Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/kubernetes: fix control-plane-online prestart dependency #60415

Merged
merged 1 commit into from Apr 30, 2019
Merged

nixos/kubernetes: fix control-plane-online prestart dependency #60415

merged 1 commit into from Apr 30, 2019

Conversation

johanot
Copy link
Contributor

@johanot johanot commented Apr 29, 2019

Motivation for this change

This fixes a startup problem in the kubernetes module caused by some changes to the kubectl behavior introduced in version >=1.13.5.

The kubeconfig provided to the kubernetes-control-plane-online.service is invalid.
However, the apiserver /healthz endpoint can be accessed without auth so it's simpler to just use curl for that.

Related discussion can be found in #56789.

cc @calbrecht @srhb

Tests run clean locally:

nix-build nixos/release.nix \
-A tests.kubernetes.dns.singlenode \
-A tests.kubernetes.dns.multinode \
-A tests.kubernetes.rbac.singlenode \
-A tests.kubernetes.rbac.multinode

/nix/store/5vjb7wyzhxls1nmm5vgj6bvbi4kbx5ls-vm-test-run-kubernetes-dns-singlenode
/nix/store/38yfrsmrahp83p7h5zg76qiphjjb51jz-vm-test-run-kubernetes-dns-multinode
/nix/store/jqa7yq08i4yxsqayix9dfdy1qjv0x2vm-vm-test-run-kubernetes-rbac-singlenode
/nix/store/mmxswlv5clz5ac0q2h5wssbnzlak4vbn-vm-test-run-kubernetes-rbac-multinode
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@johanot johanot requested a review from infinisil as a code owner April 29, 2019 11:24
@srhb
Copy link
Contributor

srhb commented Apr 29, 2019
edited

This fixes #60358, right?

The kubeconfig provided to the kubernetes-control-plane-online.service is invalid.

Um, is this okay though?

@srhb
Copy link
Contributor

srhb commented Apr 29, 2019

OK, discussed this out-of-band. My concern was that we left a defective kubeconfig in place, but that's not the case, since the defective one, generated just for this unit, no longer exists. I missed that line. Good!

Another thing we discussed, tangential to the issue at hand, is that both curl and kubectl of healthz is in fact insufficient to determine whether the control plane is up, since it's possible for several components to be missing. Should be fixed later.

nixos/kubernetes: fix control-plane-online prestart dependency
29bf511 
The kubeconfig provided to the kubernetes-control-plane-online.service
is invalid. However, the apiserver /healthz endpoint can be accessed without auth so it's
simpler to just use curl for that.
@johanot johanot force-pushed the kubernetes-fix-control-plane-online-unit branch from dcae257 to 29bf511 Compare April 29, 2019 15:42
@calbrecht
Copy link
Member

👍 @johanot thanks, this is simple and clear.

@srhb srhb merged commit 10c671f into NixOS:master Apr 30, 2019
@srhb srhb mentioned this pull request Apr 30, 2019
Closed
@azazel75
Copy link
Contributor

Sorry guys for being so dumb, but how can I discover if this will be backported to 19.03?

@johanot
Copy link
Contributor Author

johanot commented Apr 30, 2019

@azazel75 AFAIK there's no point in backporting this, since the kube-control-plane-online-unit is not part of the 19.03 kubernetes module?

@johanot johanot deleted the kubernetes-fix-control-plane-online-unit branch April 30, 2019 11:46
@azazel75 azazel75 mentioned this pull request May 1, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srhb srhb srhb approved these changes

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@johanot @srhb @calbrecht @azazel75