Updating kubernetes version

apache / cloudstack-kubernetes-provider

Apache Cloudstack Kubernetes Provider

https://cloudstack.apache.org/

Apache License 2.0

38 stars 21 forks source link

Updating kubernetes version #30

Closed davidjumani closed 3 years ago

davidjumani commented 3 years ago

Fixes https://github.com/apache/cloudstack-kubernetes-provider/issues/28

davidjumani commented 3 years ago

@onitake @joschi36 Can you review ? Can use the image over at davidjumani/cloudstack-kubernetes-provider:k-v1.18.18 Thanks

davidjumani commented 3 years ago

@rhtyd Added docker builds to travis. Unit tests are needed which is tracked in https://github.com/apache/cloudstack-kubernetes-provider/issues/23

joschi36 commented 3 years ago

Hey @davidjumani

Can use the image over at davidjumani/cloudstack-kubernetes-provider:k-v1.18.18

Is it possible that it's not build as a non-root container, as I can't start it on my cluster.

Error: failed to start container "cloud-controller-manager": Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "exec: \"/root/cloudstack-ccm\": stat /root/cloudstack-ccm: permission denied": unknown

davidjumani commented 3 years ago

@joschi36 I've rebuilt it, can you pull it again and try ? @onitake Reverted the change and will open a separate PR

onitake commented 3 years ago

Thanks, @davidjumani . LGTM from a formal point of view, but please wait for test results from @joschi36 .

rohityadavcloud commented 3 years ago

Thanks @onitake, we'll wait to hear from @joschi36 on tests

joschi36 commented 3 years ago

@davidjumani When running in my setup I had to change RBAC rules.

Got this error:

I0503 12:44:20.142166 1 leaderelection.go:247] failed to acquire lease kube-system/cloud-controller-manager E0503 12:44:23.753152 1 leaderelection.go:324] error retrieving resource lock kube-system/cloud-controller-manager: leases.coordination.k8s.io "cloud-controller-manager" is forbidden: User "system:serviceaccount:kube-system:cloud-controller-manager" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"

Maybe we need to update the ClusterRole as well in the file deployment.yaml. Or even better, create a new Role and RoleBinding limiting this change to only the Namespace.

+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - create
+  - update

Sorry for the late review, I'm very busy at the moment.

onitake commented 3 years ago

@joschi36 I think this issue is not tied to the minor version bump, but was introduced with k8s 1.17. I know that you are busy, but could you test the proposed role change and open a separate PR? Or, I could do it if you tell me (via PM) which cluster I can test this on.