Cluster-api: KCP conditions need to indicate when it fails to clone linked templates
What steps did you take and what happened:
Spun up a cluster with a bad public ssh key.
Saw no activity.
Eventually looking in:
:~$ kubectl -n capi-kubeadm-control-plane-system logs deploy/capi-kubeadm-control-plane-controller-manager -c manager
It was clear that it was an SSH key missing issue. Since that admission controller denied the request, new machines not getting created, resulting in a starvation scenario during cluster bootstrapping, that isnt detectable via the conditions api.
What did you expect to happen:
I would be able to see this in the conditions of one of the api objects (kubeadm get cluster --all-namespaces |grep -i conditions -A 10 might show something ? or maybe another one of the conditions ?)
Anything else you would like to add:
Environment:
- Cluster-api version: 0.3.8
/kind bug
[One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels]
jayunit100
All 9 comments
cc @ncdc
jayunit100
on 27 Aug 2020
/retitle KCP conditions need to indicate when it fails to clone the infra machine template
ncdc
on 27 Aug 2020
Renamed it to include bootstrap as well
vincepri
on 27 Aug 2020
/help
/milestone v0.4.0
/priority important-longterm
vincepri
on 27 Aug 2020
@vincepri:
This request has been marked as needing help from a contributor.
Please ensure the request meets the requirements listed here.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.
In response to this:
/help
/milestone v0.4.0
/priority important-longterm
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
k8s-ci-robot
on 27 Aug 2020
/assign
shysank
on 12 Oct 2020
Just a note here.
Handling the cloning process is a responsibility of the infrastructure provider, and so the cloning error should surface first as a condition on the infrastructure machine. Then, this condition should automatically go up the chain and be reported by KCP into the KCP machineReady condition.
FYI In CAPV, we are already addressing a similar problem
fabriziopandini
on 13 Oct 2020
IIRC, this is about a failure to create a new CR from the infra (or bootstrap) template in the KCP spec. I don't think it's related to VM cloning.
ncdc
on 13 Oct 2020
Specifically these:
And this last one is for the Machine creation and not about templates, but it's maybe worth surfacing in a condition somewhere too?
ncdc
on 13 Oct 2020
Related issues
wfernandes
路
5Comments
chaosaffe
路
6Comments
chuckha
路
4Comments
ncdc
路
5Comments
rsmitty
路
5Comments
Most helpful comment
Specifically these:
https://github.com/kubernetes-sigs/cluster-api/blob/ed580e2b92e3ebfbece20d31407c24c443432da4/controlplane/kubeadm/controllers/helpers.go#L133-L144
https://github.com/kubernetes-sigs/cluster-api/blob/ed580e2b92e3ebfbece20d31407c24c443432da4/controlplane/kubeadm/controllers/helpers.go#L148-L150
And this last one is for the Machine creation and not about templates, but it's maybe worth surfacing in a condition somewhere too?
https://github.com/kubernetes-sigs/cluster-api/blob/ed580e2b92e3ebfbece20d31407c24c443432da4/controlplane/kubeadm/controllers/helpers.go#L155-L156