Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding missed lifecycles in elb code #4154

Merged
merged 2 commits into from
Jan 5, 2018
Merged

adding missed lifecycles in elb code #4154

merged 2 commits into from
Jan 5, 2018

Conversation

chrislovecnm
Copy link
Contributor

@chrislovecnm chrislovecnm commented Dec 27, 2017
edited
Loading

Fixing missed lifecycles in two different places

  1. additional sec groups on the ELB
  2. additional sec groups on an ASG

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Dec 27, 2017
@chrislovecnm
Copy link
Contributor Author

/assign @robinpercy

@chrislovecnm
Copy link
Contributor Author

@almariah we missed adding lifecycle to the ELB, and now I am getting odd errors with the unit test. Any ideas?

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 28, 2017
@almariah
Copy link
Contributor

almariah commented Dec 28, 2017
edited
Loading

@chrislovecnm - The error is

--- FAIL: TestComplex (0.11s)
	integration_test.go:212: error running update cluster "complex.example.com": error building tasks: cannot add different task with same key "SecurityGroup/sg-exampleid3"

The integration test contains a nice specific case:
https://github.com/kubernetes/kops/blob/master/tests/integration/update_cluster/complex/in-v1alpha2.yaml#L11-L12
https://github.com/kubernetes/kops/blob/master/tests/integration/update_cluster/complex/in-v1alpha2.yaml#L63-L64

where you have additional and similar security groups for API ELB and instance group, which cause tasks with same name. If you noticed:
https://github.com/kubernetes/kops/blob/master/pkg/model/awsmodel/api_loadbalancer.go#L191
https://github.com/kubernetes/kops/blob/master/pkg/model/awsmodel/autoscalinggroup.go#L99

they have the same task name. I suggest changing the task name. For api_loadbalancer.go:

t := &awstasks.SecurityGroup{
				Name:      s("api-elb-" + id),
				ID:        fi.String(id),
				Shared:    fi.Bool(true),
				Lifecycle: b.SecurityLifecycle,
			}

and for autoscalinggroup.go

sgTask := &awstasks.SecurityGroup{
					Name:      s("ig-" + ig.ObjectMeta.Name + id),
					ID:        fi.String(id),
					Shared:    fi.Bool(true),
				}

Also AdditionalSecurityGroups in autoscalinggroup.go does not have Lifecycle: b.SecurityLifecycle

@chrislovecnm
Copy link
Contributor Author

they have the same task name. I suggest changing the task name. For api_loadbalancer.go:

That is going to cause problems. I will make the autoscaling task an ensure task.

Thanks for the catch on the missing lifecycle. Will add that.

@chrislovecnm
Copy link
Contributor Author

@almariah thanks for the assist btw!!

@almariah
Copy link
Contributor

@chrislovecnm For both autoscaling group and ELB the additional security groups are ensure tasks. The problem happened because of same security group ID for ELB and ASG which cause the same task name (task name is the configured to be same as ID). But for either ELB or ASG you are not allowed to have multiple security group with the same ID and consequently no repeated task name for iteration over the list of security groups. This iteration happened twice because the test case was adding the same list for both ELB and ASG and that for example our case in our own deployment for the cluster.

@almariah
Copy link
Contributor

almariah commented Dec 29, 2017
edited
Loading

@chrislovecnm I don't know why ensure task does not work in that case; may be because it uses reflect.DeepEqual and the objects are not deeply identical. In the PR you have modified one of them by adding the lifecycle for one of them and the other is left. That is why it was working before. So you can ensure that both are identical by adding the missing lifecycle and forget modifying the task name that I have mentioned.

@almariah
Copy link
Contributor

almariah commented Dec 29, 2017
edited
Loading

@chrislovecnm I have tested it by adding Lifecycle: b.SecurityLifecycle, to AdditionalSecurityGroups of ELB and AutoscalingGroup. It works. But be aware to add SecurityLifecycle *fi.Lifecycle to AutoscalingGroupModelBuilder. It is missing https://github.com/kubernetes/kops/blob/master/pkg/model/awsmodel/autoscalinggroup.go#L36-L42.

Also you should add SecurityLifecycle: &securityLifecycle, to apply_cluster.go
https://github.com/kubernetes/kops/blob/master/upup/pkg/fi/cloudup/apply_cluster.go#L651-L655. If it is missing it will cause the same error because the SecurityLifecycle will be nil where in APILoadBalancerBuilder will be &securityLifecycle and will cause the same security group task to be not deeply identical.

@chrislovecnm
Copy link
Contributor Author

Thanks, @almariah, exceptionally helpful! I am putting in the changes and testing.

@chrislovecnm
Copy link
Contributor Author

/hold cancel

@justinsb @geojaz @andrewsykim PTAL

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 30, 2017
@justinsb
Copy link
Member

justinsb commented Jan 5, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 5, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justinsb

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 5, 2018
@chrislovecnm
Copy link
Contributor Author

/test pull-kops-e2e-kubernetes-aws

@k8s-ci-robot k8s-ci-robot merged commit 2f3f054 into kubernetes:master Jan 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@justinsb justinsb

@robinpercy robinpercy

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@chrislovecnm @almariah @justinsb @k8s-ci-robot @robinpercy