New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sync taints from machine spec to the node in additive fashion #154
Sync taints from machine spec to the node in additive fashion #154
Conversation
@@ -393,8 +393,22 @@ func (c *Controller) processNode(node *corev1.Node) error { | |||
modNode.Labels[k] = v | |||
} | |||
|
|||
// Taints are to be an authoritative list on the machine spec per cluster-api comments: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
Can you add a PR upstream even if it's to update the field comment and why we think should be additive?
Can you please add a validation for this machine/node taint reconciliation here https://github.com/openshift/machine-api-operator/blob/master/test/e2e/operator_expectations.go?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure. how about handling e2e in follow-up PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please let's include it in this one, the point of having it in the same PR is that it prevent us from merging code which does not work as expected rather than having to fix later
Change looks good. Link to upstream feature for why it cannot be authoritative. See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/#taint-nodes-by-condition |
cmd/nodelink-controller/main.go
Outdated
modNode.Spec.Taints = matchingMachine.Spec.Taints | ||
// Taints are to be an authoritative list on the machine spec per cluster-api comments. | ||
// However, we believe many components can directly taint a node and there is no direct source of truth that should enforce a single writer of taints | ||
for _, mTaint := range matchingMachine.Spec.Taints { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be nice to create a function and unit test it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure.
cmd/nodelink-controller/main.go
Outdated
} | ||
} | ||
if !alreadyPresent { | ||
modNode.Spec.Taints = append(modNode.Spec.Taints, mTaint) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we are appending here when nTaint.Key == mTaint.Key && nTaint.Effect != mTaint.Effect
, so the final Taints
list will have duplicated keys. What will be the behaviour?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is list of taints and for a taint to be unique key and effect as a pair must be unique. PTAL at example here:
https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/#concepts
/hold |
1f05d8b
to
3da28b4
Compare
/hold cancel |
1 similar comment
/hold cancel |
/retest |
glog.V(3).Infof("machine taint: %v", mTaint) | ||
alreadyPresent := false | ||
for _, nTaint := range node.Spec.Taints { | ||
if nTaint.Key == mTaint.Key && nTaint.Effect == mTaint.Effect { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why don't we want to take into consideration the .value
here?
} | ||
machineList := capiv1alpha1.MachineList{} | ||
|
||
if err := tc.client.List(context.TODO(), &listOptions, &machineList); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be wrapped into wait.PollImmediate
186-195
} | ||
node := &corev1.Node{} | ||
|
||
if err := tc.client.Get(context.TODO(), nodeKey, node); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be wrapped into wait.PollImmediate
} | ||
glog.Info("Updated machine object with taint") | ||
var expectedTaints = sets.NewString("not-from-machine", "from-machine") | ||
err := wait.PollImmediate(1*time.Second, waitLong, func() (bool, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could just return inline here
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enxebre The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test e2e-aws-operator |
/test e2e-aws-gate |
/test all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One nit, but LGTM.
for _, taint := range node.Spec.Taints { | ||
observedTaints.Insert(taint.Key) | ||
} | ||
if expectedTaints.Difference(observedTaints).HasAny("not-from-machine", "from-machine") == false { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use !<expression>
and not == false
.
/lgtm |
Update namespace -> openshift-machine-api
/cc @derekwaynecarr @enxebre