Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[velero] Chart ux improvements #138

Open
wants to merge 23 commits into
base: main
Choose a base branch
from

Conversation

kav
Copy link

@kav kav commented Aug 6, 2020

Addressing the Chart UX issues filed previously

  • existingSecretKey now specifies the key inside the existingSecret containing the IAM credentials. This actually also controls a generated secret in this case.
  • The plugin container is now automatically added to initContainers based on all of the provider value. This can be overridden a number of ways, most simply by changing properties of the pluginImage key. I did guess on the alicloud config so if someone could verify that I'd appreciate it. May end up with extra initContainers if using "old" values.
  • deployRestic is now restic.enabled Fully supports back compat.
  • useSecret is now computed based on the existence of secret contents or the existing secret.
  • Removed configuration wrapper, added tests to ensure behavior with or without wrapper.
  • schedules is now an array with a name property in each entry. Also with back compat
  • Started on adding a values table to the readme as is standard in most helm charts.

As an aside: Not entirely sure I grok the credentials key. Prior to these change it appears the credentials.secretContents and credentials.extraEnvars ends up injected as both files and envvars and the deployments are looking for a key called cloud but that isn't specified in the docs. Perhaps there is velero cli context I don't have here.

Fixes #88
Fixes #89
Fixes #90
Fixes #139

@kav
Copy link
Author

kav commented Aug 6, 2020

There are probably a few additional UX clean up tasks we should roll in if we are revving as a breaking change before we merge. I'll try to get at least a single proposal issue with a list filed shortly for discussion. I'd like to clean up the readme so a new user knows exactly which values they must provide for a minimum functional deployment.

@jenting jenting added the velero label Aug 10, 2020
@carlisia
Copy link
Contributor

/rebase

charts/velero/README.md Outdated Show resolved Hide resolved
--set initContainers[0].image=velero/velero-plugin-for-aws:v1.1.0 \
--set initContainers[0].volumeMounts[0].mountPath=/target \
--set initContainers[0].volumeMounts[0].name=plugins
--set image.pullPolicy=IfNotPresent
Copy link
Collaborator

@jenting jenting Aug 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this idea that the user does not need to specify the plugin images anymore and I think the below code is a bit redundant from my usage.

    --set initContainers[0].volumeMounts[0].mountPath=/target \	
    --set initContainers[0].volumeMounts[0].name=plugins

However, we have a use case that we'll mount two plugin images, one for AWS and the other one for CSI, so our command is:

    --set initContainers[0].name=velero-plugin-for-aws \
    --set initContainers[0].image=velero/velero-plugin-for-aws:v1.1.0 \
    --set initContainers[0].volumeMounts[0].mountPath=/target \
    --set initContainers[0].volumeMounts[0].name=plugins \
    --set initContainers[1].name=velero-plugin-for-csi \
    --set initContainers[1].image=velero/velero-plugin-for-csi:v0.1.1 \
    --set initContainers[1].volumeMounts[0].mountPath=/target \
    --set initContainers[1].volumeMounts[0].name=plugins

With this PR, I think our use case can't be fulfilled. But I'd rather see if it's possible to remove the redundant volumeMounts[0] and the charts would help us generate automatically, which becomes:

    --set initContainers[0].name=velero-plugin-for-aws \
    --set initContainers[0].image=velero/velero-plugin-for-aws:v1.1.0 \
    --set initContainers[1].name=velero-plugin-for-csi \
    --set initContainers[1].image=velero/velero-plugin-for-csi:v0.1.1

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can add additional initContainers as before, the one for the provider will be added automatically. At present you'd add (assuming aws is the provider):

--set initContainers[0].name=velero-plugin-for-csi \
--set initContainers[0].image=velero/velero-plugin-for-csi:v1.1.0 \
--set initContainers[1].volumeMounts[0].mountPath=/target \
--set initContainers[1].volumeMounts[0].name=plugins

Are you using both because the other provider is in a backup storage location or snapshot location? Can we just add initContainers for all the various providers across the values file and leave initContainers as a standard extension point for fallback.

I'd recommend against automounting plugins at /target for all initContainers as that is a general extension point. If you really want something similar perhaps it'sworth adding a list of plugin images to add over and above the provider one? Something like

additionalPlugins:
- name: velero-plugin-for-csi
  image: velero/velero-plugin-for-csi:v0.1.1

which then creates an initContainer entry with the volume mount.

