Allow to read openstack cloud provider config from a secret #89885
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
size/L
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Fedosin The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
kind/feature
Fedosin
force-pushed
the
openstack_cloud_provider_secret
branch
from
c47a87a
to
e0f3ae2
Compare
sttts
reviewed
Apr 6, 2020
| } | ||
|
|
||
| secret, err := k8sClient.CoreV1().Secrets(secretNamespace).Get(context.TODO(), secretName, metav1.GetOptions{}) | ||
| secretName := os.secretName | ||
| secretNamespace := os.secretNamespace |
There was a problem hiding this comment.
why copy values? just access directly
sttts
reviewed
Apr 6, 2020
| return err | ||
| } | ||
|
|
||
| cfg := &Config{} |
There was a problem hiding this comment.
why have this here outside of the if clause if it is only used inside?
sttts
reviewed
Apr 6, 2020
| if err != nil { | ||
| return nil, false | ||
| } | ||
|
|
There was a problem hiding this comment.
why does it matter to initialize here?
There was a problem hiding this comment.
yep, I did it for consistency, but there is no need to initialize here.
sttts
reviewed
Apr 6, 2020
| @@ -44,10 +44,36 @@ const ( | |||
| instanceShutoff = "SHUTOFF" | |||
| ) | |||
|
|
|||
| func (os *OpenStack) getCompute() *gophercloud.ServiceClient { | |||
sttts
reviewed
Apr 6, 2020
| defer resp.Body.Close() | ||
|
|
||
| if resp.StatusCode != http.StatusOK { | ||
| err = fmt.Errorf("unexpected status code when reading instance type from %s: %s", instanceTypeURL, resp.Status) |
There was a problem hiding this comment.
why assign to err and not just return?
sttts
reviewed
Apr 6, 2020
| defer resp.Body.Close() | ||
|
|
||
| if resp.StatusCode != http.StatusOK { | ||
| err = fmt.Errorf("unexpected status code when reading instance address from %s: %s", url, resp.Status) |
There was a problem hiding this comment.
why assign to err and not just return?
sttts
reviewed
Apr 6, 2020
sttts
reviewed
Apr 6, 2020
| } | ||
|
|
||
| err = checkOpenStackOpts(&os) | ||
| err := checkOpenStackOpts(&os) | ||
| if err != nil { |
sttts
reviewed
Apr 6, 2020
staging/src/k8s.io/legacy-cloud-providers/openstack/openstack_instances.go
Show resolved
Hide resolved
sttts
reviewed
Apr 6, 2020
staging/src/k8s.io/legacy-cloud-providers/openstack/openstack_instances.go
Show resolved
Hide resolved
Fedosin
force-pushed
the
openstack_cloud_provider_secret
branch
from
e0f3ae2
to
33714e4
Compare
|
/test pull-kubernetes-node-e2e-containerd |
|
@Fedosin: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This was referenced Feb 15, 2022
This was referenced Apr 20, 2022
This was referenced May 25, 2022
mdbooth
added a commit
to shiftstack/kubernetes
that referenced
this pull request
Jul 20, 2022
... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/kubernetes
that referenced
this pull request
Jul 20, 2022
... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/kubernetes
that referenced
this pull request
Aug 10, 2022
... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
soltysh
pushed a commit
to soltysh/kubernetes
that referenced
this pull request
Aug 19, 2022
… secret This patch brings back the downstream changes that were introduced to allow reading openstack cloud provider config from a secret. They are available in release-4.4, but were reverted in master with openshift/origin#24719 This change includes: - Ability to read metadata values for kubelet. Since the service does not have access to the secret to read the configuration, but it needs data to download (e.g. hostname or flavor), we are trying to get it from the metadata server. - Deprecation of kubeConfig parameter. Now we read the file that was provided with --kubeconfig option. Origin-commit: f95edc26155a29769b3c5b80c03755a01a87b5fc UPSTREAM: 89885: legacy-cloud-provider/openstack: include / prefix in instance ID output When we want to read an instance ID from the metadata service, cloud provider doesn't include "/" prefix, which is required for successful parsing of provider the ID later. This commit adds the missing "/" prefix to