AWS: run k8s master in different account or different provider #39996
Conversation
|
Hi @scheeles. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. Once you've signed, please reply here (e.g. "I signed it!") and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
1 similar comment
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. Once you've signed, please reply here (e.g. "I signed it!") and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
cncf-cla: no
|
This change is |
|
I signed it!
Von: k8s-ci-robot <notifications@github.com>
Antworten an: kubernetes/kubernetes <reply@reply.github.com>
Datum: Montag, 16. Januar 2017 um 23:53
An: kubernetes/kubernetes <kubernetes@noreply.github.com>
Cc: Sebastian <scheele.s@web.de>, Mention <mention@noreply.github.com>
Betreff: Re: [kubernetes/kubernetes] AWS: run k8s master in different account or on a provider (#39996)
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA.
Once you've signed, please reply here (e.g. "I signed it!") and we'll verify. Thanks.
…________________________________
* If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits<https://help.github.com/articles/setting-your-email-in-git/>.
* If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
Instructions for interacting with me using PR comments are available here<https://github.com/kubernetes/community/blob/master/contributors/devel/pull-request-commands.md>. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra<https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:> repository. I understand the commands that are listed here<https://github.com/kubernetes/test-infra/blob/master/prow/commands.md>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#39996 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AJlO0PMpvue1nsUXYHnZvZP_DIcv3jhvks5rTHOCgaJpZM4LlU7b>.
|
k8s-github-robot
added
size/M
| // Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful | ||
| // This flag enables the possibility to run the master components on a different | ||
| // aws account, on a different cloud provider or on premise. | ||
| // If the flag is set also Zone, VPCID and KubernetesClusterTag must be provided |
| } else if cfg.Global.ExternalMaster == true && (cfg.Global.VPCID == "" || cfg.Global.Zone == "" || cfg.Global.KubernetesClusterTag == "") { | ||
| // For the external master the Zone, VPCID and KubernetesClusterTag must be set. | ||
| // It is not possible to detect it | ||
| return nil, fmt.Errorf("Run with eternal Master but Zone: %s or VPCID: %s or KubernetesClusterTag: %s is not set", cfg.Global.Zone, cfg.Global.VPCID, cfg.Global.KubernetesClusterTag) |
| metadata EC2Metadata | ||
| cfg *CloudConfig | ||
| region string | ||
| availabilityZone string |
There was a problem hiding this comment.
This is odd, because we can be multi-AZ
| @@ -1090,7 +1112,7 @@ func (c *Cloud) getAllZones() (sets.String, error) { | |||
| // GetZone implements Zones.GetZone | |||
| func (c *Cloud) GetZone() (cloudprovider.Zone, error) { | |||
| return cloudprovider.Zone{ | |||
| FailureDomain: c.selfAWSInstance.availabilityZone, | |||
| FailureDomain: c.availabilityZone, | |||
There was a problem hiding this comment.
I don't think this is what we want. It appears to be used in two places:
pkg/controller/service/servicecontroller.go: zone, err := zones.GetZone()
pkg/kubelet/kubelet_node_status.go: zone, err := zones.GetZone()
For kubelet node status, we want to continue to label with the node's zone, not the master's zone.
For servicecontroller, zone is actually unused since be9ce30 I believe. I have proposed it for removal in #40060
Hence I think we want to keep it returning selfAWSInstance.
k8s-ci-robot
added
cncf-cla: yes
| @@ -389,6 +390,11 @@ type CloudConfig struct { | |||
| // Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful | |||
| Zone string | |||
|
|
|||
| // The aws VPC flag enables the possibility to run the master components | |||
k8s-github-robot
added
size/S
k8s-ci-robot
removed
the
cncf-cla: yes
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. Once you've signed, please reply here (e.g. "I signed it!") and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
cncf-cla: no
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED The following people have approved this PR: justinsb, k8s-merge-robot, scheeles, sttts Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
approved
|
@k8s-bot gci gce e2e test this |
|
Automatic merge from submit-queue |
|
@scheeles: The following test(s) failed:
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Automatic merge from submit-queue (batch tested with PRs 43925, 42512) AWS: add KubernetesClusterID as additional option when VPC is set This is a small enhancement after the PRs #41695 and #39996 ## Release Notes ```release-note AWS cloud provider: allow to set KubernetesClusterID or KubernetesClusterTag in combination with VPC. ```
…bnetid-routetableid Automatic merge from submit-queue Specify subnetid and routetableid via cloud provider config **What this PR does / why we need it**: This is a fix for #39996 which is needed since 1.6 Changes introduced from 1.6 broke partially(LoadBalancer) the support for running the master components in a different environment (different aws account/on premise). This PR will add support for specifying the Subnet & RouteTable to use via the cloud provider config. **Release note**: ```release-note AWS cloud provider: fix support running the master with a different AWS account or even on a different cloud provider than the nodes. ```
Automatic merge from submit-queue (batch tested with PRs 40060, 44860, 44865, 44825, 44162) servicecontroller: remove unused zone field The zone field was unused, and this complicated e.g. #39996 ```release-note NONE ```
The zone field was unused, and this complicated e.g. kubernetes#39996
Automatic merge from submit-queue (batch tested with PRs 43925, 42512) AWS: add KubernetesClusterID as additional option when VPC is set This is a small enhancement after the PRs kubernetes/kubernetes#41695 and kubernetes/kubernetes#39996 ## Release Notes ```release-note AWS cloud provider: allow to set KubernetesClusterID or KubernetesClusterTag in combination with VPC. ```
Currently the master and the nodes must run in the same account. With this change the master can run in a different AWS account, on a different cloud provider or on premise.
Release Notes