-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP]✨ Add remote cluster cache manager #2835
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ncdc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Add a remote cluster cache manager that owns the full lifecycle of caches against workload clusters. Controllers that need to watch resources in workload clusters should use this functionality. Signed-off-by: Andy Goldstein <[email protected]>
e0d7394
to
819479b
Compare
I just realized I'm not plumbing a scheme into |
I'd probably just use |
@@ -0,0 +1,203 @@ | |||
/* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we rename this to cluster_cache_controller?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See my comment below about manager vs reconciler. I'd prefer to keep this as-is, or rename to cluster_cache_manager.go. But again, if you feel strongly, I can rename it.
controllers/remote/cluster_cache.go
Outdated
} | ||
|
||
// ClusterCacheManager manages client caches for workload clusters. | ||
type ClusterCacheManager struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type ClusterCacheManager struct { | |
type ClusterCacheReconciler struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer to call this a manager. I know it's watching Clusters and reacting to them, but that's only as a maintenance task to stop and remove stale caches. I wouldn't consider this struct to be doing the same sort of reconciliation that the others are. But if you feel strongly enough, I can make the change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm with @ncdc on this, I think this is more of a management task than a full on controller, it's not changing the state of the world anywhere, I'd personally stick with ClusterCacheManager
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Manager is an overloaded word and we're potentially introducing a new naming convention here, how about ClusterCacheTracker
? We already have ObjectTracker
in this package and it'd go hand in hand.
This isn't blocking, if you all want to use Manager is fine, can be changed later if we find a better naming solution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to both avoiding Reconciler
and Manager
to avoid confusion.
Also, +1 to Tracker
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm splitting the "tracker" part from the "reconciler" part (2 different structs). Will be in next push.
// For testing | ||
newRESTConfig func(ctx context.Context, cluster client.ObjectKey) (*rest.Config, error) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
non blocking: could we use the kubeconfig secret to create a client to envtest instead of mocking it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean build up a dummy secret in the unit test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean build up a dummy secret in the unit test?
This is what I did for the MHC tests and it seemed to work
cluster-api/controllers/machinehealthcheck_controller_test.go
Lines 72 to 73 in 09f87a2
By("Creating the remote Cluster kubeconfig") | |
Expect(kubeconfig.CreateEnvTestSecret(k8sClient, cfg, testCluster)).To(Succeed()) |
I think it's preferential to do this, but could definitely be a follow up PR
} | ||
m.clusterCaches[cluster] = cc | ||
|
||
// Start the cache!!! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😄 I love the enthusiasm
controllers/remote/cluster_cache.go
Outdated
|
||
var cluster clusterv1.Cluster | ||
|
||
err := m.managementClusterClient.Get(ctx, req.NamespacedName, &cluster) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couldn't we have client.Client as part of the struct like elsewhere and use mgr.GetClient() to get it during init?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I can make that change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Had a read through and the following things came to mind:
- When this is used in controllers, they will also have to track which clusters they have called watch for if I've understood this correctly?
- Given the above, what happens if a cluster is deleted, and then recreated without the manager restarting, is this something we are expecting to happen/support?
- How will this be consumed by other controllers, are they expected to have a
ClusterCacheManager
as a member field for fetching the caches? Should there be anClusterCacheGetter
interface that consists of just theClusterCache
method that is expected by the controllers? That is then given to them at the timeSetupWithManager
is called?
controllers/remote/cluster_cache.go
Outdated
} | ||
|
||
// ClusterCacheManager manages client caches for workload clusters. | ||
type ClusterCacheManager struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm with @ncdc on this, I think this is more of a management task than a full on controller, it's not changing the state of the world anywhere, I'd personally stick with ClusterCacheManager
// For testing | ||
newRESTConfig func(ctx context.Context, cluster client.ObjectKey) (*rest.Config, error) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean build up a dummy secret in the unit test?
This is what I did for the MHC tests and it seemed to work
cluster-api/controllers/machinehealthcheck_controller_test.go
Lines 72 to 73 in 09f87a2
By("Creating the remote Cluster kubeconfig") | |
Expect(kubeconfig.CreateEnvTestSecret(k8sClient, cfg, testCluster)).To(Succeed()) |
I think it's preferential to do this, but could definitely be a follow up PR
if err == nil { | ||
log.V(4).Info("Cluster still exists") | ||
return reconcile.Result{}, nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might it be worth checking if the cluster deletion timestamp is set and stop the cache earlier? My concern is that the manager may miss the delete
event and Reconcile
may not actually be called on a cluster as it is finally removed from the API. Checking the deletion timestamp on Cluster
objects while they still exist gives the manager more chance to catch a cluster being deleted if that makes sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the manager is running, it will not miss the deletion event. One of two situations will happen:
- The deletion occurs and the delete event comes straight through
- The watch drops and/or history is compacted, the Cluster is deleted in the interim, then the watch is reestablished. In this case, the shared informer will send a simulated delete event ("DeletionFinalStateUnknown", because the final state of the object at the time of deletion is unknown)
However, I can add code to check for deletion timestamps too, if you think it'll be beneficial.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was unaware the the informer would send a simulated delete event, TIL!
