Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: standalone kubelets shouldn't start a token manager #64795

Merged
merged 1 commit into from
Jun 6, 2018
Merged

auth: standalone kubelets shouldn't start a token manager #64795

merged 1 commit into from
Jun 6, 2018

Conversation

mikedanese
Copy link
Member

fixes #64789

@mikedanese mikedanese added the release-note-none Denotes a PR that doesn't merit a release note. label Jun 5, 2018
@k8s-ci-robot
Copy link
Contributor

@mikedanese: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Jun 5, 2018
@mikedanese mikedanese added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jun 5, 2018
@mikedanese
Copy link
Member Author

/test gke

@BenTheElder
Copy link
Member

/test pull-kubernetes-e2e-gke

@saad-ali saad-ali added kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. sig/node Categorizes an issue or PR as relevant to SIG Node. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. status/approved-for-milestone labels Jun 5, 2018
@saad-ali saad-ali added this to the v1.11 milestone Jun 5, 2018
tallclair
tallclair reviewed Jun 5, 2018
View reviewed changes
pkg/kubelet/kubelet.go Outdated
@@ -780,7 +780,11 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
containerRefManager,
kubeDeps.Recorder)

tokenManager := token.NewManager(kubeDeps.KubeClient.CoreV1())
var tokenManager *token.Manager
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/volume_host.go#L200 guaranteed not to be called in this case?

Otherwise, consider passing kubeDeps.KubeClient to NewManager, and handling the null case within getToken(...)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the other managers aren't protected against this. Fixed anyway.

@k8s-github-robot
Copy link

[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process

@dchen1107 @mikedanese @tallclair

Pull Request Labels
  • sig/node: Pull Request will be escalated to these SIGs if needed.
  • priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
  • kind/bug: Fixes a bug discovered during the current release.
Help

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jun 6, 2018
@mikedanese
Copy link
Member Author

/test pull-kubernetes-e2e-gke

@dchen1107
Copy link
Member

From the issue (#64789), only gke related tests are affected. But this pr thought the issue is in standalone kubelet. Shouldn't GCE related tests are also run master nodes with standalone Kubelet? What are the difference between GKE master and GCE master here to trigger the issue?

@mikedanese
Copy link
Member Author

@dchen1107 GCE master kubelets register with the apiserver. They don't run in standalone.

@tallclair
Copy link
Member

We should probably have a standalone-kubelet E2E suite if we really support it...

@tallclair
Copy link
Member

lgtm

@dchen1107
Copy link
Member

@mikedanese Ahh, I forgot that bit of ugly difference. Yes.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 6, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dchen1107, mikedanese

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 6, 2018
@mikedanese
Copy link
Member Author

/retest

feiskyer
feiskyer reviewed Jun 6, 2018
View reviewed changes
Copy link
Member

@feiskyer feiskyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@dims dims mentioned this pull request Jun 6, 2018
Closed
@k8s-github-robot
Copy link

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit f54593b into kubernetes:master Jun 6, 2018
@mikedanese mikedanese deleted the fixgke branch June 6, 2018 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@feiskyer feiskyer feiskyer left review comments

@tallclair tallclair tallclair left review comments

@pmorie pmorie Awaiting requested review from pmorie

Assignees

@dchen1107 dchen1107

@tallclair tallclair

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note-none Denotes a PR that doesn't merit a release note. sig/node Categorizes an issue or PR as relevant to SIG Node. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.11
9 participants
@mikedanese @k8s-ci-robot @BenTheElder @k8s-github-robot @dchen1107 @tallclair @fejta-bot @feiskyer @saad-ali