inventory assets - mapping and uploading kubernetes containers #3025
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
pkg/assets/builder.go
Outdated
| @@ -95,7 +99,13 @@ func (a *AssetBuilder) remapImage(image string) (string, error) { | |||
| } | |||
|
|
|||
| registryMirror := os.Getenv("DEV_KOPS_REGISTRY_MIRROR") | |||
There was a problem hiding this comment.
We can dump the env var now that we have AssetRemapping in the API.. it was just to decouple the two PRs
upup/pkg/fi/cloudup/phase.go
Outdated
| @@ -22,4 +22,5 @@ const ( | |||
| PhaseIAM Phase = "iam" | |||
| PhaseNetwork Phase = "network" | |||
| PhaseCluster Phase = "cluster" | |||
| PhaseAssetsUpdate Phase = "assets-update" | |||
pkg/model/components/context.go
Outdated
| return "gcr.io/google_containers/" + component + ":" + "v" + clusterSpec.KubernetesVersion, nil | ||
| image := "gcr.io/google_containers/" + component + ":" + "v" + clusterSpec.KubernetesVersion | ||
|
|
||
| assetsBuilder := assets.NewAssetBuilder(clusterSpec.Assets) |
There was a problem hiding this comment.
OK, but I think we'll have to use the same AssetBuilder if we want this to actually work... in the kubelet pause container it gets put into the OptionsContext
There was a problem hiding this comment.
Should now be identical to this:
https://github.com/kubernetes/kops/blob/master/pkg/model/components/kubelet.go#L183-L188
upup/pkg/fi/cloudup/apply_cluster.go
Outdated
| assetBuilder.Assets = append(assetBuilder.Assets, asset) | ||
| } | ||
|
|
||
| canonicalLocation := "gcr.io/google_containers/pause-amd64:3.0" |
There was a problem hiding this comment.
We definitely don't need to special-case this one
upup/pkg/fi/cloudup/apply_cluster.go
Outdated
| @@ -700,6 +716,39 @@ func (c *ApplyClusterCmd) Run() error { | |||
|
|
|||
| tf.AddTo(l.TemplateFunctions) | |||
|
|
|||
| if cluster.Spec.Assets != nil && cluster.Spec.Assets.ContainerRegistry != nil { | |||
| kubernetesComponents := []string{"kube-proxy", "kube-apiserver", "kube-controller-manager", "kube-scheduler"} | |||
There was a problem hiding this comment.
Anything that calls Image above should do this automatically. That is called by proxy, kcm & scheduler.
kube-apiserver is still using the models/config/kube-apiserver (!)
There was a problem hiding this comment.
But because we are not passing around the same assets builder we are loosing the information. I am rebuilding it here. Any recommendations?
Yah we need to cleanup api server, and git rid of the non go model.
| @@ -39,6 +39,8 @@ type BootstrapChannelBuilder struct { | |||
| var _ fi.ModelBuilder = &BootstrapChannelBuilder{} | |||
|
|
|||
| func (b *BootstrapChannelBuilder) Build(c *fi.ModelBuilderContext) error { | |||
|
|
|||
|
|
|||
pkg/assets/builder.go
Outdated
| @@ -43,8 +45,10 @@ type Asset struct { | |||
| CanonicalLocation string | |||
| } | |||
|
|
|||
| func NewAssetBuilder() *AssetBuilder { | |||
| return &AssetBuilder{} | |||
| func NewAssetBuilder(assetRemapping *kops.Assets) *AssetBuilder { | |||
There was a problem hiding this comment.
Depending on the sequencing of merges here, we will likely want to take a cluster as input... but we'll cross that bridge when we come to it
| @@ -125,8 +126,16 @@ func Image(component string, clusterSpec *kops.ClusterSpec) (string, error) { | |||
| return "gcr.io/google_containers/kubedns-amd64:1.3", nil | |||
There was a problem hiding this comment.
Might as well send this one through RemapImage as well...
There was a problem hiding this comment.
We may actually need to remove this from the API. This is not being used at all and really need to get out of the API. It is an Addon ...
There was a problem hiding this comment.
Anoher PR, but advice?
There was a problem hiding this comment.
We do not want to remap this image, as it is already in addons. Why add another one?
There was a problem hiding this comment.
Maybe change it to glog.Fatalf if this is unused
upup/pkg/fi/cloudup/apply_cluster.go
Outdated
| iamLifecycle = lifecyclePointer(fi.LifecycleExistsAndWarnIfChanges) | ||
| networkLifecycle = lifecyclePointer(fi.LifecycleExistsAndWarnIfChanges) | ||
| } else { | ||
| //assetTransferLifecycle = lifecyclePointer(fi.LifecycleIgnore) |
There was a problem hiding this comment.
LifecycleExistsAndValidates I believe - we want to know if images aren't in place.