Copy link
Collaborator

@jenting jenting Aug 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you using both because the other provider is in a backup storage location or snapshot location? Can we just add initContainers for all the various providers across the values file and leave initContainers as a standard extension point for fallback.

Yes, we're using S3-compatible (minion) which requires velero-plugin-for-aws and also deploy ceph-csi to take a volume snapshot by Kubernetes volume snapshot CRDs with velero-plugin-for-csi.

I'd recommend against automounting plugins at /target for all initContainers as that is a general extension point. If you really want something similar perhaps its worth adding a list of plugin images to add over and above the provider one? Something like

additionalPlugins:
- name: velero-plugin-for-csi
  image: velero/velero-plugin-for-csi:v0.1.1

which then creates an initContainer entry with the volume mount.

Sounds good. Personally I'd like this approach then we could remove the initContainers in values.yaml.

Any feedback on this? cc @carlisia @nrb @ashish-amarnath

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added initContainers for each provider configured at the various levels in the values so if you have different providers for configuration, backupStorageLocation, and snapshotLocation it will add all the plugins.

It looks like only the configuration.provider has a secret injected into the primary container. Is that a concern? Should we be refactoring the credentials to allow for multiple providers here as well?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also worth mentioning I removed the "data" in helpers and put it into values, it dumbs the logic down nicely and moves the images to standard patterns. This is nicer as it makes the images Flux HelmOperator friendly and I'm sure has other similar benefits

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Velero installs plugins as initContainers with the expectation that they will be copied to the correct mountpoint for invocation; all plugins should end up in the same directory for them to work properly at runtime.

Copy link
Author

@kav kav Aug 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't be a problem. They are all copied to /target in the plugins volume as expected. As you mention re the secret though we'll only have one set of credentials right?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kav sorry for the late reply.

I'd prefer to change the installation way from

helm install \
  ... \
  --set initContainers[0].name=velero-plugin-for-aws \
  --set initContainers[0].image=velero/velero-plugin-for-aws:v1.1.0 \
  --set initContainers[0].volumeMounts[0].mountPath=/target \
  --set initContainers[0].volumeMounts[0].name=plugins \
  --set initContainers[1].name=velero-plugin-for-csi \
  --set initContainers[1].image=velero/velero-plugin-for-csi:v0.1.1 \
  --set initContainers[1].volumeMounts[0].mountPath=/target \
  --set initContainers[1].volumeMounts[0].name=plugins

to

helm install \
  ... \
  --set plugins velero/velero-plugin-for-aws:v1.1.0,velero/velero-plugin-for-csi:v0.1.1

then, the installation command is aligned to velero install.

WDYT?

Copy link
Author

@kav kav Aug 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds great to me! I wrote a reply discussing the merits of that vs a yaml list and then realized it's a single split call and erased it and implemented support for both.

Updated, we now support
--set plugins velero/velero-plugin-for-aws:v1.1.0,velero/velero-plugin-for-csi:v0.1.1
and

plugins:
- velero/velero-plugin-for-aws:v1.1.0
- velero/velero-plugin-for-csi:v0.1.1

and even

plugins:
 - velero/velero-plugin-for-aws:v1.1.0
 - repository: velero/velero-plugin-for-csi
   digest: sha256:60d47fd25216f13073525823a067eab223d12e695d4b41e480aa3ff13a58c916
   pullPolicy: Always

Also added unit tests for all of that using https://github.com/quintush/helm-unittest

charts/velero/Chart.yaml Outdated Show resolved Hide resolved
@kav
Copy link
Author

kav commented Aug 18, 2020

Also any open questions and changes for #139 should be resolved before this goes to main. Are there other breaking changes under discussion? I can start a major version branch if we've got other stuff to roll together

@kav
Copy link
Author

kav commented Aug 29, 2020

Also any open questions and changes for #139 should be resolved before this goes to main. Are there other breaking changes under discussion? I can start a major version branch if we've got other stuff to roll together

Switched version to 3.0.0-alpha.1 so if we do merge and have additional breaking changes our versioning properly reflects that.

