Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed not creating API server tunnel #19191

Merged
merged 3 commits into from
Jul 9, 2024
Merged

Fixed not creating API server tunnel #19191

merged 3 commits into from
Jul 9, 2024

Conversation

spowelljr
Copy link
Member

Fixes #19173

Before:

$ minikube start --driver qemu --network builtin
😄  minikube v1.33.1 on Darwin 14.5 (arm64)
✨  Using the qemu2 driver based on user configuration
❗  You are using the QEMU driver without a dedicated network, which doesn't support `minikube service` & `minikube tunnel` commands.
To try the dedicated network see: https://minikube.sigs.k8s.io/docs/drivers/qemu/#networking
👍  Starting "minikube" primary control-plane node in "minikube" cluster
🔥  Creating qemu2 VM (CPUs=2, Memory=4000MB, Disk=20000MB) ...
❗  This VM is having trouble accessing https://registry.k8s.io
💡  To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/
❗  Due to DNS issues your cluster may have problems starting and you may not be able to pull images
More details available at: https://minikube.sigs.k8s.io/docs/drivers/qemu/#known-issues
🐳  Preparing Kubernetes v1.30.2 on Docker 27.0.3 ...
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔗  Configuring bridge CNI (Container Networking Interface) ...
🔎  Verifying Kubernetes components...
E0703 14:15:40.236604   71562 start.go:159] Unable to scale down deployment "coredns" in namespace "kube-system" to 1 replica: non-retryable failure while getting "coredns" deployment scale: Get "https://localhost:54274/apis/apps/v1/namespaces/kube-system/deployments/coredns/scale": dial tcp 127.0.0.1:54274: connect: connection refused
❗  Enabling 'default-storageclass' returned an error: running callbacks: [Error making standard the default storage class: Error listing StorageClasses: Get "https://localhost:54274/apis/storage.k8s.io/v1/storageclasses": dial tcp 127.0.0.1:54274: connect: connection refused]
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: storage-provisioner

❌  Exiting due to GUEST_START: failed to start node: wait 6m0s for node: wait for healthy API server: apiserver healthz never reported healthy: context deadline exceeded

╭───────────────────────────────────────────────────────────────────────────────────────────╮
│                                                                                           │
│    😿  If the above advice does not help, please let us know:                             │
│    👉  https://github.com/kubernetes/minikube/issues/new/choose                           │
│                                                                                           │
│    Please run `minikube logs --file=logs.txt` and attach logs.txt to the GitHub issue.    │
│                                                                                           │
╰───────────────────────────────────────────────────────────────────────────────────────────╯

After:

$ minikube start --driver qemu --network builtin
😄  minikube v1.33.1 on Darwin 14.5 (arm64)
✨  Using the qemu2 driver based on user configuration
❗  You are using the QEMU driver without a dedicated network, which doesn't support `minikube service` & `minikube tunnel` commands.
To try the dedicated network see: https://minikube.sigs.k8s.io/docs/drivers/qemu/#networking
👍  Starting "minikube" primary control-plane node in "minikube" cluster
🔥  Creating qemu2 VM (CPUs=2, Memory=4000MB, Disk=20000MB) ...
❗  This VM is having trouble accessing https://registry.k8s.io
💡  To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/
❗  Due to DNS issues your cluster may have problems starting and you may not be able to pull images
More details available at: https://minikube.sigs.k8s.io/docs/drivers/qemu/#known-issues
🐳  Preparing Kubernetes v1.30.2 on Docker 27.0.3 ...
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔗  Configuring bridge CNI (Container Networking Interface) ...
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: default-storageclass, storage-provisioner
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 3, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spowelljr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 3, 2024
@spowelljr
Copy link
Member Author

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Jul 3, 2024
@spowelljr spowelljr mentioned this pull request Jul 3, 2024
Closed
@minikube-pr-bot

This comment has been minimized.

Sign in to view
medyagh
medyagh reviewed Jul 3, 2024
View reviewed changes
pkg/minikube/bootstrapper/kubeadm/kubeadm.go
@@ -440,7 +440,7 @@ func (k *Bootstrapper) StartCluster(cfg config.ClusterConfig) error {

// tunnelToAPIServer creates ssh tunnel between apiserver:port inside control-plane node and host on port 8443.
func (k *Bootstrapper) tunnelToAPIServer(cfg config.ClusterConfig) error {
if cfg.APIServerPort != 0 {
if cfg.APIServerPort == 0 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how is this not broken for everything else ? or since forever ? is this logic new and only affecting qemu builtin ?

Copy link
Member Author

@spowelljr spowelljr Jul 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I was looking into this because our functional tests are failing with this change.

From what I saw this is what happened:

Before HA PR:
tunnelToAPIServer was only called when it was necessary, ie. QEMU builtin
If it wasn't necessary (docker driver) it wasn't called

After HA PR but before this fix:
tunnelToAPIServer is getting called for all drivers, but because the logic was broken, it wasn't actually getting created for for any drivers, which broke QEMU w/ builtin

This PR
tunnelToAPIServer is getting called for all drivers, and now with the logic fixed it's actually creating a tunnel for all drivers, which fixes QEMU w/ builtin, but Docker (and maybe others) are having issues due to the tunnel being created when it shouldn't be.

So I need to figure out how tunnelToAPIServer was getting called prior to the HA change and match it so it's only getting called when necessary.

Copy link
Member Author

@spowelljr spowelljr Jul 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I found it, before the HA changes APIServerPort was only used by QEMU:

          if driver.IsQEMU(host.Driver.DriverName()) && network.IsBuiltinQEMU(cfg.Network) {
                  apiServerPort, err := getPort()
                  if err != nil {
                          return runner, preExists, m, host, errors.Wrap(err, "Failed to find apiserver port")
                  }
                  cfg.APIServerPort = apiServerPort
          }

But now it's also setting it via a flag:

startCmd.Flags().Int(apiServerPort, constants.APIServerPort, "The apiserver listening port")

APIServerPort:           viper.GetInt(apiServerPort),

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added the QEMU check below

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

excellent thanks for the investigation

@minikube-pr-bot

This comment has been minimized.

Sign in to view
@minikube-pr-bot

This comment has been minimized.

Sign in to view
@minikube-pr-bot

This comment has been minimized.

Sign in to view
@minikube-pr-bot

This comment has been minimized.

Sign in to view
@minikube-pr-bot

This comment has been minimized.

Sign in to view
@spowelljr
Copy link
Member Author

/retest-this-please

@minikube-pr-bot
Copy link

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 19191) |
+----------------+----------+---------------------+
| minikube start | 47.4s    | 47.7s               |
| enable ingress | 24.2s    | 24.4s               |
+----------------+----------+---------------------+

Times for minikube ingress: 25.0s 23.9s 24.4s 23.9s 23.9s
Times for minikube (PR 19191) ingress: 24.9s 22.9s 25.5s 24.9s 23.9s

Times for minikube start: 49.2s 46.2s 48.4s 45.5s 47.6s
Times for minikube (PR 19191) start: 46.5s 46.4s 48.7s 51.4s 45.5s

docker driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 19191) |
+----------------+----------+---------------------+
| minikube start | 21.6s    | 22.4s               |
| enable ingress | 21.7s    | 22.1s               |
+----------------+----------+---------------------+

Times for minikube start: 21.0s 20.5s 21.0s 24.0s 21.4s
Times for minikube (PR 19191) start: 24.4s 24.9s 20.9s 20.6s 21.2s

Times for minikube ingress: 21.8s 21.8s 21.8s 21.3s 21.8s
Times for minikube (PR 19191) ingress: 22.3s 21.8s 21.3s 23.3s 21.8s

docker driver with containerd runtime

+-------------------+----------+---------------------+
|      COMMAND      | MINIKUBE | MINIKUBE (PR 19191) |
+-------------------+----------+---------------------+
| minikube start    | 22.1s    | 22.4s               |
| ⚠️  enable ingress | 31.7s    | 37.8s ⚠️             |
+-------------------+----------+---------------------+

Times for minikube start: 23.1s 22.4s 21.1s 22.8s 20.9s
Times for minikube (PR 19191) start: 20.0s 23.3s 22.6s 22.8s 23.2s

Times for minikube ingress: 30.8s 31.8s 32.3s 32.2s 31.3s
Times for minikube (PR 19191) ingress: 47.8s 48.3s 30.8s 31.2s 30.8s

@minikube-pr-bot
Copy link

These are the flake rates of all failed tests.

Environment Failed Tests Flake Rate (%)
Docker_Linux_crio_arm64 TestMultiControlPlane/serial/RestartCluster (gopogh) 11.19 (chart)

To see the flake rates of all tests by environment, click here.

@medyagh medyagh merged commit 177f4f2 into kubernetes:master Jul 9, 2024
24 of 38 checks passed
@spowelljr spowelljr deleted the fixQEMUAPITunnel branch July 9, 2024 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@medyagh medyagh medyagh left review comments

@ComradeProgrammer ComradeProgrammer Awaiting requested review from ComradeProgrammer

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
4 participants
@spowelljr @k8s-ci-robot @minikube-pr-bot @medyagh