New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new Insights 'DataGather' CRD to allow on-demand data gathering #1365
new Insights 'DataGather' CRD to allow on-demand data gathering #1365
Conversation
Hello @tremes! Some important instructions when contributing to openshift/api: For merging purposes, this repository follows the no-Feature-Freeze process which means that in addition to the standard
OR
Who should apply these qe/docs/px labels?
|
108ccf3
to
f9f4c00
Compare
listKind: DataGatherList | ||
plural: datagathers | ||
singular: datagather | ||
scope: Namespaced |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure whether this would be better as namespaced or clusterscoped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question, what do we expect the usage pattern of this to be? If you have it namespaced, will you reconcile objects across all namespaces or just a single pre-defined namespace?
CC @deads2k interested to see what you think about this
One thought, given we are discussing this API owning pods/jobs, having it namespaced then pairs nicely with it being a job semantic. The pod would be created in the same namespace i guess
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me put it this way. I think the periodic gathering will create the CR as well as the job in the openshift-insights
namespace. The question is more about the on-demand gathering where the CR will be created by the user. I think it would make sense to watch only CRs created in one namespace (openshift-insights
), because the jobs will be created there anyways...but I don't have so much experience in this area.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are definitely other APIs with similar patterns, for example the machine API only operates on machines in the machine API namespace
So I could see that restriction as in keeping
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not done a thorough review of the API yet but a few initial comments
listKind: DataGatherList | ||
plural: datagathers | ||
singular: datagather | ||
scope: Namespaced |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question, what do we expect the usage pattern of this to be? If you have it namespaced, will you reconcile objects across all namespaces or just a single pre-defined namespace?
CC @deads2k interested to see what you think about this
One thought, given we are discussing this API owning pods/jobs, having it namespaced then pairs nicely with it being a job semantic. The pod would be created in the same namespace i guess
f9f4c00
to
1712c6f
Compare
1d11d87
to
7ecc00b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is pretty much good to go, few nits/suggestions for improvement
insights/v1alpha1/types_insights.go
Outdated
|
||
type DataGatherStatus struct { | ||
// conditions provide details on the status of the gatherer job. | ||
// +listType=atomic |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Conditions will definitely have a single writer? Normally conditions is a list type of map with the map key as the type field within the condition, which allows multiple actors to apply their own conditions, using an atomic list means only a single actor owns the whole list, that may be what you want, just want to duble check (same for gather status below)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. I think so. Only the related job can update the corresponding CR.
2e53d63
to
73d6a01
Compare
Did we ever make a conclusion on namespaced vs cluster scoped? |
@JoelSpeed I think we didn't:
I am for the namespaced approach, but @deads2k opinion (as well as others opinions of course) is welcome :) |
2e74c2c
to
e5ab208
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small error on the list map key but otherwise I think we are pretty much ready to go on this.
A few things to consider:
- @deads2k asked what a future where configuration for individual gatherers is needed, what that would look like and where disabled gatherers fits into that, I don't know that we resolved that conversation
- Currently, you haven't included any CEL validation rules, is this something we are interested in? For example, since users can now set status themselves, it's good to set fields in status so that they can't be modified, eg, the
insightsRequestID
should never change, right? So we could make that immutable once set, likewise with start and finish times. You could also validate that thestate
of aDataGather
never goes backwards, imagine a user trying to "restart" the gather, if they cleared the state, what would your operator do? - Are there any validations that you think need tests, we can add new tests to the integration suite to validate the transitions between states and check things like the regex values where this might be helpful
dfcf20c
to
ba54f25
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we please add integration tests for the CEL validations you've added, I'd like to see at a minimum:
- status is present in initial and has no
startTime
andstartTime
is added - status is present in initial and has no
requestID
andrequestID
is added - attempt to remove
startTime
/finishTime
/insightsRequestID
- Some validation of
DataGatherState
transitions
RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"` | ||
// insightsRequestID is an Insights request ID to track the status of the | ||
// Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. | ||
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="insightsRequestID is immutable once set" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might break, you probably want
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="insightsRequestID is immutable once set" | |
// +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="insightsRequestID is immutable once set" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm let me experiment it with that more, but it's the example from https://kubernetes.io/blog/2022/09/29/enforce-immutability-using-cel/#immutablility-after-first-modification
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK this works for the string attribute, however it's not clear to me whether it's required or not (because it seems working fine without it)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as above, I suspect this may break, but I'm willing to loosen once you see it.
Gatherers []GathererStatus `json:"gatherers,omitempty"` | ||
// startTime is the time when Insights data gathering started. | ||
// +kubebuilder:validation:Optional | ||
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="startTime is immutable once set" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the zero value here, do you want to be able to change this form the zero value? Typically with a string we would include oldSelf == '' ||
at the beginning of this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I think we want to change this from the zero value. Adding oldSelf == '' ||
doesn't work though. I am getting:
The CustomResourceDefinition "datagathers.insights.openshift.io" is invalid: spec.validation.openAPIV3Schema.properties[status].properties[finishTime].x-kubernetes-validations[0].rule: Invalid value: apiextensions.ValidationRule{Rule:"oldSelf == '' || self == oldSelf", Message:"finishTime is immutable once set"}: compilation failed: ERROR: <input>:1:9: found no matching overload for '_==_' applied to '(timestamp, string)'
| oldSelf == '' || self == oldSelf
| ........^
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this doesn't work for you, I'm willing to adjust afterwards. I suspect you need a cast of some kind.
StartTime metav1.Time `json:"startTime,omitempty"` | ||
// finishTime is the time when Insights data gathering finished. | ||
// +kubebuilder:validation:Optional | ||
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="finishTime is immutable once set" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As above, not sure if we want to allow transition from the zero value
483e3ad
to
e34c952
Compare
a0c7946
to
ba793e0
Compare
Very nice API. I suspect Joel is correct and you'll hit some bumps where you cannot mutate as you need to. But these particular fields (not in general, but these specific ones), we could loosen for you if you hit a problem. /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, tremes The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, tremes The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@tremes: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
API part for the enhancement proposal openshift/enhancements#1279