provide cluster-config in config.openshift.io #680
Assignees
Comments
|
cc @bparees since i think this what you'll want to follow re: the final home for the cloud provider and cloud creds |
Shouldn't the config information be in // spec holds user settable values for configuration
Spec NetworkSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
Status NetworkStatus `json:"status"`Do you also want to push the platform-specific sub-structures over to the API repo? That might make rolling out new platforms or iterating on them more complicated (two repos to touch while you work out installer issues for the new platform). Should these structures incubate in the installer and then be frozen out into the API repo when they're stable on new platforms and ready for out-of-installer consumers? |
Yes. We expect openshift/api to be the source of truth for operators running on cluster.
We have dependencies growing on this now. We need to provide these as soon as is practical. |
|
#717 was a step in this direction. Once we get the config pushed out into custom resources and transition consumers, I think we should drop And once we drop |
The installer still needs a single object to drive its creation. why would we drop InstallConfig?
|
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Jan 30, 2019
`cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: openshift#680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Jan 30, 2019
This updates the `Infrastructure.config.openshift.io` object to catch up with [1]. Machine Config Operator uses the `APIServerURL` to point the kubelet on machines to apiserver, and `EtcdDiscoveryDomain` to setup the etcd members to bootstrap the etcd cluster using dns discovery [2]. This is required as Machine Config Operator currently uses the `cluster-config-v1` to creates these values and as `cluster-config-v1` is getting deprecated [3], Machine Config Operator will move to using the status of `Infrastructure.config.openshift.io` for sourcing that information. [1]: openshift/api#189 [2]: https://github.com/etcd-io/etcd/blob/583763261f1c843e07c1bf7fea5fb4cfb684fe87/Documentation/op-guide/clustering.md#dns-discovery [3]: openshift#680
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Jan 31, 2019
This updates the `Infrastructure.config.openshift.io` object to catch up with [1]. Machine Config Operator uses the `APIServerURL` to point the kubelet on machines to apiserver, and `EtcdDiscoveryDomain` to setup the etcd members to bootstrap the etcd cluster using dns discovery [2]. This is required as Machine Config Operator currently uses the `cluster-config-v1` to creates these values and as `cluster-config-v1` is getting deprecated [3], Machine Config Operator will move to using the status of `Infrastructure.config.openshift.io` for sourcing that information. [1]: openshift/api#189 [2]: https://github.com/etcd-io/etcd/blob/583763261f1c843e07c1bf7fea5fb4cfb684fe87/Documentation/op-guide/clustering.md#dns-discovery [3]: openshift#680
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Jan 31, 2019
This updates the `Infrastructure.config.openshift.io` object to catch up with [1]. Machine Config Operator uses the `APIServerURL` to point the kubelet on machines to apiserver, and `EtcdDiscoveryDomain` to setup the etcd members to bootstrap the etcd cluster using dns discovery [2]. This is required as Machine Config Operator currently uses the `cluster-config-v1` to creates these values and as `cluster-config-v1` is getting deprecated [3], Machine Config Operator will move to using the status of `Infrastructure.config.openshift.io` for sourcing that information. [1]: openshift/api#189 [2]: https://github.com/etcd-io/etcd/blob/583763261f1c843e07c1bf7fea5fb4cfb684fe87/Documentation/op-guide/clustering.md#dns-discovery [3]: openshift#680
|
install config is not something others should be using, so I believe this can be closed.... |
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Mar 25, 2019
`cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: openshift#680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig
abhinavdahiya
added a commit
to abhinavdahiya/machine-config-operator
that referenced
this issue
Mar 26, 2019
The original feature of syncing the ssh key for authorized users from `cluster-config-v1` config map was added in [1]. The original assumption was that as `cluster-config-v1` was being deprecated in favor of global configs [2] and we will be able to find new home for the source of authorized keys for `core` user. Based on several discussions like [3], The better UX for users is that machineconfig with authorized keys is not owned by the controller and is rather pushed by the installer at install time. This allows users to edit the machineconfig directly to remove, add and manage the list of authorized keys. [1]: openshift@a46fcad [2]: openshift/installer#680 [3]: https://projects.engineering.redhat.com/browse/COREOS-1059
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Mar 27, 2019
`cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: openshift#680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Mar 27, 2019
`cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: openshift#680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig
abhinavdahiya
added a commit
to abhinavdahiya/installer
that referenced
this issue
Mar 27, 2019
`cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: openshift#680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig
vrutkovs
pushed a commit
to vrutkovs/installer
that referenced
this issue
Apr 1, 2019
`cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: openshift#680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig
wking
added a commit
to wking/cluster-image-registry-operator
that referenced
this issue
Apr 23, 2019
…t.io
Mostly, this is replacing cluster-config-v1 (which is deprecated [1])
with the Infrastructure config object. As part of that, I'm dropping
UserTags support (see discussion in [2,3]). I'm also replacing the
openshiftClusterID tag with a "kubernetes.io/cluster/{infraName}:
owned" tag [4,5].
