Pod configuration #950
Pod configuration #950
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
the
size/XXL
tkashem
force-pushed
the
pod-configuration
branch
2 times, most recently
from
da3c683
to
b2c0c2c
Compare
openshift-ci-robot
added
the
needs-rebase
tkashem
force-pushed
the
pod-configuration
branch
2 times, most recently
from
e95bb78
to
3ce1e3e
Compare
openshift-ci-robot
removed
the
needs-rebase
tkashem
force-pushed
the
pod-configuration
branch
4 times, most recently
from
116c13d
to
3599114
Compare
|
/retest |
2 similar comments
|
/retest |
|
/retest |
| if r.ProxyInjectorBuilder != nil { | ||
| initializers = append(initializers, r.ProxyInjectorBuilder(owner)) | ||
| } | ||
|
|
There was a problem hiding this comment.
This is a little bit of a hack for now, I am leaving it as a todo.
pkg/lib/proxy/syncer.go
Outdated
| return | ||
| } | ||
|
|
||
| err = fmt.Errorf("global Proxy configuration not defined in '%s' - %v", globalProxyName, getErr) |
There was a problem hiding this comment.
For discussion: if an openshift cluster does not have the cluster proxy object then deployment initialization will fail and the operator install will fail as well.
There was a problem hiding this comment.
I don't think it's required that an openshift cluster have a cluster proxy object, right? Just that if it is there, we should respect it?
There was a problem hiding this comment.
Yes, this is much safer. And for a scenario where there was a cluster object and then it gets removed later - we will not find a cluster proxy object and generate a pod spec without the proxy env vars. This will cause a mismatch of the desired and observed and eventually update deployment(s) (originally created with the proxy env variable(s) ) to not have them any longer, correct?
| if sub.Status.InstalledCSV == ownerCSV.GetName() { | ||
| return sub | ||
| } | ||
| } |
There was a problem hiding this comment.
It's a little hacky too! there should be a more straightforward way to get to the subscription from the csv. I am tracking it as a todo.
There was a problem hiding this comment.
This is fine for now - we will eventually start storing the CSV data on the subscription so this will get fixed
|
|
||
| func merge(containerEnvVars []corev1.EnvVar, newEnvVars []corev1.EnvVar) (merged []corev1.EnvVar) { | ||
| merged = containerEnvVars | ||
|
|
There was a problem hiding this comment.
Thoughts?
- If an
envvariable that is being injected is already defined in thecsvdeployment spec, it will be overwritten. - For proxy env var, empty means unset and will not result in an env var. Can we say the same for all other env variable(s) in pod configuration?
There was a problem hiding this comment.
I think we definitely need to support the OperatorConfig overwriting a "set" env var to "". If you're explicitly setting it in the operator config, it should take precedence.
For the proxy vars, the issue is that if any of them is set manually on the operator config, we ignore the global config, right?
There was a problem hiding this comment.
yes, I agree on allowing the user to overwrite a "set" env var to ""
proxy env is an exception, if they are empty they are not injected. and if the user specifies any in subscription pod ( empty or not ) it overrides the proxy, we won't even query cluster proxy at that point.
There was a problem hiding this comment.
Given this, we need to treat the proxy env differently, I will add that change ( maybe in the followup PR I am planning if I don't have enough time )
tkashem
force-pushed
the
pod-configuration
branch
from
3599114
to
c4056e6
Compare
|
/retest |
|
/test e2e-aws-olm |
|
/retest |
1 similar comment
|
/retest |
|
|
||
| initializers := []DeploymentInitializerFunc{} | ||
| if r.ProxyInjectorBuilder != nil { | ||
| initializers = append(initializers, r.ProxyInjectorBuilder(owner)) |
There was a problem hiding this comment.
nit: we use the convention elsewhere of Func suffixes, e.g. ProxyInjectorFunc(owner)
| @@ -28,7 +28,9 @@ type StrategyResolverInterface interface { | |||
| InstallerForStrategy(strategyName string, opClient operatorclient.ClientInterface, opLister operatorlister.OperatorLister, owner ownerutil.Owner, annotations map[string]string, previousStrategy Strategy) StrategyInstaller | |||
| } | |||
|
|
|||
| type StrategyResolver struct{} | |||
| type StrategyResolver struct { | |||
| ProxyInjectorBuilder DeploymentInitializerFuncBuilder | |||
There was a problem hiding this comment.
Do we expect to vary this between StrategyResolver instances?
There was a problem hiding this comment.
It might, depending on the pod configuration. We could also decide a static set of initializers some of which could be noop. Today there is only one for env.
