Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change secret name to digitalocean #21

Merged
merged 3 commits into from
May 14, 2018
Merged

Change secret name to digitalocean #21

merged 3 commits into from
May 14, 2018

Conversation

fatih
Copy link
Contributor

@fatih fatih commented May 11, 2018
edited
Loading

This means that users that already have created a token for
cloud-controller-manager can use the same token for the CSI plugin

  • checkout namespace compatibility

Fixes #20

@fatih
Copy link
Contributor Author

fatih commented May 11, 2018

@andrewsykim can you please comment on the namespace compatibility. I see that CCM is using kube-system, but we don't do it for CSI. I believe therefore, even if I change the name, it's not going to work out because the CCM secret lives in a separate namespace. The CSI secret lives in the default namespace. Happy to change it for our own case, just wonder the reason why CCM uses kube-system.

aybabtme
aybabtme reviewed May 11, 2018
View reviewed changes
deploy/kubernetes/releases/csi-digitalocean-NOT_RELEASED_v0.0.2.yaml Outdated
volumeMounts:
- name: plugin-dir
mountPath: /csi/
# TODO(arslan): the registar is not implemented yet
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

registrar

@andrewsykim
Copy link

CCM uses kube-system since it is technically a component of the kubernetes control plane. Like you said I think the best option going forward (at least for now) is just to duplicate the secret for this use case.

@fatih
Copy link
Contributor Author

fatih commented May 14, 2018
edited
Loading

I see. I'm not sure why the CSI plugin should live in kube-system. That namespace is meant for services that are created by Kubernetes:

The namespace for objects created by the Kubernetes system

Do you think it's better we change the default namespace for CCM to default?

@fatih
Copy link
Contributor Author

fatih commented May 14, 2018

Andrew shared this with me and seems like CCM is deployed into kube-system and is totally ok. It's also a part of Kubernetes. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#examples

There are two solutions I can think now:

  1. Duplicate secrets. This is the easiest way
  2. Move CSI to kube-system and make it coherent with CCM

Let me look into the second option and how others do the Kubernetes deployment story of a CSI plugin.

@aybabtme
Copy link

Seems to me that if CCM is a kube-system then the case is even stronger for CSI to be a kube-system?

@fatih
Copy link
Contributor Author

fatih commented May 14, 2018

@aybabtme true that. Moving it to kube-system. Will update the PR now

fatih added 2 commits May 14, 2018 18:49
@fatih
Change secret name to digitalocean
8076c15 
This means that users that already have created a token for
cloud-controller-manager can use the same token for the CSI plugin

Fixes #20
@fatih
Move to kube-system namespace
c92a971
@fatih
Copy link
Contributor Author

fatih commented May 14, 2018

@aybabtme @andrewsykim moved to kube-system and fixed review comments. PTAL.

lxfontes
lxfontes reviewed May 14, 2018
View reviewed changes
deploy/kubernetes/releases/csi-digitalocean-NOT_RELEASED_v0.0.2.yaml Outdated
subjects:
- kind: ServiceAccount
name: csi-attacher
namespace: default
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be kube-system ?

lxfontes
lxfontes reviewed May 14, 2018
View reviewed changes
deploy/kubernetes/releases/csi-digitalocean-NOT_RELEASED_v0.0.2.yaml Outdated
subjects:
- kind: ServiceAccount
name: csi-provisioner
namespace: default
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kube-system

lxfontes
lxfontes reviewed May 14, 2018
View reviewed changes
deploy/kubernetes/releases/csi-digitalocean-NOT_RELEASED_v0.0.2.yaml Outdated
subjects:
- kind: ServiceAccount
name: csi-doplugin
namespace: default
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kube-system

@fatih
Copy link
Contributor Author

fatih commented May 14, 2018

@lxfontes thanks for catching these. Fixed it.

@lxfontes
Copy link

lgtm

@fatih fatih merged commit 143bab3 into master May 14, 2018
@fatih fatih deleted the update-secret branch May 14, 2018 17:09
@cagedmantis
Copy link

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lxfontes lxfontes lxfontes left review comments

@aybabtme aybabtme aybabtme left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@fatih @andrewsykim @aybabtme @lxfontes @cagedmantis