Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

optimize Certs generation/copying in minikube #7409

Closed
medyagh opened this issue Apr 4, 2020 · 1 comment
Closed

optimize Certs generation/copying in minikube #7409

medyagh opened this issue Apr 4, 2020 · 1 comment
Labels
area/performance Performance related issues priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@medyagh
Copy link
Member

medyagh commented Apr 4, 2020
edited
Loading

the Cert Generation and copying takes 4seconds, and they are not in parallel.
we could the copying in parallel.
this will need modifying libmachine:

Another thing we could possibly do is, allow an option to a non-secure Pre-Existing CA Cert for all minikubes in the world (very unsafe) but that is what other local kubernetes tools do.

something like

minikube start --use-unsafe-certs

to save 3-4 seconds.

or additionally we could make the cert generation part of --download-only or --dry-run

[Install]
 config:
{KubernetesVersion:v1.18.0 ClusterName:minikube APIServerName:minikubeCA APIServerNames:[] APIServerIPs:[] DNSDomain:cluster.local ContainerRuntime:docker CRISocket: NetworkPlugin: FeatureGates: ServiceCIDR:10.96.0.0/12 ImageRepository: ExtraOptions:[{Component:kubeadm Key:pod-network-cidr Value:10.244.0.0/16}] ShouldLoadCachedImages:true EnableDefaultCNI:false NodeIP: NodePort:0 NodeName:}
I0403 18:55:46.995047    6730 kic_runner.go:91] Run: sudo ls /var/lib/minikube/binaries/v1.18.0
I0403 18:55:47.134590    6730 binaries.go:42] Found k8s binaries, skipping transfer
I0403 18:55:47.134859    6730 kic_runner.go:91] Run: sudo mkdir -p /var/tmp/minikube /etc/systemd/system/kubelet.service.d /lib/systemd/system
I0403 18:55:47.841410    6730 kic_runner.go:91] Run: /bin/bash -c "pgrep kubelet && diff -u /lib/systemd/system/kubelet.service /lib/systemd/system/kubelet.service.new && diff -u /etc/systemd/system/kubelet.service.d/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/10-kubeadm.conf.new"
I0403 18:55:48.011118    6730 kic_runner.go:91] Run: /bin/bash -c "sudo cp /lib/systemd/system/kubelet.service.new /lib/systemd/system/kubelet.service && sudo cp /etc/systemd/system/kubelet.service.d/10-kubeadm.conf.new /etc/systemd/system/kubelet.service.d/10-kubeadm.conf && sudo systemctl daemon-reload && sudo systemctl restart kubelet"
I0403 18:55:48.263380    6730 certs.go:51] Setting up /Users/medmac/.minikube/profiles/minikube for IP: 172.17.0.2
I0403 18:55:48.263529    6730 certs.go:169] skipping minikubeCA CA generation: /Users/medmac/.minikube/ca.key
I0403 18:55:48.263630    6730 certs.go:169] skipping proxyClientCA CA generation: /Users/medmac/.minikube/proxy-client-ca.key
I0403 18:55:48.263726    6730 certs.go:267] generating minikube-user signed cert: /Users/medmac/.minikube/profiles/minikube/client.key
I0403 18:55:48.263756    6730 crypto.go:69] Generating cert /Users/medmac/.minikube/profiles/minikube/client.crt with IP's: []
I0403 18:55:48.539363    6730 crypto.go:157] Writing cert to /Users/medmac/.minikube/profiles/minikube/client.crt ...
I0403 18:55:48.539401    6730 lock.go:35] WriteFile acquiring /Users/medmac/.minikube/profiles/minikube/client.crt: {Name:mk40a5540974cc1f6fda22158d6c4b3fbd1f0915 Clock:{} Delay:500ms Timeout:1m0s Cancel:<nil>}
I0403 18:55:48.540095    6730 crypto.go:165] Writing key to /Users/medmac/.minikube/profiles/minikube/client.key ...
I0403 18:55:48.540113    6730 lock.go:35] WriteFile acquiring /Users/medmac/.minikube/profiles/minikube/client.key: {Name:mk3ef29526a09f1ff9161ad6acd70ee9d60a633c Clock:{} Delay:500ms Timeout:1m0s Cancel:<nil>}
I0403 18:55:48.540358    6730 certs.go:267] generating minikube signed cert: /Users/medmac/.minikube/profiles/minikube/apiserver.key.eaa33411
I0403 18:55:48.540370    6730 crypto.go:69] Generating cert /Users/medmac/.minikube/profiles/minikube/apiserver.crt.eaa33411 with IP's: [172.17.0.2 10.96.0.1 127.0.0.1 10.0.0.1]
I0403 18:55:48.868087    6730 crypto.go:157] Writing cert to /Users/medmac/.minikube/profiles/minikube/apiserver.crt.eaa33411 ...
I0403 18:55:48.868121    6730 lock.go:35] WriteFile acquiring /Users/medmac/.minikube/profiles/minikube/apiserver.crt.eaa33411: {Name:mk149cf13c229e6dabda11cc03d3fabf9484f5f3 Clock:{} Delay:500ms Timeout:1m0s Cancel:<nil>}
