add auto update for priority & fairness bootstrap configuration objects #98028
Conversation
There was a problem hiding this comment.
there is probably a reason to have shouldEnsureSuggested in place. are there any risks if we ensure all objects both suggested and mandatory without having shouldEnsureSuggested?
There was a problem hiding this comment.
Yes. We explicitly and deliberately made a distinction between required and suggested configuration, and we explicitly and deliberately made the suggested configuration be something that the cluster operators can supplement, delete, and/or modify in any way they want.
Yes that means the operators have to think and potentially do something when migrating to a new release, in cases where they will want different configuration in the new release. I do not think automatically smashing in the suggested config is a better solution.
|
/assign @MikeSpreitzer |
|
/retest |
There was a problem hiding this comment.
How about making that %v into a %w?
There was a problem hiding this comment.
Yes. We explicitly and deliberately made a distinction between required and suggested configuration, and we explicitly and deliberately made the suggested configuration be something that the cluster operators can supplement, delete, and/or modify in any way they want.
Yes that means the operators have to think and potentially do something when migrating to a new release, in cases where they will want different configuration in the new release. I do not think automatically smashing in the suggested config is a better solution.
|
@kubernetes/sig-api-machinery-bugs |
fb56ce7 to
92ec9c5
Compare
92ec9c5 to
a8c4fe6
Compare
There was a problem hiding this comment.
What value is this abstraction providing? Looks like it's just a way to break type safety
There was a problem hiding this comment.
We want to avoid duplicating the ensure/delete strategy for each type and also for whether the configuration is suggested or mandatory. As a trade off we have the boilerplate code in wrapper.
There was a problem hiding this comment.
The top level functions accepts typed object, so we provide some sort of type safety. if you look at the main function that drives it, they are all typed.
3da6fb4 to
e2c7279
Compare
@wojtek-t I have set |
There was a problem hiding this comment.
[technically it doesn't matter - but it's misleading to the user]
There was a problem hiding this comment.
oops, it's a copy paste error, fixed.
e2c7279 to
b50fa59
Compare
@wojtek-t fixed, please take a look. |
|
/lgtm /assign @lavalamp - for API approval |
|
@wojtek-t: GitHub didn't allow me to assign the following users: -, for, API, approval. Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test pull-kubernetes-e2e-kind |
|
/test pull-kubernetes-integration |
There was a problem hiding this comment.
| // objects on the cluster and applies update if necessary. | |
| // objects on the cluster and applies updates if necessary. |
There was a problem hiding this comment.
| // The kube-apiserver will apply update on the suggested configuration if: | |
| // The kube-apiserver will apply updates on the suggested configuration if: |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lavalamp, tkashem, wojtek-t The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Take the following approach: On a fresh install, all bootstrap configuration objects will have auto update enabled via the following annotation : `apf.kubernetes.io/autoupdate: 'true'` The kube-apiserver periodically checks the bootstrap configuration objects on the cluster and applies update if necessary. We enforce an 'always auto-update' policy for the mandatory configuration object(s). We update the suggested configuration objects when: - auto update is enabled (`apf.kubernetes.io/autoupdate: 'true'`) or - auto update annotation key is missing but `generation` is `1` If the configuration object is missing the annotation key, we add it appropriately: it is set to `true` if `generation` is `1`, `false` otherwise. The above approach ensures that we don't squash changes made by an operator. Please note, we can't protect the changes made by the operator in the following scenario: - the user changes the spec and then deletes and recreates the same object. (generation resets to 1) remove using a marker
b50fa59 to
759a641
Compare
|
/lgtm |
|
@MikeSpreitzer regarding your comment #98028 (comment)
I just realized that we have an issue with this approach, let's take for example the suggested flow schema
There are two options:
I propose Solution cc @wojtek-t |
Alternatively - they can modify "auto-update" annotation and update FS to match other (or no) requests. |
|
I think the whole set of suggested configuration objects is ill-designed and am disappointed that we have not yet explored a different set (along the lines of what was originally proposed). I continue to think that deleting suggested config objects is a reasonable operator action. There is another possible approach. Let the last mandatory object have an annotation that identifies the vintage of suggested config objects that was injected. That would let the config producer controller tell the difference between an old set of objects vs. an explicitly edited new set of objects. Another possible approach eschews an explicit tag and simply looks at the existing objects. We actually discussed this issue of recently introduced suggested config objects in a meeting and decided that we would handle it with a release note explaining that there is a new config object that the operator may want to consider. The difficult scenario is what to do after the operator has made some change --- does that mean the newly defined suggested config object should be eschewed, or injected anyway? It depends on what change(s) the operator made and why. There is no way that the config producing controller can tell. |
| return false, nil | ||
| }, hookContext.StopCh) | ||
| if err != nil { | ||
| klog.ErrorS(err, "APF bootstrap ensurer is exiting") |
There was a problem hiding this comment.
this always logs an error on server shutdown... this should be info, at best
There was a problem hiding this comment.
this confused debugging on #103512
What type of PR is this?
/kind bug
What this PR does / why we need it:
apf post startup config provider should ensure that the bootstrap spec of the suggested priority level config and flow schema objects is saved when a given object already exists.
if a new version of the apiserver has a change in the spec of any of the suggested objects in bootstrap configuration, the updated spec does not get stored, because if a given object already exists in the cluster we don't update it to match the spec of the bootstrap object.
We recently merged #95259 that changed the spec of the suggested configuration in bootstrap. It went into 1.20. If a cluster upgrades from 1.19 to 1.20, the updated spec in the bootstrap configuration won't be reflected in the stored objects.
This PR takes the following approach:
On a fresh install, all (both mandatory and suggested) configuration objects will have auto update enabled via the following annotation
apf.kubernetes.io/autoupdate-spec: 'true'30sto initialize the bootstrap configuration, the apiserver will fail to start if it can't finish the initialization within30skube-apiserver enforces an 'always auto-update' policy for the mandatory configuration object(s). This implies:
The kube-apiserver will apply update on the suggested configuration if:
If the suggested configuration object is missing the annotation key, kube-apiserver will update the annotation appropriately:
The above approach for suggested configuration ensures that we don't squash changes made by an operator. Please note, we can't protect the changes made by the operator in the following scenario:
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: