Added support for ocs provider server to fetch noobaa client resources #2680
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ezio-auditore The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
ezio-auditore
force-pushed
the
noobaa_obc
branch
4 times, most recently
from
9b30587
to
6113607
Compare
vendor/github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1/noobaaaccount_types.go
Outdated
Show resolved
Hide resolved
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
ezio-auditore
force-pushed
the
noobaa_obc
branch
from
6113607
to
aea4843
Compare
ezio-auditore
force-pushed
the
noobaa_obc
branch
3 times, most recently
from
ddc88b6
to
94ea6f2
Compare
ezio-auditore
force-pushed
the
noobaa_obc
branch
2 times, most recently
from
a6fe781
to
cede821
Compare
|
/test ocs-operator-bundle-e2e-aws |
ezio-auditore
force-pushed
the
noobaa_obc
branch
from
cede821
to
86f0848
Compare
Signed-off-by: Kaustav Majumder <[email protected]>
Signed-off-by: Kaustav Majumder <[email protected]>
ezio-auditore
force-pushed
the
noobaa_obc
branch
from
86f0848
to
b54dab3
Compare
| if err := s.consumerManager.CreateNoobaaAccount(ctx, req.StorageConsumerUUID); err != nil { | ||
| return nil, status.Errorf(codes.Internal, "Failed to create noobaa account for storageconsumer. %v", err) |
There was a problem hiding this comment.
-
We should not run create operations inside the ack operation, and even more importantly, after we already enabled the consumer.
-
Creation of the noobaa account is a detail of storage consumer reconciliation, not of the onboard call.
Please remove this call from here.
| err := s.consumerManager.DeleteNoobaaAccount(ctx, req.StorageConsumerUUID) | ||
| if err != nil { | ||
| return nil, status.Errorf(codes.Internal, "failed to delete noobaaAccount resource with the provided UUID. %v", err) | ||
| } |
There was a problem hiding this comment.
The noobaa account should be owned (via an owner ref) by the consumer object.
If it is, there will be no need for manual deletion as k8s GC will take care of it.
| func (c *ocsConsumerManager) CreateNoobaaAccount(ctx context.Context, id string) error { | ||
|
|
||
| consumerObj, err := c.Get(ctx, id) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| consumerClusterID := strings.TrimPrefix(consumerObj.Name, "storageconsumer-") | ||
| if consumerClusterID != "" && len(consumerClusterID) == 0 { | ||
| return fmt.Errorf("failed to get clusterID from consumerResource Name: %s %v", consumerObj.Name, err) | ||
| } | ||
|
|
||
| noobaaAccountName := fmt.Sprintf("noobaa-remote-%s", consumerClusterID) | ||
| nbAccountObj := &nbv1.NooBaaAccount{} | ||
| nbAccountObj.Name = noobaaAccountName | ||
| nbAccountObj.Namespace = consumerObj.Namespace | ||
| // the following annotation will enable noobaa-operator to create a auth_token secret based on this account | ||
| util.AddAnnotation(nbAccountObj, "remote-operator", "true") | ||
|
|
||
| err = c.client.Create(ctx, nbAccountObj) | ||
| if err != nil { | ||
| return fmt.Errorf("failed to create noobaa account for storageConsumer %v: %v", consumerObj.Name, err) | ||
| } | ||
| return nil | ||
| } |
There was a problem hiding this comment.
Why are we creating the noobaa account in the server and not part of the reconciliation of the StorageConsumer CR?
The server does not implement reconciliation logic and every operation is considered a one-time operation.
| func (c *ocsConsumerManager) DeleteNoobaaAccount(ctx context.Context, id string) error { | ||
| consumerObj, err := c.Get(ctx, id) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| clusterID := strings.TrimPrefix(consumerObj.Name, "storageconsumer-") | ||
| if clusterID != "" && len(clusterID) == 0 { | ||
| return fmt.Errorf("failed to get clusterID from consumerResource Name: %s %v", consumerObj.Name, err) | ||
| } | ||
| noobaaAccountName := fmt.Sprintf("noobaa-remote-%s", clusterID) | ||
| nbAccountObj := &nbv1.NooBaaAccount{} | ||
| nbAccountObj.Name = noobaaAccountName | ||
| nbAccountObj.Namespace = consumerObj.Namespace | ||
| if err := c.client.Delete(ctx, nbAccountObj); err != nil { | ||
| return fmt.Errorf("failed to delete Noobaa account %q. %v", nbAccountObj.Name, err) | ||
| } | ||
| return nil | ||
| } |
There was a problem hiding this comment.
