Mirror keystore & secretstore #3411
Conversation
k8s-ci-robot
added
size/XXL
|
Builds on #3409 |
justinsb
force-pushed
the
mirror_stores
branch
3 times, most recently
from
be3755e
to
0636e65
Compare
k8s-github-robot
added
the
needs-rebase
|
@justinsb PR needs rebase |
justinsb
force-pushed
the
mirror_stores
branch
from
0636e65
to
d83dbf0
Compare
k8s-github-robot
removed
the
needs-rebase
justinsb
force-pushed
the
mirror_stores
branch
from
d83dbf0
to
37c3162
Compare
|
@justinsb PR needs rebase |
k8s-github-robot
added
the
needs-rebase
justinsb
force-pushed
the
mirror_stores
branch
2 times, most recently
from
bc8b5e8
to
555bdd0
Compare
k8s-github-robot
removed
the
needs-rebase
justinsb
force-pushed
the
mirror_stores
branch
from
555bdd0
to
9bea210
Compare
This allows us to have our API objects in kops-server, but our configuration on S3 or GCS.
justinsb
force-pushed
the
mirror_stores
branch
from
9bea210
to
e08dfc6
Compare
cmd/kops/create_cluster.go
Outdated
| @@ -225,6 +228,9 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command { | |||
| cmd.Flags().StringVar(&options.Target, "target", options.Target, "Target - direct, terraform, cloudformation") | |||
| cmd.Flags().StringVar(&options.Models, "model", options.Models, "Models to apply (separate multiple models with commas)") | |||
|
|
|||
| // Configuration / state location | |||
| cmd.Flags().StringVar(&options.ConfigBase, "config-base", options.ConfigBase, "The location where the cluster state files should be stored") | |||
There was a problem hiding this comment.
How does this differ from the state store? I am concerned a n00b would be confused.
There was a problem hiding this comment.
From Slack
@justinsb [5:02 PM]
So if you set a different config-base, you can have the objects that the cluster reads be different from the state store
There was a problem hiding this comment.
I think I'm actually going to feature-flag it, and probably tie to it kops-server initially.
There was a problem hiding this comment.
(I also reworked the description a little, but it's a tricky concept)
| return fi.NewVFSCAStore(basedir), nil | ||
| } | ||
|
|
||
| func DeleteAllClusterState(basePath vfs.Path) error { |
There was a problem hiding this comment.
I will need to test this in a subfolder state store without list perms. I will open an issue for me.
There was a problem hiding this comment.
This function was moved from pkg/apis/kops/registry
| continue | ||
| } | ||
|
|
||
| return fmt.Errorf("refusing to delete: unknown file found: %s", path) |
There was a problem hiding this comment.
return fmt.Errorf("refusing to delete: unknown file found: %s", path)
how about
return fmt.Errorf("unknown file found %q, not deleting: %q", path, basePath)
There was a problem hiding this comment.
This is the existing code, the point is that we do a kops delete cluster and we refuse to delete anything, because we can't prove it safe. That's what the first message is trying to imply (and I think the proposed alternative does not capture)
There was a problem hiding this comment.
the current message makes sense 👍
Disregard my comment
| // FederationsFor implements the FederationsFor method of Clientset for a kubernetes-API state store | ||
| func (c *RESTClientset) FederationsFor(federation *kops.Federation) kopsinternalversion.FederationInterface { | ||
| // Unsure if this should be namespaced or not - probably, so that we can RBAC it... | ||
| panic("Federations are currently not supported by the server API") |
There was a problem hiding this comment.
panic ouch. We do not do that in many places. You want the server to restart?
There was a problem hiding this comment.
It's a panic because there's no error code here, and because we don't expect people to be using Federations. I'd say panic is appropriate - our code should be crash-safe.
| defaultReadVersion := v1alpha1.SchemeGroupVersion.WithKind(kind) | ||
| r.defaultReadVersion = &defaultReadVersion | ||
| r.validate = func(o runtime.Object) error { | ||
| return validation.ValidateInstanceGroup(o.(*kops.InstanceGroup)) |
There was a problem hiding this comment.
Should we test if o.(*kops.InstanceGroup) is a *kops.InstanceGroup?
There was a problem hiding this comment.
No, it would be a bug, and panic-ing is appropriate here
| return fi.DefaultDeltaRunMethod(e, c) | ||
| } | ||
|
|
||
| func (s *MirrorKeystore) CheckChanges(a, e, changes *MirrorKeystore) error { |
There was a problem hiding this comment.
Should we code comments?
There was a problem hiding this comment.
I can put the normal CheckChanges implements Task::CheckChanges.
upup/pkg/fi/fitasks/mirrorsecrets.go
Outdated
| } | ||
|
|
||
| func (e *MirrorSecrets) Find(c *fi.Context) (*MirrorSecrets, error) { | ||
| // TODO: |
upup/pkg/fi/secrets.go
Outdated
| @@ -36,8 +36,11 @@ type SecretStore interface { | |||
| // ListSecrets lists the ids of all known secrets | |||
| ListSecrets() ([]string, error) | |||
|
|
|||
| // VFSPath returns the path where the SecretStore is stored | |||
| VFSPath() vfs.Path | |||
| //// VFSPath returns the path where the SecretStore is stored | |||
There was a problem hiding this comment.
remove commented code please
|
|
||
| primary := fi.FindPrimary(keyset) | ||
| if primary == nil { | ||
| glog.Warningf("skipping secret with no primary data: %s", keyset.Name) |
There was a problem hiding this comment.
How would we have no primary data?
There was a problem hiding this comment.
Then go boom please ... fmt.Error or panic
|
|
||
| return vfs.CopyTree(c.basedir, basedir) | ||
| // | ||
| //files, err := c.basedir.ReadDir() |
There was a problem hiding this comment.
Can we kill commented code please?
|
If you could take a look at the err's that are not returned with |
| for _, path := range paths { | ||
| relativePath, err := vfs.RelativePath(basePath, path) | ||
| if err != nil { | ||
| return err |
There was a problem hiding this comment.
we may want to fmt.Errorf here as the user may not know what vfs is actually doing here.
upup/pkg/fi/clientset_castore.go
Outdated
|
|
||
| primary := FindPrimary(keyset) | ||
| if primary == nil { | ||
| glog.Warningf("skipping keyset with no primary data: %s", keyset.Name) |
There was a problem hiding this comment.
Should we fail here? What is the use case?
There was a problem hiding this comment.
Good call - just being tolerant, but we don't expect this. If we see it happening for some reason (it shouldn't), then we can downgrade to a warning.
| for _, srcFile := range srcFiles { | ||
| relativePath, err := RelativePath(src, srcFile) | ||
| if err != nil { | ||
| return err |
There was a problem hiding this comment.
I cannot find RelativePath in your source tree. github search is not being kind. You call if it would be helpful to fmt.Errorf more in here.
The MirrorKeystore and MirrorSecrets tasks copy them, to keep these in sync. |
|
RelativePath is here: Lines 69 to 82 in 8585f00 My rules of thumb for when to fmt.Errof:
|
|
I am copying what you wrote and putting in in an issue, we probably should have that in the developer guide. I do a bit more cause we don't have stack exceptions. Or log the error. |
justinsb
force-pushed
the
mirror_stores
branch
from
fac6e76
to
a4a58d2
Compare
|
Put in fixes as suggested - thanks! |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrislovecnm The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue. |
This allows us to have our API objects in kops-server, but our
configuration on S3 or GCS.