-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manifest files #3229
Manifest files #3229
Conversation
Hi @gambol99. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Thanks for the PR This is a big change :) There has been an issue in for a long time around getting the logs accessible via kubectl logs. I am kinda on the fence about this, because this is going to change what admins are use to a bunch. No more log files ;) I like using journal, but again big change in my mind. Let me ponder a bit... |
@@ -29,8 +29,18 @@ import ( | |||
"github.com/golang/glog" | |||
) | |||
|
|||
// BuildFlags builds flag arguments based on "flag" tags on the structure | |||
// BuildFlags returns a space seperated list arguments |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably mark this deprecated (just with a comment saying to prefer calling BuildFlagsList)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added
pkg/flagbuilder/build_flags.go
Outdated
return utils.SkipReflection | ||
} | ||
err := utils.ReflectRecursive(reflect.ValueOf(options), walker) | ||
if err != nil { | ||
return "", err | ||
return []string{}, err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI, typically nil
is basically equivalent to []string{}
for all practical use cases, so you can typically just return nil, err
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed :-)
I agree with the change @gambol99 , except that (like @chrislovecnm) I do have concerns about backwards compatibility. One option might be the same trick I suggested for the IAM changes #3186 (comment) ... one day we'll enable a logging solution "out of the box" just like we do networking. Enabling one of those logging solutions won't be the default when we first introduce it, but if the user enables it they get this more sensible logging. And until then we have a feature flag. I think the options are:
I'm inclined to suggest that we do the second option, but see if we can transform this PR into that because then it will make the 3rd option easier. What do you think @gambol99 ? And which logging solution are you using? |
cceb3a4
to
abd01a6
Compare
hi @justinsb / @chrislovecnm ...
Off topic to the PR but i'm inclined to forgo Kops managing any of those deployments; I'm not sure but I kinda feel it should only manage addon's which are functional to the cluster (a CNI or kube-dns etc) i.e. operations. Anything which is "feature based" should be out of scope and be part of an application-pipeline. It reduces the conditionals, api spec, templating and things Kops need to think about.
Agreed!, I've reverted the changes and it will now log to both stdout and original logging file
At present a standard ELK stack, although it lives externally and isolated to clusters |
Yes, I agree. The question is if logging is a base component or not. Since there are like 40 different solutions I am thinking no. @justinsb has been threatening to build a deployment manager. Dashboard, logging, an other stuff could go there. We already have some of the functionality needed in channels. Admittedly kops deploying other manifests has been a big discussion item. |
Yes, up until now the line has been whether we need a component in order to bring up the system. Networking therefore is in. kube2iam or IAM lockdown is not in today, but I could imagine that we might have a really locked down configuration in future where e.g. kube-controller-manager has different IAM permissions from kube-apiserver, and then maybe kube2iam would be required. The idea of baking kube2iam in was convenient for figuring out how to incrementally lock down IAM permissions, but I think we can just make it a separate field. Logging hasn't been one that I thought should be in, except that it would have been convenient here to incrementally adopt the change. (And maybe for logging/diagnostics during system bootstrap). And yes, my hope is that we can get all the addons to be a simple manifest, in which case this might become largely academic anyway. |
nodeup/pkg/model/kube_proxy.go
Outdated
flags = append(flags, []string{ | ||
"--conntrack-max-per-core=131072", | ||
"--kubeconfig=/var/lib/kube-proxy/kubeconfig", | ||
"--oom_score_adj=-998", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Upstream added the code which did echo -998 > /proc/$$$/oom_score_adj && ...
, so I opened kubernetes/kubernetes#51083 to ask upstream / @vishh
/lgtm Thanks for changing the behaviour @gambol99 |
/ok-to-test |
/retest |
this one needs fixing @justinsb, no need to retest yet... With the revert of logging to both pipes it's causing issues which need fixing :-( ... |
Fair enough - there is also an upstream issue - kubernetes/kubernetes#51128, hopefully fixed by kubernetes/kubernetes#51144 |
@gambol99 PR needs rebase |
/retest |
/test pull-kops-e2e-kubernetes-aws |
sorry for the lack of update on this one .. I did hit a stumbling block trying to get them both to work at the same time ... Given the arguments are now being passed to the entrypoint the use of /bin/sh -c "<command | tee -a " will no longer work ... I tried fiddling with #!/bin/sh
logfile=$1; shift 1;
$@ | tee -a ${logfile} Or just having an extra option in the cluster spec that permits a selection ... |
472892f
to
a307199
Compare
a307199
to
03415a4
Compare
@KashifSaadat ... can i get a review please |
c.AddTask(t) | ||
} | ||
c.AddTask(&nodetasks.File{ | ||
Path: "/var/log/kube-apiserver.log", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could possibly make this path a constant as you're referring to it in a few places (same for the other models)
Image: image, | ||
Command: []string{ | ||
"/bin/sh", "-c", | ||
"/usr/local/bin/kube-proxy " + strings.Join(sortedStrings(flags), " ") + " 2>&1 | /usr/bin/tee -a /var/log/kube-proxy.log", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar logic could be abstracted out to a helper function
pkg/apis/kops/cluster.go
Outdated
@@ -61,8 +61,7 @@ type ClusterSpec struct { | |||
MasterPublicName string `json:"masterPublicName,omitempty"` | |||
// MasterInternalName is the internal DNS name for the master nodes | |||
MasterInternalName string `json:"masterInternalName,omitempty"` | |||
// The CIDR used for the AWS VPC / GCE Network, or otherwise allocated to k8s | |||
// This is a real CIDR, not the internal k8s network | |||
// The CIDR used for the AWS VPC / GCE Network, or otherwise allocated to k8s. This is a real CIDR, not the internal k8s network |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"NetworkCIDR is the CIDR used for.."
pkg/apis/kops/cluster.go
Outdated
// Alternative locations for files and containers | ||
// This API component is under construction, will remove this comment | ||
// once this API is fully functional. | ||
// Alternative locations for files and containers; the API under construction, will remove this comment once this API is fully functional. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment start with "Assets.."
pkg/flagbuilder/build_flags.go
Outdated
return utils.SkipReflection | ||
} | ||
err := utils.ReflectRecursive(reflect.ValueOf(options), walker) | ||
if err != nil { | ||
return "", err | ||
return nil, err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could add some context to the errors being returned
Added a few comments, nothing big though. Looks good to me! 👍 |
Arg ... needs a rebase again ... DOH Or github is confused. |
@gambol99 PR needs rebase |
03415a4
to
553130e
Compare
553130e
to
ab57579
Compare
is anything outstanding on this one? @justinsb @chrislovecnm |
The current kube manifest redirect all the logs into host located log files, this PR uses the tee command to pipe into both local logs (retaining the current) and docker stdout (which will be picked up by the journald or which every logging your using. Note also permits as to now need the logs via the kubectl command. - renamed some of the files to make things cleaner - redirecting the logs from the kubernetes components into local file and stdout - cleaned up any vetting or linting error i came across
ab57579
to
a7abb07
Compare
Yah just needed a rebase :) /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrislovecnm, justinsb The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue. |
The current implementation uses flags embedded into the command line rather than argument which is more consistent with other manifests and kubeadm. Logging currently pushes all the logs into the host, which isn't really ideal with an ephemeral host model, users should be pushed to implement a proper remote logging stack to retain logs not ssh to boxes.