Support to add ResoureManagerTags to GCP Compute Disk, Image, Snapshot#1377
Conversation
k8s-ci-robot
added
release-note
|
|
|
Welcome @arkadeepsen! |
k8s-ci-robot
added
needs-ok-to-test
|
Hi @arkadeepsen. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
size/XXL
arkadeepsen
changed the title
arkadeepsen
force-pushed
the
resource-manager-tags
branch
from
c272900 to
5fe0523
Compare
arkadeepsen
force-pushed
the
resource-manager-tags
branch
2 times, most recently
from
1f7ccfb to
6400a6d
Compare
k8s-ci-robot
added
the
needs-rebase
arkadeepsen
force-pushed
the
resource-manager-tags
branch
3 times, most recently
from
4726b09 to
3b7aeaf
Compare
k8s-ci-robot
added
needs-rebase
arkadeepsen
force-pushed
the
resource-manager-tags
branch
from
3b7aeaf to
d4a2788
Compare
k8s-ci-robot
removed
the
needs-rebase
arkadeepsen
force-pushed
the
resource-manager-tags
branch
from
d4a2788 to
7847650
Compare
k8s-ci-robot
added
the
needs-rebase
arkadeepsen
force-pushed
the
resource-manager-tags
branch
from
7847650 to
9a385e4
Compare
k8s-ci-robot
removed
the
needs-rebase
k8s-ci-robot
added
the
needs-rebase
arkadeepsen
force-pushed
the
resource-manager-tags
branch
from
9a385e4 to
e93b90c
Compare
k8s-ci-robot
removed
the
needs-ok-to-test
|
/test pull-gcp-compute-persistent-disk-csi-driver-kubernetes-integration |
k8s-ci-robot
added
the
needs-rebase
arkadeepsen
force-pushed
the
resource-manager-tags
branch
from
3106059 to
3d7bd8f
Compare
k8s-ci-robot
added
needs-rebase
arkadeepsen
force-pushed
the
resource-manager-tags
branch
from
3d7bd8f to
78ccaa8
Compare
k8s-ci-robot
removed
the
needs-rebase
k8s-ci-robot
added
the
needs-rebase
| computeEndpoint *url.URL | ||
| allowedComputeEnvironment = []gce.Environment{gce.EnvironmentStaging, gce.EnvironmentProduction} | ||
|
|
||
| extraTagsStr = flag.String("extra-tags", "", "Extra tags to attach to each Compute Disk, Image, Snapshot created. It is a comma separated list of parent id, key and value like '<parent_id1>/<tag_key1>/<tag_value1>,...,<parent_idN>/<tag_keyN>/<tag_valueN>'. parent_id is the Organization or the Project ID where the tag key and the tag value resources exist. A maximum of 50 tags bindings is allowed for a resource. See https://cloud.google.com/resource-manager/docs/tags/tags-overview, https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing for details") |
There was a problem hiding this comment.
From the documentation, it seems like <parent_id> can also support project number (alongisde organization and project ID). Are these tags in namespacedName format?
There was a problem hiding this comment.
Right, tags are expected to be in NamespacedName format.
There was a problem hiding this comment.
I have added project name as well in the description.
| const maxNumberOfTags = 50 | ||
| if len(tagsMap) > maxNumberOfTags { | ||
| return nil, fmt.Errorf("more than %d tags is not allowed, given: %d", maxNumberOfTags, len(tagsMap)) | ||
| } |
There was a problem hiding this comment.
Please add a comment linking to the documentation about the limit of 50
|
/retest-required |
| case ParameterKeyResourceTags: | ||
| paramResourceTags, err := ConvertTagsStringToMap(v) | ||
| if err != nil { | ||
| return p, fmt.Errorf("parameters contain invalid tags parameter: %w", err) |
There was a problem hiding this comment.
Can you specify the exact name of the parameter key in this error? This will make it easier for the user to address the error (by knowing exactly which parameter key to modify).
There was a problem hiding this comment.
@pwschuurman I have added the full string containing the parent ID, tag key and value in the error message returned by ConvertTagsStringToMap().
There was a problem hiding this comment.
I'm looking for the actual key that the user would be familiar with (eg: ParameterKeyResourceTags) to be present in the output error message. This will allow the user to know what parameter to correct in their gRPC call. The end user will likely be a Kubernetes user, and this parameter should map to a parameter key they are familiar with, so they can update the corresponding parameter on their StorageClass. Without that context, they'll just be left with the value, and it won't be as clear about what parameter to change to fix the error they're seeing.