In that case, I'm content with it as is, thanks for the explanation
That's a good point. Maybe controller-runtime dedupes? If not, I'll have to extend this in some way to account for that.
If the cluster is deleted, the Reconcile function should see that, and stop the cache for it. When the cluster is recreated with the same name, a new cache would be created for it. But I think I should probably extend the map key to include the uid of the cluster, in addition to dealing with deduping.
The ClusterCacheManager is meant to be a singleton, constructed in main.go. The other controllers will have a field for it (or an interface, as you suggested), filled in when they're created in main.go |
Oh, I am also considering splitting the ClusterCacheManager into 2 structs - 1 to manage the caches, and a 2nd to be the controller/reconciler that watches for deleted Clusters (separation of concerns). Would that be useful? |
If it's likely to get more complicated (eg due to deduplication of watches) then I think this would be beneficial |
controllers/remote/cluster_cache.go
Outdated
} | ||
|
||
// ClusterCacheManager manages client caches for workload clusters. | ||
type ClusterCacheManager struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to both avoiding Reconciler
and Manager
to avoid confusion.
Also, +1 to Tracker
.
controllers/remote/cluster_cache.go
Outdated
return nil, errors.Wrap(err, "error creating REST client config for remote cluster") | ||
} | ||
|
||
remoteCache, err := cache.New(config, cache.Options{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to expose at least a subset of cache.Options
here? It might be good to at least allow for setting of Resync
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do
var cluster clusterv1.Cluster | ||
|
||
err := m.managementClusterClient.Get(ctx, req.NamespacedName, &cluster) | ||
if err == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this also attempt to guard against intermittent errors here as well and only continue on to the cache deletion if apierrors.IsNotFound(err)
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd have to do some (re)digging, but given that the client is doing cached reads, I think the only way you can get a non-404 error is if the client's cache hasn't been started yet.
controllers/remote/cluster_cache.go
Outdated
log.V(4).Info("Stopping cluster cache") | ||
c.Stop() | ||
|
||
delete(m.clusterCaches, req.NamespacedName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should there be a method on ClusterCacheManager
that wraps this with a lock? It seems a bit weird that we are locking on insertion and reading but not deletion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I realized this last night. I have it fixed locally and it'll be in the next push.
@@ -0,0 +1,203 @@ | |||
/* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to move the bulk of the implementation here to a library so that it would be easier to consume outside of the core controller manager? I wouldn't expect any providers (especially out of tree) to import anything under controllers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is actually a library. I've (privately) questioned why the remote
package is in controllers/remote
and not somewhere else. I'd say we should file an issue to move remote
out of controllers
for 0.4.x. WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i initially put it under there because it was code to be used within capi controllers, it expanded over time though
I'm thinking about adjusting things around so the only exported function on ClusterCacheTracker is: func (m *ClusterCacheTracker) Watch(
ctx context.Context,
watcher Watcher,
cluster client.ObjectKey,
kind runtime.Object,
cacheOptions cache.Options,
eventHandler handler.EventHandler,
predicates ...predicate.Predicate,
) error (Watcher is a slimmed down interface for a Controller.) (although I'll probably change the cluster ObjectKey to a namespace/name/uid struct.) This is not pretty (lots of params). But it'll dedupe on (watcher, cluster, kind, eventHandler). WDYT? |
I'm fine having a bunch of parameters if there is a need for me, maybe do a |
This is basically the conclusion I came to last week so +1 from me, also +1 to the suggestion of |
Signed-off-by: Andy Goldstein <[email protected]>
I just pushed up a WIP commit with the code to add the Watch() support. I unfortunately won't have any significant amount of time to carry this forward, but @JoelSpeed has graciously offered to take it over. Thanks Joel! |
@ncdc: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
I've opened a PR to replace this one #2880 |
Thanks @JoelSpeed and @ncdc ! I'll go ahead and close this one /close |
@vincepri: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it:
Add a remote cluster cache manager that owns the full lifecycle of
caches against workload clusters. Controllers that need to watch
resources in workload clusters should use this functionality.
This is the foundation for #2414 and #2577.
It does not currently check for connectivity failures to workload clusters. It only stops the workload cluster caches if there is an error retrieving the
Cluster
from the management cluster. If desired, I could add something that does a minimal "ping" to each workload cluster periodically, removing any caches that have connectivity issues. Or we could do that in a follow-up.I have not updated MachineHealthCheck to use this. I could do that in this PR, or a follow-up.
I have not added anything for KubeadmControlPlane to use this. I could do that in this PR, or a follow-up (cc @detiber).
/priority important-soon
cc @vincepri @JoelSpeed