Introduce k8s informer factory #2867
Conversation
ldez
added
status/1-needs-design-review
kind/enhancement
|
@yue9944882 like the last time, could you organize your commit to facilitate the review (please respect the order).
Could you use Thanks. |
ldez
changed the title
yue9944882
force-pushed
the
refactor-kubernetes-client-informer-mgmt
branch
from
ba86d19
to
1c602b4
Compare
|
Github order by commit date: as you have alter your commit ( |
yue9944882
force-pushed
the
refactor-kubernetes-client-informer-mgmt
branch
from
1c602b4
to
8be009e
Compare
provider/kubernetes/client.go
Outdated
| return result | ||
| } | ||
|
|
||
| // GetService returns the named service from the given namespace. | ||
| func (c *clientImpl) GetService(namespace, name string) (*corev1.Service, bool, error) { | ||
| var service *corev1.Service | ||
| item, exists, err := c.svcStores[c.lookupNamespace(namespace)].GetByKey(namespace + "/" + name) | ||
| item, exists, err := c.factories[namespace].Core().V1().Services().Informer().GetStore().GetByKey(namespace + "/" + name) |
There was a problem hiding this comment.
Ideally this line could be svc, err := c.factories[namespace].Core().V1().Services().Lister().Services(namespace).Get(name) which use Lister to Get resources from indexer inside the informer. I tries but this will need to change the return types of GetService(namespace, name string) (*corev1.Service, error) in the Client interface and lots of changes in test facilities will change too. Maybe it can be done in another PR later to make this one clearer.
There was a problem hiding this comment.
Note that they are actually the same. But eliminating namespace + "/" + name would be helpful for maintaince.
|
@ldez @timoreimann PTAL thx 😉 |
|
@yue9944882 please stop ask |
|
@ldez Oops. Sorry for PTAL🤭I just mean that it is ready for a review. |
There was a problem hiding this comment.
The code panics if you don't specify a namespace to watch on:
./dist/traefik --defaultentrypoints=http --entryPoints='Name:http Address::8000' --web --web.readonly --web.address=":8080" --logLevel=INFO --checknewversion=false --kubernetes --kubernetes.endpoint=http://127.0.0.1:8001 --kubernetes.watch=true
WARN[2018-02-16T23:36:17+01:00] web provider configuration is deprecated, you should use these options : api, rest provider, ping and metrics
INFO[2018-02-16T23:36:17+01:00] Traefik version dev built on I don't remember exactly
INFO[2018-02-16T23:36:17+01:00]
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://docs.traefik.io/basics/#collected-data
INFO[2018-02-16T23:36:17+01:00] Preparing server http &{Address::8000 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4205f1680} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s
INFO[2018-02-16T23:36:17+01:00] Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4205f1880} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s
INFO[2018-02-16T23:36:17+01:00] Starting server on :8000
INFO[2018-02-16T23:36:17+01:00] Starting provider *kubernetes.Provider {"Watch":true,"Filename":"","Constraints":[],"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"http://127.0.0.1:8001","Token":"","CertAuthFilePath":"","DisablePassHostHeaders":false,"EnablePassTLSCert":false,"Namespaces":null,"LabelSelector":"","IngressClass":""}
INFO[2018-02-16T23:36:17+01:00] Starting server on :8080
INFO[2018-02-16T23:36:17+01:00] Creating cluster-external Provider client with endpoint http://127.0.0.1:8001
ERRO[2018-02-16T23:36:17+01:00] Error in Go routine: runtime error: invalid memory address or nil pointer dereference
goroutine 66 [running]:
runtime/debug.Stack(0x1363b1f, 0xc42008e2d0, 0x2d5c1b3)
/usr/local/Cellar/go/1.9.4/libexec/src/runtime/debug/stack.go:24 +0xa7
runtime/debug.PrintStack()
/usr/local/Cellar/go/1.9.4/libexec/src/runtime/debug/stack.go:16 +0x22
github.com/containous/traefik/safe.defaultRecoverGoroutine(0x29ca8e0, 0x3fa68f0)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/safe/routine.go:148 +0x7d
github.com/containous/traefik/safe.OperationWithRecover.func1.1(0xc4207c9df8)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/safe/routine.go:156 +0x56
panic(0x29ca8e0, 0x3fa68f0)
/usr/local/Cellar/go/1.9.4/libexec/src/runtime/panic.go:491 +0x283
