Bug 1904497: Add vsphere problem detector deployment

[gnufied]

Use deployment for managing vspher problem detector:

• Create static assets for RBAC, deployment, service and prometheus
• Sync static assets we can sync with library-go
• Sync ServiceMonitor object
• Sync Deployment object.
• Link up the deployment with rest of the CSO

fixes https://bugzilla.redhat.com/show_bug.cgi?id=1904497

[openshift-ci-robot]

@gnufied: This pull request references Bugzilla bug 1904497, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1904497: Add vsphere problem detector deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@gnufied: This pull request references Bugzilla bug 1904497, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1904497: Add vsphere problem detector deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[gnufied]

This is how conditions look like btw:

    conditions:
    - lastTransitionTime: "2020-11-30T04:03:30Z"
      reason: AsExpected
      status: "False"
      type: CSIDriverStarterDegraded
    - lastTransitionTime: "2020-11-30T04:03:30Z"
      status: "False"
      type: ManagementStateDegraded
    - lastTransitionTime: "2020-11-30T04:03:30Z"
      status: "True"
      type: DefaultStorageClassControllerAvailable
    - lastTransitionTime: "2020-11-30T04:03:30Z"
      status: "False"
      type: DefaultStorageClassControllerProgressing
    - lastTransitionTime: "2020-11-30T04:03:30Z"
      reason: AsExpected
      status: "False"
      type: DefaultStorageClassControllerDegraded
    - lastTransitionTime: "2020-11-30T04:03:30Z"
      status: "True"
      type: SnapshotCRDControllerUpgradeable
    - lastTransitionTime: "2020-11-30T04:03:30Z"
      reason: AsExpected
      status: "False"
      type: SnapshotCRDControllerDegraded
    - lastTransitionTime: "2020-12-04T02:41:07Z"
      status: "True"
      type: VSphereProblemDetectorControllerAvailable
    - lastTransitionTime: "2020-12-04T02:41:07Z"
      reason: AsExpected
      status: "False"
      type: VSphereProblemDetectorControllerDegraded
    - lastTransitionTime: "2020-12-07T20:24:12Z"
      reason: AsExpected
      status: "False"
      type: VSphereProblemDetectorStarterDegraded
    - lastTransitionTime: "2020-12-07T20:24:18Z"
      reason: AsExpected
      status: "False"
      type: VSphereProblemDetectorStarterStaticControllerDegraded
    - lastTransitionTime: "2020-12-09T15:39:49Z"
      status: "True"
      type: VSphereProblemDetectorDeploymentControllerAvailable
    - lastTransitionTime: "2020-12-08T19:36:23Z"
      status: "False"
      type: VSphereProblemDetectorDeploymentControllerProgressing
    - lastTransitionTime: "2020-12-07T20:34:57Z"
      reason: AsExpected
      status: "False"
      type: VSphereProblemDetectorDeploymentControllerDegraded
    - lastTransitionTime: "2020-12-08T19:24:41Z"
      status: "True"
      type: VSphereProblemDetectorMonitoringControllerAvailable
    - lastTransitionTime: "2020-12-08T19:24:41Z"
      reason: AsExpected
      status: "False"
      type: VSphereProblemDetectorMonitoringControllerDegraded

[jsafrane]

Please run the controller only once, this looks like it's going to be called repeatedly in each sync()

[gnufied]

fixed

[jsafrane]

Should it have informer of ServiceMonitors too?

[gnufied]

We could but it will require importing all of - https://github.com/prometheus-operator/prometheus-operator/tree/master/pkg/apis/monitoring but I was being thwarted by dependency conflicts, so I have avoided doing this.

We are doing what we did for syncing credentials (before we moved them to CVO) and that is the reason we are rescyncing every 1 minute because we are not watching ServiceMonitor objects.

[gnufied]

I did ended up importing those informer and APIs and hence marking this as resolved.

[jsafrane]

Please move it to a common package, it's used in deploymentcontroller.go too.

[gnufied]

fixed. I extracted most of deployment controller creation code in a util function and used in both places.

[gnufied]

/retest

[bertinatto]

We need to check for IsNotFound error here

[bertinatto]

If deployment were nil it would have crashed up above

[bertinatto]

Which functionality require it to be privileged?

[bertinatto]

This is deployed by CSO, not CVO. Why do we need these annotations?

If we do need them, shouldn't the deployment have them as well?

