Update client go #398
Update client go #398
Conversation
|
E2E test results. One of them failed and passed on rerun: Summarizing 1 Failure: [Fail] Kubernetes cluster using aad-pod-identity [It] should assign identity with init containers Ran 17 of 19 Specs in 3898.244 seconds [1] should assign identity with init containers Ran 1 of 19 Specs in 257.761 seconds |
kkmsft
force-pushed
the
go-client
branch
2 times, most recently
from
159219c to
ee325ac
Compare
kkmsft
force-pushed
the
go-client
branch
2 times, most recently
from
54220a3 to
90e16f9
Compare
cmd/mic/main.go
Outdated
| @@ -72,7 +75,20 @@ func main() { | |||
| //Identities that should be never removed from Azure AD (used defined managed identities) | |||
| flag.StringVar(&immutableUserMSIs, "immutable-user-msis", "", "prevent deletion of these IDs from the underlying VM/VMSS") | |||
|
|
|||
| // Config map for aad-pod-identity | |||
| flag.StringVar(&cmConfig.Name, "cmName", "aad-pod-identity-cm", "Configmap name") | |||
There was a problem hiding this comment.
can we change this to config-map-name instead of cmName
There was a problem hiding this comment.
can we use aad-pod-identity-config instead of aad-pod-identity-cm?
cmd/mic/main.go
Outdated
| // Config map for aad-pod-identity | ||
| flag.StringVar(&cmConfig.Name, "cmName", "aad-pod-identity-cm", "Configmap name") | ||
| // Config map details for the type changes in the context of client-go upgrade. | ||
| flag.StringVar(&typeUpgradeConfig.CMTypeUpgradeKey, "typeUpgradeCMKey", "type-upgrade-status", "Configmap key for type upgrade status") |
There was a problem hiding this comment.
we should use hyphen separated name instead of camel case similar to the other flags we have in MIC
cmd/simple/main.go
Outdated
| "k8s.io/client-go/rest" | ||
| "k8s.io/client-go/tools/clientcmd" | ||
| "k8s.io/klog" | ||
| //"context" |
| azureIdentity: "demo-aad1" | ||
| selector: "demo" |
pkg/mic/mic.go
Outdated
| @@ -18,6 +18,7 @@ import ( | |||
| "github.com/Azure/aad-pod-identity/version" | |||
| "golang.org/x/sync/semaphore" | |||
| corev1 "k8s.io/api/core/v1" | |||
| kubeErrors "k8s.io/apimachinery/pkg/api/errors" | |||
There was a problem hiding this comment.
can we rename this to apierrors instead of kubeErrors?
pkg/mic/mic.go
Outdated
| // Start ... | ||
| func (c *Client) Start(exit <-chan struct{}) { | ||
| klog.V(6).Infof("MIC client starting..") | ||
|
|
||
| if err := c.UpgradeTypeIfRequired(); err != nil { | ||
| klog.Fatalf("Upgrade failed with error: %v", err) |
There was a problem hiding this comment.
I think we should say type upgrade failed with error. I think we need to make this error message descriptive so the user what upgrade failed here
|
|
||
| // There is a delay in data propogation to cache. It's possible that the creates performed in the previous sync cycle | ||
| // are not propogated before this sync cycle began. In order to avoid redoing the cycle, we sync cache again. | ||
| c.CRDClient.SyncCacheAll(exit, false) |
There was a problem hiding this comment.
Were you able to confirm that this cache sync with the go client update has no leaks?
pkg/mic/mic.go
Outdated
| @@ -417,19 +522,22 @@ func (c *Client) createDesiredAssignedIdentityList( | |||
| newAssignedIDs := make(map[string]aadpodid.AzureAssignedIdentity) | |||
|
|
|||
| for _, pod := range listPods { | |||
| klog.V(6).Infof("checking pod: %s", pod.Name) | |||
There was a problem hiding this comment.
can we also add the pod namespace here to the log?
pkg/mic/mic.go
Outdated
| if pod.Spec.NodeName == "" { | ||
| //Node is not yet allocated. In that case skip the pod | ||
| klog.V(2).Infof("Pod %s/%s has no assigned node yet. it will be ignored", pod.Namespace, pod.Name) | ||
| continue | ||
| } | ||
| crdPodLabelVal := pod.Labels[aadpodid.CRDLabelKey] | ||
| klog.V(6).Infof("Label value: %v", crdPodLabelVal) |
There was a problem hiding this comment.
I think we should also add the podns and podname in this log
pkg/mic/mic.go
Outdated
| if crdPodLabelVal == "" { | ||
| //No binding mentioned in the label. Just continue to the next pod | ||
| klog.V(2).Infof("Pod %s/%s has correct %s label but with no value. it will be ignored", pod.Namespace, pod.Name, aadpodid.CRDLabelKey) | ||
| continue | ||
| } | ||
| var matchedBindings []aadpodid.AzureIdentityBinding | ||
| for _, allBinding := range *listBindings { | ||
| klog.V(6).Infof("Check the binding: %s", allBinding.Spec.Selector) |
deploy/demo/aadpodidentity.yaml
Outdated
| @@ -4,5 +4,5 @@ metadata: | |||
| name: demo-aad1 | |||
| spec: | |||
| type: 0 | |||
| ResourceID: RESOURCE_ID | |||
| ClientID: CLIENT_ID | |||
| resourceID: RESOURCE_ID | |||
There was a problem hiding this comment.
We should update these manifests right before we cut the new release as this will not work with current release.
Reason for Change:
Update client-go to avoid thread leak.
Simple command to test listing and accept GOOS from env
Fix cache sync calls
Misc. logging changes
Issue Fixed:
Notes for Reviewers:
TODO