[1]: openshift/installer#680
[2]: openshift/api#231 (comment)
[3]: openshift/api#266
[4]: openshift/installer#1280
[5]: https://bugzilla.redhat.com/show_bug.cgi?id=1685089#c11
wking
added a commit
to wking/cluster-image-registry-operator
that referenced
this issue
Apr 23, 2019
…t.io
Mostly, this is replacing cluster-config-v1 (which is deprecated [1])
with the Infrastructure config object. As part of that, I'm dropping
UserTags support (see discussion in [2,3]). I'm also replacing the
openshiftClusterID tag with a "kubernetes.io/cluster/{infraName}:
owned" tag [4,5].
UnversionedRESTClientFor (vs. RESTClientFor) avoids errors like:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1304/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-fc9948cc-b767n_cluster-image-registry-operator.log.gz | gunzip
I0423 05:43:03.599910 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-g38fc8f9-dirty
...
I0423 05:43:04.942285 1 bootstrap.go:38] generating registry custom resource
E0423 05:43:04.942775 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: GroupVersion is required when initializing a RESTClient, requeuing
InClusterConfig does not set GroupVersion [6] and RESTClientFor
requires it [7] while UnversionedRESTClientFor can fill it in [8].
[1]: openshift/installer#680
[2]: openshift/api#231 (comment)
[3]: openshift/api#266
[4]: openshift/installer#1280
[5]: https://bugzilla.redhat.com/show_bug.cgi?id=1685089#c11
[6]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L422-L428
[7]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L269-L270
[8]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L331-L333
wking
added a commit
to wking/cluster-image-registry-operator
that referenced
this issue
Apr 23, 2019
…t.io
Mostly, this is replacing cluster-config-v1 (which is deprecated [1])
with the Infrastructure config object. As part of that, I'm dropping
UserTags support (see discussion in [2,3]). I'm also replacing the
openshiftClusterID tag with a "kubernetes.io/cluster/{infraName}:
owned" tag [4,5].
The trip through clientcorev1.NewForConfig is because calling
RESTClientFor on the InClusterConfig raises:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1304/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-fc9948cc-b767n_cluster-image-registry-operator.log.gz | gunzip
I0423 05:43:03.599910 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-g38fc8f9-dirty
...
I0423 05:43:04.942285 1 bootstrap.go:38] generating registry custom resource
E0423 05:43:04.942775 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: GroupVersion is required when initializing a RESTClient, requeuing
InClusterConfig does not set GroupVersion [6] and RESTClientFor
requires it [7] while UnversionedRESTClientFor can fill it in [8].
But UnversionedRESTClientFor leaves NegotiatedSerializer unset:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1305/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-66d8b56784-5wt9v_cluster-image-registry-operator.log.gz | gunzip
I0423 09:21:42.998300 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-g64d5f62-dirty
...
I0423 09:21:44.345677 1 bootstrap.go:38] generating registry custom resource
E0423 09:21:44.346403 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: NegotiatedSerializer is required when initializing a RESTClient, requeuing
So I'm washing through clientcorev1.NewForConfig to get defaults for
both [9].
[1]: openshift/installer#680
[2]: openshift/api#231 (comment)
[3]: openshift/api#266
[4]: openshift/installer#1280
[5]: https://bugzilla.redhat.com/show_bug.cgi?id=1685089#c11
[6]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L422-L428
[7]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L269-L270
[8]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L331-L333
[9]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/kubernetes/typed/core/v1/core_client.go#L144-L155
wking
added a commit
to wking/cluster-image-registry-operator
that referenced
this issue
Apr 23, 2019
…t.io
Mostly, this is replacing cluster-config-v1 (which is deprecated [1])
with the Infrastructure config object. As part of that, I'm dropping
UserTags support (see discussion in [2,3]). I'm also replacing the
openshiftClusterID tag with a "kubernetes.io/cluster/{infraName}:
owned" tag [4,5].
The trip through clientcorev1.NewForConfig is because calling
RESTClientFor on the InClusterConfig raises:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1304/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-fc9948cc-b767n_cluster-image-registry-operator.log.gz | gunzip
I0423 05:43:03.599910 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-g38fc8f9-dirty
...
I0423 05:43:04.942285 1 bootstrap.go:38] generating registry custom resource
E0423 05:43:04.942775 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: GroupVersion is required when initializing a RESTClient, requeuing
InClusterConfig does not set GroupVersion [6] and RESTClientFor
requires it [7] while UnversionedRESTClientFor can fill it in [8].
But UnversionedRESTClientFor leaves NegotiatedSerializer unset:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1305/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-66d8b56784-5wt9v_cluster-image-registry-operator.log.gz | gunzip
I0423 09:21:42.998300 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-g64d5f62-dirty
...
I0423 09:21:44.345677 1 bootstrap.go:38] generating registry custom resource
E0423 09:21:44.346403 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: NegotiatedSerializer is required when initializing a RESTClient, requeuing
So I'm washing through clientcorev1.NewForConfig to get defaults for
both [9].
The RBAC change avoids:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1306/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-7f59899bf6-8c8x8_cluster-image-registry-operator.log.gz | gunzip | head -n7
I0423 10:44:51.121540 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-gfa5b59b-dirty
...
I0423 10:44:52.461691 1 bootstrap.go:38] generating registry custom resource
E0423 10:44:52.464035 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: infrastructures "cluster" is forbidden: User "system:serviceaccount:openshift-image-registry:cluster-image-registry-operator" cannot get resource "infrastructures" in API group "" at the cluster scope, requeuing
[1]: openshift/installer#680
[2]: openshift/api#231 (comment)
[3]: openshift/api#266
[4]: openshift/installer#1280
[5]: https://bugzilla.redhat.com/show_bug.cgi?id=1685089#c11
[6]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L422-L428
[7]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L269-L270
[8]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L331-L333
[9]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/kubernetes/typed/core/v1/core_client.go#L144-L155
wking
added a commit
to wking/cluster-image-registry-operator
that referenced
this issue
Apr 23, 2019
…t.io
Mostly, this is replacing cluster-config-v1 (which is deprecated [1])
with the Infrastructure config object. As part of that, I'm dropping
UserTags support (see discussion in [2,3]). I'm also replacing the
openshiftClusterID tag with a "kubernetes.io/cluster/{infraName}:
owned" tag [4,5].
The trip through clientcorev1.NewForConfig is because calling
RESTClientFor on the InClusterConfig raises:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1304/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-fc9948cc-b767n_cluster-image-registry-operator.log.gz | gunzip
I0423 05:43:03.599910 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-g38fc8f9-dirty
...
I0423 05:43:04.942285 1 bootstrap.go:38] generating registry custom resource
E0423 05:43:04.942775 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: GroupVersion is required when initializing a RESTClient, requeuing
InClusterConfig does not set GroupVersion [6] and RESTClientFor
requires it [7] while UnversionedRESTClientFor can fill it in [8].
But UnversionedRESTClientFor leaves NegotiatedSerializer unset:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1305/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-66d8b56784-5wt9v_cluster-image-registry-operator.log.gz | gunzip
I0423 09:21:42.998300 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-g64d5f62-dirty
...
I0423 09:21:44.345677 1 bootstrap.go:38] generating registry custom resource
E0423 09:21:44.346403 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: NegotiatedSerializer is required when initializing a RESTClient, requeuing
So I'm washing through clientcorev1.NewForConfig to get defaults for
both [9].
The RBAC change avoids:
$ curl -s https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-image-registry-operator/260/pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws/1306/artifacts/e2e-aws/pods/openshift-image-registry_cluster-image-registry-operator-7f59899bf6-8c8x8_cluster-image-registry-operator.log.gz | gunzip | head -n7
I0423 10:44:51.121540 1 main.go:18] Cluster Image Registry Operator Version: 4.0.0-142-gfa5b59b-dirty
...
I0423 10:44:52.461691 1 bootstrap.go:38] generating registry custom resource
E0423 10:44:52.464035 1 controller.go:235] unable to sync: unable to get storage configuration from cluster install config: infrastructures "cluster" is forbidden: User "system:serviceaccount:openshift-image-registry:cluster-image-registry-operator" cannot get resource "infrastructures" in API group "" at the cluster scope, requeuing
[1]: openshift/installer#680
[2]: openshift/api#231 (comment)
[3]: openshift/api#266
[4]: openshift/installer#1280
[5]: https://bugzilla.redhat.com/show_bug.cgi?id=1685089#c11
[6]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L422-L428
[7]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L269-L270
[8]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/rest/config.go#L331-L333
[9]: https://github.com/kubernetes/client-go/blob/59781b88d0faa9d51be48b4ca49eb08e05246de4/kubernetes/typed/core/v1/core_client.go#L144-L155
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Much of the content in https://github.com/openshift/installer/blob/master/pkg/types/installconfig.go#L23 should be moved to specific config.openshift.io types.
For example
Platformshould move to https://github.com/openshift/api/blob/master/config/v1/types_infrastructure.go#L27 so we can see the cloud information and a secret refNetworkingshould move to https://github.com/openshift/api/blob/master/config/v1/types_network.go#L29This doesn't necessarily mean that we have to remove the
oc get cm -nkube-system cluster-config-v1 -oyaml, but operators should consume the the information from the source of truth.I see at least one option for achieving this, but I'm open to other suggestions as well.
/assign @crawford @abhinavdahiya
@openshift/api-review for where bits move
@jwforres @derekwaynecarr fyi
@ironcladlou @squeed fyi since you both deal with the first two I saw.
The text was updated successfully, but these errors were encountered: