fix the error when cert-mgr-mode set to kubelet #359
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@qclc: GitHub didn't allow me to assign the following users: your_reviewer. Note that only openyurtio members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
luckymrwang
reviewed
Jun 18, 2021
pkg/yurthub/restconfig/restconfig.go
Outdated
|
|
||
| const ( | ||
| YurthubCertificateManagerName = "hubself" | ||
| KubeletCertificateManagerName = "kubelet" |
There was a problem hiding this comment.
const variable "hubself" and "kubelet" are defined again. subself/cert_mgr.go and kubelet/cert_mgr.go have been defined as certificateManagerName, and util.go/IsSupportedCertMode, NewYurtHubOptions.CertMgrMode have used the same name too. Is it better to unify them in one place and use them in many place?
There was a problem hiding this comment.
I think it's a good idea. I have unified the globally constants in the yurthub module into the util.go file.
qclc
force-pushed
the
fix-cert-mgr-mode-bug
branch
3 times, most recently
from
0c8f3b4 to
289b805
Compare
rambohe-ch
reviewed
Jun 21, 2021
| DefaultClusterName = "kubernetes" | ||
| ClusterInfoName = "cluster-info" | ||
| KubeconfigName = "kubeconfig" | ||
| yurtHubName = "yurthub" |
There was a problem hiding this comment.
how about keep the yurtHubName as hubName? So it looks like variables names are consistent
There was a problem hiding this comment.
This variable's name has been changed back to hubname.
rambohe-ch
reviewed
Jun 21, 2021
pkg/yurthub/restconfig/restconfig.go
Outdated
| limitations under the License. | ||
| */ | ||
|
|
||
| package restconfig |
There was a problem hiding this comment.
how about put restconfig.go file under pkg/kubernetes/rest dir? and rename file name as config.go
There was a problem hiding this comment.
The latest code has been commited. restconfig.go file has been migrated.
rambohe-ch
reviewed
Jun 21, 2021
pkg/yurthub/restconfig/restconfig.go
Outdated
| } | ||
|
|
||
| // NewRestConfigManager creates a *RestConfigManager object | ||
| func NewRestConfigManager(cfg *config.YurtHubConfiguration, certMgr interfaces.YurtCertificateManager, healthChecker healthchecker.HealthChecker) (*RestConfigManager, error) { |
There was a problem hiding this comment.
i think we need to add some unit test cases for RestConfigManager?
There was a problem hiding this comment.
The latest code has been commited. Unit tests has been added.
qclc
force-pushed
the
fix-cert-mgr-mode-bug
branch
from
fb8e1cb to
738f81d
Compare
rambohe-ch
reviewed
Jun 22, 2021
|
|
||
| var rc *rest.Config | ||
| if tt.mode == "hubself" { | ||
| rc = rcm.getHubselfRestConfigSkipCurrent() |
There was a problem hiding this comment.
I think we need invoke GetRestConfig() here and not getHubselfRestConfigSkipCurrent(), and then verify the return value.
There was a problem hiding this comment.
The unit test has been corrected, and the GetRestConfig() function will be called here.
qclc
force-pushed
the
fix-cert-mgr-mode-bug
branch
2 times, most recently
from
53a16ad to
d6df75a
Compare
|
@qclc Would you upload the detail logs of yurthub startup that check the pr has worked correctly. |
qclc
force-pushed
the
fix-cert-mgr-mode-bug
branch
from
d6df75a to
150c84e
Compare
qclc
force-pushed
the
fix-cert-mgr-mode-bug
branch
from
150c84e to
31f47fc
Compare
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9", GitCommit:"94f372e501c973a7fa9eb40ec9ebd2fe7ca69848", GitTreeState:"clean", BuildDate:"2020-09-16T13:56:40Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9", GitCommit:"94f372e501c973a7fa9eb40ec9ebd2fe7ca69848", GitTreeState:"clean", BuildDate:"2020-09-16T13:47:43Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
This is the startup log when yurthub uses I0705 12:54:01.805059 1 config.go:128] yurthub would connect remote servers: https://apiserver.demo:6443
I0705 12:54:01.806778 1 start.go:68] yurthub cfg: &config.YurtHubConfiguration{LBMode:"rr", RemoteServers:[]*url.URL{(*url.URL)(0xc0004ebf80)}, YurtHubServerAddr:"127.0.0.1:10267", YurtHubProxyServerAddr:"127.0.0.1:10261", YurtHubProxyServerDummyAddr:"169.254.2.1:10261", GCFrequency:120, CertMgrMode:"hubself", KubeletRootCAFilePath:"/etc/kubernetes/pki/ca.crt", KubeletPairFilePath:"/var/lib/kubelet/pki/kubelet-client-current.pem", NodeName:"n116", HeartbeatFailedRetry:3, HeartbeatHealthyThreshold:2, HeartbeatTimeoutSeconds:2, MaxRequestInFlight:250, JoinToken:"p8i95d.xkce3p8zum2h7bvh", RootDir:"/var/lib/yurthub", EnableProfiling:true, EnableDummyIf:true, EnableIptables:true, HubAgentDummyIfName:"yurthub-dummy0", StorageWrapper:(*cachemanager.storageWrapper)(0xc000220380), SerializerManager:(*serializer.SerializerManager)(0xc0002203c0)}
I0705 12:54:01.806899 1 start.go:83] 1. register cert managers
I0705 12:54:01.806944 1 certificate.go:60] Registered certificate manager kubelet
I0705 12:54:01.806967 1 certificate.go:60] Registered certificate manager hubself
I0705 12:54:01.806976 1 start.go:89] 2. create cert manager with hubself mode
I0705 12:54:01.807093 1 cert_mgr.go:214] /var/lib/yurthub/pki/ca.crt file already exists, so skip to create ca file
I0705 12:54:01.807154 1 cert_mgr.go:127] use /var/lib/yurthub/pki/ca.crt ca file to bootstrap yurthub
I0705 12:54:01.807383 1 cert_mgr.go:289] yurthub bootstrap conf file already exists, skip init bootstrap
I0705 12:54:01.807503 1 certificate_store.go:130] Loading cert/key pair from "/var/lib/yurthub/pki/yurthub-current.pem".
I0705 12:54:01.835765 1 certificate_manager.go:282] Certificate rotation is enabled.
I0705 12:54:01.835928 1 cert_mgr.go:412] yurthub config file already exists, skip init config file
I0705 12:54:01.835956 1 start.go:97] 3. new transport manager
I0705 12:54:01.836010 1 transport.go:57] use /var/lib/yurthub/pki/ca.crt ca cert file to access remote server
I0705 12:54:01.836237 1 certificate_manager.go:553] Certificate expiration is 2022-07-03 14:34:57 +0000 UTC, rotation deadline is 2022-05-11 05:51:45.924920369 +0000 UTC
I0705 12:54:01.836312 1 certificate_manager.go:288] Waiting 7432h57m44.08861986s for next certificate rotation
I0705 12:54:01.836320 1 start.go:105] 4. create health checker for remote servers
I0705 12:54:01.839374 1 connrotation.go:145] create a connection from 10.10.103.116:43000 to apiserver.demo:6443, total 1 connections in transport manager dialer
I0705 12:54:01.867103 1 start.go:114] 5. new restConfig manager for hubself mode
I0705 12:54:01.867198 1 start.go:122] 6. new cache manager with storage wrapper and serializer manager
I0705 12:54:01.867412 1 cache_agent.go:68] reset cache agents to [kubelet kube-proxy flanneld coredns yurttunnel-agent]
I0705 12:54:01.868544 1 start.go:130] 7. new gc manager for node n116, and gc frequency is a random time between 120 min and 360 min
I0705 12:54:01.868830 1 gc.go:97] list pod keys from storage, total: 4
I0705 12:54:01.873664 1 config.go:107] re-fix hub rest config host successfully with server https://apiserver.demo:6443
