Allow user to use arbitraty userdata #651
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: enxebre If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
size/L
|
Hi @enxebre. Thanks for your PR. I'm waiting for a kubernetes-sigs or kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-ok-to-test
|
where is the branch on your fork to check this out? I can't seem to locate a branch named edit: 🤦♂️ |
| @@ -90,3 +93,21 @@ func funcMap(funcs map[string]interface{}) template.FuncMap { | |||
|
|
|||
| return funcMap | |||
| } | |||
|
|
|||
| func GetUserDataFromSecret(machine *actuators.MachineScope) (string, error) { | |||
There was a problem hiding this comment.
Is it possible to create a unit test case for this function?
There was a problem hiding this comment.
Before I get too far into code reviewing let me make sure I understand what this is doing:
This allows someone to add their own script to be run at node-boot time. It's not in addition to the default installation, but entirely replaces it.
Can you outline what your use case is so I can better understand where you're coming from?
| @@ -90,3 +93,21 @@ func funcMap(funcs map[string]interface{}) template.FuncMap { | |||
|
|
|||
| return funcMap | |||
| } | |||
|
|
|||
| func GetUserDataFromSecret(machine *actuators.MachineScope) (string, error) { | |||
There was a problem hiding this comment.
A couple of suggestions and questions:
- flip around the nil check and return early if the UserDataSecret is nil
- the
userDatavar is unnecessary, directly encode and return at line 105 and remove the else statement - why is it an error if the secret doesn't contain the
userDatakey? My expectation would be to log an error and return nothing - please add godoc and a test to this function
| @@ -158,15 +158,73 @@ func (s *Service) createInstance(machine *actuators.MachineScope, bootstrapToken | |||
| } | |||
|
|
|||
| // apply values based on the role of the machine | |||
There was a problem hiding this comment.
is this comment still valid?
| func GetUserDataFromSecret(machine *actuators.MachineScope) (string, error) { | ||
| if machine.MachineConfig.UserDataSecret != nil { | ||
| userData := []byte{} | ||
| userDataSecret, err := machine.CoreClient.Secrets(machine.Namespace()).Get(machine.MachineConfig.UserDataSecret.Name, metav1.GetOptions{}) |
There was a problem hiding this comment.
How will this secret be created?
If the secret doesn't exist, the machine reconciliation will not make progress until the secret is created. Correct?
There was a problem hiding this comment.
Correct. If you set https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/651/files#diff-7fbfb526ca988417add16e1058fcd340R85
You are assuming the secret with that name to exist.
If you don't set the spec field, current behaviour remains
https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/651/files#diff-e7748766dc5475de766bbb0d40ef7fd1R98
Hey @chuckha for our use case in OpenShift we have a clearer separation between machine (hardware) and software/kubelet. The software/kubelet is managed orthogonally by a different component. |
|
As discussed in today's Cluster API meeting, we'd like to see a document outlining requirements and use cases. Going to mark this on hold for now. Thanks! /hold |
k8s-ci-robot
added
the
do-not-merge/hold
Unfortunately attending the meeting is not always feasible being in CET. @ncdc I can't see any action item in the meeting notes https://docs.google.com/document/d/1Ys-DOR5UsgbMEeciuG0HOgDQc8kZsaWIWJeKJ1-UfbY/edit#heading=h.h3b651pv3rlt I'm happy to get some doc in place otherwise. This relates to kubernetes-sigs/cluster-api#721 |
|
@enxebre understood about the time zone issue. The relevant section in the meeting notes is |
|
We would like to go through the design process to come up with something that works well for everyone, and would like adequate time to review/comment/revise etc. |
|
@enxebre: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-rebase
|
As part of the Cluster API v1alpha2 milestone that we just started working on, we're separating bootstrapping from infrastructure provisioning, and you'll be able to bring your own user data. As such, I'm going to close this in favor of that effort. /close |
|
@ncdc: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it:
This PR removes tight coupling between machine resource and kubeadm while keeping the current behaviour pristine.
This allows flexibility for the API consumers to support broader use cases by injecting arbitrary userdata into a secret optionally referenced by the spec.
While being a fairly scoped change this would favour adoption of the project extremely.
Related:
kubernetes-sigs/cluster-api-provider-azure#135
kubernetes-sigs/cluster-api#721 and https://docs.google.com/document/d/1pzXtwYWRsOzq5Ftu03O5FcFAlQE26nD3bjYBPenbhjg/edit#heading=h.etxqa0k5waej
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
Release note: