Bug 1965283: Static Resources Controller for Sync #216
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-ci
bot
added
the
approved
adambkaplan
force-pushed
the
ocmo-fix-throttle-2
branch
from
4dac35c
to
09eb355
Compare
adambkaplan
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
@adambkaplan: This pull request references Bugzilla bug 1965283, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
bugzilla/severity-high
There was a problem hiding this comment.
/assign @gabemontero
I believe you had last touched the bits around the status reporting - this was changed a bit with the addition of the new controller.
| @@ -51,7 +50,7 @@ func NewOpenShiftControllerManagerOperator( | |||
| targetImagePullSpec string, | |||
| operatorConfigInformer operatorinformersv1.OpenShiftControllerManagerInformer, | |||
| proxyInformer configinformerv1.ProxyInformer, | |||
| kubeInformersForOpenshiftControllerManager informers.SharedInformerFactory, | |||
| kubeInformers v1helpers.KubeInformersForNamespaces, | |||
There was a problem hiding this comment.
We use this struct with the static resource sync controller and the resource sync controller, too.
There was a problem hiding this comment.
@adambkaplan - would it be possible to specify the repos(s) / packages(s) where the static resource sync controller and resource sync controller are located? I'm guessing they are in library-go, but some quick scans are not proving fruitful to me.
I'd like to do some cross referencing as part of the review.
Thanks
There was a problem hiding this comment.
wait I may have found it later in the review ... 09eb355#diff-0d623dfd885adb20f991bda4c2453aebd732ca6dbb4d1d4be6e79805c3b48de6R129
| if _, err := c.operatorConfigClient.OpenShiftControllerManagers().UpdateStatus(context.TODO(), operatorConfig, metav1.UpdateOptions{}); err != nil { | ||
| return err | ||
| } | ||
| } |
There was a problem hiding this comment.
The status sync controller takes care of the CVO status reporting for us if the operator moves to Unamanged or Removed.
| if highRateLimitProtoKubeConfig.Burst < 100 { | ||
| highRateLimitProtoKubeConfig.Burst = 100 | ||
| } | ||
| kubeClient, err := kubernetes.NewForConfig(highRateLimitProtoKubeConfig) |
There was a problem hiding this comment.
The static resource sync controller unfortunately doesn't use listers when reconciling RBAC objects.
This is problematic for ocm because we reconcile a lot of roles/clusterroles and their role bindings.
Long term we should be the ones to improve this in library-go, but for the interim we can increase the QPS and reduce the instances where the sync controller is throttled.
There was a problem hiding this comment.
So you are specifically referring to https://github.com/openshift/library-go/blob/c537a5b2af0196a9a235ccecc0d05c2583899f3d/pkg/operator/resource/resourceapply/generic.go#L150 as an example @adambkaplan, correct ?
There was a problem hiding this comment.
If so, a commit specific link to the file in question might help us to quickly remember where to go if we ever get to this TODO
There was a problem hiding this comment.
I think if I update the comment to use StaticResourceController then we should be ok (it is initialized later in this method).
There was a problem hiding this comment.
sorry I'm not following how updating the comment to use StaticResourceController pertains to my question around confirming where the shortcoming in library-go is and ask to somehow point to the location in that code for future reference
There was a problem hiding this comment.
Updated the comments - hopefully things are a little bit clearer.
| "", | ||
| util.TargetNamespace, | ||
| util.OperatorNamespace, | ||
| util.UserSpecifiedGlobalConfigNamespace, | ||
| util.InfraNamespace, | ||
| metav1.NamespaceSystem, |
There was a problem hiding this comment.
New additions to this list:
- Cluster scoped (
"") openshift-infrakube-system
| @@ -105,10 +126,40 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller | |||
| controllerConfig.EventRecorder, | |||
| ) | |||
|
|
|||
| staticResourceController := staticresourcecontroller.NewStaticResourceController( | |||
There was a problem hiding this comment.
This is a simple controller that takes a bag of YAMLs and applies them, and reports status to the operator config object's status. That gets rolled up to the CVO object via the status sync controller.
There was a problem hiding this comment.
added the TODO here to make it clear where in library-go we need to add a future enhancement.
There was a problem hiding this comment.
Nice pulling in a relatively newer library-go function @adambkaplan
Minor comment / constant suggestions around the parameter for cluster scoped and the future TODO wrt rbac listers in the static resource controller. Otherwise just a clarifying question or two.
And per you comment that I was last in this code, I certainly did not see anything that disrupted my recent Upgradeable change.
| @@ -39,15 +53,22 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller | |||
| return err | |||
| } | |||
|
|
|||
| kubeInformers := v1helpers.NewKubeInformersForNamespaces(kubeClient, util.TargetNamespace, util.OperatorNamespace, util.UserSpecifiedGlobalConfigNamespace) | |||
| kubeInformers := v1helpers.NewKubeInformersForNamespaces(kubeClient, | |||
| "", | |||
There was a problem hiding this comment.
let's put a comment in code to indicate this means cluster scoped, as you clarified in the PR comment 09eb355#r644180187
There was a problem hiding this comment.
Or go with #216 (comment) instead
There was a problem hiding this comment.