Noobaa account should be just GC collected via storage consumer ownership. This code is unnecessary
| @@ -400,6 +416,59 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe | |||
|
|
|||
| } | |||
|
|
|||
| // Fetch noobaa remote secret and management address and append to extResources | |||
| noobaaOperatorSecret := &v1.Secret{} | |||
| clusterID := strings.TrimPrefix(consumerResource.Name, "storageconsumer-") | |||
There was a problem hiding this comment.
- We should not fetch based on naming conventions. Always fetch by ownership or by labels.
- Consumer's name is decided by the client, don't assume it will contain the clusterID
- Cluster ID is available as part of the consumer's status section, if you need it (Which I don't understand why), fetch it from there
| @@ -400,6 +416,59 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe | |||
|
|
|||
| } | |||
|
|
|||
| // Fetch noobaa remote secret and management address and append to extResources | |||
| noobaaOperatorSecret := &v1.Secret{} | |||
There was a problem hiding this comment.
Define the var just above the code that uses it
| noobaaMgmtAddress := noobaMgmtRoute.Status.Ingress[0].Host | ||
| if noobaaMgmtAddress == "" { | ||
| return nil, fmt.Errorf("no Host found in noobaa-mgmt route Ingress") | ||
| } |
There was a problem hiding this comment.
Are we assuming a default port always? is it always 8080?
| joinSecret := &corev1.Secret{ | ||
| Data: map[string][]byte{ | ||
| "auth_token": authToken, | ||
| "mgmt_addr": []byte(noobaaMgmtAddress), |
| extR = append(extR, &pb.ExternalResource{ | ||
| Name: "noobaa-remote-join-secret", | ||
| Kind: "Secret", | ||
| Data: mustMarshal(joinSecret), |
There was a problem hiding this comment.
This is wrong, for secrets, we only send the data section, not the entire secret.
| Data: mustMarshal(joinSecret), | |
| Data: mustMarshal(map[string][]byte{ | |
| "auth_token": authToken, | |
| "mgmt_addr": []byte(noobaaMgmtAddress), | |
| }), |
| noobaaSpec := &nbv1.NooBaaSpec{ | ||
| JoinSecret: &v1.SecretReference{ | ||
| Name: "noobaa-remote-join-secret", | ||
| }, | ||
| } | ||
| extR = append(extR, &pb.ExternalResource{ | ||
| Name: "noobaa-remote", | ||
| Kind: "Noobaa", | ||
| Data: mustMarshal(noobaaSpec), | ||
| }) |
There was a problem hiding this comment.
The spec is very small, please inline it.
| noobaaSpec := &nbv1.NooBaaSpec{ | |
| JoinSecret: &v1.SecretReference{ | |
| Name: "noobaa-remote-join-secret", | |
| }, | |
| } | |
| extR = append(extR, &pb.ExternalResource{ | |
| Name: "noobaa-remote", | |
| Kind: "Noobaa", | |
| Data: mustMarshal(noobaaSpec), | |
| }) | |
| noobaaSpec := | |
| extR = append(extR, &pb.ExternalResource{ | |
| Name: "noobaa-remote", | |
| Kind: "Noobaa", | |
| Data: mustMarshal(&nbv1.NooBaaSpec{ | |
| JoinSecret: &v1.SecretReference{ | |
| Name: "noobaa-remote-join-secret", | |
| }, | |
| }), | |
| }) |
|
possible to mention the relation b/n this PR and #2733? |
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
is-local-client:truefor local storage clienta.Added support to join external noobaa system from hosted clusters noobaa/noobaa-operator#1389
GetStorageConfigPart of : RHSTOR-5187