Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use etcd-manager for the cilium etcd cluster #8750

Merged
merged 5 commits into from
Apr 16, 2020
Merged

Use etcd-manager for the cilium etcd cluster #8750

merged 5 commits into from
Apr 16, 2020

Conversation

olemarkus
Copy link
Member

This will use etcd-manager to handle the cilium etcd kvstore instead of using cilium-etcd-operator.
Just brute-forced my way until it worked, so it still needs some cleanup. But have a look if there are any concerns with this approach.

cc @johngmyers

@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 15, 2020
@k8s-ci-robot
Copy link
Contributor

Hi @olemarkus. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 15, 2020
@k8s-ci-robot k8s-ci-robot added area/api area/nodeup size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 15, 2020
@hakman
Copy link
Member

hakman commented Mar 15, 2020

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 15, 2020
@olemarkus olemarkus force-pushed the cilium-etcd-manager branch 2 times, most recently from f201e46 to dd16f82 Compare March 15, 2020 19:15
@olemarkus olemarkus changed the title WIP: Use etcd-manager for the cilium etcd cluster Use etcd-manager for the cilium etcd cluster Mar 15, 2020
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 15, 2020
@olemarkus
Copy link
Member Author

/test pull-kops-e2e-kubernetes-aws

@olemarkus olemarkus force-pushed the cilium-etcd-manager branch 2 times, most recently from e97f3df to 7528654 Compare March 19, 2020 13:36
@hakman
Copy link
Member

hakman commented Mar 20, 2020

I think it is a good time to create a nodeup/pkg/model/networking/ dir, or at least prepend the file name with "networking".

@olemarkus
Copy link
Member Author

I wouldn't do that as part of this PR, but if this one goes in, I can do a follow-up creating that dir.

@johngmyers
Copy link
Member

How does this interact with legacy etcd mode? Do we need to add a validation to prevent this combination?

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 30, 2020
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 30, 2020
@olemarkus
Copy link
Member Author

Yeah. We need to ensure that the cilium etcd cluster is using etcd-manager. I will add some validation on that.

@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. area/documentation and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Apr 8, 2020
@olemarkus
Copy link
Member Author

@justinsb anything you think needs to be changed in this MR?

rifelpet
rifelpet reviewed Apr 16, 2020
View reviewed changes
Copy link
Member

@rifelpet rifelpet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few minor comments but looks good overall. I know that on the March 27th office hours no one seemed to have any concerns or objections with this, so once we address the comments we can get this merged asap. Thanks! and sorry for the delay.

nodeup/pkg/model/cilium.go Outdated Show resolved Hide resolved
nodeup/pkg/model/cilium.go Outdated Show resolved Hide resolved
nodeup/pkg/model/cilium.go Outdated
privateKeyBytes := pkiutil.EncodePrivateKeyPEM(privateKey)

certConfig := &certutil.Config{
CommonName: "kube-apiserver",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like a copy/paste from etcd_manager_tls.go, should this cert have a different CN?

pkg/model/firewall.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Apr 16, 2020
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Apr 16, 2020
@rifelpet
Copy link
Member

Thanks for the additional tests! the new integration tests confirm the security group rule change is only present if cilium etcdManaged is enabled.

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 16, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: olemarkus, rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 16, 2020
@k8s-ci-robot k8s-ci-robot merged commit 33c7e22 into kubernetes:master Apr 16, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.18 milestone Apr 16, 2020
@olemarkus olemarkus deleted the cilium-etcd-manager branch April 25, 2020 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rifelpet rifelpet rifelpet left review comments

@joshbranham joshbranham Awaiting requested review from joshbranham

@robinpercy robinpercy Awaiting requested review from robinpercy

Assignees

@rifelpet rifelpet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/api area/documentation area/nodeup cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
v1.18
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@olemarkus @k8s-ci-robot @hakman @johngmyers @rifelpet