Bug 1930791: [wmco] Stop adding pub-key-hash label to all nodes #323
Conversation
sebsoto
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
the
approved
|
/approve cancel |
openshift-ci-robot
removed
the
approved
sebsoto
changed the title
openshift-ci-robot
added
bugzilla/severity-high
|
@sebsoto: This pull request references Bugzilla bug 1930791, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
bugzilla/valid-bug
sebsoto
changed the title
|
@sebsoto: This pull request references Bugzilla bug 1934281, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
sebsoto
changed the title
|
@sebsoto: This pull request references Bugzilla bug 1930791, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| @@ -180,7 +184,13 @@ func (r *ReconcileSecret) Reconcile(request reconcile.Request) (reconcile.Result | |||
| return reconcile.Result{}, errors.Wrap(err, "error creating signer from private key") | |||
| } | |||
| nodes := &core.NodeList{} | |||
| err = r.client.List(context.TODO(), nodes, client.HasLabels{nodeconfig.WindowsOSLabel}) | |||
There was a problem hiding this comment.
Can't you do the equivalent of tc.client.K8s.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{LabelSelector: nodeconfig.WindowsOSLabel}) that we have in our e2e tests? i.e use the label selector.
There was a problem hiding this comment.
I ended up taking @VaishnaviHire suggestion and using the core.LabelOSStable label which makes this simpler
There was a problem hiding this comment.
While I am fine with the change, it has again been made silently. Please call this out in the commit message. Also add a follow up story to replace nodeconfig.WindowsOSLabel with core.LabelOSStable
| @@ -213,6 +223,28 @@ func (r *ReconcileSecret) Reconcile(request reconcile.Request) (reconcile.Result | |||
| } | |||
| } | |||
|
|
|||
| // removeDepreciatedAnnotations corrects annotations applied by previous versions of WMCO. | |||
There was a problem hiding this comment.
I suggest renaming this to removeInvalidAnnotationsFromLinuxNodes or something to that effect. Please mention the annotation that you are deleting. I don't see any reason to future proof given this is just a helper.
| // removeDepreciatedAnnotations corrects annotations applied by previous versions of WMCO. | ||
| func (r *ReconcileSecret) removeDepreciatedAnnotations() error { | ||
| nodes := &core.NodeList{} | ||
| err := r.client.List(context.TODO(), nodes) |
There was a problem hiding this comment.
Shouldn't you just list Linux nodes?
| if _, present := node.Annotations[nodeconfig.PubKeyHashAnnotation]; present == true && | ||
| node.Labels[core.LabelOSStable] != "windows" { |
There was a problem hiding this comment.
If you only list Linux nodes using the label selector you won't have to do this check.
There was a problem hiding this comment.
@sebsoto Thanks for the fix. PTAL at my comments:
Commit message needs to be updated to annotation was being added to all nodes,
| err = r.client.List(context.TODO(), nodes, client.HasLabels{nodeconfig.WindowsOSLabel}) | ||
| // The controller-runtime client requires a map for label matching, so the Windows identifying label var needs | ||
| // to be split into a key/value pair. | ||
| windowsLabelKeyValuePair := strings.SplitN(nodeconfig.WindowsOSLabel, "=", 2) |
There was a problem hiding this comment.
Should we use core.LabelOSStable as we are doing in windows_machine controller ?
There was a problem hiding this comment.
I was considering making this change but was on the fence about it. Since we are using it in the node mapper I'm happy to use it here.
sebsoto
force-pushed
the
labelBug
branch
3 times, most recently
from
7373048
to
b2ad5da
Compare
|
/lgtm |
| @@ -180,7 +184,13 @@ func (r *ReconcileSecret) Reconcile(request reconcile.Request) (reconcile.Result | |||
| return reconcile.Result{}, errors.Wrap(err, "error creating signer from private key") | |||
| } | |||
| nodes := &core.NodeList{} | |||
| err = r.client.List(context.TODO(), nodes, client.HasLabels{nodeconfig.WindowsOSLabel}) | |||
There was a problem hiding this comment.
While I am fine with the change, it has again been made silently. Please call this out in the commit message. Also add a follow up story to replace nodeconfig.WindowsOSLabel with core.LabelOSStable
| @@ -59,6 +59,10 @@ func newReconciler(mgr manager.Manager) (reconcile.Reconciler, error) { | |||
| } | |||
|
|
|||
| reconciler := &ReconcileSecret{client: client, scheme: mgr.GetScheme()} | |||
| if err = reconciler.removeInvalidAnnotationsFromLinuxNodes(); err != nil { | |||
| log.Error(err, "unable to clean up annotations from previous WMCO versions") | |||
There was a problem hiding this comment.
...annotations on Linux nodes...
|
/hold |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aravindhp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
approved
This commit fixes an issue where the public key hash annotation was being added to not all nodes, not just Windows nodes. This commit also adds logic to remove the annotation from Linux nodes when the operator is installed. As part of this fix, Windows node selection in the secret controller now uses the label "kubernetes.io/os=windows". There is a mix of this label and "node.openshift.io/os_id=Windows" in the node selection logic throughout WMCO, and we should move towards just using one. Future work should be done to only use the "kubernetes.io/os" label for node selection throughout WMCO.
|
@sebsoto: This pull request references Bugzilla bug 1930791, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/lgtm |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@sebsoto: All pull requests linked via external trackers have merged: Bugzilla bug 1930791 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick release-4.7 |
|
@sebsoto: new pull request created: #370 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick community-4.7 |
|
@sebsoto: new pull request created: #371 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Run hybrid-overlay as a Windows service in e2e tests
This commit fixes an issue where the public key hash annotation was being
added to not all nodes, not just Windows nodes. This commit also adds
logic to remove the annotation from Linux nodes when the operator is
installed.
As part of this fix, Windows node selection in the secret controller
now uses the label "kubernetes.io/os=windows". There is a mix of this
label and "node.openshift.io/os_id=Windows" in the node selection logic
throughout WMCO, and we should move towards just using one. Future work
should be done to only use the "kubernetes.io/os" label for node
selection throughout WMCO.