-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use separate cloud.config file for in-tree vs out-of-tree components #12435
Conversation
Skipping CI for Draft Pull Request. |
/test pull-kops-e2e-ipv6-ci |
(oops wrong one) EDIT: sorry I was getting mixed up. the ipv6-ci job is the relevant job for this issue because the issue occurs when NodeIPFamilies is set in the cloud.config file. |
The errors you are seeing there are expected, I think. We see those in periodics as well. |
Do you think the correct behavior is to not set apiserver's --cloud-config when --cloud-provider == external? I'm having a hard time finding documentation that mentions what these values should be exactly. |
The failures for pull-kops-e2e-ipv6-ci are quite more compared to the periodic test: Not sure how well this is documented, but we should find someone to chat with, because our change to CCM is not very compatible with the tests:
|
As mentioned on slack, all cloud provider config we provide specifically targets external CCMs and are not used by the other components. So I think we should not set this on the other components. That API server even tries to read this when CCM is external is probably a bug. |
Seeing if pinning the az helps with /test pull-kops-e2e-ipv6-ci |
trying again to confirm the volume tests pass when --cloud-config isnt set: /test pull-kops-e2e-ipv6-ci |
Much better now :) |
Agreed. I'm testing the removal of the admission plugin altogether given that it shouldn't be able to function without in-tree cloud provider code and --cloud-config. /test pull-kops-e2e-ipv6-ci |
I may be wrong, but looks like less tests are failing compared to periodic ones. |
Yes I think we should proceed with both removing --cloud-config and the admission plugin when using external CCM but I'm going to double check in the sig-cloud-provider meeting today |
9c730a0
to
4564471
Compare
/test pull-kops-e2e-ipv6-ci |
4564471
to
9ee7eab
Compare
/test pull-kops-e2e-ipv6-ci |
The suggestion from the sig-cloud-provider meeting today was to use separate cloud.config files for in-tree vs out-of-tree components. This way we keep the PV Label admission plugin enabled until CCMs have webhook support (kubernetes/enhancements#2928 KEP slated for alpha in 1.23, plus implementation lag for each provider) and we don't have to rely on any upstream in-tree changes being made. I updated this PR to create a separate in-tree.cloud.config file that is used by kube-apiserver, kube-controller-manager, and kubelet, keeping the original cloud.config file for use by any external CCM pods. I'm open to supporting this logic a different way (conditionally creating the second file only if using an external CCM, or only on AWS since that is the only provider experiencing this issue so far, or only on AWS and IPv6, etc.) I figured using a different filename for in-tree sets us up for long-term use of the original cloud.config filename once in-tree is fully removed. |
babfbd6
to
5708292
Compare
At some point we may move the external cloudconfig file to the individual CCMs. I suspect CCMs will stop using the generic CCMs at some point too and rather rely on configmaps or CRDs. The current implementation here looks good to me. |
/test pull-kops-e2e-ipv6-ci |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks ok to me too, except for the name. Either we should go with 'external.cloud.config' for the other or switch to 'in-tree-cloud.config' to avoid creating a new file extension.
But just a nit and I don't mind if we keep it as is.
/lgtm
4eb2d61
to
1f6e3ea
Compare
/test pull-kops-e2e-ipv6-ci |
@rifelpet: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
1f6e3ea
to
7ce1cdc
Compare
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hakman The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…35-origin-release-1.22 Automated cherry pick of #12435: Use separate cloud.config files for in-tree vs
For reference |
Seeing if this fixes kubernetes/cloud-provider#51
My thinking is that if we dont provide a --cloud-config, apiserver's PV admission plugin will not be enabled (or will be a no-op) and instead the EBS CSI Driver controller will provide the equivalent labels on PVs.