Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

genericapiserver: more dependency cutoffs #40216

Merged
merged 8 commits into from
Jan 25, 2017

Conversation

sttts
Copy link
Contributor

@sttts sttts commented Jan 20, 2017

  • cut-off pkg/api.Resource and friends - lgtm
  • authn plugins -> k8s.io/apiserver -
  • webhook authz plugin -> k8s.io/apiserver - lgtm
  • pkg/cert -> k8s.io/apimachinery (will rebase on @deads2k's PR also moving it)
  • split pkg/config into kubelet config merger and flags - lgtm
  • split feature gate between generic apiserver and kube - lgtm
  • move pkg/util/flag into k8s.io/apiserver - lgtm

@sttts sttts added area/apiserver kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. labels Jan 20, 2017
@sttts sttts added this to the 1.6 milestone Jan 20, 2017
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 20, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@deads2k
Copy link
Contributor

deads2k commented Jan 20, 2017

genericapiserver: cut off pkg/api.Resource dependency lgtm

@@ -30,15 +30,15 @@ import (
"k8s.io/apiserver/pkg/authentication/request/x509"
"k8s.io/apiserver/pkg/authentication/token/tokenfile"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/plugin/pkg/authenticator/password/keystone"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't expecting all these to move. We have an apiserver dependency or is it just kubeapiserver?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

keystone is simple, no deps left

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

authorizers have more dependencies. Only moved webhook there.

_ "k8s.io/client-go/pkg/apis/authentication/install"
_ "k8s.io/kubernetes/pkg/apis/authentication/install"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good change

@deads2k
Copy link
Contributor

deads2k commented Jan 20, 2017

genericapiserver: move authn plugins into k8s.io/apiserver - did you move all the authentication plugins for completeness in case someone else wanted to use them? I could buy that, but we don't have direct dependency on them, right?

@sttts
Copy link
Contributor Author

sttts commented Jan 20, 2017

@deads2k yes, they are optional, but independent enough to not harm, if you really build your kube-independent apiserver.

@deads2k
Copy link
Contributor

deads2k commented Jan 20, 2017

General comment on the authentication packages. I think of plugins as optional and I don't think the webhook is optional and these are registering themselves for activation like normal plugins, so I'm not sure calling them plugins is appropriate. Certainly not blocking, but of note.

@sttts
Copy link
Contributor Author

sttts commented Jan 20, 2017

Right about "plugin". Didn't want to change that here. Maybe for a follow-up.

@k8s-github-robot k8s-github-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. release-note-label-needed labels Jan 20, 2017
@deads2k
Copy link
Contributor

deads2k commented Jan 20, 2017

pkg/util/cert: split and move generic code to k8s.io/apimachinery - Did this split client and server stuff? I don't think util/cert belongs in apimachinery. Its not a great fit for client-go either, but the client already has a lot of cruft. I'd like to try it in client-go first. A copy is even an option later if there's little overlap.

@deads2k
Copy link
Contributor

deads2k commented Jan 20, 2017

genericapiserver: move authz webhook plugins into k8s.io/apiserver lgtm

@deads2k
Copy link
Contributor

deads2k commented Jan 20, 2017

pkg/util: move flags from pkg/util/config to pkg/util/flags - fine

@@ -2034,7 +2035,7 @@ func ValidateAppArmorPodAnnotations(annotations map[string]string, spec *api.Pod
if !strings.HasPrefix(k, apparmor.ContainerAnnotationKeyPrefix) {
continue
}
if !utilflag.DefaultFeatureGate.AppArmor() {
if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really ugly and generally wrong. Not new in this pull but the link here should be snipped. This is an admission choice, not a general validation choice.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will add a TODO. Didn't look at the meaning of the gates.

@deads2k
Copy link
Contributor

deads2k commented Jan 20, 2017

pkg/flag: make feature gate extensible and split between generic and - lgtm. Probably want an issue for the bad validation.

@sttts sttts force-pushed the sttts-more-cutoffs branch 2 times, most recently from 949e31f to e588602 Compare January 23, 2017 09:03
@sttts sttts changed the title [WIP] genericapiserver: more dependency cutoffs genericapiserver: more dependency cutoffs Jan 23, 2017
@k8s-github-robot k8s-github-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jan 23, 2017
@sttts sttts force-pushed the sttts-more-cutoffs branch 2 times, most recently from 7cb44ae to 7095be0 Compare January 23, 2017 09:25
@sttts sttts force-pushed the sttts-more-cutoffs branch from 561f6bc to f540fbf Compare January 24, 2017 17:14
@sttts sttts added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Jan 24, 2017
@k8s-ci-robot
Copy link
Contributor

Jenkins Bazel Build failed for commit f540fbfd8420a2dc0607ae24465c48eea1af4c1b. Full PR test history.

cc @sttts, your PR dashboard

The magic incantation to run this job again is @k8s-bot bazel test this. Please help us cut down flakes by linking to an open flake issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@sttts
Copy link
Contributor Author

sttts commented Jan 24, 2017

@k8s-bot cri node e2e test this

@sttts
Copy link
Contributor Author

sttts commented Jan 24, 2017

@k8s-bot bazel test this

@k8s-ci-robot
Copy link
Contributor

Jenkins GCI GKE smoke e2e failed for commit f540fbfd8420a2dc0607ae24465c48eea1af4c1b. Full PR test history.

cc @sttts, your PR dashboard

The magic incantation to run this job again is @k8s-bot gci gke e2e test this. Please help us cut down flakes by linking to an open flake issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot
Copy link
Contributor

Jenkins verification failed for commit f540fbfd8420a2dc0607ae24465c48eea1af4c1b. Full PR test history.

cc @sttts, your PR dashboard

The magic incantation to run this job again is @k8s-bot verify test this. Please help us cut down flakes by linking to an open flake issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@deads2k
Copy link
Contributor

deads2k commented Jan 24, 2017

Jenkins verification failed for commit f540fbf. Full PR test history.

@sttts keep your pull away from mine, just in case it contagious! :)

@sttts
Copy link
Contributor Author

sttts commented Jan 24, 2017

Looking forward to yet another rebase tomorrow morning. Trying to understand the flake, maybe this:

hack/make-rules/../../hack/verify-godeps.sh: line 68: KEEP_TMP: unbound variable

@eparis ^^

@sttts sttts force-pushed the sttts-more-cutoffs branch from f540fbf to 2b8e938 Compare January 24, 2017 19:56
@sttts sttts added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Jan 24, 2017
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 39260, 40216, 40213, 40325, 40333)

@k8s-github-robot k8s-github-robot merged commit df42444 into kubernetes:master Jan 25, 2017
@calebamiles calebamiles modified the milestones: v1.6, 1.6 Feb 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants