Add flag for setting number of service account workers #69937
Conversation
k8s-ci-robot
added
release-note
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
cncf-cla: no
|
I believe I've associated my github account to my CNCF now... let me know if something still needs to be done there |
|
/check-cla |
|
/check-cla |
k8s-ci-robot
added
cncf-cla: yes
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
|
/assign @cheftako |
| @@ -239,6 +239,15 @@ func SetDefaults_ResourceQuotaControllerConfiguration(obj *kubectrlmgrconfigv1al | |||
| } | |||
| } | |||
|
|
|||
| func SetDefaults_SAControllerConfiguration(obj *kubectrlmgrconfigv1alpha1.SAControllerConfiguration) { | |||
| if obj.ConcurrentSATokenSyncs == 0 { | |||
There was a problem hiding this comment.
It seems this is already being set in SetDefaults_KubeControllerManagerConfiguration above.While the defaults seem to be the same do we want to allow for competing defaults?
There was a problem hiding this comment.
Ah, sorry... missed that. It probably makes more sense to set it with the service account controller specific default function.
k8s-ci-robot
added
the
lgtm
|
@cheftako anything more I need to do here? Wasn't sure if I needed to address the |
|
/kind feature |
k8s-ci-robot
added
kind/feature
|
@andybradshaw At this point you need an approver. I would check the OWNERS files detailed above. |
| @@ -426,6 +426,9 @@ type SAControllerConfiguration struct { | |||
| // serviceAccountKeyFile is the filename containing a PEM-encoded private RSA key | |||
| // used to sign service account tokens. | |||
| ServiceAccountKeyFile string | |||
| // concurrentServiceAccountSyncs is the number of service account syncing operations | |||
| // that will be done concurrently. | |||
| ConcurrentServiceAccountSyncs int32 | |||
There was a problem hiding this comment.
@liggitt Ugh, do we do names wrong (as it's done here) in literally every config type?
There was a problem hiding this comment.
do you mean not having json tags? this component doesn't yet read config from file, so we are free to rename fields, move them around, etc, prior to adding json tags.
that's on the roadmap to getting the components using external versioned config
There was a problem hiding this comment.
This is showing up as an API violation. I'd like to not let anything in that adds to the violation file. Reasonable or excessive request?
There was a problem hiding this comment.
that requires adding json tags to the file prior to actually thinking through what the serialized names should be. we didn't want to do that. a file with no json tags is clearly not intended to be serialized yet. a mix of fields, some with tags and some without, looks like a serializable struct with mistakes.
There was a problem hiding this comment.
a reasonable requirement would be to have no violations on the types prior to supporting loading these config types from files
There was a problem hiding this comment.
The tool is complaining that concurrentServiceAccountSyncs != ConcurrentServiceAccountSyncs; if the json tag were added, the tool would be happy. I honestly think the tool is kind of right.
There was a problem hiding this comment.
understood, but we did not want to add json tags before we intended the types to be serialized to files, because it implies they are serializable.
There was a problem hiding this comment.
Yeah, that makes sense. It seems the choices are to somehow exclude these types from the tool (which must currently believe they are serializable) or make the comment match the variable name. I don't care which choice is made, I think.
andybradshaw
force-pushed
the
ab/add-service-account-worker-configuration
branch
from
7aec01a
to
77ca61d
Compare
|
New changes are detected. LGTM label has been removed. |
k8s-ci-robot
added
kind/api-change
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: andybradshaw If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@lavalamp @liggitt Happy working on whatever you guys decide on for the path forward here. That being said, I'm not sure what that is at the moment...
|
|
If a placeholder of '-' makes the linter happy, I think that makes it
pretty clear to others that the type doesn't serialize.
…On Thu, Nov 1, 2018 at 9:45 PM Andy Bradshaw ***@***.***> wrote:
@lavalamp <https://github.com/lavalamp> @liggitt
<https://github.com/liggitt> Happy working on whatever you guys decide on
for the path forward here. That being said, I'm not sure what that is at
the moment...
1. I'm not sure making the comment name and the struct name match will
fix the error, the linter is complaining about fields which are missing
the json tag
<https://github.com/kubernetes/kube-openapi/blob/72693cb1fadd73ae2742f6fe29af77d1aecdd8cd/pkg/generators/rules/names_match.go#L97>.
Note the somewhat confusing example
<https://github.com/kubernetes/kube-openapi/blob/72693cb1fadd73ae2742f6fe29af77d1aecdd8cd/pkg/generators/rules/names_match.go#L74>,
which is meant to show that using a tag of json:"" will satisfy this
rule. However, I do find the naming inconsistency annoying ( #70565
<#70565>).
2. Making the tool skip these types might get a little wonky because
of how coupled generation and validation
<https://github.com/kubernetes/kube-openapi/blob/72693cb1fadd73ae2742f6fe29af77d1aecdd8cd/pkg/generators/rules/names_match.go#L74>
are... If we split those up, maybe adding a tag (
k8s:openapi-gen-lint=false?) to skip the structs, either individually
or at the package level, would work.
3. Would adding a placeholder tag of - be enough to indicate to
consumers that attempting to do serialization stuff probably isn't going to
do what you want? The presence of a tag, even if the field is ignored,
could be confusing.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#69937 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAnglgZ4SdWyD9uSgaDbe_HlsD1X8Tsmks5uq83hgaJpZM4Xk1Lt>
.
|
|
I want to take a pretty hard line about not adding violations starting asap; I'm willing to let this one in as long as we (i.e. @liggitt) all agree that the next change has to fix this. |
sure, that's fine as well |
|
@liggitt okay, I can make that change as part of the comment clean up PR or a separate PR if that would be preferable |
|
Either way works for me, thanks!
…On Fri, Nov 2, 2018 at 1:57 PM Andy Bradshaw ***@***.***> wrote:
@liggitt <https://github.com/liggitt> okay, I can make that change as
part of the comment clean up PR
<#70565> or a separate PR if
that would be preferable
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#69937 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAnglrVPH6svDm-NsQW1yTO3psycirkqks5urLHUgaJpZM4Xk1Lt>
.
|
k8s-ci-robot
added
the
needs-rebase
|
@andybradshaw: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it: This PR makes the number of workers for the Service Account controller configurable. We are running into some issues with this controller keeping up, and needed a way of updating the currently hard-coded worker value of 1.
Special notes for your reviewer: The documentation for the
--concurrent-serviceaccount-token-syncsflag seems to indicate that it defaults to 5, but was unable to find anything that handled the default values for the SAControllerConfiguration struct. Please let me know if defaults for that struct are handled in a different way.Release note: