-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial (experimental) CoreOS support #1813
Conversation
Should we use a feature flag for this? You can look at how I am using on in my rolling-update PR https://github.com/kubernetes/kops/pull/1134/files#diff-7095872b64962f5aefa022d844e0dc40R283 |
@chrislovecnm what do you mean? Add a feature flag to install in CoreOS? |
TODO:
|
@aledbf this is experimental, and should only be used in my mind if the user deliberately turns on the feature flag. Question for you: how do rolling updates work of not work with CoreOS. |
Testing this out (seems to be working, thanks!) and noticed something. Without using kubelet-wrapper or providing a socat binary this will still run into the socat issue which breaks helm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Questions for u
@@ -227,6 +227,11 @@ func (d *dockerVersion) matches(arch Architecture, dockerVersion string, distro | |||
} | |||
|
|||
func (b *DockerBuilder) Build(c *fi.ModelBuilderContext) error { | |||
if b.Distribution == distros.DistributionCoreOS { | |||
glog.Infof("Detected CoreOS; won't install Docker") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So are we running rkt or docker?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
docker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's preinstalled though (we can't really install complicated things on CoreOS)
return nil | ||
} | ||
|
||
// TODO: Do we actually use the user anywhere? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do we figure this out?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's unused; we remove and verify nothing breaks. This PR takes the first step on that.
nodeup/pkg/model/kubeapiserver.go
Outdated
{ | ||
pod, err := b.buildPod() | ||
if err != nil { | ||
return fmt.Errorf("error building kube-apiserver pod: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
error building kube-apiserver pod
Kinda sound like we failed to deploy a pod, instead of failing to build the struct that we use to build the api server yaml that is used by kubelet. Thoughts on rewording?
return nil, fmt.Errorf("error building kube-apiserver flags: %v", err) | ||
} | ||
|
||
redirectCommand := []string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a todo for setting this up to get logs from kubectl logs
we have another issue in to allow for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be clear, can you add a comment in the code to fix this to send logs to docker so that kubectl logs
works with these pods.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The redirect to file was removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already have #1813 ; I think that is separate from this PR
@philk the "problem" with kubelet-wrapper is that we need to use hyperkube and that means kops for coreos ends being different. |
db3e6e1
to
477ce0b
Compare
@aledbf I don't disagree that it sucks to ship kubelet two different ways but shipping a (slightly) broken kubelet isn't great either. Do you know the progress on using kubelet in a container for all installs? (or has that idea been abandoned?) |
ping @justinsb @chrislovecnm |
* Detect CoreOS * Move key manifests to code, to tolerate read-only mounts * Misc refactorings so more code can be shared * Change lots of ints to int32s in the models * Run nodeup as a oneshot systemd service, rather than relying on cloud-init behaviour which varies across distros
19ccaea
to
6715bd5
Compare
I opened #1861 to track the problems of #NoSocat, as it feels separable from this PR. kubelet in a container has not made any progress AFAIK; my understanding is that is has caused problems in the past (metrics?) and so it isn't the default. I don't think it's a huge deal to do, but I'm also not sure that socat should be the deciding factor... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM, but we need a second LGTM as I authored some of it. @kris-nova ?
@@ -227,6 +227,11 @@ func (d *dockerVersion) matches(arch Architecture, dockerVersion string, distro | |||
} | |||
|
|||
func (b *DockerBuilder) Build(c *fi.ModelBuilderContext) error { | |||
if b.Distribution == distros.DistributionCoreOS { | |||
glog.Infof("Detected CoreOS; won't install Docker") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's preinstalled though (we can't really install complicated things on CoreOS)
cmd/nodeup/main.go
Outdated
@@ -50,6 +52,9 @@ func main() { | |||
target := "direct" | |||
flag.StringVar(&target, "target", target, "Target - direct, cloudinit") | |||
|
|||
install := false | |||
flag.BoolVar(&install, "install", install, "If true, will install a systemd unit instead of running directly") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the --install
flag too ambiguous here? At a glance I didn't really understand what this was doing. Should we consider a more verbose name?
cmd/nodeup/main.go
Outdated
} | ||
if i == 0 { | ||
// We could also try to evaluate based on cwd | ||
s, err = os.Readlink("/proc/self/exe") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we
- Check that file exists
- Check that it is in fact a symlink
Before just bailing out here?
Command: command, | ||
FSRoot: flagRootFS, | ||
} | ||
err = i.Run() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't look like we do anything if we get an Error back from i.Run()
can we at least log it please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, we logged and retried, using the same logic as before.
|
||
## CoreOS | ||
|
||
CoreOS support is highly experimental. Please report any issues. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is super experimental should we have something in the software that suggests/warns about that?
Ideas
- log message that yells and says "HEY THIS IS EXPERIMENTAL" (Not literally)
- whatever flags we use to trigger the behavior could have the word experimental in them a la
VENDOREXPERIMENT
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't have an easy way to know the image OS in kops, so I'm not sure how practical this is.
return nil | ||
} | ||
|
||
func (b *KubectlBuilder) kubectlPath() string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if we should borrow some functionality from the which
command here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
where I can find the referenced command?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am referring to the which
command commonly found on *nix flavored file systems. I think it ships in coreutils
I think it can be done in Go, but I guess the real point I am getting at is:
Would it be helpful to look up the kubectl
executable at runtime instead of assuming where it is based on the OS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done. Using https://golang.org/pkg/os/exec/#LookPath
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We actually don't want to rely on the PATH here. We want to run our version of kubectl,
But in this case, this is the path where we're installing kubectl anyway, so we can't find it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why can't you just use hyperkube on all platforms for kubectl?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting. What is the advantage of doing so @chancez?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More containers less binaries is always a good thing IMO. Plus, you'll already be using hyperkube on each host, so it isn't additional overhead either. It'll also make updating the binary easier, and will handle verification.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we please advertise the "experimental"ness of this PR a bit more before merging? See notes on including language in the logs, or in the flag itself.
LGTM as far as code is concerned. Nice PR!
494a064
to
6715bd5
Compare
I'm not really sure where we would advertise it, because kops doesn't know the OS when it is installing. I guess we could check the image owner and warn if it matches the well known coreos.com value, but we don't do this for the other images also... |
@justinsb @kris-nova anything else to add/change in this PR? |
@justinsb ping |
Looks great - let's get some miles on it :-) |
Is there any info available on how to deploy a k8s cluster on coreOS, currently it deploy on debian, which flas am I missing ? |
@ahasnaini you need to change the image flag to something like |
thanks that worked, I used the following command EC2 instances got started but dnszone didn't get updated, without the image it did. when i logged on the master instance nothing was running under docker. do I need any more flags ? |
Hello, can't find any info - does kops support CoreOS images in Google Cloud Platform? Tried to deploy one of ig of existing cluster - VMs are started, but it seems that they aren't provisioned with kubelet and etc. |
replaces #1480
Edit: tested with
--bastion
usingweave
andcalico
Edit 2: this change requires
nodeup
with flag--install
Edit 3: also tested with
kopeio-vxlan
This change is