annotate all pods under our domain, not just those in the STS #120
Conversation
|
The failures in the checks/Generate look unrelated jsonnet updates? |
|
@matej-g Could you review? Thank you! |
|
cc: @philipgough |
|
@tekicode if we go down this road, then we must change the configuration flag name from Separately, I am realizing now that the description of the [0] https://github.com/observatorium/thanos-receive-controller/blob/master/main.go#L81 |
This addresses the comment in: #120 (comment). Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
|
@squat aside from agreeing with all your points I actually think the |
I'm not sure how to address this comment. Without using annotate-pods, kubelet will update the configmap mounted on each container at most once every minute. It's not particularly at the top of the minute, just one minute timeout. The reason for the annotate-pods is to speed that up. So, if it fails, the fallback would be the default behavior (which is not ideal, I'll admit) I already see annotate-pods failures with the current code; so my changes here do not address the root behavior, only make it more useful. |
Hi thanks for the review. Slightly concerned that by changing the flag as you suggest, we would indicate to users that the controller is capable of allowing non statefulset pods into the hashring; which it is not and would not be recommended. The intention of my change here is for those of us using a split setup, with Statefulsets as endpoint targets, and Deployments working as autoscaling routers. These deployments are never in the endpoints list. Either way, it sounds like something that is more solved with documentation; would we rather docs say "Do not use --label to select Deployments for the hashring, as --label is only meant for statefulset selection" or "--annotate-pods will annotate ANY pod with this label, not just statefulset pods" IMO, I believe users would be more confused by trying to use Naming things is hard, it's more important we see the controller do the functionality than picking a name. Let me know how we can move forward! |
I already see annotate-pods failures with the current code; so my changes here do not address the root behavior, only make it more useful. You are not sure how to address it in what way? I'm aware of the reason for the flag to exist in the first place. I was merely commenting within a conversation where we were discussing issues with the existing approach. From a technical perspective, it can likely be addressed in some way by using an event driven approach and re-enqueuing Pods on failure to update, but that would make the controller significantly more complicated too. |
That would mean using controller-runtime tooling like the queue and caches etc. It would for sure make the controller more robust, turning it into a fully-fledged operator pretty much. Not a bad thing! It's just a trade-off: more work and complexity vs robustness and functionality. |
|
Another possible approach would be to eschew pod annotation entirely and instead instruct users to install third party tools like https://github.com/wave-k8s/wave or https://github.com/stakater/Reloader of they want "instantaneous" config updates. |
|
@squat @philipgough I unfortunately don't have the time to invest in making the controller more robust in the sync of the hashring file. Can we table that for another PR or issue? @philipgough Addressing
Each of these has a different implication for the end user in how the controller can function and I see issues with the language of all three. Please let me know if this is an impasse. We've found use of this controller in our pre-production environments and it's Pretty Good(tm) just a few things here and there to make it better. |
|
@tekicode i agree with doing the Bigger Refactor in a different PR :) |
|
Also, I fixed the generated files in #121 so that CI passes. Please rebase your PR on main :) |
tekicode
force-pushed
the
annotate-all-pods-on-change
branch
from
629a760
to
519d41c
Compare
tekicode
force-pushed
the
annotate-all-pods-on-change
branch
from
d59dff9
to
af45562
Compare
|
Changes in 45f615c are due to a limit on statements allowed in main() according to the lint rules. |
tekicode
force-pushed
the
annotate-all-pods-on-change
branch
from
af45562
to
45f615c
Compare
|
@squat @philipgough any chance either of you could review? ty! |
|
@saswatamcode available to review? ty! |
|
Sorry, I will take a look at this one asap |
| annotations = make(map[string]string) | ||
| } | ||
| // Select pods that have a controllerLabel matching ours. | ||
| podList, err := c.klient.CoreV1().Pods(c.options.namespace).List(ctx, |
There was a problem hiding this comment.
is this accurate? what if the controller is watching and acting on multiple StatefulSets? Won't it annotate Pods for each of those workloads even in the absence of a diff of their hashring which may be confusing?
There was a problem hiding this comment.
I don't believe the controller differentiates when it performs hashring updates as to which pods it touches. The sync code previously updated all pods on a hashring change, regardless of which hashring.
main.go
Outdated
| }) | ||
| if err != nil { | ||
| level.Error(c.logger).Log("msg", "failed to list pods belonging to controller", "err", err) | ||
| } else { |
There was a problem hiding this comment.
do we need this else block? assume we can just return if we fail to list Pods?
There was a problem hiding this comment.
addressed with be74ca3
main.go
Outdated
|
|
||
| annotations["annotationTimestamp"] = fmt.Sprintf("%d", time.Now().Unix()) | ||
| pod.SetAnnotations(annotations) | ||
| annotations[annotationKey] = fmt.Sprintf("%d", time.Now().Unix()) |
There was a problem hiding this comment.
instead of iterating over the Pods it might make more sense to calculate the timestamp in advance and set all Pods to the same value as when the hashring changed?
There was a problem hiding this comment.
addressed with 0861153
|
@philipgough Good to merge? |
annotatePods()only affects pods which are running in RouterIngestor mode: Pods which declare a hashring file AND are also a member of that hashring. It works by iterating through every expected pod in the STS. This has a couple of problems:This change will discover any pods with the
config.StatefulSetLabelvalue default:controller.receive.thanos.io=thanos-receive-controllerLABEL and add acontroller.receive.thanos.io/lastControllerUpdateannotation to each pod when the--annotate-pods-on-changeflag is used and a new CM is generated.It is not necessary to specify the
controller.receive.thanos.io/hashringlabel when using this feature on pods which are not part of the hashring.