Available CRDs check feature #2712
Conversation
|
/cc @nb-ohad |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
raaizik
force-pushed
the
availcrds
branch
8 times, most recently
from
84f0cbe
to
ddf5c5f
Compare
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
main.go
Outdated
| } | ||
| if len(crds) > 0 { | ||
| if err = (&crd.CustomResourceDefinitionReconciler{ | ||
| Client: mgr.GetClient(), |
There was a problem hiding this comment.
Should we use an uncached Client instead of cached for this controller?
hack/crdavail.sh
Outdated
There was a problem hiding this comment.
Let's rename this here as well as in the Dockerfile? maybe ocs-operator-entrypoint or do you have any other suggestions?
openshift-ci
bot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: raaizik The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/test ocs-operator-bundle-e2e-aws |
There was a problem hiding this comment.
Could you please separate this commit into two commits?
- The first commit should include the controller changes.
- The second commit should include the script changes.
I will help test the first commit without the script. I believe we should be sorted with just the first commit.
@umangachapagain We do not need this approach at all, Me and Rewant tested the solution without any script and fixed the bugs we had and it works fine. They will soon update the PR. |
raaizik
force-pushed
the
availcrds
branch
3 times, most recently
from
a03388c
to
f7a3cae
Compare
raaizik
force-pushed
the
availcrds
branch
2 times, most recently
from
1c82a37
to
2137468
Compare
|
/test ocs-operator-bundle-e2e-aws |
controllers/util/k8sutil.go
Outdated
| @@ -44,6 +45,8 @@ const ( | |||
| OwnerUIDIndexName = "ownerUID" | |||
| ) | |||
|
|
|||
| var CRDList []string | |||
There was a problem hiding this comment.
It is not the same code we tested, Why is this list empty? @rewantsoni, @raaizik Did you tested these new changes?
There was a problem hiding this comment.
Note: this PR introduces only the structure of the feature without any specific CRDs which will be added from their respective PRs (e.g., ClusterClaim, VolumeGroupSnapshotClass and DRClusterConfig).
We've tested it with the script. It basically doesn't even create the CRD reconciler since the CRDs list is empty.
There was a problem hiding this comment.
We also need to test it with an empty list. We should not assume that it will work.
There was a problem hiding this comment.
Tested with with and without entries in CRDList and it works
controllers/util/k8sutil.go
Outdated
| @@ -44,6 +45,8 @@ const ( | |||
| OwnerUIDIndexName = "ownerUID" | |||
| ) | |||
|
|
|||
| var CRDList []string | |||
There was a problem hiding this comment.
Can we rename this variable and please add a comment on what does it holds.
controllers/crd/crd_controller.go
Outdated
| // Reconcile compares available CRDs maps following either a Create or Delete event | ||
| func (r *CustomResourceDefinitionReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { | ||
| r.ctx = ctx | ||
| r.Log.Info("Reconciling CustomResourceDefinition.", "CRD", klog.KRef(request.Namespace, request.Name)) |
There was a problem hiding this comment.
I think only name is enough here.
controllers/crd/crd_controller.go
Outdated
| if err != nil { | ||
| return reconcile.Result{}, err | ||
| } | ||
| if !reflect.DeepEqual(availableCrds, r.AvailableCrds) { |
There was a problem hiding this comment.
I do not believe a map guarantees the order of keys if the 2 maps contain different keys. DeepEqual might fail even if both maps contain the exact same keys.
Please move to a "len check + loop on items" for checking equality.
There was a problem hiding this comment.
I tried to create a map, added keys in a different order and compare them using DeepEqual and it works
https://go.dev/play/p/uFkmp57xEIp
controllers/crd/crd_controller.go
Outdated
| } | ||
| if !reflect.DeepEqual(availableCrds, r.AvailableCrds) { | ||
| r.Log.Info("CustomResourceDefinitions created/deleted. Restarting process.") | ||
| panic("CustomResourceDefinitions created/deleted. Restarting process.") |
There was a problem hiding this comment.
I don't believe panic will allow us to detect the reason for the exit from outside the operator. use os.Exit with a specific exit code.
controllers/util/k8sutil.go
Outdated
| @@ -44,6 +45,8 @@ const ( | |||
| OwnerUIDIndexName = "ownerUID" | |||
| ) | |||
|
|
|||
| var CRDList []string | |||
There was a problem hiding this comment.
