deploy: remove generic deployment trigger controller #14910
Conversation
| @@ -63,6 +63,8 @@ type DeploymentConfigController struct { | |||
|
|
|||
| // queue contains deployment configs that need to be synced. | |||
| queue workqueue.RateLimitingInterface | |||
| // instantiateQueue contains deployment config that should be instantiated. | |||
| instantiateQueue workqueue.RateLimitingInterface | |||
There was a problem hiding this comment.
@Kargakis i didn't want to pollute the main DC controller queue with instantiate calls, that's why I made separate queue just for instantiating (terrible word).
| return false | ||
| } | ||
|
|
||
| if _, err := c.dn.DeploymentConfigs(dc.Namespace).Instantiate(deployutil.DefaultInstantiateRequestForConfig(dc.Name)); err != nil { |
There was a problem hiding this comment.
No, please, we should stop using instantiate inside a controller. Also I was imagining that we could do everything in a single queue.
There was a problem hiding this comment.
@Kargakis what you want to do instead? just update latest version?
There was a problem hiding this comment.
We need to move away from the assumption that bumping latestVersion starts a deployment because that is a status field.
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
517b825
to
d7f2e8d
Compare
openshift-bot
added
the
needs-rebase
mfojtik
force-pushed
the
remove-generic-trigger
branch
2 times, most recently
from
c2271e9
to
9f86a34
Compare
|
@Kargakis PTAL [test] |
|
(this need a unit test to guard us from adding labels/annotations to the RC templates otherwise bad things will happen). |
|
@tnozicka for the review as well :) |
| @@ -95,18 +95,6 @@ func init() { | |||
| rbac.NewRule("create", "get", "list", "watch", "update", "patch", "delete").Groups(kapiGroup).Resources("replicationcontrollers").RuleOrDie(), | |||
There was a problem hiding this comment.
Break down the removal of this controller into a separate commit.
pkg/deploy/util/util.go
Outdated
| return true, "", err | ||
| } | ||
| rcTemplate := strippedRc.Spec.Template | ||
| // there is difference between map[string]string(nil) vs. map[string]string{} |
There was a problem hiding this comment.
just for clarification if somebody will wonder why i'm doing below that ;-)
pkg/deploy/util/util.go
Outdated
| if err != nil { | ||
| return nil, err | ||
| } | ||
| delete(copy.Spec.Template.Annotations, deployapi.DeploymentVersionAnnotation) |
There was a problem hiding this comment.
| // If we already have latest deployment running but the config template does not match | ||
| // the latest deployment assume this is a config change and trigger a new deployment if | ||
| // the config change trigger is enabled. | ||
| if deployutil.HasChangeTrigger(config) && !config.Spec.Paused { |
There was a problem hiding this comment.
Break this out in its own func
|
Fixes #13763 |
openshift-bot
removed
the
needs-rebase
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
9f86a34
to
93d23c2
Compare
|
@Kargakis addressed comments, but the integration tests looks bad.. seems like ICT is broken... i thought we now use generic triggers for ICT changes? |
|
@Kargakis this got pretty complicated now :-) basically @smarterclayton controller is doing config change (to replace images)... however we have to record that as image change... you can also have DC with just ICT and without CTT... So the logic to handle this gets a bit crazier now. |
mfojtik
force-pushed
the
remove-generic-trigger
branch
2 times, most recently
from
eb67a45
to
32425bb
Compare
victory! |
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
32425bb
to
ab0fe2a
Compare
|
re-[test] |
pkg/deploy/util/util.go
Outdated
| config.Status.Details = new(deployapi.DeploymentDetails) | ||
| config.Status.Details.Causes = []deployapi.DeploymentCause{{ | ||
| Type: deployapi.DeploymentTriggerOnImageChange, | ||
| ImageTrigger: &deployapi.DeploymentCauseImageTrigger{From: api.ObjectReference{Kind: "DockerImage", Name: name}}, |
There was a problem hiding this comment.
@Kargakis i guess this is ok, but just to be sure, this will always record the docker image (not image stream)... to do that I will have to search the triggers and find the trigger with lastTriggeredImage matching the name... can do that but don't want to complicate this if we can avoid it. wdyt?
pkg/deploy/util/util.go
Outdated
| @@ -375,13 +504,17 @@ func MakeDeploymentV1(config *deployapi.DeploymentConfig, codec runtime.Codec) ( | |||
| for k, v := range config.Spec.Template.Labels { | |||
| podLabels[k] = v | |||
| } | |||
| // NOTE: You need to update the labelsToSkip variable in pkg/deploy/util when | |||
| // adding a new label here. | |||
There was a problem hiding this comment.
@Kargakis guess this check is enough? i don't think we want to keep adding more annotations or labels but if we do, this will remind you to update the list.
