-
Notifications
You must be signed in to change notification settings - Fork 39.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup #63696
gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup #63696
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
I've now signed the CNCF CLA. |
/ok-to-test |
/assign |
/assign @dnardo |
cluster/gce/gci/configure-helper.sh
Outdated
params+=" --advertise-address=${MASTER_ADVERTISE_ADDRESS}" | ||
elif [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then | ||
local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip") | ||
params+=" --advertise-address=${vm_external_ip}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like this was set only if PROXY_SSH_USER is set in the previous code. Was that wrong?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure. I looked at the git history but couldn't figure out why --advertise-address was only set if PROXY_SSH_USER was set. To be safe, I've updated the diff to leave that entire block as-is.
cluster/gce/gci/configure-helper.sh
Outdated
fi | ||
elif [ -n "${MASTER_ADVERTISE_ADDRESS:-}" ]; then | ||
params="${params} --advertise-address=${MASTER_ADVERTISE_ADDRESS}" | ||
if [ -n "${MASTER_ADVERTISE_ADDRESS:-}" ]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use the double bracket test to be consistent (e.g. "[[" and "]]")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
cluster/gce/gci/configure-helper.sh
Outdated
if [ -n "${MASTER_ADVERTISE_ADDRESS:-}" ]; then | ||
params+=" --advertise-address=${MASTER_ADVERTISE_ADDRESS}" | ||
elif [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then | ||
local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not use get-metadata-value
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoops. I initially developed this patch on an older branch that didn't have get-metadata-value
. Switched to use get-metadata-value
now.
/lgtm other than Bowei's comments. Was kubeclt logs/exec tested with this change (in all cases) ? |
56188ef
to
1433d72
Compare
/retest |
MASTER_ADVERTISE_ADDRESS is used to set the --advertise-address flag for the apiserver. It's useful for running the apiserver behind a load balancer. However, if PROJECT_ID, TOKEN_URL, TOKEN_BODY, and NODE_NETWORK are all set, the GCE VM's external IP address will be fetched and used instead and MASTER_ADVERTISE_ADDRESS will be ignored. Change this behavior so that MASTER_ADVERTISE_ADDRESS takes precedence because it's more specific. We still fall back to using the VM's external IP address if the other variables are set. Also: Pass --ssh-user and --ssh-keyfile flags if both PROXY_SSH_USER and MASTER_ADVERTISE_ADDRESS is set.
1433d72
to
3541a93
Compare
/test pull-kubernetes-integration |
/approve no-issue |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bowei, dnardo, grosskur The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
MASTER_ADVERTISE_ADDRESS is used to set the --advertise-address flag
for the apiserver. It's useful for running the apiserver behind a load
balancer.
However, if PROJECT_ID, TOKEN_URL, TOKEN_BODY, and NODE_NETWORK are
all set, the GCE VM's external IP address will be fetched and used
instead and MASTER_ADVERTISE_ADDRESS will be ignored.
Change this behavior so that MASTER_ADVERTISE_ADDRESS takes precedence
because it's more specific. We still fall back to using the VM's
external IP address if the other variables are set.
Also: Move the setting of --ssh-user and --ssh-keyfile based on
PROXY_SSH_USER) to a top-level block because this is common to all
codepaths.