-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add feature to manage CRDs #1558
Conversation
64814f6
to
ab48395
Compare
Makefile
Outdated
$(eval branch := $(2)) | ||
$(eval dir := $(3)) | ||
@echo "Fetching $(dir) CRDs from $(project) branch $(branch)" | ||
rm -rf pkg/crds/$(dir) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we should have a crd-clean
target to remove all the CRD info and just assume it's been called before this?
Makefile
Outdated
echo "config/crd" >> .git/info/sparse-checkout; \ | ||
git checkout -q tags/$(branch) &>/dev/null || git checkout -q origin/$(branch) --;' || echo "Failed to fetch $(dir) CRDs" | ||
@cp .crds/$(dir)/config/crd/* pkg/crds/$(dir)/ && echo "Copied $(dir) CRDs" | ||
git add pkg/crds/$(dir) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should do a git add
here, this should be to the user to add and commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not do the add? I like having this here because it prevents someone from running the gen-versions and then missing that a new CRD was added. I understand it will be obvious if there are changes to existing CRDs but if someone has Untracked files
, it could easily be missed that there are new CRDs to add.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't agree that part of the dev workflow, i.e. what files are added and commit and what aren't, should be put in here. It may be a temporary change they're adding, there could be many reasons why they don't want add / commit this.
If we want to ensure the CRDs are up to date it should be part of the CI, a specific check for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok so you're suggesting part of CI should be running the gen-files and then verifying nothing is dirty to ensure a user doesn't miss adding a CRD? That sounds reasonable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually a new file won't count as dirty will it. So I guess we can't count on the current CI we have that does
make gen-versions
make dirty-check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can change that, I definitely think the dirty-check
should check if there's new files as seen be git status
.
pkg/crds/crds.go
Outdated
crd.Name = fmt.Sprintf("%s.%s", crd.Spec.Names.Plural, crd.Spec.Group) | ||
calicoCRDs = append(calicoCRDs, crd) | ||
} | ||
crdyamls = getOperatorCRDSource(variant) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be a somewhat duplicate block of code that might be worth pulling out into a separate function.
pkg/controller/utils/component.go
Outdated
case *apiextenv1.CustomResourceDefinition: | ||
c := current.(*apiextenv1.CustomResourceDefinition) | ||
d := desired.(*apiextenv1.CustomResourceDefinition) | ||
d.SetResourceVersion(c.GetResourceVersion()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this correct? Would we want the resource version to be incremented, or fail if the resource current resource version is ahead of the desired (this protects against race conditions and reverting changes).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is something I didn't understand why it was needed in my changes. When I loaded and parsed the CRDs from the yamls, they seemed to have a ResourceVersion set that meant the code above would not replace the ResourceVersion because there was already one set. I added this to override with the current ResourceVersion so that attempting to update would not fail.
I'm starting to wonder if the issue is that when we call Create/Update if the call updates the metadata on the object it is passed, and because the CRDs are pointers, if everything is using the same underlying data causing us to store the ResourceVersion. I wonder if I changed GetCRDs to create a new slice using DeepCopy of the original if this wouldn't be needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that meant the code above would not replace the ResourceVersion because there was already one set
Why do we want to replace the resource version though? If you were to edit a resource, the best way (I thought) would be to pull the resource with the resource version, edit it, then write it back. That way if something else did this simultaneously then this write would fail because the resource version would be different. I might be missing something though....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We want our desired resource to have the "current" ResourceVersion so when we do the update if something else has edited the same resource our update will fail.
The whole point of this mergeState is to merge our 'desired' resource with the 'current' one that was retrieved, this function is doing what you are suggesting we need to do.
I'm not quite sure why we don't just overwrite the desired ResourceVersion with the current ResourceVersion. That should be something we can always do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll admit maybe I'm just confused and what I'm about to say is just wrong but I still don't see how this is doing what I suggested. I thought the desired resource is the one the controller passes in, and the current is the one that was just grabbed from kubernetes.
A dramatic example is what if the controller grabbed the resource from kubernetes, took 20 minutes to process stuff in the resource, and in that time 100 updates happened to that resource. Once the call to update the resource is made, a call to kubernetes will be made to get the current resource (that had 100 updates to it) and we will override the resource version of the desired resource (which is 100 updates behind), and the update will succeed and we will have undone 100 updates.
d4933a1
to
e58b1c8
Compare
"github.com/tigera/operator/pkg/controller/status" | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
"sigs.k8s.io/controller-runtime/pkg/reconcile" | ||
) | ||
|
||
func NewReconcilerWithShims(cli client.Client, schema *runtime.Scheme, status status.StatusManager, provider operatorv1.Provider) reconcile.Reconciler { | ||
opts := options.AddOptions{ | ||
ShutdownContext: context.TODO(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be something other than TODO
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll switch it to Background().
test/mainline_test.go
Outdated
@@ -147,20 +148,21 @@ var _ = Describe("Mainline component function tests", func() { | |||
return nil | |||
}, 60*time.Second).Should(BeNil()) | |||
|
|||
fmt.Printf("Status is %+v", instance.Status) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leftover debugging?
- Move projectcalico CRDs to pkg/crds - Move operator CRDs to pkg/crds
- ability to print CRDs - Simple test that generating CRDs works - Add flag to enable/disable managing CRDs
- Also add retries to tigeraStatus updates - In tests wait for Operator to stop
- also use larger image so more disk is available - disable pre-loaded image cache that isn't helpful
Description
The changes also include fetching CRDs from the libcalico-go repos.
This PR is expected to be picked to the v1.23 branch when it is created for release with Calico v3.21
For PR author
make gen-files
make gen-versions
For PR reviewers
A note for code reviewers - all pull requests must have the following:
kind/bug
if this is a bugfix.kind/enhancement
if this is a a new feature.enterprise
if this PR applies to Calico Enterprise only.