There was a problem hiding this comment.
Got it. Added the name of the parameter key in the error message.
| const maxNumberOfTags = 50 | ||
| if len(tagsMap) > maxNumberOfTags { | ||
| return nil, fmt.Errorf("more than %d tags is not allowed, given: %d", maxNumberOfTags, len(tagsMap)) | ||
| } |
| computeEndpoint *url.URL | ||
| allowedComputeEnvironment = []gce.Environment{gce.EnvironmentStaging, gce.EnvironmentProduction} | ||
|
|
||
| extraTagsStr = flag.String("extra-tags", "", "Extra tags to attach to each Compute Disk, Image, Snapshot created. It is a comma separated list of parent id, key and value like '<parent_id1>/<tag_key1>/<tag_value1>,...,<parent_idN>/<tag_keyN>/<tag_valueN>'. parent_id is the Organization or the Project ID where the tag key and the tag value resources exist. A maximum of 50 tags bindings is allowed for a resource. See https://cloud.google.com/resource-manager/docs/tags/tags-overview, https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing for details") |
| // GCP has a rate limit of 600 requests per minute, restricting | ||
| // here to 8 requests per second. | ||
| limiter := common.NewLimiter(gcpTagsRequestRateLimit, gcpTagsRequestTokenBucketSize, true) |
There was a problem hiding this comment.
I think one optimization would be to use a shared rate limiter, scoped to a CloudProvider client. This would allow each PDCSI controller instance to rate limit calls across CreateSnapshot/CreateVolume.
The 90 second initial delay seems a bit long. I think in the worst case you'd only need to wait for a maximum of 60 seconds until the per-minute quota is refilled (per the documentation: https://cloud.google.com/compute/api-quota#api-rate-limits).
Also, I don't think having an exponential backoff is that useful here (especially at a rate of 2.0), since the per-minute quota is a fixed window rate limit. You'll either be competing with another client, and exhaust quota before the next minute, or quota will refill and the bucket will be replenished. The only thing you may want to adjust is a negotiation scheme for the per-second bucket rate, but without direct knowledge of the request rate of any other client, this seems complicated to determine.
|
/retest-required |
1 similar comment
|
/retest-required |
| case ParameterKeyResourceTags: | ||
| paramResourceTags, err := ConvertTagsStringToMap(v) | ||
| if err != nil { | ||
| return p, fmt.Errorf("parameters contain invalid tags parameter: %w", err) |
There was a problem hiding this comment.
I'm looking for the actual key that the user would be familiar with (eg: ParameterKeyResourceTags) to be present in the output error message. This will allow the user to know what parameter to correct in their gRPC call. The end user will likely be a Kubernetes user, and this parameter should map to a parameter key they are familiar with, so they can update the corresponding parameter on their StorageClass. Without that context, they'll just be left with the value, and it won't be as clear about what parameter to change to fix the error they're seeing.
|
/retest-required |
1 similar comment
|
/retest-required |
…mage, Snapshot resources
|
/retest-required |
1 similar comment
|
/retest-required |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: arkadeepsen, pwschuurman The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/cherry-pick release-1.6 |
|
@bharath-b-rh: only kubernetes-sigs org members may request cherry picks. If you are already part of the org, make sure to change your membership to public. Otherwise you can still do the cherry-pick manually. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@pwschuurman Could you please help me with cherry picking this change to |
|
/cherry-pick release-1.14 |
|
@mattcary: Failed to get PR patch from GitHub. This PR will need to be manually cherrypicked. Error messagestatus code 406 not one of [200], body: {"message":"Sorry, the diff exceeded the maximum number of lines (20000)","errors":[{"resource":"PullRequest","field":"diff","code":"too_large"}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#get-a-pull-request","status":"406"}DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
7 participants
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR allows users to bind a list of tags to resources created by the driver, namely GCP Compute Disk, Image, Snapshot. The original issue #1319 provides more details on the usefulness of GCP tags.
Which issue(s) this PR fixes:
Fixes #1319
Special notes for your reviewer:
This PR adds the functionality to bind GCP resource manager tags to compute pd resources created by the driver. The tag keys and values will be created by the user and only the tag bindings to the pd resources will be created by the driver. The driver now accepts a new argument,
--extra-tags, and a list of tags can be provided to the driver using this argument. The tag list is then validated to check if they are in the expected format or not. The list is also validated to check that a tag parent_id and key combination is not used more that once. The tags are attached to the Compute Disk, Image, Snapshot when the corresponding resources are created.Does this PR introduce a user-facing change?:
Yes