There was a problem hiding this comment.
In air gapped and other proxied environments you often will not have access to gcr.io, docker.io or other public container registries. I would recommend an API level option to override. We can definitely check if containers exist in the assets registry or the regular registry, but I would recommend failing.
upup/pkg/fi/cloudup/loader.go
Outdated
| @@ -202,7 +203,10 @@ func (l *Loader) addAssetCopyTasks(assets []*assets.Asset) error { | |||
| Name: fi.String(asset.DockerImage), | |||
| SourceImage: fi.String(asset.CanonicalLocation), | |||
| TargetImage: fi.String(asset.DockerImage), | |||
| // TODO | |||
There was a problem hiding this comment.
Suggest threading it through BuildTasks, but you can leave a TODO for me if it gets messy
chrislovecnm
force-pushed
the
mapping-and-uploading-kubernetes-assets
branch
from
169c965
to
96500de
Compare
|
@chrislovecnm PR needs rebase |
k8s-github-robot
added
the
needs-rebase
chrislovecnm
force-pushed
the
mapping-and-uploading-kubernetes-assets
branch
from
96500de
to
2043c64
Compare
k8s-github-robot
removed
the
needs-rebase
chrislovecnm
force-pushed
the
mapping-and-uploading-kubernetes-assets
branch
from
2144d9a
to
c51db4c
Compare
cmd/kops/update_cluster.go
Outdated
| phase = cloudup.PhaseIAM | ||
| case "network": | ||
| case string(cloudup.PhaseAssets): | ||
| phase = cloudup.PhaseAuth |
There was a problem hiding this comment.
typo: should be PhaseAssets I believe
k8s-github-robot
added
the
approved
|
@chrislovecnm PR needs rebase |
k8s-github-robot
added
the
needs-rebase
chrislovecnm
force-pushed
the
mapping-and-uploading-kubernetes-assets
branch
from
c51db4c
to
4228b52
Compare
k8s-github-robot
removed
the
needs-rebase
chrislovecnm
force-pushed
the
mapping-and-uploading-kubernetes-assets
branch
from
4228b52
to
c280cf3
Compare
chrislovecnm
force-pushed
the
mapping-and-uploading-kubernetes-assets
branch
from
c280cf3
to
6071ce7
Compare
| @@ -125,8 +126,16 @@ func Image(component string, clusterSpec *kops.ClusterSpec) (string, error) { | |||
| return "gcr.io/google_containers/kubedns-amd64:1.3", nil | |||
There was a problem hiding this comment.
Maybe change it to glog.Fatalf if this is unused
| if err != nil { | ||
| return "", fmt.Errorf("unable to remap container %q: %v", image, err) | ||
| } | ||
| return image, nil | ||
| } | ||
|
|
||
| baseURL := clusterSpec.KubernetesVersion |
There was a problem hiding this comment.
Maybe a comment here about why we're not remapping this case. (It's not self-evident to me why we are not.)
| iamLifecycle = lifecyclePointer(fi.LifecycleExistsAndWarnIfChanges) | ||
| networkLifecycle = lifecyclePointer(fi.LifecycleExistsAndWarnIfChanges) | ||
| } else { | ||
| stageAssetsLifecycle = lifecyclePointer(fi.LifecycleIgnore) |
There was a problem hiding this comment.
LifecycleExistsAndValidates I believe - we want to check it for problems I think.
There was a problem hiding this comment.
Once we have the code for containers and files existing I aggree, will file an issue
| @@ -150,7 +149,7 @@ func ignoreHandler(i *loader.TreeWalkItem) error { | |||
| return nil | |||
| } | |||
|
|
|||
| func (l *Loader) BuildTasks(modelStore vfs.Path, models []string, assetBuilder *assets.AssetBuilder) (map[string]fi.Task, error) { | |||
| func (l *Loader) BuildTasks(modelStore vfs.Path, models []string, assetBuilder *assets.AssetBuilder, lifecycle *fi.Lifecycle) (map[string]fi.Task, error) { | |||
There was a problem hiding this comment.
Renaming lifecycle to assetsLifecycle would make this clearer
| @@ -76,8 +75,6 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap) { | |||
|
|
|||
| dest["HasTag"] = tf.HasTag | |||
|
|
|||
| dest["Image"] = tf.Image | |||
There was a problem hiding this comment.
Hooray - another step towards getting rid of all the templates!
There was a problem hiding this comment.
I filed an issue for getting rid of the API server templates
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrislovecnm, justinsb The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
/test pull-kops-e2e-kubernetes-aws |
|
/re-test |
|
/retest |
1 similar comment
|
/retest |
|
Flakiness is being tracked in upstream issue: kubernetes/kubernetes#51128, hopefully fixed by kubernetes/kubernetes#51144 |
|
/retest |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
No description provided.