[bertinatto]

Same comment for the other files in assets/vsphere_problem_detector

[bertinatto]

Please add a suffix to this recorder so that we know where events are coming from

[gnufied]

shouldn't eventRecorder.WithComponentSuffix("vsphere-monitoring-controller") applied when creating controller be enough?

[bertinatto]

Not really because it's a different control loop

[gnufied]

but we don't use it anywhere else.

[gnufied]

oops I missed this. fixed.

[bertinatto]

nit: PR descriptions says it's adding CredentialsRequest, but it's already there

[bertinatto]

Missing check for not found error...

[gnufied]

added

[gnufied]

placeholder

[openshift-ci-robot]

@gnufied: This pull request references Bugzilla bug 1904497, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1904497: Add vsphere problem detector deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[bertinatto]

Not really because it's a different control loop

[bertinatto]

IMO we shouldn't make CSO degraded if we fail to create a service monitor

[gnufied]

why not? currently service monitor objects are created by CVO and if it can't create those, I think cluster will be degraded.

[bertinatto]

I know it was like this before, but we should have a single Reason value to represent the same thing: openshift/library-go#901

[gnufied]

fixed

[bertinatto]

hm... this controller would still be running in all platforms, not just vSphere...

[gnufied]

yes, this controller will still run but it won't do anything.

[bertinatto]

I really don't like that we have 2 "starter" controllers whose main job is the same: start certain sub-controllers per platform.

I'd prefer to make the necessary adjustments to CSIDriverStarterController (to make it easily to start non-CSI controllers), rather than creating another starter controller.

[gnufied]

not that I disagree to it but can we do this in a future PR(I am happy to open a BZ/github issue to remind myself), because I think that this PR is quite large already.

[jsafrane]

idea: when we have vSphere CSI driver, we can add detector deployment at an extra controller started with CSI driver, similarly as Manila starts certificate syncer:

cluster-storage-operator/pkg/operator/csidriveroperator/csioperatorclient/manila.go

Lines 46 to 48 in e7919b1

	ExtraControllers: []factory.Controller{
	newCertificateSyncerOrDie(clients, recorder),
	},

It will be somewhat hidden in the CSI driver deployment, but still, it will run.

[bertinatto]

I like that. Can we add a TODO entry in this starter controller?

[bertinatto]

I know the idea of this function was to avoid code duplication, but this will make CSO degraded if we can't deploy the problem detector operator. Is that what we want?

[gnufied]

Why wouldn't we want that? vsphere-problem-detector is not an optional operator.

[jsafrane]

I think it's better to get degraded, it's really not an optional operator.

[jsafrane]

Does the problem detector need anything from this list?

[gnufied]

I think this got copied from csi driver's clusterroles. We can drop it.

[gnufied]

removed.

[jsafrane]

The operator should not need read namespaces.

[gnufied]

removed.

[jsafrane]

The operator should not need read/write events in another namespaces (use Role for emitting events in the operator namespace.)

[gnufied]

removed.

[jsafrane]

The operator should not need manipulate CredentialRequests.

[gnufied]

removed those extra verbs. but still have CR permissions to get, list, watch.

[jsafrane]

This is suspicious - why downgrade to 1.12?

[gnufied]

This does not actually result in downgrade of client-go(check go.sum), but used client-go is still v0.19.2 but what is happening is - one of the dependencies of prometheus-operator depends on v0.12.0 - https://github.com/prometheus-operator/prometheus-operator/blob/master/go.mod#L48 and because of golang-1.13 semver check it is almost impossible to use client-go v0.12.0 without using replace directive.

I have not manually added this line - but go mod vendor and go mod tidy will replace v.0.19.2 with this version.

[jsafrane]

CSI driver will replace nr. of replica of problem-detector deployment and a vice versa. IMO, one of the deployments (or even both) should ignore ReadyReplicas completely. The field is not very usable anyway.

[gnufied]

I removed setting that field.

[gnufied]

/retest

[gnufied]

/retest

[jsafrane]

All this seems to be useless.

[gnufied]

removed these.

[jsafrane]

The operator does not need to modify nodes.

[gnufied]

removed these.

[jsafrane]

The operator should not need to read credentialsrequests

[gnufied]

removed

[jsafrane]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gnufied, jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [gnufied,jsafrane]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@gnufied: All pull requests linked via external trackers have merged:

• openshift/cluster-storage-operator#111

Bugzilla bug 1904497 has been moved to the MODIFIED state.

In response to this:

Bug 1904497: Add vsphere problem detector deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.