Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GKE scopes in installation and testing are overkill #614

Closed
markmandel opened this issue Feb 21, 2019 · 4 comments
Closed

GKE scopes in installation and testing are overkill #614

markmandel opened this issue Feb 21, 2019 · 4 comments
Labels
good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! kind/cleanup Refactoring code, fixing up documentation, etc kind/documentation Documentation for Agones
Milestone
0.9.0

Comments

@markmandel
Copy link
Member

GKE scopes could be dropped to the new(?) gke-default scope, which is far less than what we have in either the documentation, our e2e cluster or development test clusters.

Likely only needs someone to test creating a cluster with the default scope, and making the changes in those three places.
@markmandel markmandel added kind/bug These are bugs. help wanted We would love help on these issues. Please come help us! good first issue These are great first issues. If you are looking for a place to start, start here! kind/documentation Documentation for Agones kind/cleanup Refactoring code, fixing up documentation, etc and removed kind/bug These are bugs. labels Feb 21, 2019
@aLekSer
Copy link
Collaborator

aLekSer commented Feb 28, 2019

Started working on that issue

@aLekSer
Copy link
Collaborator

aLekSer commented Feb 28, 2019

Currently if omitting the oauthScopes in development test clusters. An error occurs Cannot pull image agones-controller from the registry.
And unauthorized error if executing docker run on one of cluster nodes.
Will check other places where we could use gke-default scope.

@markmandel
Copy link
Member Author

@aLekSer does this mean the alias's don't work via the deployment manager, just through gcloud?

@aLekSer
Copy link
Collaborator

aLekSer commented Mar 1, 2019
edited
Loading

@markmandel I was not able to find out this yesterday. Will let you know. In Jinja template it seems that only https://www.googleapis.com/auth/compute style oauthScopes are accepted. If I pass gke-defaults.
Tested that I could pass it this way:

gcloud container clusters create [CLUSTER_NAME] --cluster-version=1.11 \
  --no-enable-legacy-authorization \
  --tags=game-server \
  --enable-basic-auth \
  --password=supersecretpassword \
  --scopes=gke-default \
  --num-nodes=3 \
  --machine-type=n1-standard-1

And after use install.yaml, cluster is working fine.
Please refer to NodeConfig. There is no option to add some keyword like gke-default in jinja config, but we can remove logging.write and monitoring ones.

@aLekSer aLekSer mentioned this issue Mar 1, 2019
Merged
@markmandel markmandel added this to the 0.9.0 milestone Mar 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! kind/cleanup Refactoring code, fixing up documentation, etc kind/documentation Documentation for Agones
Projects
None yet
Milestone
0.9.0
Development

No branches or pull requests
2 participants
@markmandel @aLekSer