Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node mode controllers #5867

Merged
merged 2 commits into from
Oct 3, 2018
Merged

Node mode controllers #5867

merged 2 commits into from
Oct 3, 2018

Conversation

gambol99
Copy link
Contributor

@gambol99 gambol99 commented Oct 3, 2018

  • Changing the controllers flag to a []string, not the last PR wouldn't have worked as the flagbuilder does not handle pointers to a string slice.
  • Defaulting to adding the tokencleaner if the bootstrap tokens are enabled

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 3, 2018
KashifSaadat
KashifSaadat reviewed Oct 3, 2018
View reviewed changes
pkg/model/components/kubecontrollermanager.go
// @check if the node authorization is enabled and if so enable the tokencleaner controller (disabled by default)
// This is responsible for cleaning up bootstrap tokens which have expired
if b.Context.IsKubernetesGTE("1.10") {
if fi.BoolValue(clusterSpec.KubeAPIServer.EnableBootstrapAuthToken) && len(kcm.Controllers) <= 0 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a user has enabled bootstrap tokens for their cluster and provides a list of KCM controllers (excluding the tokencleaner), should we still append to the list here, or just take their literal set of controllers to apply?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

A list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller named 'foo', '-foo' disables the controller named 'foo'.
All controllers: attachdetach, bootstrapsigner, clusterrole-aggregation, cronjob, csrapproving, csrcleaner, csrsigning, daemonset, deployment, disruption, endpoint, garbagecollector, horizontalpodautoscaling, job, namespace, nodeipam, nodelifecycle, persistentvolume-binder, persistentvolume-expander, podgc, pv-protection, pvc-protection, replicaset, replicationcontroller, resourcequota, route, service, serviceaccount, serviceaccount-token, statefulset, tokencleaner, ttl, ttl-after-finished
Disabled-by-default controllers: bootstrapsigner, tokencleaner

So only two controllers are actually disabled by default .. I'm going on the basis that if they are setting the controllers flag they know what they are doing, or at the very least taking responsibility for it ..

Copy link
Contributor

@chrisz100 chrisz100 Oct 3, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we do that: documentation should be very clear on what and how this is going to affect the results. Also: needs to be backwards compatible to not break things as “know what you are doing” is good, but so many people implement it in pipelines and scripts - especially if they get this deep into the parameters.

@KashifSaadat
Copy link
Contributor

Ah sorry I missed this in the last PR! Looks good, just one minor comment and will wait for tests to finish. :)

@KashifSaadat
Copy link
Contributor

Once the NodeAuthorizer / Bootstrap tokens work is moved to a more stable release within kops, will need to make sure enabling the KCM tokencleaner controller is highlighted in the docs.

@KashifSaadat
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 3, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gambol99, KashifSaadat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [KashifSaadat,gambol99]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 9c851dd into kubernetes:master Oct 3, 2018
@gambol99 gambol99 deleted the node_mode_controllers branch October 3, 2018 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KashifSaadat KashifSaadat KashifSaadat left review comments

@chrisz100 chrisz100 Awaiting requested review from chrisz100

@rdrgmnzs rdrgmnzs Awaiting requested review from rdrgmnzs

Assignees

@KashifSaadat KashifSaadat

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gambol99 @KashifSaadat @k8s-ci-robot @chrisz100