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
ab0fe2a
to
32f43ec
Compare
| @@ -181,6 +181,21 @@ func (c *DeploymentConfigController) Handle(config *deployapi.DeploymentConfig) | |||
| c.recorder.Eventf(config, v1.EventTypeNormal, "DeploymentAwaitingCancellation", "Deployment of version %d awaiting cancellation of older running deployments", config.Status.LatestVersion) | |||
| return fmt.Errorf("found previous inflight deployment for %s - requeuing", deployutil.LabelForDeploymentConfig(config)) | |||
| } | |||
| // Process triggers and start an initial rollouts | |||
| configCopy, err := deployutil.DeploymentConfigDeepCopy(config) | |||
There was a problem hiding this comment.
@Kargakis this is needed to avoid cache mutation (i believe)
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
32f43ec
to
b16e766
Compare
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
EDIT: So I was wrong, we used to compare the encoded DC template with the current DC but this PR switched that to compare RC template vs. DC template (which is what upstream does). I haven't realized that is big change and can cause a lot of rollouts and vaporize all changes users does to their RCs (which they should never-ever touch, but Origin allows that..) @bparees @jim-minter @tnozicka so I figured out what caused the continuous rollouts for the mysql deployment config. Basically the DC generated with new-app (or I assume template) has RC template with "name": template:
metadata:
annotations:
openshift.io/generated-by: OpenShiftNewApp
creationTimestamp: null
labels:
app: cakephp-mysql-persistent
name: mysql
name: mysql # <--However, when we create the deployment (RC) from this template, we don't copy (thanks God I added this diffs ;-) This means the DC controller will keep bumping the LatestVersion because it thinks there was a config change in the DC but since we never copy the "name" into the RC it will do that forever... This only affects templates that has "name" set, which is the reason why none of our deployment conformance tests captured this. Also this was broken for a long time, so I dunno how the old config change trigger controller managed this.... EDIT: It also open a question whether we should copy everything from the template ObjectMeta to the RC to prevent this from happening if somebody sets 'namespace' for example, or whatever other field in ObjectMeta. Other option is to completely ignore the the ObjectMeta. |
|
actually copying the name/etc might not be a good solution here because it will cause all existing DC with latest deployment not having them to trigger which might lead to a mass redeployment in online or in big clusters.... |
|
@tnozicka i'm leaning toward to just ignore comparing the name in config change trigger for now to avoid mass rollouts. I will create issue to track this in 3.8. |
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
5d0e6ad
to
1ec84c3
Compare
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
1ec84c3
to
87f31f2
Compare
|
/lgtm |
…paring rc template
mfojtik
force-pushed
the
remove-generic-trigger
branch
from
87f31f2
to
a505706
Compare
| @@ -166,6 +166,7 @@ func OkPodTemplate() *kapi.PodTemplateSpec { | |||
| DNSPolicy: kapi.DNSClusterFirst, | |||
| TerminationGracePeriodSeconds: &one, | |||
| SchedulerName: kapi.DefaultSchedulerName, | |||
| SecurityContext: &kapi.PodSecurityContext{}, | |||
There was a problem hiding this comment.
@Kargakis @deads2k @tnozicka honestly, I have no idea why this is needed.... I spend last hour or so trying to figure out why the TestHandle() is failing, but without this the HasLatestPodTemplate() will see a diff where this field is nil vs. defaulted...
Just want to double check, but the codec i'm passing down to HasLatestPodTemplate is the same as we passed to the original trigger (annotationCodec), so I have no idea what happened there...
There was a problem hiding this comment.
also let this serve as argument for removing the annotations with encoded deployment configs
There was a problem hiding this comment.
@mfojtik I am not sure about this, it has been nil even before no matter the codec in tests - it might be sign of something else going wrong
There was a problem hiding this comment.
@tnozicka it might well be that previous state was wrong :-) i checked the encoded DC in RC and they seems correct (in running server).
There was a problem hiding this comment.
so my theory is this:
- Before we haven't decoded the DC nor we did the deepequal in main deployment config controller, because that was part of generic trigger.
- The SecurityContext{} is set to empty by default, see kube testing for pod_specs.
So I think this change is fine.
|
@tnozicka and we are green \o/ |
|
@mfojtik are there any opportunities to increase test coverage in this codebase as part of your PR, e.g. around the case of repeated redeployments? |
|
@jim-minter i will want to do some trigger tests as follow ups. The continuous rollouts was broken because of the new logic that this PR introduced. It is good that it was found via templateinstance, but we should really have unit tests for this. |
|
I am ok with follow up |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mfojtik, tnozicka The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
Automatic merge from submit-queue. |
|
/retest |
Make main deployment config controller trigger rollouts on config changes and image changes.
This replaces the generictrigger controller which was calling instantiate to trigger rollouts, but we don't want to call instantiate from a controller.
This also handles the logic of initial deployment rollouts (with ICT/without ICT/...). The image change trigger is now delegated to @smarterclayton trigger controller so we only observe an image change which we treat differently from a config change.
This should be fully backward compatible with old logic.