Extend Step to surface whether a manifest is optional #2552
Conversation
openshift-ci
bot
added
the
needs-ok-to-test
|
Hi @fgiloux. Thanks for your PR. I'm waiting for a operator-framework member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
You can try and cut a release in your API fork and point the go.mod to your fork using the replace directive, and we can make a TODO comment that we remove that replace pin before merging this PR. |
fgiloux
force-pushed
the
master
branch
2 times, most recently
from
48d5a35
to
8820bd9
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: fgiloux The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
fgiloux
force-pushed
the
master
branch
2 times, most recently
from
78e7735
to
e9c0772
Compare
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
removed
the
needs-rebase
|
/test unit |
|
@fgiloux: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I have separated the commits and done a rebase |
|
Hi @timflannagan any further comment on this pull request? |
|
@fgiloux I'll try and get back to this sometime this week but I'm fairly tied up today. It looks like this PR is failing some of the linting and generation checks? You may need to fix the static validation errors locally and push up the results to make the checks happy. |
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
removed
the
needs-rebase
|
@timflannagan after the API rebase we now have: the API depending on k8s.io/api v0.23.0 whereas OLM was on k8s.io/api v0.22.2 and breaks when the dependency is bumped. This was introduced by: operator-framework/api@12a70c0 |
go.mod
Outdated
| ) | ||
|
|
||
| replace ( | ||
| // controller runtime | ||
| github.com/openshift/api => github.com/openshift/api v0.0.0-20211014063134-be2a7fb8aa44 | ||
| github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0 // release-4.5 | ||
|
|
||
| // Temporary for optional manifests before the changes get merged in the API and operator-registry repo | ||
| github.com/operator-framework/api v0.11.1 => github.com/fgiloux/api v0.10.8-0.20220118162926-a11336b43231 |
There was a problem hiding this comment.
We can likely update this now to pick up the new commit through a psuedoversion tag, or reach out to the team-operator-fw slack channel for cutting a new o-f/api minor version release.
|
@fgiloux It looks like the CI failures are complaining about various breaking changes that happen in the v0.23.x kube dependencies. We can either tackle bumping OLM's kube dependencies, and making the requisite changes to the codebase in another PR, or update the root go.mod and utilize the |
Yes it is what I was saying earlier.
I think that bumping OLM dependencies is required by any way, not just for this PR but for anything that needs to import a newer version of the API and for compatibility with newer Kubernetes versions. I will open an issue and start looking at it. |
openshift-ci
bot
added
the
needs-rebase
fgiloux
force-pushed
the
master
branch
2 times, most recently
from
6a991a4
to
3162316
Compare
|
/ok-to-test |
openshift-ci
bot
added
ok-to-test
|
Hi @timflannagan based on o-f api v0.13.0 all e2e tests passed except 1. I ran it locally and it was successful. |
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
removed
the
needs-rebase
fgiloux
force-pushed
the
master
branch
3 times, most recently
from
b444a91
to
25a9c6d
Compare
|
@timflannagan @joelanford could you please take a look? This latest version applies changes requested by Joe:
Note that for a cluster scoped resource or a resource where the namespace is not specified the part of the key should be left empty, hence //. The key is case sensitive. |
| @@ -230,3 +284,39 @@ func NewServiceAccountStepResources(csv *v1alpha1.ClusterServiceVersion, catalog | |||
| } | |||
| return rbacSteps, nil | |||
| } | |||
|
|
|||
| type optionalManifests struct { | |||
| Files []string `json:"manifests"` | |||
There was a problem hiding this comment.
Is it supposed to be json:"files" according to the EP?
There was a problem hiding this comment.
As per previous review and comment below: this is implemented the change that was requested
|
|
||
| // isOptional returns a func giving whether a resource is in the list of optional manifests | ||
| // or false if any issue occurs. | ||
| func isOptional(properties []*api.Property) func(key string) bool { |
There was a problem hiding this comment.
This func is doing operation that is not matching to what is described in the EP. In the EP, it is file-name-based identifier but for this implementation, this is a domain-based identifier. If this implementation is the intended choice, then the EP should be updated so that reviewers can look back to EP for references. Otherwise, this is very confusing.
There was a problem hiding this comment.
Looking back at a previous comment, it seems the domain-based identifier is a change that you intended to do. I think an update PR for the EP is in order.
There was a problem hiding this comment.
Hi @dinhxuanvu yes this is a change. It was requested by @joelanford during review. I will create an update PR for the EP but wanted to avoid too many round trips. We have already had a fair amount here.
| } | ||
| steps = append(steps, operatorServiceAccountSteps...) | ||
| return steps, nil | ||
| saNamespaces := []string{} |
There was a problem hiding this comment.
I'm a bit unclear for why we need the namespace here. The catalogsource namespace is used because that where the bundle is unpacked but using it for identifier is really a safe choice? What happens if multiple operators have the same resources and all in the same catalogsource?
There was a problem hiding this comment.
This is a bit of an edge case and I am open to suggestions. The original intent of the enhancement is to allow operator installation when APIs of "optional resources" are not available.
ServiceAccounts are core resources and as such their API will always be available.
Wanting to make things consistent I kept what was populated as namespace in the steps for them. Another option would be to keep the namespace empty. Do you think something else would make more sense?
| if step.Optional { | ||
| switch k8serrors.ReasonForError(err) { | ||
| case | ||
| metav1.StatusReasonUnauthorized, |
There was a problem hiding this comment.
Do we handle the case of StatusReasonAlreadyExists somewhere? Or do we need to?
There was a problem hiding this comment.
True, this deviates from the EP. There should not be an existing resource (I don't see a reason for it) with same namespace/name when the operator gets installed. Failing the InstallPlan would give the opportunity to hte cluster admin to remove it and retry the installation. This would guarantee that the available resource is the intended one. In that case I would update the EP and align it with the implementation. Let me know if you think that it should be done differently.
There was a problem hiding this comment.
I have updated the EP. Having had a closer look, StatusReasonAlreadyExists should not pop up as the logic in the called function is to try an update after create if the resource already exists.
|
pushed a rebase and a fix for field and var names in unit tests that were not reflecting the new approach |
|
Created a PR to update the enhancement proposal with the new approach |
fgiloux
force-pushed
the
master
branch
2 times, most recently
from
9fc127e
to
d50bafa
Compare
Signed-off-by: Frederic Giloux <fgiloux@redhat.com>
|
@fgiloux: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
needs-rebase
|
closing as we we'll likely want to put this effort into v1 instead |
Signed-off-by: Frederic Giloux fgiloux@redhat.com
Description of the change:
This pull request adds some logic for avoiding failure of the InstallPlan when a manifest provided by a bundle cannot be installed and has been flagged as optional through a bundle property. Here is the enhancement proposal
This PR relies on two other PRs for the api and the operator-registry repositories.
operator-framework/api#209
operator-framework/operator-registry#893
I was not too sure how to proceed in such a case and have created the PRs at roughly the same time. It also means that for the code in this PR to work it needs to have the code of the other PRs available. For my tests I used "replace" pointing to a local repository in go.mod
Motivation for the change:
VerticalPodAutoscaler, ServiceMonitors for instances are custom resources and may not be available on all clusters. Operator authors may want to take benefit of these mechanisms for clusters having them but not having the installation fail on clusters without them as they may be seen as nice to have. This is what allows this PR.
See the enhancement proposal for details.
Reviewer Checklist
/doc