Make openshift-ansible use static pods to install the control plane, make nodes prefer bootstrapping #6916
Conversation
openshift-ci-robot
added
do-not-merge/work-in-progress
smarterclayton
force-pushed
the
static_masters
branch
3 times, most recently
from
831cb45 to
13a4c61
Compare
openshift-ci-robot
added
size/XL
smarterclayton
force-pushed
the
static_masters
branch
2 times, most recently
from
bd51401 to
0c08ca0
Compare
openshift-ci-robot
added
size/XXL
openshift-merge-robot
added
the
needs-rebase
|
@danwinship as well... |
| - mountPath: /var/run/openshift-sdn | ||
| name: host-var-run-openshift-sdn | ||
| # CNI related mounts which we take over | ||
| - mountPath: /host/opt/cni/bin |
There was a problem hiding this comment.
@smarterclayton nevermind, I'm mixing up my volume mounts... or am I? isn't volumeMount->mountPath the path inside the container? If so, then wouldn't we need a change to the SDN code to look at /host/opt/cni/bin instead of just /opt/cni/bin? I'm not really sure what you're trying to do here with /host/opt/cni/bin...
There was a problem hiding this comment.
I just took over all the master paths related to CNI when this pod starts up. These were the directories the previous content referenced.
There was a problem hiding this comment.
Although this one may be a typo. Will check.
| @@ -35,19 +46,12 @@ masterKubeConfig: node.kubeconfig | |||
| networkConfig: | |||
| mtu: {{ openshift_node_group_network_mtu }} | |||
| networkPluginName: {{ openshift_node_group_network_plugin }} | |||
| nodeIP: "" | |||
| podManifestConfig: null | |||
| networkPluginName: {{ openshift_node_group_network_plugin }} | |||
There was a problem hiding this comment.
@smarterclayton isn't this new networkPluginName a dupe? it's specified just above in networkConfig already. (see below, this might be a leftover from something... but on the node, networkPluginName is part of networkConfig AFAICS).
How this should all work is...
- kubelet has a separate network plugin argument which allows passing either nothing (eg use docker default networking), "kubenet" (upstream default), or "cni" (openshift-sdn and 3rd party network plugins)
- the Network daemonset gets its own network plugin flag for singletenant, multitenant, or networkpolicy. Or even better, we somehow detect that at runtime (this would take a bit of work)
There was a problem hiding this comment.
What requirements does kubenet have?
| volumeConfig: | ||
| localQuota: | ||
| perFSGroup: null | ||
| volumeDirectory: {{ openshift_node_group_node_data_dir }}/openshift.local.volumes | ||
| enable-controller-attach-detach: | ||
| - 'true' | ||
| networkPluginName: {{ openshift_node_group_network_plugin }} |
There was a problem hiding this comment.
Ok, this is odd. I can't see how this networkPluginName would be used at all... Our config defines networkPluginName part of the NetworkConfig struct, not top-level in the node config.
There was a problem hiding this comment.
This is the legacy field. It continues to be supported on the external struct and takes precedence over the inner. We can probably simplify.
|
@smarterclayton so the only two things I see worth discussion are:
|
|
Do we have any need to support the old plugin names? I think only the
network plugin needs to respect it, the kubelet won’t have anything other
than cni (I don’t think?)
Nodes won’t have any networking config in their config, instead the network
daemonset decides that.
On Feb 1, 2018, at 6:19 PM, Dan Williams <[email protected]> wrote:
@smarterclayton <https://github.com/smarterclayton> so the only two things
I see worth discussion are:
1. the /host/opt/cni/bin thing not paired with a corresponding change to
the SDN code (unless I mis-understand how volume mounts work)
2. how networkPluginName gets handled on the node, for both Kubelet
itself and for the SDN. It would be nice not to require the
IsOpenShiftNetworkPlugin() stuff in
pkg/cmd/server/kubernetes/node/options/options.go, which we could do be
either (a) making the SDN code figure that out automatically on the node,
or (b) allowing separate networkPluginName config options for kubelet and
the SDN daemonset
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6916 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p770Zfa0n9hXmLzfGh2E4f7HSuqSks5tQkaNgaJpZM4Rv4zi>
.
|
smarterclayton
force-pushed
the
static_masters
branch
from
0c08ca0 to
4744d9c
Compare
openshift-merge-robot
removed
the
needs-rebase
@smarterclayton Yeah, the node itself won't need any networkConfig block unless we want to allow people to use pure docker networking or kubenet like upstream supports. In that case we need to pass something other than --network-plugin=cni to kubelet. Then the network daemonset needs its own networkConfig block which includes MTU and networkPluginName so that we can distinguish between single/multitenant and networkpolicy. |
"oc cluster up" uses kubenet, right?
