kubeadm-init: add --copy-credentials-for-user #55901
Conversation
k8s-ci-robot
added
release-note
|
/area kubeadm |
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
neolit123
force-pushed
the
config
branch
2 times, most recently
from
71139ff
to
2956298
Compare
k8s-ci-robot
added
size/L
neolit123
force-pushed
the
config
branch
2 times, most recently
from
cb8da28
to
f0f8d7f
Compare
|
@timothysc i was trying to speak about this during the SIG meeting today, but looks like my MIC decided to not work for some reason. :( |
timothysc
added
the
sig/cluster-lifecycle
cmd/kubeadm/app/cmd/init.go
Outdated
| } else { | ||
| ctx["KubeConfigInfo"] = "" | ||
| if err := copyConfigForDefaultUser(i.defaultUser, adminKubeConfigPath); err != nil { | ||
| return fmt.Errorf("error copying configuration for user %q: %v", i.defaultUser, err) |
There was a problem hiding this comment.
Shouldn't we still have the previous instructions for a failure?
There was a problem hiding this comment.
seems like the correct thing to do. i will amend the commit.
neolit123
force-pushed
the
config
branch
3 times, most recently
from
3369144
to
d3d0843
Compare
|
@timothysc @luxas |
k8s-github-robot
added
the
needs-rebase
k8s-github-robot
removed
the
needs-rebase
cmd/kubeadm/app/cmd/init.go
Outdated
|
|
||
| if _, err := os.Stat(kubeDir); err != nil { | ||
| if os.IsNotExist(err) { | ||
| err = os.Mkdir(kubeDir, 0700) |
There was a problem hiding this comment.
You could probably just make the dir and check ignore the error if it exists.
cmd/kubeadm/app/cmd/init.go
Outdated
| } | ||
| defer dest.Close() | ||
|
|
||
| _, err = io.Copy(src, dest) |
There was a problem hiding this comment.
I don't see why you couldn't just copy vs. open.
There was a problem hiding this comment.
could you please clarify this comment.
There was a problem hiding this comment.
@timothysc TMK, golang does not provide means to copy files on os level with a single command. thus, one has to os.Open() and use io.Copy().
There was a problem hiding this comment.
issue: reversed src / dest in the recent amend!
timothysc
added
status/approved-for-milestone
lgtm
@timothysc ok, done. |
|
/retest |
There was a problem hiding this comment.
@neolit123 , if we are extending how kubeconfig file are created in kubeadm init, IMO it is necessary to ensure a consistent behaviour also in kubeadm alpha phase kubeconfig. WDYT?
|
@fabianofranz hi, perhaps you mean to allow |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, timothysc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
got the bazel tests to pass but the uni test now spills a pile of warnings / errors that seem unrelated. |
|
/test pull-kubernetes-unit |
|
[MILESTONENOTIFIER] Milestone Pull Request Labels Incomplete Action required: This pull request requires label changes. If the required changes are not made within 3 days, the pull request will be moved out of the v1.10 milestone. priority: Must specify exactly one of |
neolit123
force-pushed
the
config
branch
4 times, most recently
from
73921ce
to
b6d6dc5
Compare
timothysc
removed
the
do-not-merge/work-in-progress
timothysc
changed the title
|
|
||
| usr, err = user.Lookup(copyCredentialsForUser) | ||
| if err != nil { | ||
| return fmt.Errorf(InitErrorNoSuchUser) |
There was a problem hiding this comment.
I'm not a fan of recasting the errors here. Could you use the errors.Wrap utility if you want to put your output change on it.
There was a problem hiding this comment.
ok, i can rebase this next Monday (AFK this week).
There was a problem hiding this comment.
updated to always include the relevant error in the Errorf() format.
| ) | ||
|
|
||
| // InitCopyCredentialsForUser will copy the cluster admin credentials to the home path of a non-root user | ||
| func InitCopyCredentialsForUser(copyCredentialsForUser string, adminKubeConfigPath string) error { |
There was a problem hiding this comment.
Why can you use ENV-var's or some other platform agnostic library to determine $HOMEDIR.
/cc @kubernetes/sig-windows-misc
There was a problem hiding this comment.
this targets any Windows user. the env. variable %HOME% can only be used for the current user. also some user might have decided to move his home dir outside of default user path on Windows - e.g. /users/.
cc @luxas
some related changes of mine got accepted in the user package of the Go standard libarary...
https://github.com/golang/go/commits?author=neolit123
There was a problem hiding this comment.
^ these are going to make it in go 1.11 in August i would guess.
There was a problem hiding this comment.
I'm generally not ok with this change todo the last step which folks automate to add this platform specific code which can/will be obviated.
There was a problem hiding this comment.
even with my contribs to the user package in the go std lib that can eventually replace the above code, this change would still need the _unix, _windows files, because:
- there is no
chownon windows - the way to check if a user is root/admin differs between platforms
k8s-ci-robot
added
the
sig/windows
Using this new parameter the administrator's credentials
for the cluster will be copied to the specified
user's home directory.
WARNING: existing files will be overwritten.
Usage:
kubeadm init --copy-credentials-for-user=<someuser>
Windows requires a different approach for copying the
credentials than Unix, thus a new package is added -
`platform` in `kubeadm/app/cmd`. It contains `init_unix.go`
and `init_windows.go` that define the exported function -
InitCopyCredentialsForUser(). The function works differently
on Unix and Windows.
The same package can be re-used for other multiplatform code.
timothysc
removed
the
approved
|
@neolit123: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/test pull-kubernetes-verify |
|
I'm going to close this one per comment kubernetes/kubeadm#416 (comment) . Also, due to the other dependencies that we would drag in. If you feel like we can do this and trim it down feel free to ping me on slack. |
|
i'm perfectly fine with the close in the aspect of this not being a cmd flag. having this in the configuration is better. |
What this PR does / why we need it:
Using this new parameter the administrator's credentials
for the cluster will be copied to the specified
user's home directory.
WARNING: existing files will be overwritten.
Usage:
kubeadm init --copy-credentials-for-user=
It automates a step that the user needs to perform either manually each time or by scripting. If the flag is not set the old behavior is preserved - i.e. show info how / where to copy the config.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Related to #235
Fixes kubernetes/kubeadm#416
Special notes for your reviewer:
Release note: