Retrieve every k8s resource generated by a Carvel package installation (alt) #4068
Conversation
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
antgamdia
force-pushed
the
3854-getResources-alt
branch
from
21d76e1
to
e1d6b2e
Compare
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
| qps: "50.0" | ||
| ## @param kubeappsapis.burst KubeappsAPIs Kubernetes API client Burst limit | ||
| ## | ||
| burst: "15" | ||
| burst: "100" |
There was a problem hiding this comment.
Limits increased with the same OpenShift defaults; the waiting time is now reasonable, though increasing the QPS will of course benefit the response time when querying the k8s API.
| // Pass the REST client to the (custom) kapp factory | ||
| configFactory := NewConfigurableConfigFactoryImpl() | ||
| configFactory.ConfigureRESTConfig(config) |
There was a problem hiding this comment.
This is the part currently unsupported by the Carvel team. They recommended we just implement our custom struct satisfying their interface, don't know if they will be willing to accept a PR for that, though.
There was a problem hiding this comment.
Seems like a simple and useful change, so not sure why not.
| // Getting namespaced clients (e.g., for fetching an App) | ||
| supportingNsObjs, err := kappcmdapp.FactoryClients(depsFactory, kappcmdcore.NamespaceFlags{Name: namespace}, resourceTypesFlags, logger.NewNoopLogger()) | ||
| if err != nil { | ||
| return ctlapp.Apps{}, ctlres.IdentifiedResources{}, nil, ctlres.ResourceFilter{}, status.Errorf(codes.FailedPrecondition, "unable to get config due to: %v", err) | ||
| } | ||
|
|
||
| // Getting non-namespaced clients (e.g., for fetching every k8s object in the cluster) | ||
| supportingObjs, err := kappcmdapp.FactoryClients(depsFactory, kappcmdcore.NamespaceFlags{Name: ""}, resourceTypesFlags, logger.NewNoopLogger()) | ||
| if err != nil { | ||
| return ctlapp.Apps{}, ctlres.IdentifiedResources{}, nil, ctlres.ResourceFilter{}, status.Errorf(codes.FailedPrecondition, "unable to get config due to: %v", err) | ||
| } |
There was a problem hiding this comment.
This is the only way I've seen to able to query the resources that have been created in a different namespace (like Harbor). I can't find any reference to this freshly created namespace in any of the kapp-related CRs.
There was a problem hiding this comment.
Sorry, I'm missing some info here? Does the harbor package create resources in the target namespace (of the package install) as well as another namespace? And why can't we see the client that the Kapp CLI creates to do the same command? (which you've mentioned below, just not sure why we can't also see the same for this issue here).
There was a problem hiding this comment.
Yep, sorry, let me explain myself better.
When we install a package in Kubeapps in a certain namespace (e.g., Harbor in default ns), we are creating: a PackageInstall in default and a ConfigMap in default.
Additionally, kapp, under the scenes, is gonna create an App in default. Neither the PackageInstall nor the App has references to anything different from the namespace default.
However, when reconciling, this App starts creating the resources, which happen to be a namespace harbor and a set of several resources that are also created in this harbor namespace.
Perhaps there's something I missed in the Kapp CLI code. In fact, they have a --dangerous-scope-to-fallback-allowed-namespaces flag, so I guess, for the name it has, they are not allowing querying everything.
If only I had a reference to this harbor namespace somewhere, I'd be able to query the current default ns as well as harbor as this kind of "fallback allowed namespace".
| if app.Status.Inspect != nil { | ||
| inspectStdout = app.Status.Inspect.Stdout | ||
| inspectStderr = app.Status.Inspect.Stderr | ||
| } |
There was a problem hiding this comment.
Removing the text-plain output of the resources, as it becomes redundant after this PR.
| @@ -399,3 +401,55 @@ func (s *Server) updatePkgInstall(ctx context.Context, cluster, namespace string | |||
| } | |||
| return &pkgInstall, nil | |||
| } | |||
|
|
|||
| // inspectKappK8sResources returns the list of k8s resources matching the given listOptions | |||
| func (s *Server) inspectKappK8sResources(ctx context.Context, cluster, namespace, packageId string) ([]*corev1.ResourceRef, error) { | |||
There was a problem hiding this comment.
This is mostly the code that kapp CLI itself uses for inspecting an app, but adapted to our needs.
| kappClientsGetter: func(ctx context.Context, cluster, namespace string) (ctlapp.Apps, ctlres.IdentifiedResources, *kappcmdapp.FailingAPIServicesPolicy, ctlres.ResourceFilter, error) { | ||
| // Create a fake DepsFactory and pass it the fake k8s clients | ||
| depsFactory := NewFakeDepsFactoryImpl() | ||
| depsFactory.SetCoreClient(typedClient) | ||
| depsFactory.SetDynamicClient(dynClient) |
There was a problem hiding this comment.
This is the approach I've been able to come up with for faking the kapp internal clients. Even if it kinda works, it returns an empty list of resources found :(
If you have any suggestions or can give it a try, I'd really appreciate it!
There was a problem hiding this comment.
So I setup the vscode debugger (which was pretty simple - hadn't used it much before) and traced this down from your call to resources, err := resourcesClient.List(labelSelector, nil) in server_data_resources.go. From there:
- kapp first tries to list all the resource types on the cluster, which, for your test client, results in an empty slice, so that
- kapp goes on to call
resources.All(resTypes, allOpts), but this just iterates the slice ofresTypes, so also returns an empty slice.
Looking at the implementation, the core issue is the function which collects the resource types is using the discovery api, so in your test it's not returning any APIs. Might be worth re-checking the kapp test code to see how they setup the discovery API in tests or otherwise ensure certain resource types (pods, in your case) are returned.
HTH!
| }) | ||
| } | ||
| return refs, nil | ||
| } |
There was a problem hiding this comment.
Excellent, thanks for the very clear code in this part :)
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
| typedClient := typfake.NewSimpleClientset(tc.existingTypedObjects...) | ||
|
|
||
| // We cast the dynamic client to a fake client, so we can set the response | ||
| fakeDiscovery, _ := typedClient.Discovery().(*disfake.FakeDiscovery) | ||
| fakeDiscovery.Fake.Resources = apiResources |
There was a problem hiding this comment.
After creating a bunch of custom types... it just came down to this approach.
The crux was just in casting the Discovery() result so that we can manually leverage from the builtin .Fake.Resources
Thanks for the pointer, Michael. Best solution when you're stuck is have some rest and start over the next day with a fresh mind :P
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Conflicts: go.mod go.sum
(Alternative solution for the same purpose of #4062)
Description of the change
This PR removes the workaround we implemented when we released it last time and implements a generic way to retrieve all the kubernetes resources matching a certain label. This way we can fetch every k8s resource created as a result of a Carvel PackageInstall.
Benefits
The retrieved resources for a carvel package will now include every possible one, not a fixed list of pods, svc and deployments.
New: it uses the Kapp code directly, instead of manually iterating over the k8s resources manually.
Possible drawbacks
Hitting the k8s APIs for querying every possible available resource is expensive in time if the QPS is low. Using a reasonable value (as OpenShift does) of 50 QPS, the waiting time decreases.
Applicable issues
GetInstalledPackageResourceRefs#3854Additional information
** Testing pending, I'm not able to get it to work so far **
PR in action:
carvelResourcesKapp2.mp4