Though if there's going to be some mandatory configuration-munging step as part of the upgrade maybe we should change the name/values of this option to better reflect the fact that it's choosing the mode that the single openshift-sdn plugin runs in, not selecting between three different plugins? (Something like Also, we should think about how people are going to configure whether to use openshift-sdn or ovn-kubernetes. |
oc cluster up literally doesn't do anything with networking. So you get docker default networking (and yes, it doesn't look like oc cluster up supports CRIO yet). I assume that means networkPluginName="".
That would be nice, though right now I don't think we are forced to change that. The SDN daemonset still gets the networkPluginName argument AFAICS. But it's still just a config option, so we can put whatever we want in there for the SDN daemonset, though it would be a bit odd to have networkPluginName: network-isolation=XXX.
On the node, they just don't run the SDN daemonset. Although this is a bit complicated right now because "openshift network" does more than just the SDN+proxy, it also does some DNS stuff too. @smarterclayton so what we should probably do is split the SDN out from even the DNS stuff and just have an SDN daemonset alone. That way users can either run it, or run ovn-kubernetes, or something else entirely. |
smarterclayton
force-pushed
the
static_masters
branch
2 times, most recently
from
1083a6a to
a8727eb
Compare
|
DNS is going to be split into CoreDNS at some point. We're going to have to come back to it probably before 3.10 launches though. |
|
Without openshift/origin#18430, if any cert expires the kubelets won't reestablish contact. I'll consider back porting it. |
smarterclayton
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
bot, retest this please |
|
GCP is a flake, logging may have regressed |
smarterclayton
force-pushed
the
static_masters
branch
from
e058f2c to
6db2727
Compare
|
bot, retest this please |
|
/retest |
1 similar comment
|
/retest |
smarterclayton
force-pushed
the
static_masters
branch
from
8830845 to
597e57c
Compare
|
/retest Going to merge on green |
|
Two changes - default openshift_push_dns to true, and replace “${version}” with openshift_image_tag in oreg_url. Follow on PR will reenable system containers job, disable openshift_master role, and default both openshift_master and openshift_node bootstrapping on by default, then begin working on the upgrade steps. |
smarterclayton
force-pushed
the
static_masters
branch
from
597e57c to
446eef0
Compare
Is a replacement to the openshift_master role. OpenShift SDN role serves two purposes - managing the network (kube proxy, dns, and SDN if enabled) as well as temporarily performing a sync loop.
Remove any overlapping master implications from the node role for now. The node now uses /usr/bin/openshift-node to generate the config into kubelet flags and launch the kubelet.
This is the configuration that is baked into AMIs and starts the node waiting for content. If a subsequent task lays down a node-config.yaml into /etc/origin/node, the bootstrap config is ignored.
Use static pod restarts everywhere, and remove openvswitch from nodes.
Otherwise some code will check the wrong value.
smarterclayton
force-pushed
the
static_masters
branch
from
446eef0 to
c826c43
Compare
smarterclayton
added
lgtm
|
And the boot comes |
|
Automatic merge from submit-queue. |
|
@smarterclayton: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
| fi | ||
| fi | ||
|
|
||
| # TODO: move to cri-ctl |
There was a problem hiding this comment.
just catching up on this PR... are there tracking issues for all these TODOs?
--write-flagsinstead of launching the node ourselves. If a node-config.yaml is laid down in/etc/origin/nodeit takes precedence.Challenges at this point:
master-logsandmaster-restart) need to deal with CRI-O and systemd. Ideally this is a temporary shim until we remove systemd for these components and have cri-ctl installed.Further exploration things:
/var/lib/origin,/var/lib/etcd) - how many customers have fiddled with this?@derekwaynecarr @sdodson @liggitt @deads2k this is the core of self-hosting.