github.com/containous/traefik/provider/kubernetes.(*clientImpl).GetService(0xc42051f400, 0xc4206cd3f0, 0xa, 0xc420308e00, 0x1f, 0x50, 0x0, 0x0, 0xc420681c18)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/provider/kubernetes/client.go:183 +0x5f
github.com/containous/traefik/provider/kubernetes.(*Provider).loadIngresses(0xc42039dad0, 0x3d73ea0, 0xc42051f400, 0x1, 0x1, 0x0)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/provider/kubernetes/kubernetes.go:235 +0x102f
github.com/containous/traefik/provider/kubernetes.(*Provider).Provide.func1.1(0x0, 0x0)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/provider/kubernetes/kubernetes.go:115 +0x50c
github.com/containous/traefik/safe.OperationWithRecover.func1(0x0, 0x0)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/safe/routine.go:160 +0x6c
github.com/containous/traefik/vendor/github.com/cenk/backoff.RetryNotify(0xc42051f410, 0x3d55860, 0xc42051f420, 0x2df4fa0, 0xc420066080, 0xc4201556c0)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/vendor/github.com/cenk/backoff/retry.go:37 +0x88
github.com/containous/traefik/provider/kubernetes.(*Provider).Provide.func1(0xc420292150)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/provider/kubernetes/kubernetes.go:136 +0x162
github.com/containous/traefik/safe.(*Pool).Go.func1()
/Users/treimann/Development/traefik/src/github.com/containous/traefik/safe/routine.go:78 +0x3a
github.com/containous/traefik/safe.GoWithRecover.func1(0x2df5140, 0xc420559230)
/Users/treimann/Development/traefik/src/github.com/containous/traefik/safe/routine.go:142 +0x4d
created by github.com/containous/traefik/safe.GoWithRecover
/Users/treimann/Development/traefik/src/github.com/containous/traefik/safe/routine.go:136 +0x49
ERRO[2018-02-16T23:36:17+01:00] Provider connection error: Panic in operation: %!s(<nil>); retrying in 726.896979ms
It fails on client.go:183. I suppose it's due to the removal of the lookupNamespace method, causing the lookup at c.factories[namespace] to yield nil.
(Sorry, we are still missing proper integration tests for the Kubernetes provider.)
yue9944882
force-pushed
the
refactor-kubernetes-client-informer-mgmt
branch
from
2ba5468
to
25dc466
Compare
|
@timoreimann Good catch, no doubt this would be a horrible BUG 😨 |
provider/kubernetes/client.go
Outdated
|
|
||
| for t, ok := range factory.WaitForCacheSync(stopCh) { | ||
| if !ok { | ||
| return nil, fmt.Errorf("timed out waiting for controller caches to sync %s in namespace %s", t.String(), ns) |
There was a problem hiding this comment.
What's an example output of t.String()?
There was a problem hiding this comment.
@timoreimann it will be *v1.Secret which is returned by reflect.TypeOf(&corev1.Secret):
https://github.com/kubernetes/kubernetes/blob/aa02c0f5191af40cbf7a18a8beec24c56ed7b860/staging/src/k8s.io/client-go/informers/core/v1/secret.go#L84
provider/kubernetes/client.go
Outdated
|
|
||
| for t, ok := range factory.WaitForCacheSync(stopCh) { | ||
| if !ok { | ||
| return nil, fmt.Errorf("timed out waiting for controller caches to sync %s in namespace %s", t.String(), ns) |
There was a problem hiding this comment.
Let's use %q for printing ns as it may be the empty string when no namespaces are specified.
| // users having granted RBAC permissions for this object. | ||
| // https://github.com/containous/traefik/issues/1784 should improve the | ||
| // situation here in the future. | ||
| informManager.extend(c.WatchObjects(ns, kindSecrets, &corev1.Secret{}, c.secStores, eventCh), false) |
There was a problem hiding this comment.
We pass false as the last parameter so that we don't wait for the Secrets store to become synchronized for the described reason.
Am I missing something, or did we not carry over that behavior?
There was a problem hiding this comment.
Yes and we skip the synchronization of secret by delaying the invocation of AddEventHandler.
provider/kubernetes/client.go
Outdated
| factory.Core().V1().Endpoints().Informer().AddEventHandler(eventHandler) | ||
| factory.Core().V1().Secrets().Informer().AddEventHandler(eventHandler) | ||
|
|
||
| for t, ok := range factory.WaitForCacheSync(stopCh) { |
There was a problem hiding this comment.
The previous implementation first started all informers and then waited for the caches to sync. The new implementation does it the other way around.
Are we certain this doesn't change the observable behavior?
| "listers/settings/v1alpha1", | ||
| "listers/storage/v1", | ||
| "listers/storage/v1alpha1", | ||
| "listers/storage/v1beta1", |
There was a problem hiding this comment.
Possibly more a question for @ldez: Is it normal that dep references packages which are not used? I thought dep plus our (custom) pruning causes us to only pull in what is really needed.
There was a problem hiding this comment.
These are all supposed to be direct dependencies when compiling informerFactory.
https://github.com/kubernetes/kubernetes/blob/aa02c0f5191af40cbf7a18a8beec24c56ed7b860/staging/src/k8s.io/client-go/informers/factory.go#L42
https://github.com/kubernetes/kubernetes/blob/aa02c0f5191af40cbf7a18a8beec24c56ed7b860/staging/src/k8s.io/client-go/informers/core/v1/pod.go#L30
yue9944882
force-pushed
the
refactor-kubernetes-client-informer-mgmt
branch
from
393a98c
to
5f71ddd
Compare
provider/kubernetes/client.go
Outdated
| safe.Go(func() { | ||
| wg.Add(1) | ||
| informer.Run(stopCh) | ||
| c.factories[ns].Start(stopCh) |
There was a problem hiding this comment.
We need to insert ns := ns after line 141 in order to capture the variable. Otherwise, we'd always end up with the last namespace being referenced in the anonymous goroutine (see also https://github.com/golang/go/wiki/CommonMistakes#using-goroutines-on-loop-iterator-variables).
There was a problem hiding this comment.
I just realise that informerFactory.Start is an asynchronous call itself and we don't have to invoke it via safe.Go(...)
provider/kubernetes/client.go
Outdated
| // users having granted RBAC permissions for this object. | ||
| // https://github.com/containous/traefik/issues/1784 should improve the | ||
| // situation here in the future. | ||
| if t == reflect.TypeOf(&corev1.Secret{}) && !ok { |
There was a problem hiding this comment.
Nit-pick: Please swap the expression terms for better comprehensibility (and, to a neglectable degree, performance).
provider/kubernetes/client.go
Outdated
| for ns, factory := range c.factories { | ||
| ings, err := factory.Extensions().V1beta1().Ingresses().Lister().List(labels.Everything()) | ||
| if err != nil { | ||
| log.Errorf("fail to list ingresses in namespace %s: %s", ns, err) |
provider/kubernetes/client.go
Outdated
| // users having granted RBAC permissions for this object. | ||
| // https://github.com/containous/traefik/issues/1784 should improve the | ||
| // situation here in the future. | ||
| if t == reflect.TypeOf(&corev1.Secret{}) && !ok { |
There was a problem hiding this comment.
In the previous implementation, we did not wait for the Secrets' cache to sync at all. The new implementation seems to wait for it but does not consider an error to be critical.
Assuming I got it right: Does this possibly mean that users without permitted RBAC access now see Secrets RBAC errors in their logs? I guess I'm okay with a single log occurrence, but multiple ones would be irritating IMHO.
| "listers/settings/v1alpha1", | ||
| "listers/storage/v1", | ||
| "listers/storage/v1alpha1", | ||
| "listers/storage/v1beta1", |
|
Apologies for the laggy response; I will try hard to get back to this PR and do some final testings within the next 2 days. Sorry! |
|
@timoreimann Never mind. The refactoring in this PR might be a big change so we ought to spend more time to prove its correctness. I'd also like to help enhance test for this PR :-) |
There was a problem hiding this comment.
I finally got around testing the PR against against minikube. Everything seems to be working as intended. 🎉
Regarding the tests: IMHO, unit tests aren't very helpful for the changed files in question. What we need is a proper integration test. Fortunately, I have started work in this regard some time ago. It's (still) not done yet but I'm committed to moving it to completion. :-)
Thanks again for the PR!
mmatur
force-pushed
the
refactor-kubernetes-client-informer-mgmt
branch
from
fba5f22
to
aceff7b
Compare
|
@mmatur What does it mean by |
|
@yue9944882, you have missed nothing. We have bots that help us to manage PR. Explanation available here |
What does this PR do?
Use
k8s.io/cilent-go/informersto manage informers and its indexers / store.Motivation
Currently we are managing the stores of informers explicitly which may be unnecessary after bumping up
client-go. Informer factory will help sort out and clearify implementation of kubernetes client.This PR will simplify kubernetes client a lot.
More
Additional Notes