Skip to content

Commit

Permalink
Add doc FAQ section
Browse files Browse the repository at this point in the history
  • Loading branch information
@astraw99
astraw99 committed Oct 27, 2022
1 parent 5d59e40 commit 7a46cf0
Show file tree
Hide file tree
Showing 3 changed files with 134 additions and 0 deletions.
2 changes: 2 additions & 0 deletions docs/book/src/SUMMARY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

[Architecture](./architecture.md)

[FAQ](./faq.md)

---

- [Tutorial: Building CronJob](cronjob-tutorial/cronjob-tutorial.md)
Expand Down
1 change: 1 addition & 0 deletions docs/book/src/docs/invalid
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# To be extended for others tools
131 changes: 131 additions & 0 deletions docs/book/src/faq.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@

# FAQ

## How does the value informed via the domain flag (i.e. `kubebuilder init --domain example.com`) when we init a project?

After creating a project, usually you will want to extend the Kubernetes APIs and define new APIs which will be owned by your project. Therefore, the domain value is tracked in the [PROJECT][project-file-def] file which defines the config of your project and will be used as a domain to create the endpoints of your API(s). Please, ensure that you understand the [Groups and Versions and Kinds, oh my!][gvk].

The domain is for the group suffix, to explicitly show the resource group category.
For example, if set `--domain=example.com`:
```
kubebuilder init --domain example.com --repo xxx --plugins=go/v4-alpha
kubebuilder create api --group mygroup --version v1beta1 --kind Mykind
```
Then the result resource group will be `mygroup.example.com`.

> If domain field not set, the default value is `my.domain`.
## How to validate API or set default value?

We can use `webhook` to achieve it. See [webhook](./reference/webhook-overview.md)

For example, we can create webhook with defaulting and validating logic by:
```
kubebuilder create webhook --group mygroup --version v1beta1 --kind Mykind --defaulting --programmatic-validation
```
Then the generated webhook code is like this:
```go
func (r *Mykind) Default() {
// TODO(user): fill in your defaulting logic.
}

func (r *Mykind) ValidateCreate() error {
// TODO(user): fill in your validation logic upon object creation.
return nil
}

func (r *Mykind) ValidateUpdate(old runtime.Object) error {
// TODO(user): fill in your validation logic upon object update.
return nil
}

func (r *Mykind) ValidateDelete() error {
// TODO(user): fill in your validation logic upon object deletion.
return nil
}
```
So it is easy to add API default and validate logic.

## I'd like to customize my project to use [klog][klog] instead of the [zap][zap] provided by controller-runtime. How to use `klog` or other loggers as the project logger?

In the `main.go` you can replace:
```go
opts := zap.Options{
Development: true,
}
opts.BindFlags(flag.CommandLine)
flag.Parse()

ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
```
with:
```go
flag.Parse()
ctrl.SetLogger(klog.NewKlogr())
```

## After `make run`, I see errors like "unable to find leader election namespace: not running in-cluster..."

You can enable the leader election. However, if you are testing the project locally using the `make run`
target which will run the manager outside of the cluster then, you might also need to set the
namespace the leader election resource will be created, as follows:
```go
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
MetricsBindAddress: metricsAddr,
Port: 9443,
HealthProbeBindAddress: probeAddr,
LeaderElection: enableLeaderElection,
LeaderElectionID: "14be1926.testproject.org",
LeaderElectionNamespace: "<project-name>-system",
```
If you are running the project on the cluster with `make deploy` target
then, you might not want to add this option. So, you might want to customize this behaviour using
environment variables to only add this option for development purposes, such as:
```go
leaderElectionNS := ""
if os.Getenv("ENABLE_LEADER_ELECATION_NAMESPACE") != "false" {
leaderElectionNS = "<project-name>-system"
}

mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
MetricsBindAddress: metricsAddr,
Port: 9443,
HealthProbeBindAddress: probeAddr,
LeaderElection: enableLeaderElection,
LeaderElectionNamespace: leaderElectionNS,
LeaderElectionID: "14be1926.testproject.org",
...
```
## I am facing the error "open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied" when I deploy my project against Kubernetes versions => X. How to sort it out?
If you are facing the error:
```
1.6656687258729894e+09 ERROR controller-runtime.client.config unable to get kubeconfig {"error": "open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied"}
sigs.k8s.io/controller-runtime/pkg/client/config.GetConfigOrDie
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/client/config/config.go:153
main.main
/workspace/main.go:68
runtime.main
/usr/local/go/src/runtime/proc.go:250
```
when you are running the project against a Kubernetes cluster < X, it might be caused by the [issue][permission-issue] , the reason is the mounted token file set to `0600`, see [solution][permission-PR] here. Then, the workaround is:
Add `fsGroup` in the manager.yaml
```yaml
securityContext:
runAsNonRoot: true
fsGroup: 65532 # add this fsGroup to make the token file readable
```
However, note that this problem is fixed and will not occurs if you deploy the project in versions >= X.
[gvk]: ./cronjob-tutorial/gvks.md
[project-file-def]: ./reference/project-config.md
[klog]: https://github.com/kubernetes/klog
[zap]: https://github.com/uber-go/zap
[permission-issue]: https://github.com/kubernetes/kubernetes/issues/82573
[permission-PR]: https://github.com/kubernetes/kubernetes/pull/89193

0 comments on commit 7a46cf0

Please sign in to comment.