Ideally we should have a layer that returns a chain of deployment initializer func based on the context. What we have today is a quick fix, we can improve the strategy resolver and deployment initializer. I have a task that tracks it.
| merged = append(podConfigEnvVar, proxyEnvVar...) | ||
|
|
||
| if len(merged) == 0 { | ||
| d.logger.Debugf("no env var to inject into csv=%s", ownerCSV.GetName()) |
There was a problem hiding this comment.
nit: we try to use WithLabel("csv", ownerCSV.GetName()).Debug() style when possible
| @@ -0,0 +1,61 @@ | |||
| package envvar | |||
There was a problem hiding this comment.
nit: we try to put helper packages that are not OLM-specific (like this) into pkg/lib
There was a problem hiding this comment.
I thought the envvar package was specific to olm only. I have a proxy package that deals with openshift proxy type that is in pkg/lib.
|
|
||
| func merge(containerEnvVars []corev1.EnvVar, newEnvVars []corev1.EnvVar) (merged []corev1.EnvVar) { | ||
| merged = containerEnvVars | ||
|
|
There was a problem hiding this comment.
I think we definitely need to support the OperatorConfig overwriting a "set" env var to "". If you're explicitly setting it in the operator config, it should take precedence.
For the proxy vars, the issue is that if any of them is set manually on the operator config, we ignore the global config, right?
| proxyAPIExists, err := proxy.IsAPIAvailable(discovery) | ||
| if err != nil { | ||
| op.logger.Errorf("error happened while probing for Proxy API support - %v", err) | ||
| return nil, err |
There was a problem hiding this comment.
this shouldn't error out if we're not on an openshift cluster, right?
There was a problem hiding this comment.
It should not, err is set only when there is a connectivity error. check - 35a159e#diff-eb26d569f984271521cd371191e0b72bR30
|
|
||
| // setup proxy env var injection policies | ||
| discovery := config.operatorClient.KubernetesInterface().Discovery() | ||
| proxyAPIExists, err := proxy.IsAPIAvailable(discovery) |
There was a problem hiding this comment.
For the cluster operator API, we poll for a while to see if the api is ready. We should think about doing that here too.
There was a problem hiding this comment.
yeah, in monitor we wait indefinitely since it'a an independently running go routine. For the operator we can retry - is 6 tries, every 10-second and then giving up a good default?
There was a problem hiding this comment.
Seems reasonable to me - we probably want to go Degraded if this fails (and we're on openshift), but I think that can be a followup in the future.
| ) | ||
|
|
||
| // DefaultQuerier does... | ||
| func DefaultQuerier() Querier { |
There was a problem hiding this comment.
Default is fine, I think we use Noop for this type of object elsewhere...
|
|
||
| newConfigClient := func(t *testing.T) configv1client.ConfigV1Interface { | ||
| config, err := clientcmd.BuildConfigFromFlags("", *kubeConfigPath) | ||
| // require.NoErrorf(t, err, "could not create rest config: %s", err.Error()) |
| expected := podEnv | ||
| expected = append(expected, proxyEnv...) | ||
|
|
||
| checkDeploymentWithPodConfiguration(t, c, csv, podConfig.Env) |
|
/retest |
Use case: The env variables defined in cluster scoped global proxy configuration object should be injected into deployment spec if not overridden in subscription pod configuration. Add a new proxy package that provides the following support: - Add support to check if Proxy api is available on cluster. - Add support to query the cluster for the 'cluster' Proxy object and return the env variable(s). - Provide logic to determine whether proxy env variable has been overridden in pod configuration.
Add a deployment initializer function that can inject environment variable(s) specified in pod configuration of a subscription into deployment object. The following rules apply: - Proxy env variable(s) defined in 'cluster' Proxy object should be injected into deployment object(s). - If proxy env variable defined in pod configuration of a Subscription overrides 'cluster' Proxy object. More here - https://github.com/operator-framework/operator-lifecycle-manager/blob/master/Documentation/contributors/design-proposals/operator-config.md
tkashem
force-pushed
the
pod-configuration
branch
from
c4056e6
to
1797228
Compare
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
/lgtm None of my comments above should block :) |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ecordell, tkashem The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
lgtm
|
/test e2e-aws-olm |
|
/retest |
1 similar comment
|
/retest |
As an OLM user, I would like to set configuration for operator pods, so that they are persisted between operator upgrades.
https://jira.coreos.com/browse/OLM-1163
Pending issue:
Proxy.Statusis not populated on the cluster yet. We read proxy env variable(s) off of Proxy.Status as per instruction.TODO(s):
k8s 1.14libs. Once chore(modules): pin k8s deps to 1.14 #954 is merged then do a rebase.resolverwe get the owner ( this is the csv that owns the deployment ). I need to get to the subscription that owns this csv to get the pod configuration. Right now, we are using a subscription lister to list all subscription(s) in the same namespace and then find the owner subscription by matchingsubscription.Status.InstalledCSV. We can useannotations/labelto get to the subscription. This can be done in a separate PR as well.EnvFrom