Add HighAvailabilityMode field to 'infrastructure' CRD #827
Conversation
ravidbro
force-pushed
the
add_ha_mode
branch
2 times, most recently
from
ecdb126 to
d982d5f
Compare
ravidbro
force-pushed
the
add_ha_mode
branch
from
d982d5f to
ff6d957
Compare
| type: string | ||
| enum: | ||
| - "" | ||
| - Full |
There was a problem hiding this comment.
how about something along ThreeNode ?
There was a problem hiding this comment.
I think in the enhancement we want to have either full or non-ha. How ThreeNodes will help?
There was a problem hiding this comment.
is there half HA ? APIs should be clear when you read them. Full and None have no meaning.
There was a problem hiding this comment.
There was a problem hiding this comment.
Thanks for the link. Let's move the bigshedding there. I should have guessed that this field has been bikeshedded to death already ;-)
|
@ravidbro once the enhancement is merged, lets update this PR. |
Updated according to the merged enhancement |
| the operand for highly-available operation | ||
| type: string | ||
| enum: | ||
| - "" |
There was a problem hiding this comment.
why do we need empty? Can't we default to HighlyAvailable?
There was a problem hiding this comment.
that comment does not explain why we don't just use a default, making the API easier to use and observe.
There was a problem hiding this comment.
@staebler can you elaborate on why do you think we should have the empty value and not a default?
| // The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. | ||
| // The 'SingleReplica' mode will be used in single-node deployments (developer and production) for example, | ||
| // and the operators should not configure the operand for highly-available operation | ||
| ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` |
There was a problem hiding this comment.
this field is only under the 'status' and not under the 'spec'.
does it need to have a default in the definition here?
There was a problem hiding this comment.
It does not have to. But a default value shows up automatically if not set otherwise. What should operators do if this field is not set?
There was a problem hiding this comment.
I see your point, I will add it
There was a problem hiding this comment.
In the enhancement we said that if the field wasn't set operators should assume HighlyAvailable as a default. If setting the default in the CRD definition ensures that a value is provided for clusters upgraded from 4.7 to 4.8 (when the field is added), then maybe we didn't need to worry about that?
There was a problem hiding this comment.
I checked it, and I can't use a default value here since this CRD is apiextensions.k8s.io/v1beta1, and default values aren't supported yet.
There was a problem hiding this comment.
I checked it, and I can't use a default value here since this CRD is apiextensions.k8s.io/v1beta1, and default values aren't supported yet.
Switch it to v1. We have done that with many CRDs in openshift/api already. No reason not to, just time.
There was a problem hiding this comment.
@sttts not sure we have extra time to invest into it at this point. do we understand how much effort is it?
There was a problem hiding this comment.
Updated the default here and tested the upgrade from an old version. The fields were added to the existing 'cluster' CR with the default value.
ravidbro
force-pushed
the
add_ha_mode
branch
3 times, most recently
from
7c43428 to
24a7b5b
Compare
config/v1/types_infrastructure.go
Outdated
| // +kubebuilder:default=HighlyAvailable | ||
| ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` | ||
|
|
||
| // InfrastructureTopology expresses the expectations for operands that normally run on infrastructure nodes. |
There was a problem hiding this comment.
"infrastructure nodes" are an OSD thing, not an OCP thing, and this is an OCP config structure. I realize that the enhancement discussed this addition, and am sorry I missed this in review there. Thoughts about revisiting in the enhancement, or discussing here, or...? I guess this API change will not land before 4.7 splits off master anyway, so we have some time...
There was a problem hiding this comment.
Where else would we put the new field?
This was added at @derekwaynecarr's suggestion for the external control plane work, which makes me think the idea of infrastructure nodes is coming to OCP?
There was a problem hiding this comment.
@derekwaynecarr proposing a control-plane/infra split here, with an eye to future External control plane settings or some such. That seems cross-cutty to me. As long as the only two values are HighlyAvailable and SingleReplica, I can't think of a situation where folks would set one value for ControlPlaneTopology and another for InfrastructureTopology. If we eventually grow External, the distinction would be:
ControlPlaneTopologystops being a way to tell control-plane components how available to be, and becomes a way to tell the remaining components that the control plane components are not local.
I'd rather have addressed that with a cluster-profile knob, since we're using the cluster-profile knob to actually remove the control-plane components. As it stands, which way would, say, the registry operator go? It tolerates the control-plane nodes, but also stays local, even in the IBM/ROKS case where the bulk of the control-plane moves to external hosting. Maybe all the components that fall into that category won't care about this setting anyway (anything managed by the CVO, which includes the registry-operator manifest, will not care about these settings). But it seems like "second-level operators should consume InfrastructureTopology when they are running, and look to ControlPlaneTopology in the future if it grows External"? That makes the names a bit wonky, but seems like the logic folks were going for?
There was a problem hiding this comment.
IIUC the goal for the registry operator is to leverage the cluster profiles to support the IBM/ROKS use case:
openshift/cluster-image-registry-operator#643
We (monitoring team) have a similar WIP PR from @csrwng to move the cluster monitoring operator from the control plane nodes to the worker nodes.
