-
Notifications
You must be signed in to change notification settings - Fork 260
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Add OpenStackServerGroup CRD and Controller #1912
base: main
Are you sure you want to change the base?
Conversation
Hi @dalees. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
✅ Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks pretty good, some remarks inline.
// The name of the cloud to use from the clouds secret | ||
// +optional | ||
CloudName string `json:"cloudName"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems a bit weird, we should probably have a reference to an OpenStackCluster instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the feedback! Yeah, this allows the resource to be reconciled alone, as it's self contained.
However that isn't in any of the use cases, it doesn't seem a limitation to be tied to an existing OpenStackCluster even if the OpenStackServerGroup was only used for workers. It would remove duplication of these creds.
I'll make this change, once the CRD approach is agreed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, okay, that's a fair point. The use case to keep all the workers from different clusters in a single ServerGroup makes sense, I see your point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In v1beta1
CloudName has moved into IdentifyRef, but this review thread is still relevant.
For now, I've chosen not to tie the OpenStackServerGroup to an OpenStackCluster reference and instead hold it's own secret reference. This matches how OpenStackMachine's are designed, and feels reasonable for this resource and avoids circular dependency.
I don't think there's much of a use case for two clusters using a single OpenStackServerGroup
, that's not the design intention (but is possible with the current implementation).
err = compute.ResolveReferencedMachineResources(scope, &openStackMachine.Spec, &openStackMachine.Status.ReferencedResources) | ||
if err != nil { | ||
return reconcile.Result{}, err | ||
} | ||
|
||
// Resolve referenced resources CAPO resources, using the K8s client | ||
err = resolveReferencedClientResources(ctx, r.Client, openStackMachine) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It feels like it's still a Machine resource. Couldn't we put that into ResolveReferencedMachineResources
directly? Even if we need to change the arguments of the function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I did start by doing this; I changed to this separation as what they're fetching from is distinct (OpenStack resource vs Kubernetes resource) and the client objects used are different. The OpenStack compute package just doesn't feel like the right place to be looking up K8s resources. It also makes test cases clearer to mock each function.
However, I agree the naming isn't clear. I wonder if renaming ResolveReferencedMachineResources
to ResolveReferencedOpenStackResources
may help to this end.
I'm open to changing this, but wanted to provide my reasoning first.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that, sure. Let's see what other reviewers will say here, especially @mdbooth as ResolveReferencedMachineResources()
is an idea of his.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While rebased onto v1beta
I have removed resolveReferencedClientResources
and moved the code into the new resolveMachineResources
.
|
||
serverGroupName := openStackServerGroup.Name | ||
|
||
serverGroup, err := computeService.GetServerGroupByName(serverGroupName, false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, we should probably lookup by ID first in case we have duplicate names.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree
instead of GetServerGroupByName
raising error in case of multiple server groups with the same name, i suggest to check openStackServerGroup.Status.ID
, if it is nil, create a new server group
err = compute.ResolveReferencedMachineResources(scope, &openStackMachine.Spec, &openStackMachine.Status.ReferencedResources) | ||
if err != nil { | ||
return reconcile.Result{}, err | ||
} | ||
|
||
// Resolve referenced resources CAPO resources, using the K8s client | ||
err = resolveReferencedClientResources(ctx, r.Client, openStackMachine) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I did start by doing this; I changed to this separation as what they're fetching from is distinct (OpenStack resource vs Kubernetes resource) and the client objects used are different. The OpenStack compute package just doesn't feel like the right place to be looking up K8s resources. It also makes test cases clearer to mock each function.
However, I agree the naming isn't clear. I wonder if renaming ResolveReferencedMachineResources
to ResolveReferencedOpenStackResources
may help to this end.
I'm open to changing this, but wanted to provide my reasoning first.
/ok-to-test |
@pierreprinetti We agreed this in principal this week. Pinging you because it's similar to something ORC would do. |
Hi, at @SovereignCloudStack we are very interested in this feature. What is the progress here @dalees? |
Hello - pleased to hear of the interest! I'm keen to get this in, and I'm scheduled to revisit this in the next few weeks to get it back into a reviewable state. |
65a96b7
to
1dd66f9
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
2519eb2
to
2df0503
Compare
2df0503
to
db35504
Compare
db35504
to
6ad654a
Compare
/unhold |
This change is ready for review, when reviewers have the time :) cc @mdbooth |
6ad654a
to
142a7c0
Compare
Implements new CRD for OpenstackServerGroup in v1beta1 to allow managed Server Groups with standard policies, and adds ServerGroupRef to OpenstackMachine that references the new CRD and uses it for VM creation. Closes: kubernetes-sigs#1256
142a7c0
to
d8850da
Compare
Hi @dalees, thank you for pushing this PR. I am also kindly asking you and others about checking the OCCM host-id labelling issue kubernetes/cloud-provider-openstack#2579, what do you think about it? These two features can be nicely combined then, E.g. one can create an anti-affinity server group, and then check the host-id label of k8s nodes to ensure that nodes are distributed on different underlying hypervisors. |
@mdbooth this seems like a really good candidate for an ORC-style approach too? |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
||
// Store the resolved UUID, once it's ready and set. | ||
if servergroup.Status.Ready && servergroup.Status.ID != "" { | ||
resolved.ServerGroupID = servergroup.Status.ID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
resolved.ServerGroupID = servergroup.Status.ID | |
resolved.ServerGroupID = servergroup.Status.ID | |
openStackServer.Status.Resolved = resolved |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think this is missing
|
||
serverGroupName := openStackServerGroup.Name | ||
|
||
serverGroup, err := computeService.GetServerGroupByName(serverGroupName, false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree
instead of GetServerGroupByName
raising error in case of multiple server groups with the same name, i suggest to check openStackServerGroup.Status.ID
, if it is nil, create a new server group
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
What this PR does / why we need it:
Implements new CRD for OpenstackServerGroup in v1beta1 to allow managed Server Groups with standard policies, and adds ServerGroupRef to OpenstackMachine that references the new CRD and uses it for VM creation.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #1256
Special notes for your reviewer:
This implements comment #1256 (comment)
TODOs: