UserTasks for Discover EKS: create tasks when auto enrolling fails #50024
Conversation
marcoandredinis
added
no-changelog
marcoandredinis
force-pushed
the
marco/usertasks_discovereks_proto
branch
from
b841ab3 to
b7a9d46
Compare
marcoandredinis
force-pushed
the
marco/usertasks_discovereks_impl
branch
from
2353a8d to
05458f1
Compare
marcoandredinis
force-pushed
the
marco/usertasks_discovereks_proto
branch
2 times, most recently
from
dbf3063 to
0e77b4d
Compare
| appAutoDiscoverString := strconv.FormatBool(parts.AppAutoDiscover) | ||
| bs = append(bs, binary.LittleEndian.AppendUint64(nil, uint64(len(appAutoDiscoverString)))...) | ||
| bs = append(bs, []byte(appAutoDiscoverString)...) | ||
| return uuid.NewSHA1(discoverEKSNamespace, bs).String() |
There was a problem hiding this comment.
I'm curious: do you know why instead of hashing a result of fmt.Sprintf (or even simply using plain strings), we decided to use this kind of pattern for generating task names? It seems brittle.
There was a problem hiding this comment.
Also: we are appending string lengths as if we were about to parse the resulting binary data, but we only hash it. What does appending lengths give us here?
There was a problem hiding this comment.
Oh, I think I can answer my own question: it's because we want to be able to unambiguously serialize groups of strings and be able to tell apart "ab"+"c" from "a"+"bc". Here's the thing: I still think it's brittle and very easy to get wrong if we repeat this pattern. Perhaps we could use some well-established serialization here? Protobuf, JSON?
There was a problem hiding this comment.
Using protobof would add the dependency here, which I don't think we should introduce.
json.Marshal does not ensure determinism (at least not officially), so I would rather not use it.
I can pursue other types of hashing, but we are already using this method of DiscoverEC2 tasks
There was a problem hiding this comment.
Got it. I guess the current way is our best choice, then.
| // - EKS is not reachable by the Teleport Auth Service | ||
| // In the first case, it should be handled in a pre-install check, however, for the second one, we'll get the following message: | ||
| // > Kubernetes cluster unreachable: Get \"https://<longid>.gr7.<region>.eks.amazonaws.com/version\": dial tcp: lookup <longid>.gr7.<region>.eks.amazonaws.com: no such host" | ||
| if strings.Contains(checkErr.Error(), "Kubernetes cluster unreachable: Get") && strings.Contains(checkErr.Error(), "eks.amazonaws.com: no such host") { |
There was a problem hiding this comment.
Is this error message also generated by us? If so, can we put a link to the place that generates it, similar to what we wrote above to "link" with the UI logic? (Or better yet, if it's our Go code, we could extract constants.)
There was a problem hiding this comment.
It's not. It's coming from helm kube client.
lib/srv/discovery/status.go
Outdated
| // awsEKSTasks contains the Discover EKS User Tasks that must be reported to the user. | ||
| type awsEKSTasks struct { | ||
| mu sync.RWMutex | ||
| // clusterIssues maps the Discover EKS User Task grouping parts to a set of clusters metadata. |
There was a problem hiding this comment.
My parser failed on this sentence. :D Can you explain what is the meaning of the [string] key in this map?
There was a problem hiding this comment.
I've simplified the types.
Can you please take another look?
The string was the EKS Cluster name.
lib/srv/discovery/status.go
Outdated
| appAutoDiscover bool | ||
| } | ||
|
|
||
| // iterationStarted clears out any in memory issues that were recorded. |
There was a problem hiding this comment.
Hmmm... Was reset previously named iterationStarted?
There was a problem hiding this comment.
You are correct 😅
Thank you, fixed.
lib/srv/discovery/status.go
Outdated
| d.mu.Lock() | ||
| defer d.mu.Unlock() | ||
|
|
||
| d.clusterIssues = make(map[awsEKSTaskKey]map[string]*usertasksv1.DiscoverEKSCluster) |
There was a problem hiding this comment.
It might be useful to extract this to a named type.
There was a problem hiding this comment.
I've simplified the types
This PRs changes the DiscoveryService to ensure it creates UserTasks when EKS Clusters fail to auto-enroll.
marcoandredinis
force-pushed
the
marco/usertasks_discovereks_impl
branch
from
05458f1 to
d4fae69
Compare
|
@marcoandredinis See the table below for backport results.
|
…50024) * UserTasks for Discover EKS: create tasks when auto enrolling fails This PRs changes the DiscoveryService to ensure it creates UserTasks when EKS Clusters fail to auto-enroll. * simplify types
…50024) * UserTasks for Discover EKS: create tasks when auto enrolling fails This PRs changes the DiscoveryService to ensure it creates UserTasks when EKS Clusters fail to auto-enroll. * simplify types
…50024) * UserTasks for Discover EKS: create tasks when auto enrolling fails This PRs changes the DiscoveryService to ensure it creates UserTasks when EKS Clusters fail to auto-enroll. * simplify types
…50024) * UserTasks for Discover EKS: create tasks when auto enrolling fails This PRs changes the DiscoveryService to ensure it creates UserTasks when EKS Clusters fail to auto-enroll. * simplify types
This PRs changes the DiscoveryService to ensure it creates UserTasks when EKS Clusters fail to auto-enroll.
Demo:
tctl get user_tasks