There was a problem hiding this comment.
@wking @simonpasquier I think we can draw a line between what cluster profiles do and what these fields are meant to accomplish. Cluster profiles affect the manifests that get laid down for operators by the CVO. In the cases that @simonpasquier pointed out, there is no opportunity to change the node selectors via operator logic because they will be laid down directly by the CVO, so if we need alternate node selectors we have to have the CVO handle it.
Cluster profiles could also be used to drive logic in the operator such as adding an environment variable or some other change to an operator manifest to indicate that it should work in HA/non-HA mode. But IMHO it would be less than ideal because then each operator gets to decide how this is communicated to them and they may not agree on what each mode means. My understanding is that these fields are a consistent way to communicate to operators the desired availability mode.
For possible combinations see openshift/enhancements#555 (comment)
There was a problem hiding this comment.
@derekwaynecarr suggested the split. I'm not 100% clear on what goes on each side of the line myself. We should probably go back and document that better in the enhancement (and in comments here).
There was a problem hiding this comment.
@wking this is not to be read as literal as role=infra nodes. it should be understood as components that provide supporting infrastructure services for applications on the cluster but are not run on control plane hosts by default. for example, it would include components like the registry, router, and monitoring. today those components can be selected to run on node with role=infra but they default to role=worker. what this field is intending to capture is if those supporting services should run highly available or not. it could be read by additional add-ons as a hint in the future for kubevirt, serverless, mesh, pipelines, or any other supporting infrastructure service to understand what availability posture their supporting solution should provide by default.
a very simple use case is a cluster whose control plane is externalized, but whose infrastructure services do not require HA. for example, an IBM ROKS/Satellite cluster with a single worker. this would require a router to not error when its not running HA, which this flag would signal as the desired state.
so maybe update text as follows:
InfrastructureTopology expresses the expectations for operands that provide supporting infrastructure services for workloads on the cluster, but do not run on control hosts by default. If an operator API provides a node selector for placement of its operands, the operator should respect this API for expressing its availability absent any local override.
There was a problem hiding this comment.
an alternative scenario is regular standalone highly-available topology (3 control plane hosts) with a single worker. in that model, i may desire HA control plane topology, and SingleReplica Infrastructure Topology. it is acceptible in that instance to run a single replica of the registry for example.
There was a problem hiding this comment.
I've proposed an update to the original API enhancement to clarify this. See openshift/enhancements#605
There was a problem hiding this comment.
I updated the comment in the code accordingly.
ravidbro
force-pushed
the
add_ha_mode
branch
4 times, most recently
from
c44d842 to
68bddd8
Compare
|
@wking @csrwng @derekwaynecarr how do you suggest to proceed regrading the "infrastructure nodes" nodes discussion? |
|
@romfreiman for me, it's fine as it is |
|
@wking what about you? |
| description: InfrastructureTopology expresses the expectations for | ||
| infrastructure services that do not run on control plane nodes, | ||
| usually indicated by a node selector for a `role` value other than | ||
| `master`. This includes, but is not necessarily limited to, the |
There was a problem hiding this comment.
I think we can stop with the period after "master" here, and leave the next 2 sentences out of the CRD definition.
| description: InfrastructureTopology expresses the expectations for | ||
| infrastructure services that do not run on control plane nodes, | ||
| usually indicated by a node selector for a `role` value other than | ||
| `master`. |
There was a problem hiding this comment.
Do we need to duplicate the descriptions of the 2 modes from above?
There was a problem hiding this comment.
I think it makes sense also here, and I copied it.
| that normally run on control nodes. The default is 'HighlyAvailable', | ||
| which represents the behavior operators have in a "normal" cluster. | ||
| The 'SingleReplica' mode will be used in single-node deployments | ||
| (developer and production) for example, and the operators should |
There was a problem hiding this comment.
Since this is user-facing, we don't need to differentiate between the types of deployments.
| (developer and production) for example, and the operators should | |
| and the operators should |
dhellmann
left a comment
dhellmann
left a comment
There was a problem hiding this comment.
The current draft looks good to me.
/approve
| the Kubernetes API. | ||
| type: string | ||
| controlPlaneTopology: | ||
| description: ControlPlaneTopology expresses the expectations for operands |
| of max length 27 and must have only alphanumeric or hyphen characters. | ||
| type: string | ||
| infrastructureTopology: | ||
| description: InfrastructureTopology expresses the expectations for |
|
LGTM. nit: lower-case the field name in descriptions /approve |
openshift-ci-robot
added
the
approved
|
/hold until master opens. |
openshift-ci-robot
added
the
do-not-merge/hold
Implements enhancement openshift/enhancements#555 Signed-off-by: Ravid Brown <[email protected]>
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dhellmann, ravidbro, romfreiman, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
1 similar comment
|
/retest |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/retest |
|
/bugzilla refresh |
|
@ravidbro: No Bugzilla bug is referenced in the title of this pull request. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
12 participants
Implements enhancement openshift/enhancements#555
Signed-off-by: Ravid Brown [email protected]