I0705 12:54:01.922436 1 gc.go:125] list all of pod that on the node: total: 4
I0705 12:54:01.922710 1 gc.go:143] gc pod kubelet/pods/kube-system/yurtctl-servant-revert-n116-ssd4x successfully
I0705 12:54:01.922759 1 start.go:139] 8. new reverse proxy handler for remote servers
I0705 12:54:01.922821 1 start.go:148] 9. create dummy network interface yurthub-dummy0 and init iptables manager
I0705 12:54:01.922912 1 gc.go:74] start gc events after waiting 156.23µs from previous gc
I0705 12:54:01.924346 1 config.go:107] re-fix hub rest config host successfully with server https://apiserver.demo:6443
I0705 12:54:01.927500 1 gc.go:163] list kubelet event keys from storage, total: 11
I0705 12:54:01.968879 1 start.go:156] 10. new yurthub server and begin to serve, dummy proxy server: 169.254.2.1:10261
I0705 12:54:01.968915 1 start.go:159] 10. new yurthub server and begin to serve, proxy server: 127.0.0.1:10261, hub server: 127.0.0.1:10267
I0705 12:54:02.132305 1 gc.go:186] gc events kubelet/events/default/n116.168ee1f536cda333 successfully
I0705 12:54:02.132463 1 gc.go:186] gc events kubelet/events/default/n116.168ee1f543020049 successfully
I0705 12:54:02.132580 1 gc.go:186] gc events kubelet/events/default/n116.168ee1f543022fd3 successfully
I0705 12:54:02.132677 1 gc.go:186] gc events kubelet/events/default/n116.168ee1f543024d3d successfully
I0705 12:54:02.132779 1 gc.go:186] gc events kubelet/events/default/n116.168ee1f5495bb60a successfully
I0705 12:54:02.132869 1 gc.go:186] gc events kubelet/events/default/n116.168ee1f54adf9214 successfully
I0705 12:54:02.132987 1 gc.go:186] gc events kubelet/events/default/n116.168ee1f55379cdd2 successfully
I0705 12:54:02.133160 1 gc.go:186] gc events kubelet/events/kube-system/yurtctl-servant-revert-n116-ssd4x.168ee21ee2a28ceb successfully
I0705 12:54:02.133282 1 gc.go:186] gc events kubelet/events/kube-system/yurtctl-servant-revert-n116-ssd4x.168ee21ef6c6d7cc successfully
I0705 12:54:02.133380 1 gc.go:186] gc events kubelet/events/kube-system/yurtctl-servant-revert-n116-ssd4x.168ee21efa8f349b successfully
I0705 12:54:02.133518 1 gc.go:186] gc events kubelet/events/kube-system/yurtctl-servant-revert-n116-ssd4x.168ee21f0746ab87 successfully
I0705 12:54:02.133544 1 gc.go:160] no kube-proxy events in local storage, skip kube-proxy events gc
I0705 12:54:11.647864 1 util.go:232] start proxying: get /api/v1/pods?fieldSelector=spec.nodeName%3Dn116&limit=500&resourceVersion=0, in flight requests: 1
I0705 12:54:11.651170 1 util.go:232] start proxying: get /api/v1/services?limit=500&resourceVersion=0, in flight requests: 2This is the startup log when yurthub uses I0705 12:57:12.614968 1 config.go:128] yurthub would connect remote servers: https://apiserver.demo:6443
I0705 12:57:12.616192 1 start.go:68] yurthub cfg: &config.YurtHubConfiguration{LBMode:"rr", RemoteServers:[]*url.URL{(*url.URL)(0xc00035eb00)}, YurtHubServerAddr:"127.0.0.1:10267", YurtHubProxyServerAddr:"127.0.0.1:10261", YurtHubProxyServerDummyAddr:"169.254.2.1:10261", GCFrequency:120, CertMgrMode:"kubelet", KubeletRootCAFilePath:"/etc/kubernetes/pki/ca.crt", KubeletPairFilePath:"/var/lib/kubelet/pki/kubelet-client-current.pem", NodeName:"n116", HeartbeatFailedRetry:3, HeartbeatHealthyThreshold:2, HeartbeatTimeoutSeconds:2, MaxRequestInFlight:250, JoinToken:"p8i95d.xkce3p8zum2h7bvh", RootDir:"/var/lib/yurthub", EnableProfiling:true, EnableDummyIf:true, EnableIptables:true, HubAgentDummyIfName:"yurthub-dummy0", StorageWrapper:(*cachemanager.storageWrapper)(0xc000690380), SerializerManager:(*serializer.SerializerManager)(0xc0006903c0)}
I0705 12:57:12.616288 1 start.go:83] 1. register cert managers
I0705 12:57:12.616321 1 certificate.go:60] Registered certificate manager kubelet
I0705 12:57:12.616335 1 certificate.go:60] Registered certificate manager hubself
I0705 12:57:12.616344 1 start.go:89] 2. create cert manager with kubelet mode
I0705 12:57:12.617195 1 cert_mgr.go:73] Loading cert/key pair from "/var/lib/kubelet/pki/kubelet-client-current.pem".
