Allow MicroShift to join new worker nodes #471

oglok · 2021-11-25T12:22:19Z

Allow MicroShift to join new worker nodes, according to design here #498 (see individual commits for review),

4523987 Add flags to allow TLS bootstrapping of nodes
9d8e2ad Add bootstrap module and generate token file
26f04a3 Add ClusterRoleBinding for bootstrap process
1103d73 Generate bootstrap kubeconfig
1fd2a3c Allow MicroShift to start node role standalone
6c84f16 Apply CRB for bootstraping nodes
1366626 Use bootstrap kubeconfig for kube-proxy
c2eacfd Use netcgo insted of netgo
40bff39 Add vagrant env to test/devel/debug multi-worker

Related PRs: #499 , #500

oglok · 2021-11-25T16:23:23Z

For some reason, the cluster role bindings added using bindata strategy are not being applied. That causes kubelet to:

E1125 16:20:51.785446   27509 server.go:294] "Failed to run kubelet" err="failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User \
"kubelet-bootstrap\" cannot create resource \"certificatesigningrequests\" in API group \"certificates.k8s.io\" at the cluster scope"

oglok · 2021-11-29T15:13:37Z

Now the ClusterRoleBindings get properly applied.

oglok · 2021-11-29T17:13:03Z

https://asciinema.org/a/452317

pkg/node/kube-proxy.go

pkg/cmd/init.go

pkg/cmd/run.go

pkg/controllers/kube-apiserver.go

Makefile

oglok

Good job! Some minor comments. Once the klog patch is out of the PR, we can remove the WIP so it can be reviewed.

pkg/config/config.go

pkg/util/cert.go

openshift-ci · 2021-12-10T14:13:56Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from mangelajo after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

fzdarsky · 2021-12-10T15:19:10Z

@oglok @mangelajo this is a pretty big PR and conflates many changes (introducing debug flags, formatting changes, config param changes, mDNS, multi-node, etc.) into one, which makes it hard to review. Can we split this into independent PRs?

fzdarsky · 2021-12-10T15:27:54Z

Also, as this impacts the MicroShift architecture and UX, we'll need an RFE doc in /docs/design that describes the design trade-offs and proposed solution before that solution can be implemented.

oglok · 2021-12-10T16:31:14Z

/retest

mangelajo · 2021-12-10T18:50:52Z

@fzdarsky its broken into logical commits, we expected that would suffice for agility.

If we go the PR route this is going to be eternal.

I'm ok with extracting specific commits to individual PRs but I don't think is a good approach to split all since those are dependent (if we want this for 2021) I'm fine if we are ok with slipping off Quarter

mangelajo · 2021-12-10T18:54:21Z

In gerrit chained patches are easier but GitHub is a mess when you try to chain dependent PRs

mangelajo · 2021-12-10T21:40:36Z

I will split out some patches which can be out of the chain and topic of this PR without great issue, the only thing is that for this PR to be functional (or if somebody wants to test the PR) those other patches will need to be merged first

mangelajo · 2021-12-13T09:41:50Z

Extracted to separate PR: #497

Signed-off-by: Ricardo Noriega <[email protected]>

This patch only tackles the Kubelet configuration and not kube-proxy. Signed-off-by: Ricardo Noriega <[email protected]>

Signed-off-by: Ricardo Noriega <[email protected]>

Signed-off-by: Ricardo Noriega <[email protected]> Signed-off-by: Miguel Angel Ajo <[email protected]>

netgo is the network library in go, which implements network functions without using the basic linux libraries, but netgo does not implement mDNS resolution, the system can be configured to do mDNS name resolution. This doesn't add new dynamic libraries simply uses the existing ones, but stops compiling in the native-go network functions. Signed-off-by: Miguel Angel Ajo <[email protected]>

Signed-off-by: Miguel Angel Ajo <[email protected]>

mangelajo · 2021-12-13T15:14:48Z

@oglok @fzdarsky I hope it looks better now, I'm going to review the RFE

oglok · 2022-01-18T15:51:45Z

/retest

oglok · 2022-02-14T09:36:00Z

/retest

copejon · 2022-02-21T20:04:58Z

/retest

openshift-ci · 2022-02-21T20:07:03Z

@oglok: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/periodics-images	`40bff39`	link	true	`/test periodics-images`
ci/prow/e2e-rpm-install	`40bff39`	link	false	`/test e2e-rpm-install`
ci/prow/e2e-openshift-conformance-sig-instrumentation	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-instrumentation`
ci/prow/e2e-openshift-conformance-sig-network	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-network`
ci/prow/e2e-openshift-conformance-sig-storage	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-storage`
ci/prow/e2e-openshift-conformance-sig-cli	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-cli`
ci/prow/e2e-openshift-conformance-sig-scheduling	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-scheduling`
ci/prow/e2e-openshift-conformance-sig-apps	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-apps`
ci/prow/test-srpm	`40bff39`	link	true	`/test test-srpm`
ci/prow/e2e-reboot	`40bff39`	link	false	`/test e2e-reboot`
ci/prow/e2e-openshift-conformance-sig-node	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-node`
ci/prow/e2e-openshift-conformance-sig-api-machinery	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-api-machinery`
ci/prow/e2e-openshift-conformance-sig-arch	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-arch`
ci/prow/e2e-openshift-conformance-sig-auth	`40bff39`	link	false	`/test e2e-openshift-conformance-sig-auth`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

openshift-bot · 2022-05-23T00:24:45Z

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-ci · 2022-05-23T00:24:54Z

@oglok: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

oglok · 2022-06-20T16:11:18Z

Closing for now until we decide the multi-node strategy. This is a good PoC for learning to build the right solution.

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 25, 2021

openshift-ci bot requested review from copejon and fzdarsky November 25, 2021 12:22

oglok force-pushed the multi_node branch from fb630f6 to 5e1e3d1 Compare November 25, 2021 13:22

oglok mentioned this pull request Nov 29, 2021

[Enhancement]: Multi Node Enablement #460

Closed

mangelajo force-pushed the multi_node branch 2 times, most recently from e3aeaa1 to 88d042f Compare December 1, 2021 12:39

mangelajo mentioned this pull request Dec 2, 2021

[WIP] Change kubeconfigs to point to the host IP #461

Closed

mangelajo force-pushed the multi_node branch 2 times, most recently from c5ac2bf to a12ded3 Compare December 3, 2021 10:24