@kav kav force-pushed the chart-ux-improvements branch 2 times, most recently from 72b42f4 to 28e8255 Compare August 29, 2020 20:56
cesarokuti and others added 14 commits August 29, 2020 20:41
Signed-off-by: Cesar Okuti <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
Signed-off-by: Carlisia <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
BREAKING CHANGE

Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
BREAKING CHANGE

Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
 Tagged version as alpha since there are other breaking change under discussion

Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
We create a secret if we have contents or envVars to put in it.
We use a secret if we created one or if we have an existing one.

Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
@kav kav requested a review from nrb September 1, 2020 14:36
@jenting jenting changed the title Chart ux improvements [velero] Chart ux improvements Sep 3, 2020
@jenting
Copy link
Collaborator

jenting commented Sep 3, 2020

Also any open questions and changes for #139 should be resolved before this goes to main. Are there other breaking changes under discussion? I can start a major version branch if we've got other stuff to roll together

Switched version to 3.0.0-alpha.1 so if we do merge and have additional breaking changes our versioning properly reflects that.

Sorry for the late review.

  1. I like the idea to change the UX but I'd like it to have a backward-compatible which means we could support both

    helm install \
      ... \
      --set initContainers[0].name=velero-plugin-for-aws \
      --set initContainers[0].image=velero/velero-plugin-for-aws:v1.1.0 \
      --set initContainers[0].volumeMounts[0].mountPath=/target \
      --set initContainers[0].volumeMounts[0].name=plugins \
      --set initContainers[1].name=velero-plugin-for-csi \
      --set initContainers[1].image=velero/velero-plugin-for-csi:v0.1.1 \
      --set initContainers[1].volumeMounts[0].mountPath=/target \
      --set initContainers[1].volumeMounts[0].name=plugins
    

    and

    helm install \
      ... \
      --set plugins velero/velero-plugin-for-aws:v1.1.0,velero/velero-plugin-for-csi:v0.1.1
    

    Furthermore, if the user setup above at the same time, we'll remove the duplicate item.

  2. I hope this did not remove the key configuration when setting up BSL/VSL, the same, for backward-compatibility.

  3. I'm wondering about the purpose of changing the schedule template from {} to [].

But, thanks for bringing up the helm unit-test, I'm researching the helm unit test solution recently, I'll try it later~

@kav
Copy link
Author

kav commented Sep 3, 2020

  1. I like the idea to change the UX but I'd like it to have a backward-compatible which means we could support both

Yep initContainers are still available and function as before.

Furthermore, if the user setup above at the same time, we'll remove the duplicate item.
2. I hope this did not remove the key configuration when setting up BSL/VSL, the same, for backward-compatibility.

I did, but I suppose we can re-add fairly easily. If we are moving to a breaking change version do you see back compat as a large issue here? Seems like a Release note saying to remove the configuration key and place values at the root is a fairly minor amount of work for anyone migrating to the new version. On the other hand allowing new patterns without forcing them is probably friendlier to users.

  1. I'm wondering about the purpose of changing the schedule template from {} to [].

I'm not sure if the pattern is driven by static typing in the various languages backing helm and kubernetes but it's uncommon, outside file name cases, to have a dynamic key as a name in values rather than an array of elements with name properties. As a new user of the Velero chart I tripped over this and expect other folks used to kubernetes and helm standards to do so as well. That said it was a change to match standard patterns if you folks prefer it as an object that's fine, this one is a bit subjective.

But, thanks for bringing up the helm unit-test, I'm researching the helm unit test solution recently, I'll try it later~

In general though we should discuss "back-compat" here. Part of the assumption in the changed UX is that there are some changes that will require breaking existing values structure. We can avoid that but it will complexify the chart logic as bit as we do. Perhaps allowing the new structures in a minor version and then enforcing them in a major version later, and removing the legacy structures then, is a better strategy if you're concerned about a smooth transition? That seems like a reasonable balanced solution. I'll update the PR.

@jenting
Copy link
Collaborator

jenting commented Sep 9, 2020

  1. I like the idea to change the UX but I'd like it to have a backward-compatible which means we could support both

Yep initContainers are still available and function as before.

Furthermore, if the user setup above at the same time, we'll remove the duplicate item.
2. I hope this did not remove the key configuration when setting up BSL/VSL, the same, for backward-compatibility.

