New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: make "alpha kubeconfig user" accept --config #94879
kubeadm: make "alpha kubeconfig user" accept --config #94879
Conversation
c46b7b5
to
ae0959f
Compare
/assign @neolit123 |
// Add InitConfiguration backed flags to the command | ||
cmd.Flags().StringVar(&initCfg.LocalAPIEndpoint.AdvertiseAddress, options.APIServerAdvertiseAddress, initCfg.LocalAPIEndpoint.AdvertiseAddress, "The IP address the API server is accessible on") | ||
cmd.Flags().Int32Var(&initCfg.LocalAPIEndpoint.BindPort, options.APIServerBindPort, initCfg.LocalAPIEndpoint.BindPort, "The port the API server is accessible on") | ||
options.AddConfigFlag(cmd.Flags(), &cfgPath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@neolit123 Currently this command only accept local kubeadm config, should we also consider the config saved in cluster?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the PR, i can have a deeper look next week.
that is a good question. we had previous discussions whether certain kubeadm commands should use the kubeadm-config CM. my take is that if a command has potential to not operate on the running cluster it should not fetch the CM.
for example, if the command is currently being run on a Node part of a cluster and if a kubeconfig to access the cluster is in the user home dir, the user might still want to create a kubeadm for a completely different cluster, but the command will use the configuration from the cluster, which might not be desired.
i had the same argument for the command "kubeadm config images...". "kubeadm alpha certs renew" on the other hand has CM fetch, but the idea of the command is to renew certs for this Node / cluster.
so my preference here would be the following:
- the user should feed --config and the command should fail without it.
- if the user wants to feed the --config for the current cluster they can fetch the ClusterConfiguration from the CM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I got it, thanks for your detailed clarification!
/test pull-kubernetes-e2e-gce-ubuntu-containerd |
doing a minor retitle: /retitle kubeadm: make "alpha kubeconfig user" accept --config |
kubeconfig user
command accpet kubeadm config
please change the release note to:
|
|
||
// Add command specific flags | ||
cmd.Flags().StringVar(&token, options.TokenStr, token, "The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates") | ||
cmd.Flags().StringVar(&clientName, "client-name", clientName, "The name of user. It will be used as the CN if client certificates are created") | ||
cmd.Flags().StringSliceVar(&organizations, "org", organizations, "The orgnizations of the client certificate. It will be used as the O if client certificates are created") | ||
|
||
_ = cmd.MarkFlagRequired(options.CfgPath) | ||
_ = cmd.MarkFlagRequired("client-name") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these can be without the leading _ =
, unless linters complain?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah just want to make goland happy.
@@ -79,36 +75,35 @@ func newCmdUserKubeConfig(out io.Writer) *cobra.Command { | |||
if clientName == "" { | |||
return errors.New("missing required argument --client-name") | |||
} | |||
if cfgPath == "" { | |||
return errors.New("missing required argument --config") | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can remove the above if
checks if cmd.MarkFlagRequired is used.
}, | ||
NodeRegistration: kubeadmapiv1beta2.NodeRegistrationOptions{ | ||
CRISocket: "/path/to/dockershim.sock", | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think the NodeRegistration above can be removed
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" | ||
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil" | ||
testutil "k8s.io/kubernetes/cmd/kubeadm/test" | ||
kubeconfigtestutil "k8s.io/kubernetes/cmd/kubeadm/test/kubeconfig" | ||
) | ||
|
||
func generateKubeadmConfig(dir, id, certDir, clusterName string) (string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
possibly best to indicate this is used for tests (package scope wise) - e.g. name the function generateTestKubeadmConfig
} | ||
buf.Write(data) | ||
|
||
err = ioutil.WriteFile(cfgPath, buf.Bytes(), 0o644) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be 0644
for consistency with the rest of kubeadm code.
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" | ||
"k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil" | ||
testutil "k8s.io/kubernetes/cmd/kubeadm/test" | ||
kubeconfigtestutil "k8s.io/kubernetes/cmd/kubeadm/test/kubeconfig" | ||
) | ||
|
||
func generateKubeadmConfig(dir, id, certDir, clusterName string) (string, error) { | ||
id = strings.ReplaceAll(id, " ", "_") + ".conf" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think we can leave "id" here as is, without replacing " " and adding the extension - i.e. the file will be loaded even if has spaces and no ext.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@knight42 thanks for the PR, i've added some minor comments.
i think we can keep the commits squashed to 1 here.
LMK if you have any questions.
ebcb128
to
90dd499
Compare
/test pull-kubernetes-bazel-test |
@@ -40,7 +39,7 @@ var ( | |||
|
|||
userKubeconfigExample = cmdutil.Examples(` | |||
# Output a kubeconfig file for an additional user named foo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably best to indicate that --config is the kubeadm configuration, as mentioned here:
https://github.com/kubernetes/kubernetes/pull/94879/files#r492257006
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added one final comment. i think this is good to go after that.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: knight42, neolit123 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: knight42 <anonymousknight96@gmail.com>
90dd499
to
36eb74a
Compare
thank you @knight42 |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes:
xref kubernetes/kubeadm#2292
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: