GCE: install containerized mounter on COS #3482
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
@justinsb PR needs rebase |
k8s-github-robot
added
the
needs-rebase
justinsb
force-pushed
the
gce_containerized_mounter
branch
from
4341335 to
c84beba
Compare
k8s-github-robot
removed
the
needs-rebase
justinsb
force-pushed
the
gce_containerized_mounter
branch
from
c84beba to
e1e728c
Compare
|
@justinsb we need bazel files updated please :) |
| @@ -105,6 +105,10 @@ func (b *KubeletBuilder) Build(c *fi.ModelBuilderContext) error { | |||
| return err | |||
| } | |||
|
|
|||
| if err := b.addContainerizedMounter(c); err != nil { | |||
| return err | |||
There was a problem hiding this comment.
I'd say no: it's one of our functions, we have nothing to add really.
nodeup/pkg/model/kubelet.go
Outdated
| Options: []string{"ro"}, | ||
| }) | ||
|
|
||
| // cp "${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/gci-mounter" "${CONTAINERIZED_MOUNTER_HOME}/mounter" |
There was a problem hiding this comment.
remove comments or add to func docs?
upup/pkg/fi/cloudup/apply_cluster.go
Outdated
| // needsKubernetesManifests checks if we need kubernetes manifests | ||
| // This is only needed currently on ContainerOS i.e. GCE, but we don't have a nice way to detect it yet | ||
| func needsKubernetesManifests(c *kops.Cluster, instanceGroups []*kops.InstanceGroup) bool { | ||
| // TODO: Do real detection of ContainerOS (but this has to work with AMI names, and maybe even forked AMIs) |
There was a problem hiding this comment.
AMI? Don't think gce has AMIs :)
| ) | ||
|
|
||
| // Archive task downloads and extracts a tar file | ||
| type Archive struct { |
There was a problem hiding this comment.
we going to use this for the CNI tarball now?
There was a problem hiding this comment.
We use assets today. Assets let us pluck individual files out of a tarball. mounter.tar is a big tar file that is expanded in its entirety into a directory, which is a little different - we would have to list every file in the tar.
I think we want to keep the fine-grained control over CNI. This tar is really a container image, and we just want to expand whatever is in there.
I would like to tie this into Assets though, but this is an odd one - it's really more similar to other system docker images, like kube-apiserver, than it is to CNI.
| } | ||
|
|
||
| if stateBytes == nil { | ||
| return nil, nil |
There was a problem hiding this comment.
nil, nil? What is going on here? Logging? err?
There was a problem hiding this comment.
Please at least make a code comment it is not obvious to me why we are not returning err.
There was a problem hiding this comment.
If Find function on a Task doesn't find an existing item, it returns nil, nil.
| return fmt.Errorf("error creating directories %q: %v", targetDir, err) | ||
| } | ||
|
|
||
| args := []string{"tar", "xf", localFile, "-C", targetDir} |
There was a problem hiding this comment.
Does RHEL support not using the tick with tar now? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html they are still using - with there args. But I would need to login to a client system and check for certain.
There was a problem hiding this comment.
Yeah, I think RHEL tar is standard GNU tar. Let's fix if we find it isn't. Hopefully we can get kops under e2e on RHEL
| } | ||
|
|
||
| args := []string{"tar", "xf", localFile, "-C", targetDir} | ||
| glog.Infof("running command %s", args) |
There was a problem hiding this comment.
shoud we glog.V(3).Infof("running command %s", args)?
There was a problem hiding this comment.
It looks like in nodeup we glog.Infof when we're making changes and glog.V(2).Infof when we're just looking for stuff. So I think glog.Infof here
| package nodetasks | ||
|
|
||
| import ( | ||
| "fmt" |
There was a problem hiding this comment.
Should we start formatting our imports? We have such differences across the project :( I know nit pick :P
There was a problem hiding this comment.
My votes is for goimports style. Not sure what k/k uses.
There was a problem hiding this comment.
Will fix the new files in this PR, but let's discuss that in another PR (I think we have discussion of it already in another issue - the shortcoming is that goimports doesn't remove blocks that have been added, IIRC. If there's a better tool available that would be great...)
| } | ||
|
|
||
| // MockExecutor is a mock implementation of Executor | ||
| type MockExecutor struct { |
There was a problem hiding this comment.
we should start a mock under /pkg :) We should be using this in other places.
There was a problem hiding this comment.
RIght, I was going to move it when the second use arose :-)
| return fmt.Sprintf("MountDisk: %s %s->%s", s.Name, s.Device, s.Mountpoint) | ||
| } | ||
|
|
||
| var _ CreatesDir = &MountDiskTask{} |
There was a problem hiding this comment.
We are doing this in protokube as well. Should we file an issue to refactor this into pkg and have both protokube and nodeup use this code?
There was a problem hiding this comment.
It's a nice idea - we could start to use tasks in protokube. But send a PR instead of opening an issue :-)
The containerized mounter is a little tricky to install, with lots of bind mounts. This code path is only hit on GCE though.
justinsb
force-pushed
the
gce_containerized_mounter
branch
from
e1e728c to
af6a7ef
Compare
|
Rebased, regenerated bazel and made the requested fixes. PTAL @chrislovecnm |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrislovecnm The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue. |
The containerized mounter is a little tricky to install, with lots of
bind mounts. This code path is only hit on GCE though.