Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

restore ability to run against secured etcd #21535

Merged
merged 1 commit into from
Mar 11, 2016

Conversation

adohe-zz
Copy link

Fixes #18760

@k8s-github-robot
Copy link

Labelling this PR as size/M

@k8s-github-robot k8s-github-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Feb 19, 2016
@adohe-zz
Copy link
Author

@lavalamp First I want to say I am sorry about opening this PR without carefully test since I have some questions and just want to confirm: 1) why we keep EtcdQuorumRead in ServerRunOption while put other etcd related attributes in APIServer struct? 2) After restore etcd secure ability, there are totally 7 fields about etcd configuration in APIServer, also this make newEtcdFunc signature two long, how about refactoring these 7 fields to one struct, for example EtcdConfig(three are already one) 3) for now all of etcd storage tests are with insecure etcd server, shall we add the same test cases but with secure enable? 4) finally I just want to ask something about e2e test setting. I run below commands to do e2e tests, but just failed.

sudo ./hack/local-up-cluster.sh
make all
_output/local/bin/linux/amd64/e2e.test --host="127.0.0.1:8080" --provider="local" --ginkgo.v=true -ginkgo.dryRun=true --kubeconfig="/home/tony/.kubernetes_auth" --repo-root="/home/tony/Documents/go/src/k8s.io/kubernetes/"

Also the .kubernetes_auth has such content:

{
  "User": "root",
  "Password": ""
}

And the e2e result is:

------------------------------
SchedulerPredicates [Serial] 
  validates MaxPods limit number of pods that are allowed to run [Slow]
  /home/tony/Documents/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/scheduler_predicates.go:278
•
------------------------------
Pods 
  should get a host IP [Conformance]
  /home/tony/Documents/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/pods.go:227
•
Ran 173 of 235 Specs in 0.016 seconds
SUCCESS! -- 0 Passed | 0 Failed | 0 Pending | 62 Skipped PASS

It seems nothing happen.
Just hope to get your feedback.

@k8s-bot
Copy link

k8s-bot commented Feb 19, 2016

GCE e2e build/test failed for commit 4f07378b59a7e27b7fba0df23349905ab1e265d9.

}
}

func (c *EtcdConfig) newHttpTransport() etcd.CancelableTransport {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xiang90 care to comment here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A big TODO for a test. I'm not sure the best way. I'm assuming you manually tried it and it works? :)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lavalamp of course, I am setting up a real test cluster to test this.

@lavalamp lavalamp assigned lavalamp and unassigned dchen1107 Feb 19, 2016
@lavalamp
Copy link
Member

Thank you for throwing this together.

@lavalamp
Copy link
Member

Sorry, totally didn't see your comment with the question. I'm not sure what's wrong, but you can try adding the -ginkgo.focus= parameter to get it to run a specific test.

@adohe-zz adohe-zz force-pushed the restore_secure_etcd branch from 4f07378 to 5d99a15 Compare February 22, 2016 05:54
@k8s-github-robot
Copy link

Labelling this PR as size/L

@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Feb 22, 2016
@k8s-bot
Copy link

k8s-bot commented Feb 22, 2016

GCE e2e test build/test passed for commit 5d99a15e44f257e5b0b658354d388251758f12af.

@k8s-github-robot
Copy link

PR needs rebase

@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 22, 2016
@adohe-zz adohe-zz force-pushed the restore_secure_etcd branch from 5d99a15 to f6cc7db Compare February 22, 2016 08:49
@k8s-github-robot k8s-github-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 22, 2016
@k8s-bot
Copy link

k8s-bot commented Feb 22, 2016

GCE e2e test build/test passed for commit f6cc7db6add481ebfe9c8f09b841c59d14164d7b.

client etcd.KeysAPI
codec runtime.Codec
copier runtime.ObjectCopier
mapi etcd.MembersAPI
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

etcdMembers or etcdMembersClient or membersClient. Same for 'kapi'.

(IMO: short abbreviations help readability in short function local variables and hurt it in structs as member variables)

@lavalamp
Copy link
Member

New config struct is looking good, but I guess you have a bit more to do on this?

@adohe-zz
Copy link
Author

@lavalamp of course, I am keep going.

@adohe-zz adohe-zz force-pushed the restore_secure_etcd branch from f6cc7db to 76cc3f7 Compare February 23, 2016 04:22
@k8s-bot
Copy link

k8s-bot commented Feb 23, 2016

GCE e2e test build/test passed for commit 76cc3f753f4f9cdfbf46d5864c1e201583d9fa97.

@adohe-zz adohe-zz force-pushed the restore_secure_etcd branch from 76cc3f7 to ea1a073 Compare February 23, 2016 11:33
@bgrant0607
Copy link
Member

Is this ready to LGTM @liggitt ? I see a comment above that suggests that it is.

@liggitt
Copy link
Member

liggitt commented Mar 11, 2016

Yes, LGTM

@liggitt liggitt added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 11, 2016
@adohe-zz
Copy link
Author

seems the rkt unit test failed #22856. Besides I opened a follow-up issue to decide on InsecureSkipVerifyTLS here #22858

@k8s-bot
Copy link

k8s-bot commented Mar 11, 2016

GCE e2e build/test passed for commit 7228b9b.

@eparis
Copy link
Contributor

eparis commented Mar 11, 2016

@bgrant0607 is right. kind/old-docs is pretty meaningless at this point. I might get rid of it.

@bgrant0607
Copy link
Member

I'm fine with that @eparis

@bgrant0607 bgrant0607 added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Mar 11, 2016
@bgrant0607
Copy link
Member

@k8s-bot unit test this issue: #22856

@adohe-zz
Copy link
Author

seems ready to merge. @bgrant0607

@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Mar 11, 2016

GCE e2e build/test passed for commit 7228b9b.

@bgrant0607
Copy link
Member

e2e flaked again. Manually merging @k8s-oncall

bgrant0607 added a commit that referenced this pull request Mar 11, 2016
restore ability to run against secured etcd
@bgrant0607 bgrant0607 merged commit 532ba5a into kubernetes:master Mar 11, 2016
@bgrant0607 bgrant0607 added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. labels Mar 11, 2016
eparis pushed a commit to eparis/kubernetes that referenced this pull request Mar 11, 2016
restore ability to run against secured etcd
@eparis
Copy link
Contributor

eparis commented Mar 11, 2016

This PR is included in #22874 which is slated to be included in the release-1.2 branch.
Please verify that the cherry-pick in that PR looks correct.

@eparis eparis removed cherrypick-candidate cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. labels Mar 11, 2016
@adohe-zz adohe-zz deleted the restore_secure_etcd branch March 14, 2016 02:04
metahertz pushed a commit to metahertz/kubernetes that referenced this pull request Apr 4, 2016
restore ability to run against secured etcd
@david-mcmahon david-mcmahon added the release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. label Apr 8, 2016
shyamjvs pushed a commit to shyamjvs/kubernetes that referenced this pull request Dec 1, 2016
restore ability to run against secured etcd
shouhong pushed a commit to shouhong/kubernetes that referenced this pull request Feb 14, 2017
restore ability to run against secured etcd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.