Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

switch kube subnet manager to PATCH #681

Merged
merged 3 commits into from
Apr 18, 2017
Merged

switch kube subnet manager to PATCH #681

merged 3 commits into from
Apr 18, 2017

Conversation

mikedanese
Copy link
Contributor

@mikedanese mikedanese commented Apr 14, 2017
edited
Loading

This works too.

@aaronlevy

salamaniibm and others added 2 commits April 13, 2017 16:25
@salamaniibm @tomdee
Adding s390x support for flannel
456d4f5
@tomdee
Makefile: Switch to a new version of kube-cross
444ef90 
This means we're now using a newer version of go and
arm-linux-gnueabihf-gcc instead of arm-linux-gnueabi-gcc

Also, switch to an alpine base image for amd64
@mikedanese mikedanese force-pushed the patch branch 4 times, most recently from 61ed91c to 0ef5b19 Compare April 14, 2017 21:05
@aaronlevy
Copy link
Contributor

/cc @diegs

@philips
Copy link
Contributor

philips commented Apr 17, 2017

This LGTM but I haven't tested it.

aaronlevy
aaronlevy reviewed Apr 17, 2017
View reviewed changes
subnet/kube/kube.go
return nil, fmt.Errorf("failed to create patch for node %q: %v", ksm.nodeName, err)
}

_, err = ksm.client.Core().Nodes().Patch(ksm.nodeName, api.StrategicMergePatchType, patchBytes, "status")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does providing the "status" subresource do/mean?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aaronlevy it's a subresource under node that only allows updates to .status fields and annotations. It's less privileged then the node resource and can be acl'd seperately. This code was written pre-rbac and I'm trying to reduce the privilege required by kube-flannel.

https://github.com/kubernetes/kubernetes/blob/master/pkg/registry/core/node/strategy.go#L122 status strategy zeros out changes to spec.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also see changes to rbac file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah k. sgtm

@aaronlevy
Copy link
Contributor

@diegs and/or I will try and start testing this and #677 today.

@mikedanese
Copy link
Contributor Author

I tested this by hand on friday. We should probably merge this, cut a release then consider merging #677.

@aaronlevy
Copy link
Contributor

The changes themselves LGTM to me then.

@mikedanese
Copy link
Contributor Author

(more hand testing is always appreciated)

@diegs
Copy link

diegs commented Apr 18, 2017

Also hand-tested this one: launched a node using --register-with-taints=key=value:PreferNoSchedule. Verified that after flannel configured the node the taint was still present. Did a bunch of host-pod and pod-pod network checks and all looked good.

@tomdee tomdee merged commit 01fb325 into flannel-io:master Apr 18, 2017
@mikedanese mikedanese deleted the patch branch April 18, 2017 17:55
@Quentin-M Quentin-M mentioned this pull request Apr 18, 2017
Merged
@diegs diegs mentioned this pull request Apr 18, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronlevy aaronlevy aaronlevy left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@mikedanese @aaronlevy @philips @diegs @tomdee @salamaniibm