I'll add a comment to say "empty means cluster-scoped"
| @@ -51,7 +50,7 @@ func NewOpenShiftControllerManagerOperator( | |||
| targetImagePullSpec string, | |||
| operatorConfigInformer operatorinformersv1.OpenShiftControllerManagerInformer, | |||
| proxyInformer configinformerv1.ProxyInformer, | |||
| kubeInformersForOpenshiftControllerManager informers.SharedInformerFactory, | |||
| kubeInformers v1helpers.KubeInformersForNamespaces, | |||
There was a problem hiding this comment.
wait I may have found it later in the review ... 09eb355#diff-0d623dfd885adb20f991bda4c2453aebd732ca6dbb4d1d4be6e79805c3b48de6R129
| if highRateLimitProtoKubeConfig.Burst < 100 { | ||
| highRateLimitProtoKubeConfig.Burst = 100 | ||
| } | ||
| kubeClient, err := kubernetes.NewForConfig(highRateLimitProtoKubeConfig) |
There was a problem hiding this comment.
So you are specifically referring to https://github.com/openshift/library-go/blob/c537a5b2af0196a9a235ccecc0d05c2583899f3d/pkg/operator/resource/resourceapply/generic.go#L150 as an example @adambkaplan, correct ?
| forceRollout = true | ||
| } | ||
| } | ||
| // TODO - use labels/annotations to force a daemonset rollout |
There was a problem hiding this comment.
IIRC this is a different TODO comment from what you had in your last PR in the same spot, and this is a TODO comment you want to keep, correct @adambkaplan ?
There was a problem hiding this comment.
Yes - we are passing forceRollout to a method that has been deprecated. We should use labels or annotations to drive rollouts.
There was a problem hiding this comment.
thanks for the confirmation
| @@ -6,6 +6,7 @@ const ( | |||
| MachineSpecifiedGlobalConfigNamespace = "openshift-config-managed" | |||
| TargetNamespace = "openshift-controller-manager" | |||
| OperatorNamespace = "openshift-controller-manager-operator" | |||
| InfraNamespace = "openshift-infra" | |||
There was a problem hiding this comment.
As an alternative to my comment at 09eb355#diff-0d623dfd885adb20f991bda4c2453aebd732ca6dbb4d1d4be6e79805c3b48de6R57 we could add a constant here named something like ClusterScoped that is set to the emtpy string ""
| if highRateLimitProtoKubeConfig.Burst < 100 { | ||
| highRateLimitProtoKubeConfig.Burst = 100 | ||
| } | ||
| kubeClient, err := kubernetes.NewForConfig(highRateLimitProtoKubeConfig) |
There was a problem hiding this comment.
If so, a commit specific link to the file in question might help us to quickly remember where to go if we ever get to this TODO
adambkaplan
force-pushed
the
ocmo-fix-throttle-2
branch
from
09eb355
to
c6bcf70
Compare
- Refactor ocm-o to use the static resources controller to sync static YAML assets. - Add infomers for cluster-scoped objects, openshift-infra, and kube-system as a namespace to use an informer to fetch core k8s objects. - Use cached ConfigMapsGetter in the main workload sync controller - Don't set unmanaged/removed messages. The status controller is now responsible for setting the cluster operator states for managed/ unmanaged. The existing code now collides with the new static resource sync controller. - Increase rate limit for k8s API calls. This ensures the static resource sync controller is not throttled when reconciling RBAC objects.
adambkaplan
force-pushed
the
ocmo-fix-throttle-2
branch
from
c6bcf70
to
0698c47
Compare
| if highRateLimitProtoKubeConfig.Burst < 100 { | ||
| highRateLimitProtoKubeConfig.Burst = 100 | ||
| } | ||
| kubeClient, err := kubernetes.NewForConfig(highRateLimitProtoKubeConfig) |
There was a problem hiding this comment.
Updated the comments - hopefully things are a little bit clearer.
| @@ -39,15 +53,22 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller | |||
| return err | |||
| } | |||
|
|
|||
| kubeInformers := v1helpers.NewKubeInformersForNamespaces(kubeClient, util.TargetNamespace, util.OperatorNamespace, util.UserSpecifiedGlobalConfigNamespace) | |||
| kubeInformers := v1helpers.NewKubeInformersForNamespaces(kubeClient, | |||
| "", | |||
| @@ -105,10 +126,40 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller | |||
| controllerConfig.EventRecorder, | |||
| ) | |||
|
|
|||
| staticResourceController := staticresourcecontroller.NewStaticResourceController( | |||
There was a problem hiding this comment.
added the TODO here to make it clear where in library-go we need to add a future enhancement.
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adambkaplan, gabemontero The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@adambkaplan: All pull requests linked via external trackers have merged: Bugzilla bug 1965283 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build ose-cluster-openshift-controller-manager-operator-container-v4.8.0-202311261141.p0.g286c157.assembly.stream for distgit ose-cluster-openshift-controller-manager-operator. |
YAML assets.
kube-system as a namespace to use an informer to fetch core k8s
objects.
responsible for setting the cluster operator states for managed/
unmanaged. The existing code now collides with the new static
resource sync controller.
resource sync controller is not throttled when reconciling RBAC
objects.