the output. UPSTREAM: 89885: SQUASH: Fix Cinder provisioning crashing on nil cloud provider OpenStack cloud provider must not use nil when provisioning a Cinder volume. UPSTREAM: 89885: SQUASH: Report OpenStack cloud initialization errors openshift-rebase(v1.24):source=dbe70e455ee UPSTREAM: <carry>: Set informer for openstack Set informer for the openstack cloud provider to ensure it is properly initialized when reading config from a secret. Upstream 89885 was closed in favor of 96750. Co-authored-by: Hemant Kumar <hekumar@redhat.com> openshift-rebase(v1.24):source=d7ecbd903e2 UPSTREAM: 89885: SQUASH: Retry fetching clouds.conf The OpenStack secret is not guaranteed to be present at the time kube-controller-manager is initialised. Co-authored-by: Martin André <m.andre@redhat.com> Co-authored-by: Pierre Prinetti <pierreprinetti@redhat.com> openshift-rebase(v1.24):source=8bc9dd29ef0 UPSTREAM: 89885: Fix panic in openstack.InstanceExistsByProviderID() ... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
This was referenced Aug 19, 2022
soltysh
pushed a commit
to soltysh/kubernetes
that referenced
this pull request
Sep 1, 2022
… secret This patch brings back the downstream changes that were introduced to allow reading openstack cloud provider config from a secret. They are available in release-4.4, but were reverted in master with openshift/origin#24719 This change includes: - Ability to read metadata values for kubelet. Since the service does not have access to the secret to read the configuration, but it needs data to download (e.g. hostname or flavor), we are trying to get it from the metadata server. - Deprecation of kubeConfig parameter. Now we read the file that was provided with --kubeconfig option. Origin-commit: f95edc26155a29769b3c5b80c03755a01a87b5fc UPSTREAM: 89885: legacy-cloud-provider/openstack: include / prefix in instance ID output When we want to read an instance ID from the metadata service, cloud provider doesn't include "/" prefix, which is required for successful parsing of provider the ID later. This commit adds the missing "/" prefix to the output. UPSTREAM: 89885: SQUASH: Fix Cinder provisioning crashing on nil cloud provider OpenStack cloud provider must not use nil when provisioning a Cinder volume. UPSTREAM: 89885: SQUASH: Report OpenStack cloud initialization errors openshift-rebase(v1.24):source=dbe70e455ee UPSTREAM: <carry>: Set informer for openstack Set informer for the openstack cloud provider to ensure it is properly initialized when reading config from a secret. Upstream 89885 was closed in favor of 96750. Co-authored-by: Hemant Kumar <hekumar@redhat.com> openshift-rebase(v1.24):source=d7ecbd903e2 UPSTREAM: 89885: SQUASH: Retry fetching clouds.conf The OpenStack secret is not guaranteed to be present at the time kube-controller-manager is initialised. Co-authored-by: Martin André <m.andre@redhat.com> Co-authored-by: Pierre Prinetti <pierreprinetti@redhat.com> openshift-rebase(v1.24):source=8bc9dd29ef0 UPSTREAM: 89885: Fix panic in openstack.InstanceExistsByProviderID() ... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
soltysh
pushed a commit
to soltysh/kubernetes
that referenced
this pull request
Sep 15, 2022
… secret This patch brings back the downstream changes that were introduced to allow reading openstack cloud provider config from a secret. They are available in release-4.4, but were reverted in master with openshift/origin#24719 This change includes: - Ability to read metadata values for kubelet. Since the service does not have access to the secret to read the configuration, but it needs data to download (e.g. hostname or flavor), we are trying to get it from the metadata server. - Deprecation of kubeConfig parameter. Now we read the file that was provided with --kubeconfig option. Origin-commit: f95edc26155a29769b3c5b80c03755a01a87b5fc UPSTREAM: 89885: legacy-cloud-provider/openstack: include / prefix in instance ID output When we want to read an instance ID from the metadata service, cloud provider doesn't include "/" prefix, which is required for successful parsing of provider the ID later. This commit adds the missing "/" prefix to the output. UPSTREAM: 89885: SQUASH: Fix Cinder provisioning crashing on nil cloud provider OpenStack cloud provider must not use nil when provisioning a Cinder volume. UPSTREAM: 89885: SQUASH: Report OpenStack cloud initialization errors openshift-rebase(v1.24):source=dbe70e455ee UPSTREAM: <carry>: Set informer for openstack Set informer for the openstack cloud provider to ensure it is properly initialized when reading config from a secret. Upstream 89885 was closed in favor of 96750. Co-authored-by: Hemant Kumar <hekumar@redhat.com> openshift-rebase(v1.24):source=d7ecbd903e2 UPSTREAM: 89885: SQUASH: Retry fetching clouds.conf The OpenStack secret is not guaranteed to be present at the time kube-controller-manager is initialised. Co-authored-by: Martin André <m.andre@redhat.com> Co-authored-by: Pierre Prinetti <pierreprinetti@redhat.com> openshift-rebase(v1.24):source=8bc9dd29ef0 UPSTREAM: 89885: Fix panic in openstack.InstanceExistsByProviderID() ... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
soltysh
pushed a commit
to soltysh/kubernetes
that referenced
this pull request
Sep 20, 2022
… secret This patch brings back the downstream changes that were introduced to allow reading openstack cloud provider config from a secret. They are available in release-4.4, but were reverted in master with openshift/origin#24719 This change includes: - Ability to read metadata values for kubelet. Since the service does not have access to the secret to read the configuration, but it needs data to download (e.g. hostname or flavor), we are trying to get it from the metadata server. - Deprecation of kubeConfig parameter. Now we read the file that was provided with --kubeconfig option. Origin-commit: f95edc26155a29769b3c5b80c03755a01a87b5fc UPSTREAM: 89885: legacy-cloud-provider/openstack: include / prefix in instance ID output When we want to read an instance ID from the metadata service, cloud provider doesn't include "/" prefix, which is required for successful parsing of provider the ID later. This commit adds the missing "/" prefix to the output. UPSTREAM: 89885: SQUASH: Fix Cinder provisioning crashing on nil cloud provider OpenStack cloud provider must not use nil when provisioning a Cinder volume. UPSTREAM: 89885: SQUASH: Report OpenStack cloud initialization errors openshift-rebase(v1.24):source=dbe70e455ee UPSTREAM: <carry>: Set informer for openstack Set informer for the openstack cloud provider to ensure it is properly initialized when reading config from a secret. Upstream 89885 was closed in favor of 96750. Co-authored-by: Hemant Kumar <hekumar@redhat.com> openshift-rebase(v1.24):source=d7ecbd903e2 UPSTREAM: 89885: SQUASH: Retry fetching clouds.conf The OpenStack secret is not guaranteed to be present at the time kube-controller-manager is initialised. Co-authored-by: Martin André <m.andre@redhat.com> Co-authored-by: Pierre Prinetti <pierreprinetti@redhat.com> openshift-rebase(v1.24):source=8bc9dd29ef0 UPSTREAM: 89885: Fix panic in openstack.InstanceExistsByProviderID() ... when provider is uninitialised. This is a fix to downstream-only code which was originally proposed upstream as kubernetes#89885 but did not merge. It is therefore not relevant upstream. Given that we will replace the openstack legacy cloud provider in 4.12 we will not re-propose kubernetes#89885 or this fix to it. Causes all openstack.Instances() methods which require more than the local metadata service to return NotImplemented instead of crashing if the provider is not initialised.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch introduces new changes to allow reading openstack cloud provider config from a secret.
This change includes:
Ability to read metadata values for kubelet. Since the service does not have access to the secret to read the configuration, but it needs data to download (e.g. hostname or flavor), we are trying to get it from the metadata server.
Deprecation of kubeConfig parameter. Now we read the file that was provided with --kubeconfig option.
/kind feature