New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WINC-740: Configure kube-proxy with WICD #1160
Conversation
sebsoto
commented
Aug 5, 2022
•
edited
edited
- Adds functionality for WICD to run PowerShell scripts to resolve service variables
- Moves network configuration into a PowerShell script, a requirement for it to be done by WICD
- Moves kube-proxy configuration into WICD
ad7ddc9
to
5895c78
Compare
/approve cancel |
dc342d0
to
bcc37ca
Compare
/retest |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly, LGTM. Just minor comments.
Great work @sebsoto
pkg/nodeconfig/payload/payload.go
Outdated
@@ -82,3 +84,39 @@ func NewFileInfo(path string) (*FileInfo, error) { | |||
SHA256: fmt.Sprintf("%x", sha256.Sum256(contents)), | |||
}, nil | |||
} | |||
|
|||
// Validate ensures all required payload files exist | |||
func Validate() error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you anticipate more validations to be included here? Otherwise, I don't feel the Validate()
function is needed just to hold the collection of files. You can call directly checkIfFilesExist
.
cmd/operator/main_test.go
Outdated
@@ -1,25 +1 @@ | |||
package main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to keep the empty file?
f28a609
to
a130a45
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM aside from the network-config script testing. I am fine with the CNI configuration and kube-proxy starting being separated at a later time.
|
||
// Cannot use a cached client as no manager will be started to populate cache | ||
directClient, err := controller.NewDirectClient(cfg) | ||
sc, err := controller.NewServiceController(context.TODO(), "", controller.Options{Config: cfg}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
out of scope of this PR: we should not have to create a service controller object to run bootstrap
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@saifshaikh48 I'm not sure what you mean. I'm not introducing that behavior here. Bootstrap
is a method of the service controller struct.
see code in current master:
if err := sc.Bootstrap(desiredVersion); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I wasn't clear. My comment is a general comment -- ideally we shouldn't have Bootstrap
be a method on a controller object. Just something to keep in mind as future work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we create a tech debt story around this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
7249208
to
3389087
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just one comment, LGTM otherwise
// CNIConfigTemplatePath is the path for CNI config template | ||
CNIConfigTemplatePath = payloadDirectory + cniDirectory + "cni-conf-template.json" | ||
// NetworkConfigurationScript is the path for generated Network configuration Script | ||
NetworkConfigurationScript = payloadDirectory + "/generated/network-conf.ps1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add this to the dockerfile payload diagram?
#├── generated
#│ └── network-conf.ps1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the generated directory, as the diagram is describing how the dockerfile is building the payload, not WMCO
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good so far. Just curious, why isn’t WICD able to run PS commands like WMCO does? Also, how are you testing?
This commit introduces the Options struct for the controller package. This is a pattern that is seen throughout various kubernetes libraries. All parameters for NewServiceController() that can be made to have a reasonable default value have been moved into this struct which will be passed into the function instead. The purpose of doing this is to provide a cleaner interface for users calling NewServiceController, by reducing the amount of parameters that may not be necessary for the caller, and thus reducing copy pasted repeat code.
Resolves PowerShell variables present in the Windows service configmap when starting Windows services.
cf47841
to
86ee678
Compare
WICD is designed to enact policy as described by WMCO. Any scripting required to configure a service must be done through the windows-services configmap, as that is what defines what WICD must do to sucessfully configure a node.
The powershell functionality is being tested through the added WICD unit tests. The kube-proxy changes are being tested through the existing e2e test suite. |
LGTM |
1 similar comment
LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work, @sebsoto
|
||
// Cannot use a cached client as no manager will be started to populate cache | ||
directClient, err := controller.NewDirectClient(cfg) | ||
sc, err := controller.NewServiceController(context.TODO(), "", controller.Options{Config: cfg}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we create a tech debt story around this?
pkg/windows/windows.go
Outdated
@@ -547,18 +535,18 @@ func (vm *windows) ConfigureAzureCloudNodeManager(nodeName string) error { | |||
} | |||
|
|||
func (vm *windows) ConfigureKubeProxy(nodeName, hostSubnet string) error { | |||
endpointIP, err := vm.createHNSEndpoint() | |||
endpointIP, err := vm.Run(NetworkConfScriptPath, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you create a follow up story to separate this out i.e. introduce allowing WICD to run PowerShell scripts.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aravindhp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This commit moves the CNI configuration and HNS network setup into a new Powershell script network-conf.ps1. This is required in order to enable the transition of responsibilities from WMCO to WICD. WICD cannot run arbitrary Powershell commands in the same way WMCO does. Instead any required commands must be made part of a script which is ran before starting a specific service. The script `network-conf.ps1` is being generated at runtime. This enables the use of variable replacement for values that will not change while WMCO is running.
This commit moves the responsibility of configuring kube-proxy out of WMCO, and into WICD. WMCO still needs to wait for kube-proxy to be running, as it is currently responsible for uncordoning the node, and applying the version annotation on it, indicating the node has been sucessfully configured.
86ee678
to
95a2c52
Compare
/lgtm |
/retest |
/test vsphere-e2e-operator |
/test gcp-e2e-operator |
/retest-required |
@sebsoto: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |