New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1930791: [wmco] Stop adding pub-key-hash label to all nodes #323
Conversation
/approve cancel |
@sebsoto: This pull request references Bugzilla bug 1930791, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@sebsoto: This pull request references Bugzilla bug 1934281, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@sebsoto: This pull request references Bugzilla bug 1930791, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working on this, @sebsoto. Please address my comments.
@@ -180,7 +184,13 @@ func (r *ReconcileSecret) Reconcile(request reconcile.Request) (reconcile.Result | |||
return reconcile.Result{}, errors.Wrap(err, "error creating signer from private key") | |||
} | |||
nodes := &core.NodeList{} | |||
err = r.client.List(context.TODO(), nodes, client.HasLabels{nodeconfig.WindowsOSLabel}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't you do the equivalent of tc.client.K8s.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{LabelSelector: nodeconfig.WindowsOSLabel})
that we have in our e2e tests? i.e use the label selector.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ended up taking @VaishnaviHire suggestion and using the core.LabelOSStable label which makes this simpler
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I am fine with the change, it has again been made silently. Please call this out in the commit message. Also add a follow up story to replace nodeconfig.WindowsOSLabel
with core.LabelOSStable
@@ -213,6 +223,28 @@ func (r *ReconcileSecret) Reconcile(request reconcile.Request) (reconcile.Result | |||
} | |||
} | |||
|
|||
// removeDepreciatedAnnotations corrects annotations applied by previous versions of WMCO. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest renaming this to removeInvalidAnnotationsFromLinuxNodes
or something to that effect. Please mention the annotation that you are deleting. I don't see any reason to future proof given this is just a helper.
// removeDepreciatedAnnotations corrects annotations applied by previous versions of WMCO. | ||
func (r *ReconcileSecret) removeDepreciatedAnnotations() error { | ||
nodes := &core.NodeList{} | ||
err := r.client.List(context.TODO(), nodes) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't you just list Linux nodes?
if _, present := node.Annotations[nodeconfig.PubKeyHashAnnotation]; present == true && | ||
node.Labels[core.LabelOSStable] != "windows" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you only list Linux nodes using the label selector you won't have to do this check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sebsoto Thanks for the fix. PTAL at my comments:
Commit message needs to be updated to annotation was being added to all nodes,
err = r.client.List(context.TODO(), nodes, client.HasLabels{nodeconfig.WindowsOSLabel}) | ||
// The controller-runtime client requires a map for label matching, so the Windows identifying label var needs | ||
// to be split into a key/value pair. | ||
windowsLabelKeyValuePair := strings.SplitN(nodeconfig.WindowsOSLabel, "=", 2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use core.LabelOSStable
as we are doing in windows_machine controller ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was considering making this change but was on the fence about it. Since we are using it in the node mapper I'm happy to use it here.
7373048
to
b2ad5da
Compare
/lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
with the caveat that you address the minor comments.
@@ -180,7 +184,13 @@ func (r *ReconcileSecret) Reconcile(request reconcile.Request) (reconcile.Result | |||
return reconcile.Result{}, errors.Wrap(err, "error creating signer from private key") | |||
} | |||
nodes := &core.NodeList{} | |||
err = r.client.List(context.TODO(), nodes, client.HasLabels{nodeconfig.WindowsOSLabel}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I am fine with the change, it has again been made silently. Please call this out in the commit message. Also add a follow up story to replace nodeconfig.WindowsOSLabel
with core.LabelOSStable
@@ -59,6 +59,10 @@ func newReconciler(mgr manager.Manager) (reconcile.Reconciler, error) { | |||
} | |||
|
|||
reconciler := &ReconcileSecret{client: client, scheme: mgr.GetScheme()} | |||
if err = reconciler.removeInvalidAnnotationsFromLinuxNodes(); err != nil { | |||
log.Error(err, "unable to clean up annotations from previous WMCO versions") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...annotations on Linux nodes...
/hold |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aravindhp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This commit fixes an issue where the public key hash annotation was being added to not all nodes, not just Windows nodes. This commit also adds logic to remove the annotation from Linux nodes when the operator is installed. As part of this fix, Windows node selection in the secret controller now uses the label "kubernetes.io/os=windows". There is a mix of this label and "node.openshift.io/os_id=Windows" in the node selection logic throughout WMCO, and we should move towards just using one. Future work should be done to only use the "kubernetes.io/os" label for node selection throughout WMCO.
@sebsoto: This pull request references Bugzilla bug 1930791, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
/hold cancel |
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest Please review the full test history for this PR and help us cut down flakes. |
@sebsoto: All pull requests linked via external trackers have merged: Bugzilla bug 1930791 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.7 |
@sebsoto: new pull request created: #370 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick community-4.7 |
@sebsoto: new pull request created: #371 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Run hybrid-overlay as a Windows service in e2e tests
This commit fixes an issue where the public key hash annotation was being
added to not all nodes, not just Windows nodes. This commit also adds
logic to remove the annotation from Linux nodes when the operator is
installed.
As part of this fix, Windows node selection in the secret controller
now uses the label "kubernetes.io/os=windows". There is a mix of this
label and "node.openshift.io/os_id=Windows" in the node selection logic
throughout WMCO, and we should move towards just using one. Future work
should be done to only use the "kubernetes.io/os" label for node
selection throughout WMCO.