Add API for update without registry #1548
Conversation
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Hello @jhernand! Some important instructions when contributing to openshift/api: |
openshift-ci
bot
added
the
size/L
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: jhernand The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
config/v1/types_cluster_version.go
Outdated
| // inmmediately after the required images are pinned and pre-loaded. | ||
| // | ||
| // +optional | ||
| Hold bool `json:"hold"` |
There was a problem hiding this comment.
We don't allow booleans in our APIs, https://github.com/openshift/enhancements/blob/master/dev-guide/api-conventions.md#do-not-use-boolean-fields, typically we use enumerated values instead.
This is a difficult API though. A hold option isn't something we normally represent in APIs. I would suggest an enum which determines the type of update, whether it's immediate or ... (on schedule?), how would you describe the current trigger?
There was a problem hiding this comment.
I am replacing this with a Schedule structure that contains a Type enum with possible values Immediate and Manual.
config/v1/types_cluster_version.go
Outdated
| // +optional | ||
| Hold bool `json:"hold"` | ||
|
|
||
| // bundle describes updates that will be performed using an update bundle. |
There was a problem hiding this comment.
What happens when this isn't present? What happens if this is specified and hold is not true currently? Does this field interact with any other field?
There was a problem hiding this comment.
This is orthogonal to Hold (now Schedule). It doesn't interact with any other field. I am renaming this to ImageSource and trying to clarify it.
config/v1/types_cluster_version.go
Outdated
| // If explicitly set to true then the desiredUpdate.version and desiredUpdate.image fields | ||
| // will be ignored. Instead the cluster will loop for the update bundle and will use to | ||
| // determine the version, pin and pre-loaded the images and appy the update. |
There was a problem hiding this comment.
This isn't going to be obvious to an end user, as there's no documentation or validation currently on this, we should improve this.
Ideally the update type would be in a discriminated union, rather than implicit like this
There was a problem hiding this comment.
I am replacing this with a UpdateImageSource discrimiated union that will have Registry and Bundle variants. Registry will be the default and correspond to the image source that we use today: image registries. Bundle will correspond to the mechanism that uses a bundle.
config/v1/types_cluster_version.go
Outdated
| // monitor indicates if the cluster should monitor device plug events to automatically | ||
| // detect when an update bundle is available. The default is false. | ||
| // | ||
| // +optional | ||
| Monitor bool `json:"monitor"` |
There was a problem hiding this comment.
This feels like another variation of the trigger, I think this is looking more and more like an enum
There was a problem hiding this comment.
I am replacing this with a DetectionMechanism discriminated union (inside the Bundle image source). It will have Manual and Automatic variants.
| // optional, and by default the cluster will look for the bundle in all the nodes. | ||
| // | ||
| // +optional | ||
| Node string `json:"node"` |
There was a problem hiding this comment.
Im curious, is this bundle field expected to be persistent? What happens when the node named isn't present? What happens if the node gets removed?
There was a problem hiding this comment.
Yes, it should be persisted, at least till the actual update has been started.
If the value of Node doesn't match any existing node then it should be flagged as an error.
If the node specified in Node is removed then the bundle will never be detected.
config/v1/types_cluster_version.go
Outdated
| // | ||
| // The format is be identifier of the digest algorithm followed by a colon and the digest | ||
| // value. Currently the only supported digest algorithm is sha256, so the value shold | ||
| // be something like sha256:1ef...03a. |
There was a problem hiding this comment.
This will need to be validation with a kubebuilder validation and regex.
Do you expect additional types to be supported in the future?
There was a problem hiding this comment.
Added the validation. I don't expect any additional types to be supported in the future, but can't rule it out.
| // Keys are the names of the nodes. | ||
| // | ||
| // +optional | ||
| Nodes map[string]NodeBundleStatus |
There was a problem hiding this comment.
Is there an equivalent for this information already in the cluster? Eg via the MCO already?
There was a problem hiding this comment.
I am not aware of any other place containing this information.
| File string `json:"file"` | ||
|
|
||
| // node contains the name of the node where the update bundle is available. This is | ||
| // optional, and by default the cluster will look for the bundle in all the nodes. |
There was a problem hiding this comment.
What happens if multiple bundles are found?
Is there any way that this resolution determines that bundles are incompatible? Eg we block upgrades on certain platforms for certain versions, how is this handled with this API?
There was a problem hiding this comment.
If multiple bundles are found the CVO will compare the metadata (which includes the version and architecture, also the list of images) and will abort the upgrade if they are different.
config/v1/types_cluster_version.go
Outdated
| // extracted indicates if the upgrade bundle has already been extracted to a temporary | ||
| // directory in the node. | ||
| // | ||
| // +required | ||
| Extracted bool `json:"extracted"` | ||
|
|
||
| // loaded indicates if the images of the upgrade bundle have been copied to the containers | ||
| // storage directory of the node. | ||
| // | ||
| // +required | ||
| Loaded bool `json:"loaded"` |
There was a problem hiding this comment.
I would recommend conditions instead, they allow you add additional context to explain why or why not the action has occurred
There was a problem hiding this comment.
Done. The latest version of the enhancement and the associated API pull request use discriminated unions and conditions.
| // +required | ||
| Loaded bool `json:"loaded"` | ||
|
|
||
| // metadata is the content of the metadata.json file that is part of the bundle. |
There was a problem hiding this comment.
How big is the metadata.json file typically? What kind of information does it store?
There was a problem hiding this comment.
It stores the architecture, version and list of image references of the upgrade. For a typical upgrade it takes approx 22 KiB.
This patch adds to the `ClusterVersion` type the fields required for updating without a registry server. Related: https://issues.redhat.com/browse/RFE-4482 Related: openshift/enhancements#1432 Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com>
jhernand
force-pushed
the
upgrade_without_registry_enhancement
branch
from
d33b001
to
a2218a4
Compare
|
@JoelSpeed I tried to address your comments and pushed a new version of the patch. Let me know what you think. |
| // downloaded from their corresponding registry servers. | ||
| // | ||
| // +optional | ||
| ImageSource UpdateImageSource `json:"imageSource,omitempty"` |
There was a problem hiding this comment.
Please remove Schedule UpdateSchedule json:"schedule,omitempty"` from this PR as it is not part of the parent enhancement
There was a problem hiding this comment.
It is part of the parent enhancement. It used to be a hold boolean flag to indicate if the upgrade has to be performed immediately after the images are pre-loaded or if it should wait for a later time. That functionality was suggested by @williamcaban during the review of the draft of the enhancement.
| // +kubebuilder:validation:XValidation:rule="has(self.architecture) && has(self.image) ? (self.architecture == '' || self.image == '') : true",message="cannot set both Architecture and Image" | ||
| // +kubebuilder:validation:XValidation:rule="has(self.architecture) && self.architecture != '' ? self.version != '' : true",message="Version must be set if Architecture is set" |
There was a problem hiding this comment.
This change is not intended as part of your PR, please revert
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@jhernand: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Replaced by #1713. |
This patch adds to the
ClusterVersiontype the fields required for updating without a registry server.Related: https://issues.redhat.com/browse/RFE-4482
Related: openshift/enhancements#1432