Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation for child jobs without ownerReference #865

Merged
merged 1 commit into from
Jun 26, 2023
Merged

Add validation for child jobs without ownerReference #865

merged 1 commit into from
Jun 26, 2023

Conversation

tenzen-y
Copy link
Member

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

I added validation not to allow child jobs without ownerReference.

Which issue(s) this PR fixes:

Follow-up: #821 (comment)

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Add validation for child jobs without ownerReference.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. labels Jun 17, 2023
@netlify
Copy link

netlify bot commented Jun 17, 2023
edited

Deploy Preview for kubernetes-sigs-kueue canceled.

Name Link
🔨 Latest commit d8a854e
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-kueue/deploys/6499a91e08eab00008eda9aa

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 17, 2023
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jun 17, 2023
@tenzen-y
Copy link
Member Author

/assign @kerthcet

@tenzen-y
Copy link
Member Author

/test pull-kueue-test-e2e-main-1-26

@tenzen-y
Copy link
Member Author

friendly ping @kerthcet :)

@tenzen-y tenzen-y force-pushed the no-allow-parent-job-withoiut-owner branch from 0349b30 to c025f54 Compare June 26, 2023 15:02
@tenzen-y
Add validation for child jobs without ownerReference
d8a854e 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
@tenzen-y tenzen-y force-pushed the no-allow-parent-job-withoiut-owner branch from c025f54 to d8a854e Compare June 26, 2023 15:04
@tenzen-y
Copy link
Member Author

@kerthcet I have addressed your comments. PTAL.

alculquicondor
alculquicondor reviewed Jun 26, 2023
View reviewed changes
pkg/controller/jobframework/validation.go
var allErrs field.ErrorList
if _, exists := job.Object().GetAnnotations()[constants.ParentWorkloadAnnotation]; exists {
if job.Object().GetOwnerReferences() == nil {
allErrs = append(allErrs, field.Forbidden(parentWorkloadKeyPath, "must not add a parent workload annotation to job without OwnerReference"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we could also check that the owner is a well-known job owner.

And maybe there should be a Kueue configuration that allows to say which other APIs are job owners (in addition to the ones implemented in-tree).
This way, it should be possible to write external integration controllers and tell kueue to trust particular owner references and not suspend the jobs.

Once we have this trust, we can potentially simplify this code and not query weather the parent workload has a queue name

kueue/pkg/controller/jobframework/reconciler.go

Lines 121 to 137 in b463573

if !r.manageJobsWithoutQueueName && QueueName(job) == "" {
if isStandaloneJob {
log.V(3).Info("Neither queue-name label, nor parent-workload annotation is set, ignoring the job",
"queueName", QueueName(job), "parentWorkload", ParentWorkloadName(job))
return ctrl.Result{}, nil
}
isParentJobManaged, err := r.IsParentJobManaged(ctx, job.Object(), namespacedName.Namespace)
if err != nil {
log.Error(err, "couldn't check whether the parent job is managed by kueue")
return ctrl.Result{}, err
}
if !isParentJobManaged {
log.V(3).Info("parent-workload annotation is set, and the parent job doesn't have a queue-name label, ignoring the job",
"parentWorkload", ParentWorkloadName(job))
return ctrl.Result{}, nil
}
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't see any disadvantages to trust custom jobs, so I'm ok with this validation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It sounds good. Let me try to work on the feature in follow-ups.

alculquicondor
alculquicondor reviewed Jun 26, 2023
View reviewed changes
Copy link
Contributor

@alculquicondor alculquicondor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve
/hold
for suggestion, but it can also be a follow up

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 26, 2023
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 26, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alculquicondor, tenzen-y

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 26, 2023
@tenzen-y
Copy link
Member Author

/lgtm /approve /hold for suggestion, but it can also be a follow up

I would like to work on the feature in follow-ups.
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 26, 2023
@k8s-ci-robot k8s-ci-robot merged commit ac75903 into kubernetes-sigs:main Jun 26, 2023
15 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v0.4 milestone Jun 26, 2023
@tenzen-y tenzen-y deleted the no-allow-parent-job-withoiut-owner branch June 26, 2023 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alculquicondor alculquicondor alculquicondor left review comments

@kerthcet kerthcet kerthcet left review comments

@denkensk denkensk Awaiting requested review from denkensk

Assignees

@alculquicondor alculquicondor

@kerthcet kerthcet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v0.4
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@tenzen-y @k8s-ci-robot @alculquicondor @kerthcet