Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes juju kubernetes master: 1. Get certs from a dead leader. 2. Append tokens. #43620

Merged
merged 3 commits into from
Apr 28, 2017
Merged

Fixes juju kubernetes master: 1. Get certs from a dead leader. 2. Append tokens. #43620

merged 3 commits into from
Apr 28, 2017

Conversation

ktsakalozos
Copy link
Contributor

@ktsakalozos ktsakalozos commented Mar 24, 2017
edited
Loading

What this PR does / why we need it:
Fixes two issues with the Juju kubernetes master.

  1. Grab certificates from a leader that is already removed.
  2. Append (not truncate) auth tokens

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #
fixes #43563 fixes #43519

Special notes for your reviewer:

Release note:

Recover certificates from leadership context in case all masters die in a Juju deployment

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 24, 2017
@k8s-ci-robot
Copy link
Contributor

Hi @ktsakalozos. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with @k8s-bot ok to test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Mar 24, 2017
@k8s-reviewable
Copy link

This change is Reviewable

mbruzek
mbruzek reviewed Mar 24, 2017
View reviewed changes
cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
set_state('authentication.setup')


def get_keys_from_leader(keys):
Copy link
Contributor

@mbruzek mbruzek Mar 24, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docstrings for every method.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

mbruzek
mbruzek reviewed Mar 24, 2017
View reviewed changes
cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
hookenv.status_set('maintenance', 'Rendering authentication templates.')

# Set an array for looping logic
keys = [service_key, basic_auth, known_tokens]
for k in keys:
# If the path does not exist, assume we need it
if not os.path.exists(k):
Copy link
Contributor

@mbruzek mbruzek Mar 24, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the path doesn't exist and the contents are none this new method returns. Previously that same code exited the original setup_non_leader_authentication method which prevented the "authentication.setup" state from being set. Is this different behavior intended?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. In the latest commit get_keys_from_leader returns False if any of the keys were not fetched

@mikedanese mikedanese assigned mbruzek and unassigned mikedanese Mar 25, 2017
@mikedanese
Copy link
Member

/approve

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 25, 2017
@mbruzek
Copy link
Contributor

mbruzek commented Mar 27, 2017

Thanks for changing the code @ktsakalozos!

/approve

@grodrigues3 grodrigues3 added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 5, 2017
@marcoceppi
Copy link
Contributor

@k8s-bot ok to test

@marcoceppi
Copy link
Contributor

Can you please add release notes for this? Thanks.

@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 24, 2017
@k8s-github-robot k8s-github-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. release-note-label-needed labels Apr 28, 2017
@ktsakalozos
Copy link
Contributor Author

I've addressed conflicts and updated the release note. Thanks

@marcoceppi
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 28, 2017
@marcoceppi
Copy link
Contributor

/assign @marcoceppi

@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ktsakalozos, marcoceppi, mbruzek, mikedanese

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 41530, 44814, 43620, 41985)

@k8s-github-robot k8s-github-robot merged commit 929bb8b into kubernetes:master Apr 28, 2017
dims pushed a commit to dims/kubernetes that referenced this pull request Feb 8, 2018
Merge pull request kubernetes#43620 from ktsakalozos/bug/juju-master
0baf40c 
Automatic merge from submit-queue (batch tested with PRs 41530, 44814, 43620, 41985)

Fixes juju kubernetes master: 1. Get certs from a dead leader. 2. Append tokens.

**What this PR does / why we need it**:
Fixes two issues with the Juju kubernetes master.

1. Grab certificates from a leader that is already removed.
2. Append (not truncate) auth tokens 

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
fixes kubernetes#43563 fixes kubernetes#43519

**Special notes for your reviewer**:

**Release note**:

```
Recover certificates from leadership context in case all masters die in a Juju deployment
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbruzek mbruzek mbruzek left review comments

Assignees

@marcoceppi marcoceppi

@mbruzek mbruzek

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
8 participants
@ktsakalozos @k8s-ci-robot @k8s-reviewable @mikedanese @mbruzek @marcoceppi @k8s-github-robot @grodrigues3