Initial (experimental) CoreOS support #1813
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Should we use a feature flag for this? You can look at how I am using on in my rolling-update PR https://github.com/kubernetes/kops/pull/1134/files#diff-7095872b64962f5aefa022d844e0dc40R283 |
|
@chrislovecnm what do you mean? Add a feature flag to install in CoreOS? |
|
TODO:
|
|
@aledbf this is experimental, and should only be used in my mind if the user deliberately turns on the feature flag. Question for you: how do rolling updates work of not work with CoreOS. |
|
Testing this out (seems to be working, thanks!) and noticed something. Without using kubelet-wrapper or providing a socat binary this will still run into the socat issue which breaks helm |
| @@ -227,6 +227,11 @@ func (d *dockerVersion) matches(arch Architecture, dockerVersion string, distro | |||
| } | |||
|
|
|||
| func (b *DockerBuilder) Build(c *fi.ModelBuilderContext) error { | |||
| if b.Distribution == distros.DistributionCoreOS { | |||
| glog.Infof("Detected CoreOS; won't install Docker") | |||
There was a problem hiding this comment.
So are we running rkt or docker?
There was a problem hiding this comment.
It's preinstalled though (we can't really install complicated things on CoreOS)
| return nil | ||
| } | ||
|
|
||
| // TODO: Do we actually use the user anywhere? |
There was a problem hiding this comment.
How do we figure this out?
There was a problem hiding this comment.
It's unused; we remove and verify nothing breaks. This PR takes the first step on that.
nodeup/pkg/model/kubeapiserver.go
Outdated
| { | ||
| pod, err := b.buildPod() | ||
| if err != nil { | ||
| return fmt.Errorf("error building kube-apiserver pod: %v", err) |
There was a problem hiding this comment.
error building kube-apiserver pod
Kinda sound like we failed to deploy a pod, instead of failing to build the struct that we use to build the api server yaml that is used by kubelet. Thoughts on rewording?
| return nil, fmt.Errorf("error building kube-apiserver flags: %v", err) | ||
| } | ||
|
|
||
| redirectCommand := []string{ |
There was a problem hiding this comment.
Can you add a todo for setting this up to get logs from kubectl logs we have another issue in to allow for that.
There was a problem hiding this comment.
To be clear, can you add a comment in the code to fix this to send logs to docker so that kubectl logs works with these pods.
There was a problem hiding this comment.
The redirect to file was removed
There was a problem hiding this comment.
We already have #1813 ; I think that is separate from this PR
|
@philk the "problem" with kubelet-wrapper is that we need to use hyperkube and that means kops for coreos ends being different. |
aledbf
force-pushed
the
coreos
branch
2 times, most recently
from
db3e6e1
to
477ce0b
Compare
|
@aledbf I don't disagree that it sucks to ship kubelet two different ways but shipping a (slightly) broken kubelet isn't great either. Do you know the progress on using kubelet in a container for all installs? (or has that idea been abandoned?) |
ping @justinsb @chrislovecnm |
* Detect CoreOS * Move key manifests to code, to tolerate read-only mounts * Misc refactorings so more code can be shared * Change lots of ints to int32s in the models * Run nodeup as a oneshot systemd service, rather than relying on cloud-init behaviour which varies across distros
aledbf
force-pushed
the
coreos
branch
3 times, most recently
from
19ccaea
to
6715bd5
Compare
|
I opened #1861 to track the problems of #NoSocat, as it feels separable from this PR. kubelet in a container has not made any progress AFAIK; my understanding is that is has caused problems in the past (metrics?) and so it isn't the default. I don't think it's a huge deal to do, but I'm also not sure that socat should be the deciding factor... |
There was a problem hiding this comment.
This LGTM, but we need a second LGTM as I authored some of it. @kris-nova ?
| @@ -227,6 +227,11 @@ func (d *dockerVersion) matches(arch Architecture, dockerVersion string, distro | |||
| } | |||
|
|
|||
| func (b *DockerBuilder) Build(c *fi.ModelBuilderContext) error { | |||
| if b.Distribution == distros.DistributionCoreOS { | |||
| glog.Infof("Detected CoreOS; won't install Docker") | |||
There was a problem hiding this comment.
It's preinstalled though (we can't really install complicated things on CoreOS)
cmd/nodeup/main.go
Outdated
| @@ -50,6 +52,9 @@ func main() { | |||
| target := "direct" | |||
| flag.StringVar(&target, "target", target, "Target - direct, cloudinit") | |||
|
|
|||
| install := false | |||
| flag.BoolVar(&install, "install", install, "If true, will install a systemd unit instead of running directly") | |||
There was a problem hiding this comment.
Is the --install flag too ambiguous here? At a glance I didn't really understand what this was doing. Should we consider a more verbose name?
cmd/nodeup/main.go
Outdated
| } | ||
| if i == 0 { | ||
| // We could also try to evaluate based on cwd | ||
| s, err = os.Readlink("/proc/self/exe") |
There was a problem hiding this comment.
Should we
- Check that file exists
- Check that it is in fact a symlink
Before just bailing out here?
| Command: command, | ||
| FSRoot: flagRootFS, | ||
| } | ||
| err = i.Run() |
There was a problem hiding this comment.
Doesn't look like we do anything if we get an Error back from i.Run() can we at least log it please?
There was a problem hiding this comment.
Actually, we logged and retried, using the same logic as before.
|
|
||
| ## CoreOS | ||
|
|
||
| CoreOS support is highly experimental. Please report any issues. |
There was a problem hiding this comment.
If this is super experimental should we have something in the software that suggests/warns about that?
Ideas
- log message that yells and says "HEY THIS IS EXPERIMENTAL" (Not literally)
- whatever flags we use to trigger the behavior could have the word experimental in them a la
VENDOREXPERIMENT
There was a problem hiding this comment.
We don't have an easy way to know the image OS in kops, so I'm not sure how practical this is.
| return nil | ||
| } | ||
|
|
||
| func (b *KubectlBuilder) kubectlPath() string { |
There was a problem hiding this comment.
Wondering if we should borrow some functionality from the which command here?
There was a problem hiding this comment.
where I can find the referenced command?
There was a problem hiding this comment.
I am referring to the which command commonly found on *nix flavored file systems. I think it ships in coreutils
I think it can be done in Go, but I guess the real point I am getting at is:
Would it be helpful to look up the kubectl executable at runtime instead of assuming where it is based on the OS?
There was a problem hiding this comment.
done. Using https://golang.org/pkg/os/exec/#LookPath
There was a problem hiding this comment.
We actually don't want to rely on the PATH here. We want to run our version of kubectl,
But in this case, this is the path where we're installing kubectl anyway, so we can't find it.
There was a problem hiding this comment.
Why can't you just use hyperkube on all platforms for kubectl?
There was a problem hiding this comment.
Interesting. What is the advantage of doing so @chancez?
There was a problem hiding this comment.
More containers less binaries is always a good thing IMO. Plus, you'll already be using hyperkube on each host, so it isn't additional overhead either. It'll also make updating the binary easier, and will handle verification.
aledbf
force-pushed
the
coreos
branch
5 times, most recently
from
494a064
to
6715bd5
Compare
|
I'm not really sure where we would advertise it, because kops doesn't know the OS when it is installing. I guess we could check the image owner and warn if it matches the well known coreos.com value, but we don't do this for the other images also... |
|
@justinsb @kris-nova anything else to add/change in this PR? |
|
@justinsb ping |
|
Looks great - let's get some miles on it :-) |
|
Is there any info available on how to deploy a k8s cluster on coreOS, currently it deploy on debian, which flas am I missing ? |
|
@ahasnaini you need to change the image flag to something like |
|
thanks that worked, I used the following command EC2 instances got started but dnszone didn't get updated, without the image it did. when i logged on the master instance nothing was running under docker. do I need any more flags ? |
|
Hello, can't find any info - does kops support CoreOS images in Google Cloud Platform? Tried to deploy one of ig of existing cluster - VMs are started, but it seems that they aren't provisioned with kubelet and etc. |
replaces #1480
Edit: tested with
--bastionusingweaveandcalicoEdit 2: this change requires
nodeupwith flag--installEdit 3: also tested with
kopeio-vxlanThis change is