I did, but I suppose we can re-add fairly easily. If we are moving to a breaking change version do you see back compat as a large issue here? Seems like a Release note saying to remove the configuration key and place values at the root is a fairly minor amount of work for anyone migrating to the new version. On the other hand allowing new patterns without forcing them is probably friendlier to users.

  1. I'm wondering about the purpose of changing the schedule template from {} to [].

I'm not sure if the pattern is driven by static typing in the various languages backing helm and kubernetes but it's uncommon, outside file name cases, to have a dynamic key as a name in values rather than an array of elements with name properties. As a new user of the Velero chart I tripped over this and expect other folks used to kubernetes and helm standards to do so as well. That said it was a change to match standard patterns if you folks prefer it as an object that's fine, this one is a bit subjective.

But, thanks for bringing up the helm unit-test, I'm researching the helm unit test solution recently, I'll try it later~

In general though we should discuss "back-compat" here. Part of the assumption in the changed UX is that there are some changes that will require breaking existing values structure. We can avoid that but it will complexify the chart logic as bit as we do. Perhaps allowing the new structures in a minor version and then enforcing them in a major version later, and removing the legacy structures then, is a better strategy if you're concerned about a smooth transition? That seems like a reasonable balanced solution. I'll update the PR.

@carlisia @nrb do you have any other concerns about this PR?

Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
@kav kav force-pushed the chart-ux-improvements branch 2 times, most recently from 0b5f629 to 42fb315 Compare October 24, 2020 18:12
@kav
Copy link
Author

kav commented Oct 24, 2020

Added back compat and tests for configuration and resticEnabled keys. It's possible that multiple identical init containers will be created if a user has existing init container entries and the automatic provider based ones. I don't think that'll cause issues but some testing and eyes by someone other than myself would be appreciated. Next time a breaking changes release rolls we'll likely want to remove all the coalescing everywhere.

@kav kav force-pushed the chart-ux-improvements branch 2 times, most recently from fae8e5c to 66f4b32 Compare October 24, 2020 18:20
Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
@kav
Copy link
Author

kav commented Oct 24, 2020

Also added back compat and tests for schedules

A touch less graceful than I'd like but it does work.

Signed-off-by: W. Kavanaugh Latiolais <[email protected]>
@kav
Copy link
Author

kav commented Oct 28, 2020

Ok, I think this is baked. Apologies for not setting it to draft it when I agreed to add backcompat

@airen29
Copy link

airen29 commented Dec 8, 2020

Thanks @kav for finding this out and for opening #88. We had a problem in configuring secrets using sealedSecret and thanks to your Open PR we've managed to find what is the problem. Would be nice to actually have it updated already.

@kav
Copy link
Author

kav commented Feb 23, 2021

y'all this branch is getting incredibly stale. I'm happy to bring it up to date but last time it was merge ready there were crickets from the repository team. Is there any interest in merging here or should I just go fork myself?

@esselius
Copy link

esselius commented Feb 24, 2021

y'all this branch is getting incredibly stale. I'm happy to bring it up to date but last time it was merge ready there were crickets from the repository team. Is there any interest in merging here or should I just go fork myself?

Not a maintainer, but the changes in this PR seem great, but I'd recommend splitting them up into comprehensive chunks, as reviewing is a nightmare. Breakage might mean some backup system somewhere suddenly not working, which ain't great.

Love the changes otherwise!

@jenting
Copy link
Collaborator

jenting commented Feb 24, 2021

I'd like to have separate PRs to addressing these issues, especially the PRs fulfill backward-compatible.
For the non-backward-compatible change, we need to have a good way to notify the users after an upgrade, the existing configuration no longer valid and need to have some update before helm upgrade.

@kav
Copy link
Author

kav commented Feb 24, 2021

This is fully back compatible and non-breaking for all changes at this point but for sure hear the concern about breaking backups; never a good look.

I can split out changes but they'll still likely need to be merged in sequence or the combinatorics of merge order and back compatible will get a bit nightmarish.

@carlisia carlisia removed the request for review from nrb April 5, 2021 15:48
@carlisia carlisia removed the request for review from cpanato April 23, 2021 01:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
7 participants