Support for per-cluster and operator global sidecars #331
Conversation
# Conflicts: # docs/user.md
Right now only the name and the docker image can be defined, but with the help of the pod_environment_configmap parameter arbitrary environment variables can be passed to the sidecars.
pkg/util/config/config.go
Outdated
| WatchedNamespace string `name:"watched_namespace"` // special values: "*" means 'watch all namespaces', the empty string "" means 'watch a namespace where operator is deployed to' | ||
| EtcdHost string `name:"etcd_host" default:""` // special values: the empty string "" means Patroni will use k8s as a DCS | ||
| DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-cdp-10:1.4-p8"` | ||
| Sidecars map[string]string `name:"sidecars"` |
There was a problem hiding this comment.
If I see this right, this is a map of sidecar container name to docker images? Maybe we should make it more clear from the variable name? That is not sidecar name to yaml?
There was a problem hiding this comment.
While this is documented I wouldn't mind a better name. Perhaps sidecar_docker_images?
|
How would this solution help us with our Scalyr Sidecar? I dont see how to inject the key on global level? |
|
Well, outside of making the code less horrible by converting the scalyr hard-code to the same sidecar structure used to inject other sidecars so far it doesn't. However, I don't think it should be our goal to cram those things into the operator; what I propose instead is to rely on the Kubernetes feature called |
Make it more explicit that this parameter only controls the docker images, not the YAML manifest definiting other aspect of sidecar configuration (such as environment variables.)
|
👍 |
| * **sidecar_docker_images** | ||
| a map of sidecar names to docker images for the containers to run alongside | ||
| Spilo. In case of the name conflict with the definition in the cluster | ||
| manifest the cluster-specific one is preferred. |
pkg/cluster/k8sres.go
Outdated
| return envVars | ||
| } | ||
|
|
||
| // deduplicateEnvVars makes sure there are no duplicate in the target envVar array. While Kubernetes already does, it |
There was a problem hiding this comment.
While Kubernetes already does,
already does deduplication i assume?
There was a problem hiding this comment.
yes, looks like I've lost a word or two :-(
| names[va.Name] += 1 | ||
| result = append(result, input[i]) | ||
| } else if names[va.Name] == 1 { | ||
| names[va.Name] += 1 |
There was a problem hiding this comment.
why do we need to count the number of definitions if we seem even not to log this number ?
There was a problem hiding this comment.
To avoid producing this log message on each occurrences of the duplicate parameter (as opposed to only once when the duplicate is detected.)
| result = append(result, input[i]) | ||
| } else if names[va.Name] == 1 { | ||
| names[va.Name] += 1 | ||
| logger.Warningf("variable %q is defined in %q more than once, the subsequent definitions are ignored", |
There was a problem hiding this comment.
is it worth logging here the first definition here to showcase what is actually applied ?
There was a problem hiding this comment.
I would say the purpose of this warning is to prevent such cases, not to assist in constructing them to get what you want. I don't want to overload it with an extra debugging info.
| // resolve conflicts between operator-global and per-cluster sidecards | ||
| sideCars := c.mergeSidecars(spec.Sidecars) | ||
|
|
||
| resourceRequirementsScalyrSidecar := makeResources( |
There was a problem hiding this comment.
generating the scalyr sidecar probably deserves a separate function; this method is already way too long
There was a problem hiding this comment.
On the other hand, the function to generate Scalyr sidecars has only 5 parameters instead of 9. I preferred smaller functions that build parts of the manifest and them combine them all in a reasonably long generateStatefulSet, rather than a small generateStatefulSet that calls rather complex functions; the first approach makes the code easier to test and to understand.
pkg/cluster/k8sres.go
Outdated
|
|
||
| // generate scalyr sidecar containers | ||
| if scalarSidecar, present := | ||
| generateScalarSidecarSpec(c.Name, |
pkg/cluster/k8sres.go
Outdated
| } | ||
|
|
||
| func generateScalarSidecarSpec(clusterName, APIKey, serverURL, dockerImage string, containerResources *spec.Resources) (sidecar *spec.Sidecar, present bool) { | ||
| if APIKey == "" || serverURL == "" || dockerImage == "" { |
There was a problem hiding this comment.
does this mean that if this particular sidecar is misconfigured, we silently ignore this fact w/o logging it?
There was a problem hiding this comment.
Yes. Probably the better solution would be to complain if one of those parameters is set but not all.
| WatchedNamespace string `name:"watched_namespace"` // special values: "*" means 'watch all namespaces', the empty string "" means 'watch a namespace where operator is deployed to' | ||
| EtcdHost string `name:"etcd_host" default:""` // special values: the empty string "" means Patroni will use k8s as a DCS | ||
| DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-cdp-10:1.4-p8"` | ||
| Sidecars map[string]string `name:"sidecar_docker_images"` |
There was a problem hiding this comment.
what about adding a short example to the operator manifest ?
There was a problem hiding this comment.
not sure it actually needs sidecars.
Per review by @zerg-junior
|
👍 |
Per review by @zerg-junior
|
👍 |
1 similar comment
|
👍 |
|
awesome! thanks for carrying this through! |
Based on the work of @theRealWardo to to implement per-cluster sidecards
Add support for operator-global sidecards (currently crude, as we only allow the list of docker images, and the optional variables (besides mandatory
POD_NAME,POD_NAMESPACE,POSTGRES_USERandPOSTGRES_PASSWORD) can only be propagated via eitherpod_environment_configmapor Pod Presets. Should be improved once Allow configuring the operator via the YAML manifest. #326 is merged).Do refactoring around the code that generates the statefulset, particularly, decouple most of the helper routines from the cluster object in order to simplify their testing in the future, as well as to convert the scalar configuration internally to a sidecar structure to use the common code path.