New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify kube-apiserver patches #24178
Conversation
b3614fd
to
5f7011d
Compare
/retest |
5f7011d
to
18956cf
Compare
ddbd38c
to
bd8976a
Compare
/retest |
The gcp failure was interesting:
|
As for the above error, it seems that the goroutine is being restarted in a loop which causes about 21k lines of panics in the bootstrap-control-plane kube-apiserver logs |
@@ -104,6 +104,8 @@ func createAggregatorConfig( | |||
EnableAggregatedDiscoveryTimeout: utilfeature.DefaultFeatureGate.Enabled(kubefeatures.EnableAggregatedDiscoveryTimeout), | |||
}, | |||
} | |||
// we need to clear the poststarthooks so we don't add them multiple times to all the servers (that fails) | |||
aggregatorConfig.GenericConfig.PostStartHooks = map[string]genericapiserver.PostStartHookConfigEntry{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there an upstream PR already? Please rename the commit.
if err != nil { | ||
return nil, err | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
strange to have file loading in a handler chain builder. Why not pass in a []byte
?
@@ -30,7 +30,8 @@ import ( | |||
"strings" | |||
"time" | |||
|
|||
"k8s.io/kubernetes/openshift-kube-apiserver/configdefault" | |||
"k8s.io/kubernetes/openshift-kube-apiserver/admission/admissionenablement" | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no empty line
3d45015
to
cbc317a
Compare
/retest |
3539297
to
51fc2c7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bunch of nits, othwerwise looks good to me
|
||
import ( | ||
"time" | ||
|
||
"github.com/openshift/library-go/pkg/apiserver/admission/admissiontimeout" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: this should have stayed separate
oauthclient "github.com/openshift/client-go/oauth/clientset/versioned" | ||
oauthinformer "github.com/openshift/client-go/oauth/informers/externalversions" | ||
userclient "github.com/openshift/client-go/user/clientset/versioned" | ||
userinformer "github.com/openshift/client-go/user/informers/externalversions" | ||
bootstrap "github.com/openshift/library-go/pkg/authentication/bootstrapauthenticator" | ||
"k8s.io/apiserver/pkg/authentication/authenticator" | ||
"k8s.io/apiserver/pkg/authentication/group" | ||
genericapiserver "k8s.io/apiserver/pkg/server" | ||
"k8s.io/client-go/kubernetes" | ||
"k8s.io/client-go/tools/cache" | ||
"k8s.io/client-go/util/keyutil" | ||
"k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/usercache" | ||
oauthvalidation "k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/oauth" | ||
"k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth" | ||
"k8s.io/kubernetes/openshift-kube-apiserver/enablement" | ||
"k8s.io/kubernetes/pkg/serviceaccount" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: split imports into openshift/kube groups
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: split imports into openshift/kube groups
this is our file. I really see no benefit to keeping them separate now that we have auto-importing capability (didn't exist 5 years ago)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO it's a good habit to keep separate import contexts visibly separate, like syslibs/imports from elsewhere/imports from us
panic(err) | ||
} | ||
|
||
if enablement.IsOpenShift() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to do any of the above if this is false, do we?
51fc2c7
to
4caf46b
Compare
/lgtm |
/retest Please review the full test history for this PR and help us cut down flakes. |
8 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/hold Kube request header auth was put higher in the eval stack than the token auth, which causes the We probably still want our token auth to precede kube req headers? |
30ce0c8
to
806673e
Compare
/retest |
806673e
to
ed87910
Compare
/hold We have a fun pickle regarding |
ed87910
to
ed49238
Compare
ed49238
to
98f3e5a
Compare
added release note openshift/openshift-docs#18426 after clearing it with Clayton. /hold cancel |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, stlaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
use the config poststarthooks to further simplify the kube-apiserver patches.
/assign @p0lyn0mial