Follow-up selfhosting improvements

Question

Follow-up selfhosting improvements

luxas opened this issue 8 years ago · comments

kubernetes/kubernetes#40075 is now lgtm'd and we don't want to put more complexity in the PR, it's big enough already and has been waiting for quite a long time.

It now works, and that's great.

~~OLD: Here we should track the fixup work (20th Jan):~~

~~Be able to deploy 2 schedulers and cms~~
~~Specify rollingupdate parameters to the deployments: kubernetes/kubernetes#40075 (comment)~~
~~Use server-side DaemonSet upgrades - depends on kubernetes/kubernetes#41116~~
~~General fixup of the code/make it more efficient~~
~~Add tests~~
~~Refactor the API type behind it so we can specify more options (like 2 or more schedulers)~~
~~Make secrets of the needed certs and mount them in the Pod~~
~~Use the more generic --controlplane or --controlplane-type flag~~
~~Make constants of commonly used string values~~
~~Adopt the Pod checkpointer #131~~
...and probably more.

EDIT: New list as of 19th June

Make self-hosting work, split out to phase, use DaemonSets: kubernetes/kubernetes#47435
Upload certificates to the API using Secrets: kubernetes/kubernetes#42548
Propose a create-first-then-delete DaemonSetUpdateStrategy and consume for the controller-manager and scheduler
Write a kubelet checkpointing proposal and opt-into that for kubeadm

@pires @mikedanese @Kargakis @lukemarsden

Lucas Käldström · Answer 1 · Sat Jan 21 2017 00:51:01 GMT+0800 (China Standard Time)

cc @aaronlevy @philips

Pires · Answer 2 · Sat Jan 21 2017 19:56:16 GMT+0800 (China Standard Time)

Use the more generic --controlplane or --controlplane-type flag

I strongly disagree with this one. There are only two types of deployments right now, self-hosted or non-self-hosted. And I don't see that changing in the future. --self-hosted is clear about its intents.

Lucas Käldström · Answer 3 · Tue Jan 24 2017 00:41:52 GMT+0800 (China Standard Time)

I strongly disagree with this one. There are only two types of deployments right now, self-hosted or non-self-hosted. And I don't see that changing in the future. --self-hosted is clear about its intents.

I see it from the perspective that we don't know what happens in the future; we should be future-proof and I also assume here that we will enable self-hosting by default. So if we have self-hosting enabled by default, --self-hosted=false feels like an awkward way of using static pods for those who prefer that.
WDYT @pires?

Also forgot to add to the list:

Push a version of the Pod Checkpointer to a gcr.io repo from kubernetes/kubeadm and deploy it in self-hosted mode

Pires · Answer 4 · Tue Jan 24 2017 00:50:18 GMT+0800 (China Standard Time)

For now, --self-hosted seems to suffice for people wanting to try self-hosted mode, which is still a rough take, and I'm expecting feedback, like this PR, to shape future changes. So, renaming flags doesn't make much sense to me here. I think we must come up with API objects that cover the features we're planning for ASAP.

Lucas Käldström · Answer 5 · Tue Jan 24 2017 01:53:44 GMT+0800 (China Standard Time)

I think we must come up with API objects that cover the features we're planning for ASAP.

That's exactly what I'm doing

Devan Goodwin · Answer 6 · Wed Jan 25 2017 01:08:33 GMT+0800 (China Standard Time)

Do we still need checkpointing, server restart and disaster recovery?

Lucas Käldström · Answer 7 · Mon Jun 19 2017 19:17:55 GMT+0800 (China Standard Time)

EDIT: New list as of 19th June

Make self-hosting work, split out to phase, use DaemonSets: kubernetes/kubernetes#47435
~~Upload certificates to the API using Secrets: kubernetes/kubernetes#42548~~
Propose a create-first-then-delete DaemonSetUpdateStrategy and consume for the controller-manager and scheduler
Write a kubelet checkpointing proposal and opt-into that for kubeadm

cc @roberthbailey @timothysc @aaronlevy @roberthbailey Did I miss something ^?

Timothy St. Clair · Answer 8 · Tue Jul 18 2017 03:09:55 GMT+0800 (China Standard Time)

Why is this closed...? Those last two items still need to be done.

Lucas Käldström · Answer 9 · Tue Jul 18 2017 04:15:48 GMT+0800 (China Standard Time)

No idea @timothysc, Github links ftw I guess?

Lucas Käldström · Answer 10 · Sat Aug 19 2017 23:55:29 GMT+0800 (China Standard Time)

@timothysc requested an update on this issue, here we go:

Implement alpha Bootstrapping Checkpointing in the kubelet kubernetes/enhancements#378
Implement beta Add-then-kill DaemonSet UpdateStrategy kubernetes/enhancements#373
Improve alpha support for self-hosting with certificates as Secrets kubernetes/kubernetes#50766
- This is not something that will be enabled by default, and we don't plan to enable it by default in the coming releases either due to the security concerns, but it's there behind a feature gate for folks that understand the consequences. With this, a quite portion of the bootkube functionality is now merged into kubeadm (cc @aaronlevy FYI)
Flip self-hosting on by default for new clusters:https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/cmd/features/features.go#L61

Sounds good?

Lucas Käldström · Answer 11 · Sat Aug 19 2017 23:56:16 GMT+0800 (China Standard Time)

cc @diegs for the "Add-then-kill" DaemonSet UpdateStrategy implementation, please link here when you have the PR up

Lucas Käldström · Answer 12 · Thu Sep 07 2017 02:12:13 GMT+0800 (China Standard Time)

@timothysc @diegs Moving the rest of these items to v1.9

Lucas Käldström · Answer 13 · Thu Nov 09 2017 18:21:53 GMT+0800 (China Standard Time)

The add-then-kill feature is not relevant anymore and the checkpointing issue is separate (#131) so closing this as it doesn't have any action items