeIPFamilies is set in the cloud.config file. |
|
The errors you are seeing there are expected, I think. We see those in periodics as well. |
|
Do you think the correct behavior is to not set apiserver's --cloud-config when --cloud-provider == external? I'm having a hard time finding documentation that mentions what these values should be exactly. |
|
The failures for pull-kops-e2e-ipv6-ci are quite more compared to the periodic test: Not sure how well this is documented, but we should find someone to chat with, because our change to CCM is not very compatible with the tests: |
|
As mentioned on slack, all cloud provider config we provide specifically targets external CCMs and are not used by the other components. So I think we should not set this on the other components. That API server even tries to read this when CCM is external is probably a bug. |
|
Seeing if pinning the az helps with /test pull-kops-e2e-ipv6-ci |
|
trying again to confirm the volume tests pass when --cloud-config isnt set: /test pull-kops-e2e-ipv6-ci |
|
Much better now :) |
|
Agreed. I'm testing the removal of the admission plugin altogether given that it shouldn't be able to function without in-tree cloud provider code and --cloud-config. /test pull-kops-e2e-ipv6-ci |
|
I may be wrong, but looks like less tests are failing compared to periodic ones. |
|
Yes I think we should proceed with both removing --cloud-config and the admission plugin when using external CCM but I'm going to double check in the sig-cloud-provider meeting today |
rifelpet
force-pushed
the
apiserver-ccm
branch
from
9c730a0
to
4564471
Compare
k8s-ci-robot
added
size/M
|
/test pull-kops-e2e-ipv6-ci |
rifelpet
force-pushed
the
apiserver-ccm
branch
from
4564471
to
9ee7eab
Compare
|
/test pull-kops-e2e-ipv6-ci |
|
The suggestion from the sig-cloud-provider meeting today was to use separate cloud.config files for in-tree vs out-of-tree components. This way we keep the PV Label admission plugin enabled until CCMs have webhook support (kubernetes/enhancements#2928 KEP slated for alpha in 1.23, plus implementation lag for each provider) and we don't have to rely on any upstream in-tree changes being made. I updated this PR to create a separate in-tree.cloud.config file that is used by kube-apiserver, kube-controller-manager, and kubelet, keeping the original cloud.config file for use by any external CCM pods. I'm open to supporting this logic a different way (conditionally creating the second file only if using an external CCM, or only on AWS since that is the only provider experiencing this issue so far, or only on AWS and IPv6, etc.) I figured using a different filename for in-tree sets us up for long-term use of the original cloud.config filename once in-tree is fully removed. |
k8s-ci-robot
added
size/L
rifelpet
force-pushed
the
apiserver-ccm
branch
from
babfbd6
to
5708292
Compare
|
At some point we may move the external cloudconfig file to the individual CCMs. I suspect CCMs will stop using the generic CCMs at some point too and rather rely on configmaps or CRDs. The current implementation here looks good to me. |
|
/test pull-kops-e2e-ipv6-ci |
k8s-ci-robot
added
lgtm
rifelpet
force-pushed
the
apiserver-ccm
branch
from
4eb2d61
to
1f6e3ea
Compare
k8s-ci-robot
removed
the
needs-rebase
|
/test pull-kops-e2e-ipv6-ci |
|
@rifelpet: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
rifelpet
changed the title
rifelpet
force-pushed
the
apiserver-ccm
branch
from
1f6e3ea
to
7ce1cdc
Compare
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hakman The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
…35-origin-release-1.22 Automated cherry pick of #12435: Use separate cloud.config files for in-tree vs
|
For reference |
Seeing if this fixes kubernetes/cloud-provider#51
My thinking is that if we dont provide a --cloud-config, apiserver's PV admission plugin will not be enabled (or will be a no-op) and instead the EBS CSI Driver controller will provide the equivalent labels on PVs.