render: add --cloud-provider #105
Conversation
|
@aaronlevy I like the idea of #106 I'll think more about it and give my feedback there. |
kalbasit
force-pushed
the
allow-cloud-provider
branch
from
47b8c96 to
b0d8215
Compare
| @@ -41,6 +41,9 @@ spec: | |||
| - --tls-private-key-file=/etc/kubernetes/secrets/apiserver.key | |||
| - --service-account-key-file=/etc/kubernetes/secrets/service-account.pub | |||
| - --client-ca-file=/etc/kubernetes/secrets/ca.crt | |||
| {{ with .CloudProvider -}} | |||
There was a problem hiding this comment.
@aaronlevy the -}} is a Go 1.6+ feature, see golang/go#9969. Is that OK?
kalbasit
force-pushed
the
allow-cloud-provider
branch
2 times, most recently
from
64056fc to
692c119
Compare
kalbasit
force-pushed
the
allow-cloud-provider
branch
2 times, most recently
from
b7f16ee to
1709a6f
Compare
|
@aaronlevy bumping this to see if we can get it merged while waiting for a better solution than having to create a fork. |
|
Hi @kalbasit This is being partially implemented in: #186 -- but not yet exposed as a cli flag - as we might still need a bit more work for this to be plumbed through as a cli option. See my comments here: #186 (comment) |
|
@aaronlevy why re-implement the same thing in another PR? |
|
If you want to make the changes here, happy to merge this PR (yours was first). I'll make inline comments for changes that would be needed. Then as far as exposing the flag -- we can move forward with it, but I do have a concern that the temporary control plane will not reflect the same options (and I'm unsure if this is a safe assumption at this time). I also don't think adding another flag to |
|
@aaronlevy I've been running a production cluster with this on since August and I had no problems so far. I was thinking the other day about the flag and about #106, what if instead of exposing |
| @@ -51,6 +51,9 @@ spec: | |||
| - --kubeconfig=/etc/kubernetes/kubeconfig | |||
| - --require-kubeconfig | |||
| - --lock-file=/var/run/lock/kubelet.lock | |||
| {{ with .CloudProvider -}} | |||
| - --cloud-provider={{ . }} | |||
| {{ end -}} | |||
There was a problem hiding this comment.
We should drop these changes from the self-hosted kubelet manifest. Otherwise the self-hosted kubelet could behave differently than the on-host kubelet (as documented). The kubelet should use "auto-detect" for both -- so no change should be necessary.
| @@ -194,20 +200,29 @@ spec: | |||
| - --root-ca-file=/etc/kubernetes/secrets/ca.crt | |||
| - --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key | |||
| - --leader-elect=true | |||
| {{ with .CloudProvider -}} | |||
| - --cloud-provider={{ . }} | |||
| {{ end -}} | |||
There was a problem hiding this comment.
nit: Drop the with/end blocks.
The default cloud-provider is an empty string anyway. --cloud-provider={{ .CloudProvider }}
| @@ -194,20 +200,29 @@ spec: | |||
| - --root-ca-file=/etc/kubernetes/secrets/ca.crt | |||
| - --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key | |||
| - --leader-elect=true | |||
| {{ with .CloudProvider -}} | |||
| - --cloud-provider={{ . }} | |||
| {{ end -}} | |||
There was a problem hiding this comment.
Should also add - --configure-cloud-routes=false which is safe to always be set (we assume flannel will handle managing routes).
| volumeMounts: | ||
| - name: secrets | ||
| mountPath: /etc/kubernetes/secrets | ||
| readOnly: true | ||
| - name: ssl-host | ||
| mountPath: /etc/ssl/certs | ||
| readOnly: true | ||
| - name: resolv-conf | ||
| mountPath: /etc/resolv.conf | ||
| readOnly: true |
There was a problem hiding this comment.
Lets use dnsPolicy: Default instead of the explicit host mount.
| mustCreateAssetFromTemplate(AssetPathAPIServer, internal.APIServerTemplate, conf), | ||
| mustCreateAssetFromTemplate(AssetPathKubelet, internal.KubeletTemplate, conf), |
There was a problem hiding this comment.
kubelet shouldn't be templated if we're not going to pass in the cloud-provider flag to it.
kalbasit
force-pushed
the
allow-cloud-provider
branch
from
1709a6f to
9c815cc
Compare
|
@aaronlevy PTAL |
| @@ -38,6 +38,7 @@ func newStaticAssets(selfHostKubelet bool) Assets { | |||
|
|
|||
| func newDynamicAssets(conf Config) Assets { | |||
| return Assets{ | |||
| mustCreateAssetFromTemplate(AssetPathControllerManager, internal.ControllerManagerTemplate, conf), | |||
There was a problem hiding this comment.
The controller-manager entry should also be removed from newStaticAssets
There was a problem hiding this comment.
oops, must have bee a merge mistake at some point.
|
@aaronlevy PTAL |
|
lgtm. Thanks @kalbasit ! Can you squash your commits and I'll merge. |
kalbasit
force-pushed
the
allow-cloud-provider
branch
from
3ada290 to
4969f4b
Compare
|
@aaronlevy thanks for the quick review, very excited to have this merged (hard to maintain a fork :)). I squashed the commits. @aaronlevy when will this make be released? |
|
@kalbasit I'll try and get a new release out today. |
|
@aaronlevy thank you! |
|
@kalbasit sorry for the delay -- trying to work out some networking issues I'm seeing on vagrant/kube-proxy so want to fully understand issue before cutting a release |
|
@aaronlevy thank you for letting me know. I need the release at the beginning of December so please take your time and ping me once it has been released. |
No description provided.