I0705 12:57:12.642719 1 start.go:97] 3. new transport manager
I0705 12:57:12.642765 1 transport.go:57] use /etc/kubernetes/pki/ca.crt ca cert file to access remote server
I0705 12:57:12.643677 1 start.go:105] 4. create health checker for remote servers
I0705 12:57:12.646951 1 connrotation.go:145] create a connection from 10.10.103.116:43104 to apiserver.demo:6443, total 1 connections in transport manager dialer
I0705 12:57:12.673190 1 start.go:114] 5. new restConfig manager for kubelet mode
I0705 12:57:12.673219 1 start.go:122] 6. new cache manager with storage wrapper and serializer manager
I0705 12:57:12.673345 1 cache_agent.go:68] reset cache agents to [kubelet kube-proxy flanneld coredns yurttunnel-agent]
I0705 12:57:12.675219 1 start.go:130] 7. new gc manager for node n116, and gc frequency is a random time between 120 min and 360 min
I0705 12:57:12.675393 1 gc.go:97] list pod keys from storage, total: 3
I0705 12:57:12.715593 1 gc.go:125] list all of pod that on the node: total: 3
I0705 12:57:12.715669 1 start.go:139] 8. new reverse proxy handler for remote servers
I0705 12:57:12.715731 1 start.go:148] 9. create dummy network interface yurthub-dummy0 and init iptables manager
I0705 12:57:12.716027 1 gc.go:74] start gc events after waiting 359.45µs from previous gc
I0705 12:57:12.720930 1 gc.go:163] list kubelet event keys from storage, total: 8
I0705 12:57:12.751626 1 gc.go:160] no kube-proxy events in local storage, skip kube-proxy events gc
I0705 12:57:12.760800 1 start.go:156] 10. new yurthub server and begin to serve, dummy proxy server: 169.254.2.1:10261
I0705 12:57:12.760837 1 start.go:159] 10. new yurthub server and begin to serve, proxy server: 127.0.0.1:10261, hub server: 127.0.0.1:10267
I0705 12:57:13.482092 1 util.go:232] start proxying: get /api/v1/nodes?allowWatchBookmarks=true&fieldSelector=metadata.name%3Dn116&resourceVersion=10529909&timeoutSeconds=480&watch=true, in flight requests: 1
I0705 12:57:13.483044 1 util.go:232] start proxying: get /apis/storage.k8s.io/v1/csidrivers?allowWatchBookmarks=true&resourceVersion=1&timeout=9m7s&timeoutSeconds=547&watch=true, in flight requests: 2
I0705 12:57:13.485057 1 util.go:232] start proxying: get /api/v1/namespaces/kube-system/configmaps?allowWatchBookmarks=true&fieldSelector=metadata.name%3Dkube-flannel-cfg&resourceVersion=10529801&timeout=6m25s&timeoutSeconds=385&watch=true, in flight requests: 3 |
@rambohe-ch Hi, the detailed log of yurthub startup has been uploaded to the comments. |
|
/lgtm |
|
/approve |
1 similar comment
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: qclc, rambohe-ch The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
6 tasks
6 tasks
MrGirl
pushed a commit
to MrGirl/openyurt
that referenced
this pull request
Mar 29, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind bug
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #348
Special notes for your reviewer:
Does this PR introduce a user-facing change?
other Note