Add ownerRefernce to external check creation #378
Conversation
|
Can someone point me in the right direction? I wanted to send the the UID together with name etc. that is needed for the ownerReference meta data to the checks created but from the kuberhealthy I can't manage to find how to get the data from the CRD and then push it towards the objects straight away. Instead I tried to solve it by pulling the data from the CRD as seen in my PR. Any way if someone can point me in the correct direction I think i should be able to solve it. |
|
Hey @NissesSenap - Thank you for hacking on this! Unfortunately, I think the current approach may not be quite right. I think the right place to do this is around here. Basically we want to go into the Ultimately, I think that when a pod is programmatically created (anywhere) we should include this owner information. It's really good stuff and I am happy you brought it up. Making this one change would implement this owner information for all checker pods created by Kuberhealthy... Which is awesome. The next step would be to go through each checker pod and ensure that anytime it creates a pod or daemonset or whatever, it always specifies the right |
Added crdUID to Checker struct to save the UID created with the CRD.
NissesSenap
force-pushed
the
ownerRefDeployment
branch
from
dd56582
to
ab39fa9
Compare
NissesSenap
changed the title
|
Man I don't know how many hours i was looking for something like createPod() but ofc i should have looked in the pkg and not in the cmd/kuberhealthy... I'm not sure I found the correct path this time ether but it's definitely closer. Or I still haven't been able to wrap my head around it ^^ |
|
Thanks @NissesSenap ! I will take a look at this one tomorrow... I didn't get enough time to investigate your PR today. |
|
Have you by any chance built/tested this one yet on one of your own clusters? Our tests are almost non-existent due to how hard it is to spin up, tear down, and instrument a cluster for testing. If you have tested it, what version is that cluster? |
|
Yes I have tried it but it dosen't do the trick the ownerRef gets overwritten by the deployment, I will need to take a look at it again, but currently i need to prioritize other things. I run Kubernetes Version: v1.16.2 (Openshift version 4.3.0) |
pkg/checks/external/main.go
Outdated
| @@ -119,6 +123,7 @@ func New(client *kubernetes.Clientset, checkConfig *khcheckcrd.KuberhealthyCheck | |||
| OriginalPodSpec: checkConfig.Spec.PodSpec, | |||
| PodSpec: checkConfig.Spec.PodSpec, | |||
| KubeClient: client, | |||
| crdUID: checkConfig.GetObjectMeta().GetUID(), | |||
There was a problem hiding this comment.
seems like instead of the khcheck crdUID, you want to reference the kuberhealthy deployment UID? im not sure we have something in the code that gets the kuberhealthy deployment UID... @integrii ?
may need to add a function somewhere that finds the kuberhealthy deployment and gets the UID from it?
There was a problem hiding this comment.
I would think that the external checker pods that get spun up would have an owner reference that points to the kuberhealthy pod that spawned them (not the deployment or khcheck). This way, if the kuberhealthy instance that is orchestrating the check disappears for some reason, the checker pods it was orchestrating (and had stateful data for) are also removed.
I think this means we can probably drop all the crdUID property stuff and just simply put in the hostname of the kuberhealthy instance that spawns the pod in the owner reference.
There was a problem hiding this comment.
So I will finally take a third stab at this and I will do as you say just point back at the kuberhealthy pod as the owner. I hopefully have something to push later today.
Don't try to point to the CRD:s, instead point the owenerRefernece to the operator. Don't take in to account that the operator pod can be removed.
pkg/checks/external/main.go
Outdated
| p.OwnerReferences = []metav1.OwnerReference{ | ||
| { | ||
| APIVersion: "v1", | ||
| Kind: "Pod", |
There was a problem hiding this comment.
I tried to find a way to not hardcode the APIVersion and Kind but I was unable to do so.
I'm sure there is a nice way through the k8s core api, if you know it please point it out.
There was a problem hiding this comment.
Tried with apiv1.Pod{}.APIVersion but this just returns an empty string
|
I cleaned the CRD stuff as pointed out and put it towards the kuberhealthy master pod. |
|
Was thinking about remaking my function a bit and make it global so the other cmd could use it to reference to them self thus getting a ownerReference on the DS/deployment etc that they create. But the none of the checks currently just imports comcast/kuberhealthy/v2/pkg/checks/external |
|
Hmm I've been looking through that too, where would be a good place for this. So I know all checks import the external/checkclient package since it provides functions for external checks to report back to Kuberhealthy. I'm thinking that could be a spot, but its definitely not perfect. I would say there for now, unless others have an issue with that. @jonnydawg? @integrii is on paternal leave 🎉 rn so he may be slower to respond :P Both @jonnydawg and I can try importing that function in the daemonset and deployment check once you have it implemented so we can start adding ownerReferences to those checks! |
pkg/checks/external/main.go
Outdated
| } | ||
| return kHealthyPod, nil | ||
| } | ||
|
|
There was a problem hiding this comment.
wondering if this could all be combined to a single function addOwnerReference where it takes in the kube client and namespace (like you mentioned with making this more of a global function) and returns an ownerReference.
There was a problem hiding this comment.
Got an issue with circular imports so i created a separate package that i called utils and made it too two functions where ownerRef calls on the get pod one. Please have a look at the latest commit
This to make it reachable from the clients.
external/client needs the external packages. For now I have the exact same code in both files. This way it still works and the external checkers can still get ownerRef in a easy way.
This way we only need 1 function to get ownerRef
|
Due to circular imports I created a new package that i called uitls, maybe not the best name. It won't be any issue for you to call this package from the different checks. Hopefully you think this looks okay. I can also have a mock fest and try to write some test for my very small package. |
| } else { | ||
| // Sets OwnerRefernces on all checker pods | ||
| p.OwnerReferences = ownerRef | ||
| } |
There was a problem hiding this comment.
Hmm after @jonnydawg and I look through this a bit, I believe we want to return the error instead of just logging it
There was a problem hiding this comment.
My thought was that it isn't worth not creating the pod just because you can't find the ownerRef so that's why I did a log instead of a return.
But I have updated the code to return the error and removed the else.
|
Overall, I think this looks good! I like how its in a separate util package. I think as long as we bubble up the error we should be good to go! @jonnydawg and I should be able to import this package to the ds and deployment checks 👍 thanks so much! |
Removing some old constants and fixing go.mod
|
Also, tested this locally, and it worked well! When I delete the kuberhealthy instance responsible for all the external checks, all the completed external checks were deleted -- super helpful for cleanup purposes :) |
This doesn't work. Need input.
This is my initial stab at #366