Global singleton non-cost, non-atomic state inside a utils file is a red flag. Why do we need this?
|
@iamniting @umangachapagain |
|
/hold |
raaizik
changed the title
raaizik
force-pushed
the
availcrds
branch
2 times, most recently
from
19fd2ec
to
48e6dab
Compare
Reasons for this enhancement: - A controller cannot set up a watch for a CRD that is not installed on the cluster, trying to set up a watch will panic the operator - There is no known way, that we are aware of, to add a watch later without client cache issue How does the enhancement work around the issue: - A new controller to watch creation/deletion for the CRDs of interest to prevent unnecessary reconciles - On start of the operator(main), detect which CRDs are avail (out of a fixed list) - At the start each reconcile of new controller, we fetch the CRDs available again and compare it with CRDs fetched in previous step, If there is any change, we panic the op Signed-off-by: raaizik <[email protected]> Co-Authored-By: Rewant Soni <[email protected]>
Adds a script that bypasses pod restarts Signed-off-by: raaizik <[email protected]> Co-Authored-By: Rewant Soni <[email protected]>
raaizik
changed the title
| if !reflect.DeepEqual(availableCrds, r.AvailableCrds) { | ||
| r.Log.Info("CustomResourceDefinitions created/deleted. Restarting process.") | ||
| os.Exit(42) | ||
| } |
There was a problem hiding this comment.
Available CRD is a map. I am not sure if there is an order guarantee on keys which means that DeepEqual might fail even if all the keys and values are the same. I would suggest changing the check to maps.Equal
There was a problem hiding this comment.
I tried to create a map, added keys in a different order, and compared them using DeepEqual and it worked. maps.Equal produces same results
https://go.dev/play/p/uFkmp57xEIp
There was a problem hiding this comment.
Where is the conditional watch that checks the CRD exists before adding the watch?
| } | ||
| if !reflect.DeepEqual(availableCrds, r.AvailableCrds) { | ||
| r.Log.Info("CustomResourceDefinitions created/deleted. Restarting process.") | ||
| os.Exit(42) |
There was a problem hiding this comment.
Can we please have the exit code in a constant with a name that explains the usage?
In addition, a comment about this line will help
| if [ $EXIT_CODE -ne $RESTART_EXIT_CODE ]; then | ||
| exit $EXIT_CODE | ||
| fi | ||
| done |
There was a problem hiding this comment.
There is a missing newline here and git is complaining
| RESTART_EXIT_CODE=42 | ||
|
|
||
| while true; do | ||
| ./usr/local/bin/ocs-operator --enable-leader-election --health-probe-bind-address=:8081 |
There was a problem hiding this comment.
we are effectively making this a sub-process rather than a PID 1 and I'm not confident enough in the shell handling signals vs controller-runtime.
I could see good amount of comments on this PR, in brief, may I know why did we backoff from kubelet restarting us?
| @@ -44,6 +45,10 @@ const ( | |||
| OwnerUIDIndexName = "ownerUID" | |||
| ) | |||
|
|
|||
| func GetCrds() []string { | |||
| return []string{} | |||
There was a problem hiding this comment.
is my understanding correct that in upcoming PRs we register the CRDNames in this and conditionally watch on them in the setupwithmanager?
| DeleteFunc: func(e event.TypedDeleteEvent[client.Object]) bool { | ||
| crdAvailable, keyExist := r.AvailableCrds[e.Object.GetName()] | ||
| if keyExist && crdAvailable { | ||
| r.Log.Info("CustomResourceDefinition %s was Deleted.", e.Object.GetName()) | ||
| return true | ||
| } | ||
| return false | ||
| }, |
There was a problem hiding this comment.
is there a possibility that CRD deletion is less than our operator lifetime?
There was a problem hiding this comment.
Although it is very unlikely but it is possible, and if they happens it will lead to a pod restart
| @@ -228,6 +254,7 @@ func (r *StorageClusterReconciler) SetupWithManager(mgr ctrl.Manager) error { | |||
| Owns(&corev1.Secret{}, builder.WithPredicates(predicate.GenerationChangedPredicate{})). | |||
| Owns(&routev1.Route{}). | |||
| Owns(&templatev1.Template{}). | |||
| Watches(&extv1.CustomResourceDefinition{}, enqueueStorageClusterRequest, builder.WithPredicates(crdPredicate)). | |||
There was a problem hiding this comment.
we already made a mistake (with Virt) in watching all CRDs increasing the memory footprint, my mistake in not pushing hard on this fix #2539, seeing this PR we don't want to watch all CRDs until & unless necessary.
Clubbed w/ 2539 we could do something like below as we are only interested in the metadata of CRDs while mapping CRDs.
crd := &metav1.PartialObjectMetadata{}
crd.SetGroupVersionKind(extv1.SchemeGroupVersion.WithKind("CustomResourceDefinition"))
crd.Name = <CRDName>
client.Get(<ctx>, <ns-name>, crd)
There was a problem hiding this comment.
Looked at this and I couldn't find a way to specify multiple names in the cache using field selector, But I have updated it to use PartialObjectMetadata here: #2745
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Changes
ClusterClaim,VolumeGroupSnapshotClassandDRClusterConfig).