Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rootless: fail early if prerequiresites are not satisfied #2129

Merged
merged 1 commit into from
Mar 24, 2021
Merged

rootless: fail early if prerequiresites are not satisfied #2129

merged 1 commit into from
Mar 24, 2021

Conversation

AkihiroSuda
Copy link
Member

kind create cluster now prints errors before running the containers.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 15, 2021
@k8s-ci-robot k8s-ci-robot requested review from aojea and krzyzacy March 15, 2021 06:18
@k8s-ci-robot k8s-ci-robot added area/provider/docker Issues or PRs related to docker needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. area/provider/podman Issues or PRs related to podman labels Mar 15, 2021
@k8s-ci-robot
Copy link
Contributor

Hi @AkihiroSuda. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 15, 2021
aojea
aojea reviewed Mar 15, 2021
View reviewed changes
pkg/cluster/internal/create/create.go
@@ -66,6 +66,11 @@ type ClusterOptions struct {

// Cluster creates a cluster
func Cluster(logger log.Logger, p providers.Provider, opts *ClusterOptions) error {
// validate provider first
if err := validateProvider(p); err != nil {
Copy link
Contributor

@aojea aojea Mar 15, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@BenTheElder I don't know if we should validate it only on create cluster or always in DetectNodeProvider() ,

kind/pkg/cluster/provider.go

Lines 95 to 118 in 5b79090

// DetectNodeProvider allows callers to autodetect the node provider
// *without* fallback to the default.
//
// Pass the returned ProviderOption to NewProvider to pass the auto-detect Docker
// or Podman option explicitly (in the future there will be more options)
//
// NOTE: The kind *cli* also checks `KIND_EXPERIMENTAL_PROVIDER` for "podman" or
// "docker" currently and does not auto-detect / respects this if set.
//
// This will be replaced with some other mechanism in the future (likely when
// podman support is GA), in the meantime though your tool may wish to match this.
//
// In the future when this is not considered experimental,
// that logic will be in a public API as well.
func DetectNodeProvider() (ProviderOption, error) {
// auto-detect based on each node provider's IsAvailable() function
if docker.IsAvailable() {
return ProviderWithDocker(), nil
}
if podman.IsAvailable() {
return ProviderWithPodman(), nil
}
return nil, errors.WithStack(NoNodeProviderDetectedError)
}

we currently have <provider>.IsAvailable()
Should it be <provider>.IsAvailableAndValid() ?

Copy link
Member Author

@AkihiroSuda AkihiroSuda Mar 15, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added this validation to create.go because deletion should not require this validation.

When a user booted the host with cgroup v2, created a rootless kind cluster, and then rebooted with cgroup v1 for running some other apps that do not support cgroup v2, the user still want to be able to remove the kind cluster.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my comment is more about the long term solution, Ben always wanted to model the providers API (as you can see in the comment that I pasted above)

So I'm wondering if this is the time to do it, to avoid start to grow it organically, 👍

When a user booted the host with cgroup v2, created a rootless kind cluster, and then rebooted with cgroup v1 for running some other apps that do not support cgroup v2, the user still want to be able to remove the kind cluster.

we should also start to think in what is supported , that is an interesting use case

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I failed to click submit on my comment earlier it seems ...

Delete should not require validation indeed, the validation is wether the tagged resource exists.

It's fine for this to grow somewhat organically internally for now, we can create a better API in the future and consider it exporting it once we have a better idea what we need. It's the public APIs that we need to be more careful with (because people already depend on them and we can't refactor them easily, so we need to make any changes minimally difficult to deal with / not really remove APIs etc.). We can completely rewrite our own internal usage. I'm going to take a sledgehammer to the "actions" thing when I get some freetime someday, and the node build code ...

@AkihiroSuda AkihiroSuda force-pushed the rootless-fail-early branch from e21174c to 4d7e6c9 Compare March 15, 2021 09:19
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 15, 2021
@BenTheElder
Copy link
Member

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 16, 2021
@AkihiroSuda AkihiroSuda force-pushed the rootless-fail-early branch from 4d7e6c9 to ba7e05f Compare March 16, 2021 06:33
@AkihiroSuda AkihiroSuda force-pushed the rootless-fail-early branch from ba7e05f to c3f2463 Compare March 16, 2021 07:48
@aojea
Copy link
Contributor

aojea commented Mar 16, 2021

/retest

@aojea
Copy link
Contributor

aojea commented Mar 16, 2021

/lgtm
/assign @BenTheElder

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 16, 2021
Base automatically changed from master to main March 16, 2021 23:22
@AkihiroSuda
Copy link
Member Author

/test pull-kind-e2e-kubernetes-1-20
/test pull-kind-e2e-kubernetes

@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Mar 17, 2021
edited
Loading

/test pull-kind-e2e-kubernetes

@AkihiroSuda
Copy link
Member Author

@BenTheElder PTAL?

BenTheElder
BenTheElder approved these changes Mar 23, 2021
View reviewed changes
Copy link
Member

@BenTheElder BenTheElder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, sorry I've been prioritizing bug fixes & test coverage (k8s release cycle spilling over everywhere)

pkg/cluster/internal/providers/podman/provider.go
Rootless: os.Geteuid() != 0,
Rootless: euid != 0,
}
if _, err := os.Stat("/sys/fs/cgroup/cgroup.controllers"); err == nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is going to bite us someday when someone requests remote podman 🙃
(not a blocker I think, but leaving a breadcrumb @aojea)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that will be a future work, and probably needs some work on Podman side.

pkg/cluster/internal/providers/podman/provider.go
@@ -347,8 +349,45 @@ func (p *provider) CollectLogs(dir string, nodes []nodes.Node) error {

// Info returns the provider info.
func (p *provider) Info() (*providers.ProviderInfo, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably note that this is cached.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this can not change on runtime, right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a comment line about that.

this can not change on runtime, right?

Right

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AkihiroSuda, BenTheElder

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 23, 2021
@AkihiroSuda
Copy link
Member Author

/test pull-kind-e2e-kubernetes

1 similar comment
@AkihiroSuda
Copy link
Member Author

/test pull-kind-e2e-kubernetes

@aojea
Copy link
Contributor

aojea commented Mar 23, 2021

/retest

@aojea
Copy link
Contributor

aojea commented Mar 23, 2021

something is going on with
pull-kind-e2e-kubernetes

lots of timeout and failures lately

@AkihiroSuda
rootless: fail early if prerequiresites are not satisfied
9a292c3 
`kind create cluster` now prints errors before running the containers.

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda AkihiroSuda force-pushed the rootless-fail-early branch from c3f2463 to 9a292c3 Compare March 24, 2021 08:11
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 24, 2021
@AkihiroSuda
Copy link
Member Author

/retest

@aojea
Copy link
Contributor

aojea commented Mar 24, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 24, 2021
@AkihiroSuda
Copy link
Member Author

/retest

@k8s-ci-robot k8s-ci-robot merged commit 2c8c230 into kubernetes-sigs:main Mar 24, 2021
@afrittoli afrittoli mentioned this pull request May 7, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aojea aojea aojea left review comments

@BenTheElder BenTheElder BenTheElder approved these changes

@krzyzacy krzyzacy Awaiting requested review from krzyzacy

Assignees

@BenTheElder BenTheElder

@aojea aojea

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/provider/docker Issues or PRs related to docker area/provider/podman Issues or PRs related to podman cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AkihiroSuda @k8s-ci-robot @BenTheElder @aojea