Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make secret volume plugin use secret manager #40208

Merged
merged 2 commits into from
Jan 23, 2017
Merged

Make secret volume plugin use secret manager #40208

merged 2 commits into from
Jan 23, 2017

Conversation

wojtek-t
Copy link
Member

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 20, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@wojtek-t wojtek-t mentioned this pull request Jan 20, 2017
Closed
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Jan 20, 2017
@wojtek-t wojtek-t added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Jan 20, 2017
@k8s-ci-robot
Copy link
Contributor

Jenkins GKE smoke e2e failed for commit b3e7292. Full PR test history. cc @wojtek-t

The magic incantation to run this job again is @k8s-bot cvm gke e2e test this. Please help us cut down flakes by linking to an open flake issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot
Copy link
Contributor

Jenkins GCI GKE smoke e2e failed for commit b3e7292. Full PR test history. cc @wojtek-t

The magic incantation to run this job again is @k8s-bot gci gke e2e test this. Please help us cut down flakes by linking to an open flake issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

liggitt
liggitt reviewed Jan 20, 2017
View reviewed changes
pkg/controller/volume/attachdetach/attach_detach_controller.go
@@ -620,3 +620,7 @@ func (adc *attachDetachController) GetHostIP() (net.IP, error) {
func (adc *attachDetachController) GetNodeAllocatable() (v1.ResourceList, error) {
return v1.ResourceList{}, nil
}

func (adc *attachDetachController) GetSecretFunc() func(namespace, name string) (*v1.Secret, error) {
return nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

returns don't match signature

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

liggitt
liggitt reviewed Jan 20, 2017
View reviewed changes
pkg/controller/volume/persistentvolume/volume_host.go
@@ -80,3 +80,7 @@ func (ctrl *PersistentVolumeController) GetHostIP() (net.IP, error) {
func (ctrl *PersistentVolumeController) GetNodeAllocatable() (v1.ResourceList, error) {
return v1.ResourceList{}, nil
}

func (adc *PersistentVolumeController) GetSecretFunc() func(namespace, name string) (*v1.Secret, error) {
return nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix returns

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why wouldn't this use ctrl.kubeClient.Secrets(namespace).Get(name)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

liggitt
liggitt reviewed Jan 20, 2017
View reviewed changes
pkg/kubelet/secret/secret_manager.go
@@ -226,6 +224,11 @@ func getSecretNames(pod *v1.Pod) sets.String {
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also need to iterate over container EnvFrom

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is using EnvFrom ? From what I found in the code, volume secret plugin is not using them...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#40195 is open to use it

liggitt
liggitt reviewed Jan 20, 2017
View reviewed changes
pkg/volume/secret/secret.go
if b.getSecret != nil {
secret, err = b.getSecret(b.pod.Namespace, b.source.SecretName)
} else {
kubeClient := b.plugin.host.GetKubeClient()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why are we keeping this path?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Why can't getSecret function replace this? I mentioned the same thing in the previous PR (#39558) too...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked into this PR and I didn't see comment about it. But yeah, we can remove it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@wojtek-t
Copy link
Member Author

@liggitt @yujuhong - comments applied. PTAL

@yujuhong
Copy link
Contributor

Looks good to me. Leaving to @liggitt and @saad-ali for the final decision.

@saad-ali
Copy link
Member

Volume host is ugly but that's not your fault. We'll go in a clean it out at some point.

@saad-ali
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 23, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 40205, 40208)

@k8s-github-robot k8s-github-robot merged commit 13424d8 into kubernetes:master Jan 23, 2017
@wojtek-t
Copy link
Member Author

@saad-ali - thanks a lot!

@wojtek-t wojtek-t deleted the smart_volume_manager branch January 25, 2017 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@yujuhong yujuhong yujuhong left review comments

Assignees

@liggitt liggitt

@saad-ali saad-ali

@yujuhong yujuhong

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@wojtek-t @k8s-reviewable @k8s-ci-robot @yujuhong @saad-ali @k8s-github-robot @liggitt