I0403 18:55:48.868789    6730 crypto.go:165] Writing key to /Users/medmac/.minikube/profiles/minikube/apiserver.key.eaa33411 ...
I0403 18:55:48.868807    6730 lock.go:35] WriteFile acquiring /Users/medmac/.minikube/profiles/minikube/apiserver.key.eaa33411: {Name:mkb78b13d84fc52005273c025149f18dd3506a31 Clock:{} Delay:500ms Timeout:1m0s Cancel:<nil>}
I0403 18:55:48.869038    6730 certs.go:278] copying /Users/medmac/.minikube/profiles/minikube/apiserver.crt.eaa33411 -> /Users/medmac/.minikube/profiles/minikube/apiserver.crt
I0403 18:55:48.869276    6730 certs.go:282] copying /Users/medmac/.minikube/profiles/minikube/apiserver.key.eaa33411 -> /Users/medmac/.minikube/profiles/minikube/apiserver.key
I0403 18:55:48.870061    6730 certs.go:267] generating aggregator signed cert: /Users/medmac/.minikube/profiles/minikube/proxy-client.key
I0403 18:55:48.870074    6730 crypto.go:69] Generating cert /Users/medmac/.minikube/profiles/minikube/proxy-client.crt with IP's: []
I0403 18:55:49.203046    6730 crypto.go:157] Writing cert to /Users/medmac/.minikube/profiles/minikube/proxy-client.crt ...
I0403 18:55:49.203077    6730 lock.go:35] WriteFile acquiring /Users/medmac/.minikube/profiles/minikube/proxy-client.crt: {Name:mk40b2a47405cf8c69988ef66be9edadc9bdb497 Clock:{} Delay:500ms Timeout:1m0s Cancel:<nil>}
I0403 18:55:49.203656    6730 crypto.go:165] Writing key to /Users/medmac/.minikube/profiles/minikube/proxy-client.key ...
I0403 18:55:49.203674    6730 lock.go:35] WriteFile acquiring /Users/medmac/.minikube/profiles/minikube/proxy-client.key: {Name:mkdf83c31035d92fc63d779c4d8de94fa8a6a301 Clock:{} Delay:500ms Timeout:1m0s Cancel:<nil>}
I0403 18:55:49.204142    6730 certs.go:330] found cert: ca-key.pem (1679 bytes)
I0403 18:55:49.204197    6730 certs.go:330] found cert: ca.pem (1034 bytes)
I0403 18:55:49.204252    6730 certs.go:330] found cert: cert.pem (1078 bytes)
I0403 18:55:49.204329    6730 certs.go:330] found cert: key.pem (1679 bytes)
I0403 18:55:49.205519    6730 certs.go:120] copying: /var/lib/minikube/certs/apiserver.crt
I0403 18:55:49.390815    6730 certs.go:120] copying: /var/lib/minikube/certs/apiserver.key
I0403 18:55:49.559205    6730 certs.go:120] copying: /var/lib/minikube/certs/proxy-client.crt
I0403 18:55:49.734629    6730 certs.go:120] copying: /var/lib/minikube/certs/proxy-client.key
I0403 18:55:49.957436    6730 certs.go:120] copying: /var/lib/minikube/certs/ca.crt
I0403 18:55:50.159582    6730 certs.go:120] copying: /var/lib/minikube/certs/ca.key
I0403 18:55:50.316575    6730 certs.go:120] copying: /var/lib/minikube/certs/proxy-client-ca.crt
I0403 18:55:50.502338    6730 certs.go:120] copying: /var/lib/minikube/certs/proxy-client-ca.key
I0403 18:55:50.692201    6730 certs.go:120] copying: /usr/share/ca-certificates/minikubeCA.pem
I0403 18:55:50.858372    6730 certs.go:120] copying: /var/lib/minikube/kubeconfig
I0403 18:55:51.104729    6730 kic_runner.go:91] Run: openssl version
I0403 18:55:51.273010    6730 kic_runner.go:91] Run: sudo /bin/bash -c "test -f /usr/share/ca-certificates/minikubeCA.pem && ln -fs /usr/share/ca-certificates/minikubeCA.pem /etc/ssl/certs/minikubeCA.pem"
I0403 18:55:51.435165    6730 kic_runner.go:91] Run: ls -la /usr/share/ca-certificates/minikubeCA.pem
I0403 18:55:51.598451    6730 certs.go:370] hashing: -rw-r--r-- 1 root root 1066 Mar 27 00:19 /usr/share/ca-certificates/minikubeCA.pem
I0403 18:55:51.598679    6730 kic_runner.go:91] Run: openssl x509 -hash -noout -in /usr/share/ca-certificates/minikubeCA.pem
I0403 18:55:51.784069    6730 kic_runner.go:91] Run: sudo /bin/bash -c "test -L /etc/ssl/certs/b5213941.0 || ln -fs /etc/ssl/certs/minikubeCA.pem /etc/ssl/certs/b5213941.0"
I0403 18:55:51.959097    6730 k
@medyagh medyagh changed the title copy certs in parallel optimze Certs generation/copying in minikube Apr 4, 2020
@medyagh medyagh changed the title optimze Certs generation/copying in minikube optimize Certs generation/copying in minikube Apr 4, 2020
@tstromberg tstromberg added area/performance Performance related issues priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Apr 4, 2020
@priyawadhwa
Copy link

I'm going to close this issue as this has been resolved by #7591 and #7394

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/performance Performance related issues priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tstromberg @medyagh @priyawadhwa