New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Propogate public-keys to cloud-init NoCloud meta-data #10231
Conversation
cca113d
to
7727d5b
Compare
Thanks for evolving the nocloud cloud-init datasource. I think this makes sense - and addresses an important gap: we couldn't use secrets when defining the ssh keys and define a netplanv2 network configuration in the same datasource. We would just need you to fix the unit tests (you need to adjust to the new |
737289b
to
ac7ad07
Compare
8de7d91
to
db250c6
Compare
db250c6
to
9054d33
Compare
/retest |
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
3abc0b6
to
5e3be24
Compare
Job is done @maiqueb 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have some very minor comments into how I think the e2e test should look like.
Plus some suggestions on what should be checked in the unit tests, and finally an opinionated comment into how I think the code should look like.
But overall really good, this is a nice feature to have around.
Thanks for the contribution !
pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter_test.go
Show resolved
Hide resolved
/cc |
18e8dc0
to
ae9d7d7
Compare
@kvaps Can you please update it to match @lyarwood's suggestion? #10231 (comment) The function name and logic should match. |
624a457
to
28c4106
Compare
Excuse me if I'm wrong, but now the names do not match the logic again? Please change just the names to |
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
28c4106
to
6c22622
Compare
yeah, you're right, fixed that, sorry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apart from one comment it looks good to me.
Thanks!
/lgtm
|
||
It("[test_id:TODO]should have ssh-key under authorized keys added by NoCloud", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could write these tests as a table, but it can be done in a follow up because there is more to clean up here (e.g. swapping NewRandomVMIWithEphemeralDiskHighMemory
with libvmi
).
/retest-required |
/lgtm |
/retest-required |
/cc @iholder101 |
Ping @iholder101 @alicefr |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tests/utils.go
Outdated
func NewRandomVMIWithEphemeralDiskAndNoCloudUserdataHighMemory(containerImage string, userData string) *v1.VirtualMachineInstance { | ||
vmi := NewRandomVMIWithEphemeralDiskAndNoCloudUserdata(containerImage, userData) | ||
|
||
vmi.Spec.Domain.Resources.Requests[k8sv1.ResourceMemory] = resource.MustParse("512M") | ||
return vmi | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the record, we sometime need to create similar functions in libvmi
pkg/cloud-init/cloud-init.go
Outdated
@@ -162,15 +163,73 @@ func ReadCloudInitVolumeDataSource(vmi *v1.VirtualMachineInstance, secretSourceD | |||
return nil, nil | |||
} | |||
|
|||
func resolveSSHPublicKeys(accessCredentials []v1.AccessCredential, secretSourceDir string, methodNoCloud, methodConfigDrive bool) (map[string]string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I would loose the bool arguments and go with something like
type AccessCredentialPropagationMethod string
const (
methodNoCloud = "methodNoCloud"
methodConfigDrive = "methodConfigDrive"
)
// ...
func resolveSSHPublicKeys(accessCredentials []v1.AccessCredential, propagationMethod AccessCredentialPropagationMethod) (map[string]string, error) {
// ...
}
If we'd support more methods in the future it's better not to end up with many bool arguments that are all false but one.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: iholder101 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really happy to see this feature accepted.
Feeling free to unhold ;) /hold cancel |
/retest-required |
@kvaps: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@0xFelix do we want to back-port this into other releases ? |
Please don't backport features to stable releases, it goes against the meaning of stable releases. |
@maiqueb I'd consider this a new feature, not a bug. So I would not backport it. |
What this PR does / why we need it:
Cloud-init's
NoCloud
also supports specifying public-keys in meta-data.This patch enables propogation of ssh-keys into instance metadata.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #10249
Special notes for your reviewer:
ExampleUsage
Release note: