Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Admin and canary blast radius control #504

Closed
wants to merge 10 commits into from
Closed

[WIP] Admin and canary blast radius control #504

wants to merge 10 commits into from

Conversation

sknot-rh
Copy link

Use Templates from strimzi bundle to generate Admin/Canary Deployments

@github-actions github-actions bot added the operator changes related to operator label Sep 16, 2021
@rareddy
Copy link
Contributor

rareddy commented Sep 16, 2021

@sknot-rh I might be missing something obvious why template-based loading now for these components? Do you expect to change these templates dynamically at runtime?

@sknot-rh
Copy link
Author

Template ConfigMap is going to be part of the Strimzi bundle. So for each Strimzi version, there will be adequate Admin/Canary versions.

@github-actions github-actions bot added the test Test related changes label Sep 17, 2021
Copy link
Contributor

@kornys kornys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments regarding ST

@rareddy
Copy link
Contributor

rareddy commented Sep 17, 2021

Template ConfigMap is going to be part of the Strimzi bundle.

Strimzi or kas-fleetshard bundle? from your code it looked like kas-fleetshard (also you hardcoded namespace for it, it is different in prod and staging).

So for each Strimzi version, there will be adequate Admin/Canary versions.
Can you tell what template differences are between versions you found that require this kind of template approach? I would have thought it would be the client libraries to access the Kafka cluster, which means the deployment image would change not the template itself.

IMO is half parameters can be made unique by {MK-NAME}-foo-bar, it may be simpler and have fewer properties to manage if the template itself is driven that way.

writer.write(companionTemplates.getData().get(templateName));
writer.close();

DefaultOpenShiftClient dryOpenShiftClient = new DefaultOpenShiftClient();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that the templating we are using is not ok, because the Template resource is specific to OpenShift as you here have to use a specific OpenShift client. The FSO has to work on vanilla Kubernetes as well. Did I misunderstand anything?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The client is doing the substition localy (processLocally) so it is not really communicating with a server. I it just about converting template string to actual deployment.

@sknot-rh
Copy link
Author

IMO is half parameters can be made unique by {MK-NAME}-foo-bar, it may be simpler and have fewer properties to manage if the template itself is driven that way.

From Template doc -

When using the ${PARAMETER_NAME} syntax only a single parameter reference is allowed and leading and trailing characters are not permitted.

Copy link
Contributor

@kornys kornys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix my comment

Copy link
Contributor

@kornys kornys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from ST POV


@Override
public void createOrUpdate(ManagedKafka managedKafka) {
Deployment current = cachedDeployment(managedKafka);
Deployment deployment = deploymentFrom(managedKafka, current);
ConfigMap companionTemplates = configMapResource(kubernetesClient.getNamespace(), "companion-templates-config-map").get();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my earlier question on where the templates are coming from, here it indicates that this configmap is part of same namespace as the FSO, and may be created as part of the operator deployment or created by someone else during the install. My question

  1. Where does this template originate from? and how it gets deployed as configmap in FSO namespace? you mentioned Strimzi but I did not find any references on quick search.
  2. What benefit does it give us using the template form? I see you still deploying a single deployment of either a canary or admin server.

Copy link
Author

@sknot-rh sknot-rh Sep 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the unclear explanation :( (there is also a epic brief you can read)
1.

Where does this template originate from?

We decided to use a Template to specify as much as possible configuration to Deployment. The main motivation is to use corresponding Admin/Canary images with the new Strimzi bundle. So if you upgrade Strimzi (new bundle will be used) the Admin/Canary deployments will be regenerated and the correct image used.

and how it gets deployed as ConfigMap in FSO namespace?

  IIUC it will be part of the Strimzi bundle. So when the bundle is created, this ConfigMap should be created as well.

What benefit does it give us using the template form?

Admin/Canary is bonded to ManagedKafka resource and some configuration is different. For example name of the name of MK resource does affect `bootstrap-servers` address etc. So you use placeholders in Template to generate MK resource-related Admin/Canary deployments.

I see you still deploying a single deployment of either a canary or admin server.

 Yeah, but each Admin/Canary deployment is specific to a MK resource, so the deployments are different.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, I may be missed EpicBreif on it, if you can give link I will take a look.

So the new strimzi bundle will have the configmap with the image details backed into the deployment template and FSO need not to be changed every time there is a change to canary or admin servers. If there is a change then one needs to create a new Strimzi bundle for it. Is that accurate?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that is right. EB

private Map<String, String> buildParameters(ManagedKafka managedKafka) {
List<Parameter> parameters = new ArrayList<>();

addParameter(parameters, "KAFKA_ADMIN_SERVER_APP", adminServerName(managedKafka));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe these prefixes like KAFKA_ADMIN or CANRY_ are verbose? unless you trying to put different containers on single pod. They do not help with version-specific anyways if we are conceiving of multiple admin server deployments per pod

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the name of the placeholder, not ENV.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what I am going after is you can reduce the number of tokens overall to be set, if you make then not use prefixes, and reuse the properties. Like the name is used to distinguish an attribute, you can reuse name everywhere then defining a new one for each occurrence. But of course, you would need to update the bundle for this.

deployment.getSpec().getTemplate().getSpec().getContainers().get(0).getEnv().add(new EnvVarBuilder().withName("KAFKA_ADMIN_OAUTH_JWKS_ENDPOINT_URI").withValue(oauth.getJwksEndpointURI()).build());
deployment.getSpec().getTemplate().getSpec().getContainers().get(0).getEnv().add(new EnvVarBuilder().withName("KAFKA_ADMIN_OAUTH_VALID_ISSUER_URI").withValue(oauth.getValidIssuerEndpointURI()).build());
deployment.getSpec().getTemplate().getSpec().getContainers().get(0).getEnv().add(new EnvVarBuilder().withName("KAFKA_ADMIN_OAUTH_TOKEN_ENDPOINT_URI").withValue(oauth.getTokenEndpointURI()).build());
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conditional code like this is where template processing falls down IMO, once you say you know the structure of the template you created a strong coupling between them and chances of breaking it during the runtime. Ideally, you shouldn't know what is in there, just text replace then deploy, but oh well!

Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
Signed-off-by: Stanislav Knot <[email protected]>
@shawkins
Copy link
Contributor

shawkins commented Feb 1, 2022

Closing in favor of #643

@shawkins shawkins closed this Feb 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
DO NOT MERGE operator changes related to operator test Test related changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants