This repository has been archived by the owner on Sep 30, 2020. It is now read-only.
0.11.x migration from existing clusters without losing state #1380
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rnetes.Networking.SelfHosting is Enabled. This is to break the dependency that exists on the nodepool stacks on etcd stack resources.
…rnetes.Networking.SelfHosting is Enabled. (kubernetes-retired#1367) This is to break the dependency that exists on the nodepool stacks on etcd stack resources. Ref kubernetes-retired#1370
…py state from existing etcd over to the new ones during a migration.
…-aws into 0.11.x/remove-etcd-dependency-on-nodepools-when-selfhosted-networking-enabled
k8s-ci-robot
added
cncf-cla: yes
davidmccormick
changed the title
davidmccormick
commented
Jun 29, 2018
| @@ -158,6 +158,57 @@ | |||
| } | |||
| } | |||
| }, | |||
| "SecurityGroupWorker": { | |||
There was a problem hiding this comment.
This security group needed returning to the control plane. We can remove it again in later releases but without it in the updated control plane stack will throw an error about it being in use by the nodepools
There was a problem hiding this comment.
Makes sense. Fine with reviving this then.
// Wish we had something like reference counting to keep AWS resources only while they're used 😆
davidmccormick
commented
Jun 29, 2018
| controlplaneconfig.StackTemplateOptions | ||
| UserDataEtcd model.UserData | ||
| ExtraCfnResources map[string]interface{} | ||
| model.EtcdExistingState |
There was a problem hiding this comment.
This and func NewStackConfig are the only changes from the controlplane version.
davidmccormick
commented
Jun 29, 2018
| @@ -207,6 +207,63 @@ coreos: | |||
| [Install] | |||
| WantedBy=multi-user.target | |||
| {{end}} | |||
| {{ if .EtcdMigrationEnabled -}} | |||
There was a problem hiding this comment.
The migration units, path unit to trigger the import
davidmccormick
commented
Jun 29, 2018
| @@ -504,17 +504,18 @@ func (c clusterImpl) LegacyUpdate(targets OperationTargets) (string, error) { | |||
|
|
|||
| func (c clusterImpl) update(cfSvc *cloudformation.CloudFormation, targets OperationTargets) (string, error) { | |||
|
|
|||
| // Look at existing state of cloud formation and stacks to determine if we need to take special measures in migrating our etcd | |||
| // clusters from the control plane stack to their own Etcd stack. | |||
| exists, err := cfnstack.NestedStackExists(cfSvc, c.controlPlane.ClusterName, naming.FromStackToCfnResource(c.etcd.Etcd.LogicalName())) | |||
| if err != nil { | |||
| logger.Errorf("please check your AWS credentials/permissions") | |||
| return "", fmt.Errorf("can't lookup AWS CloudFormation stacks: %s", err) | |||
| } | |||
There was a problem hiding this comment.
Only fail-fast if we don't have SelfHosting enabled - otherwise take this as our cue to migrate instead!
… etcdconfig which depends on controlplane config 2) Allow mocks to return nil response and not crash lookupExistingEtcdEndpoints
k8s-ci-robot
added
size/XL
davidmccormick
changed the title
|
Fixes issue #1112 |
mumoshu
reviewed
Jul 7, 2018
| "Description" : "The security group assigned to worker nodes", | ||
| "Value" : { "Ref" : "SecurityGroupWorker" }, | ||
| "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-WorkerSecurityGroup" }} | ||
| }, |
There was a problem hiding this comment.
This corresponds to https://github.com/kubernetes-incubator/kube-aws/pull/1380/files#r199216521
mumoshu
approved these changes
Jul 7, 2018
davidmccormick
deleted the
0.11.x/remove-etcd-dependency-on-nodepools-when-selfhosted-networking-enabled
branch
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is for the master 0.11.x candidate branch and is intended to allow a smoother migration for existing users with 0.10.x clusters which do not have the new separate etcd stack. When first testing the 0.11.x code I found that the process would always fail and roll-back due to cloud-formation dependencies, but once these were cleaned up and worked around then the new etcd cluster would come up empty - effectively wiping the state of the existing cluster in the process of the upgrade.
TL/DR: Upgrades from legacy etcds by importing a copy of all their keys and then allows them to be destroyed. ALSO you are expected to have updated to the 0.10.x migration release first otherwise the migration will fail because cloud-formation dependencies or your new etcd servers won't be able to connect to the old ones!
The approach for the upgrade is this: -
8 etcdadm has been enhanced to provide extra 'cluster-is-healthy', 'member-is-leader', 'migration-export-kube-state' and 'migration-import-kube-state' commands.
The bulk of changes are in using knowlege of existing state when templating assets, such as cloud-configs and stack templates. I wasn't happy putting the state in the config package because these are not settings that a user can select, so I ended up working things out at the cluster package level and then looking for ways to included my extra state information into the templating contexts. I think that perhaps some more thought and re-factoring could be applied to better model the role of config and existing state when bringing up a cluster.