new Insights 'DataGather' CRD to allow on-demand data gathering #1365
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Hello @tremes! Some important instructions when contributing to openshift/api: For merging purposes, this repository follows the no-Feature-Freeze process which means that in addition to the standard
OR
Who should apply these qe/docs/px labels?
|
tremes
force-pushed
the
on-demand-insights
branch
from
108ccf3
to
f9f4c00
Compare
| listKind: DataGatherList | ||
| plural: datagathers | ||
| singular: datagather | ||
| scope: Namespaced |
There was a problem hiding this comment.
I am not sure whether this would be better as namespaced or clusterscoped.
There was a problem hiding this comment.
Good question, what do we expect the usage pattern of this to be? If you have it namespaced, will you reconcile objects across all namespaces or just a single pre-defined namespace?
CC @deads2k interested to see what you think about this
One thought, given we are discussing this API owning pods/jobs, having it namespaced then pairs nicely with it being a job semantic. The pod would be created in the same namespace i guess
There was a problem hiding this comment.
Let me put it this way. I think the periodic gathering will create the CR as well as the job in the openshift-insights namespace. The question is more about the on-demand gathering where the CR will be created by the user. I think it would make sense to watch only CRs created in one namespace (openshift-insights), because the jobs will be created there anyways...but I don't have so much experience in this area.
There was a problem hiding this comment.
There are definitely other APIs with similar patterns, for example the machine API only operates on machines in the machine API namespace
So I could see that restriction as in keeping
| listKind: DataGatherList | ||
| plural: datagathers | ||
| singular: datagather | ||
| scope: Namespaced |
There was a problem hiding this comment.
Good question, what do we expect the usage pattern of this to be? If you have it namespaced, will you reconcile objects across all namespaces or just a single pre-defined namespace?
CC @deads2k interested to see what you think about this
One thought, given we are discussing this API owning pods/jobs, having it namespaced then pairs nicely with it being a job semantic. The pod would be created in the same namespace i guess
tremes
force-pushed
the
on-demand-insights
branch
from
f9f4c00
to
1712c6f
Compare
tremes
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
tremes
force-pushed
the
on-demand-insights
branch
from
1d11d87
to
7ecc00b
Compare
insights/v1alpha1/types_insights.go
Outdated
|
|
||
| type DataGatherStatus struct { | ||
| // conditions provide details on the status of the gatherer job. | ||
| // +listType=atomic |
There was a problem hiding this comment.
Conditions will definitely have a single writer? Normally conditions is a list type of map with the map key as the type field within the condition, which allows multiple actors to apply their own conditions, using an atomic list means only a single actor owns the whole list, that may be what you want, just want to duble check (same for gather status below)
There was a problem hiding this comment.
Yes. I think so. Only the related job can update the corresponding CR.
tremes
force-pushed
the
on-demand-insights
branch
from
2e53d63
to
73d6a01
Compare
|
Did we ever make a conclusion on namespaced vs cluster scoped? |
|
@JoelSpeed I think we didn't:
I am for the namespaced approach, but @deads2k opinion (as well as others opinions of course) is welcome :) |
tremes
force-pushed
the
on-demand-insights
branch
from
2e74c2c
to
e5ab208
Compare
There was a problem hiding this comment.
One small error on the list map key but otherwise I think we are pretty much ready to go on this.
A few things to consider:
- @deads2k asked what a future where configuration for individual gatherers is needed, what that would look like and where disabled gatherers fits into that, I don't know that we resolved that conversation
- Currently, you haven't included any CEL validation rules, is this something we are interested in? For example, since users can now set status themselves, it's good to set fields in status so that they can't be modified, eg, the
insightsRequestIDshould never change, right? So we could make that immutable once set, likewise with start and finish times. You could also validate that thestateof aDataGathernever goes backwards, imagine a user trying to "restart" the gather, if they cleared the state, what would your operator do? - Are there any validations that you think need tests, we can add new tests to the integration suite to validate the transitions between states and check things like the regex values where this might be helpful
tremes
force-pushed
the
on-demand-insights
branch
from
dfcf20c
to
ba54f25
Compare
There was a problem hiding this comment.
Can we please add integration tests for the CEL validations you've added, I'd like to see at a minimum:
- status is present in initial and has no
startTimeandstartTimeis added - status is present in initial and has no
requestIDandrequestIDis added - attempt to remove
startTime/finishTime/insightsRequestID - Some validation of
DataGatherStatetransitions
| RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"` | ||
| // insightsRequestID is an Insights request ID to track the status of the | ||
| // Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="insightsRequestID is immutable once set" |
There was a problem hiding this comment.
This might break, you probably want
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="insightsRequestID is immutable once set" | |
| // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="insightsRequestID is immutable once set" |
There was a problem hiding this comment.
Hm let me experiment it with that more, but it's the example from https://kubernetes.io/blog/2022/09/29/enforce-immutability-using-cel/#immutablility-after-first-modification
There was a problem hiding this comment.
OK this works for the string attribute, however it's not clear to me whether it's required or not (because it seems working fine without it)
There was a problem hiding this comment.
as above, I suspect this may break, but I'm willing to loosen once you see it.
| Gatherers []GathererStatus `json:"gatherers,omitempty"` | ||
| // startTime is the time when Insights data gathering started. | ||
| // +kubebuilder:validation:Optional | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="startTime is immutable once set" |
There was a problem hiding this comment.
What's the zero value here, do you want to be able to change this form the zero value? Typically with a string we would include oldSelf == '' || at the beginning of this
There was a problem hiding this comment.
Yes I think we want to change this from the zero value. Adding oldSelf == '' || doesn't work though. I am getting:
The CustomResourceDefinition "datagathers.insights.openshift.io" is invalid: spec.validation.openAPIV3Schema.properties[status].properties[finishTime].x-kubernetes-validations[0].rule: Invalid value: apiextensions.ValidationRule{Rule:"oldSelf == '' || self == oldSelf", Message:"finishTime is immutable once set"}: compilation failed: ERROR: <input>:1:9: found no matching overload for '_==_' applied to '(timestamp, string)'
| oldSelf == '' || self == oldSelf
| ........^
There was a problem hiding this comment.
If this doesn't work for you, I'm willing to adjust afterwards. I suspect you need a cast of some kind.
| StartTime metav1.Time `json:"startTime,omitempty"` | ||
| // finishTime is the time when Insights data gathering finished. | ||
| // +kubebuilder:validation:Optional | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="finishTime is immutable once set" |
There was a problem hiding this comment.
As above, not sure if we want to allow transition from the zero value
tremes
force-pushed
the
on-demand-insights
branch
from
483e3ad
to
e34c952
Compare
tremes
force-pushed
the
on-demand-insights
branch
from
a0c7946
to
ba793e0
Compare
|
Very nice API. I suspect Joel is correct and you'll hit some bumps where you cannot mutate as you need to. But these particular fields (not in general, but these specific ones), we could loosen for you if you hit a problem. /approve |
deads2k
added
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, tremes The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, tremes The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@tremes: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
API part for the enhancement proposal openshift/enhancements#1279