[OCPNODE-852] workerlatency profiles - updating the kubelet configuration based on the nodes.config.openshift.io resource

[sairameshv]

- What I did
Added support to update the kubelet configuration based on the node.config.openshift.io spec changes

-How to verify it
Create/Update the nodes.config.openshift.io CR with the relevant/valid workerlatency profile and expect the corresponding changes in the Kubelet Configuration that are rolled out on all the worker nodes by MCO leveraging the KubeletConfig CR.

- Description for the changelog
Based on the enhancement, users can create/modify the node.config.openshift.io resource which results in the corresponding kubelet configuration changes on all the worker nodes.

[sairameshv]

/hold
Based on the discussions happened regarding #2959, these changes are made as part of an alternative approach.
cc: @harche @rphillips @yuqi-zhang @swghosh

[sairameshv]

/retest-required

[rphillips]

test/e2e-shared-tests/helpers.go:167:19: ambiguous selector cs.Nodes (typecheck)
		node, err := cs.Nodes().Get(context.TODO(), target.Name, metav1.GetOptions{})
		                ^

[sairameshv]

Did a pass and left some comments. The general direction is looking much better.

Also as a general note, would it be possible to structure your commits into 2: 1 - the API/client-go bump 2 - your code for the node object management

As a side note, this may also be a good candidate for the bootstrap-unit test, which was designed to test bootstrapping kubelet/features. But that doesn't have to be part of this PR

Addressed, re-arranged the commits.

[harche]

/test e2e-aws

[yuqi-zhang]

So I did some testing with this PR:

1. create a nodes.config.openshift.io object with latency profile medium - result: created 97-generated-kubelet with "nodeStatusUpdateFrequency": "20s", ✔️
2. create a kubeletconfig, generating 99-generated-kubelet with both the config and "nodeStatusUpdateFrequency": "20s", ✔️
3. create another kubeletconfig, generating 99-generated-kubelet-1 with the new config and "nodeStatusUpdateFrequency": "20s", ✔️
4. attempt to delete nodes.config.openshift.io/cluster - can't, which I think is expected ✔️
5. attempt to change nodes.config.openshift.io/cluster back to latency profile default - the 97-generated-kubelet does work and changes to "nodeStatusUpdateFrequency": "10s", BUT the 99-kubelet-generated/99-kubelet-generated-1 still has "nodeStatusUpdateFrequency": "20s", . Meaning that it will overwrite (and thus will not work). i.e. if you have any kubeletconfigs on the node, you can't modify the profile anymore, which I think is incorrect ❌
6. attempt to create a new nodes.config.openshift.io/test object. Creation is successful, but nothing happens. I assume only nodes.config.openshift.io/cluster is used? ❔

Re point 5: I think we have to somehow trigger the kubeletconfig object sync again with the latest kubeletconfig object such that it regenerates the config... which is problematic. Actually now I think about it, featuregates may also have this problem...? But that doesn't come up as often since you create them and don't generally change them, whereas the latency profile is multiple-step from default->medium->low.

[yuqi-zhang]

One option for the above could be to have the node.config.openshift.io sync loop also check and update each kubeletconfig-machineconfig (i.e. 99-generated-worker-kubelet, 99-generated-worker-kubelet-1, etc.) and update all of them.

[sairameshv]

So I did some testing with this PR:

1. create a nodes.config.openshift.io object with latency profile medium - result: created 97-generated-kubelet with "nodeStatusUpdateFrequency": "20s", heavy_check_mark
2. create a kubeletconfig, generating 99-generated-kubelet with both the config and "nodeStatusUpdateFrequency": "20s", heavy_check_mark
3. create another kubeletconfig, generating 99-generated-kubelet-1 with the new config and "nodeStatusUpdateFrequency": "20s", heavy_check_mark
4. attempt to delete nodes.config.openshift.io/cluster - can't, which I think is expected heavy_check_mark
5. attempt to change nodes.config.openshift.io/cluster back to latency profile default - the 97-generated-kubelet does work and changes to "nodeStatusUpdateFrequency": "10s", BUT the 99-kubelet-generated/99-kubelet-generated-1 still has "nodeStatusUpdateFrequency": "20s", . Meaning that it will overwrite (and thus will not work). i.e. if you have any kubeletconfigs on the node, you can't modify the profile anymore, which I think is incorrect x
6. attempt to create a new nodes.config.openshift.io/test object. Creation is successful, but nothing happens. I assume only nodes.config.openshift.io/cluster is used? grey_question

Re point 5: I think we have to somehow trigger the kubeletconfig object sync again with the latest kubeletconfig object such that it regenerates the config... which is problematic. Actually now I think about it, featuregates may also have this problem...? But that doesn't come up as often since you create them and don't generally change them, whereas the latency profile is multiple-step from default->medium->low.

Hello @yuqi-zhang , Thanks for bringing out this scenario.
Point 5:
The issue has been resolved by listing all the existing kubeletconfigs and calling the syncKubeletConfig inside the syncNodeConfig function.
Yeah, this is the issue with the existing featuregate sync as well. (I can add the fix as part of a new PR if required).

Point 6:
Reinforced the code to reject the addition/update of a new nodes.config.openshift.io object with the name other than "cluster". Tested and verified this functionality.

[sairameshv]

/retest-required

[sairameshv]

/retest-required

[yuqi-zhang]

Holding until #2868 merges. For consistency purposes, left a few nits below, as well as some other comments

[yuqi-zhang]

Ok yeah this should work. Fortunately we keep that 1to1 mapping so we won't accidentally generate new MCs

[sairameshv]

Yes

[yuqi-zhang]

Not a problem right now, but if we ever move to multiple pools, I think this should instead do this outside of the for loop and gate on whether any pools changed. Just a minor note

[sairameshv]

Sure, Addressed

[yuqi-zhang]

I assume statements like this were used for debug? If not, could you either remove or format this? (The error gets returned anyways)

[sairameshv]

Addressed

[yuqi-zhang]

For error statements, could you use %w instead of %v to be consistent with #2868

[sairameshv]

Done

[yuqi-zhang]

Will not list these separately, but again, if you want to log the error, please do so via error logs at regular verbosity, %w the error, or V(4) as debug statements

[sairameshv]

Addressed

[yuqi-zhang]

So, just to make sure, all other node.config.openshift.io objects that are not cluster should be ignored? Will this be in the documentation?

[yuqi-zhang]

Oh I see in the create/update syncs you just degrade if the node object is not named cluster

[sairameshv]

Yeah

[yuqi-zhang]

Hmm ok so this is the main check for whether the update is allowable or not.

So, I thought through the possibilities, and I think this will work so long as we only have 3 latency profiles.

i.e. this check is only for updates. So if I had 4 profiles that can only go from a->b->c->d and I want to skip b/c for example, I think can just do:
a->c (degrade, nothing happens)
c->d -> this actually works, because even though the actual config is on a, we are looking only at our object (on c) and desired (on d). So we essentially would have done a->d right? And this would let it through

In a more perfect scenario I think the controller creating the MC (sync function) should do the final check between current and desired. This should just enqueue and have the sync handle this.

I'm not against merging as is, but just for future, if we have more things to handle, the sync loop should be the place, and not individual informer checks.

[sairameshv]

The idea here is to automate the process of this transition in future(as mentioned in the (TODO) comment) without rejecting the user request. That automatic transition needs a thorough design, testing and hence implemented a check here this way for now.

[harche]

/retest

[openshift-ci]

@sairameshv: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/4.12-upgrade-from-stable-4.11-images	90faaa9	link	true	/test 4.12-upgrade-from-stable-4.11-images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[harche]

/test e2e-gcp-op

[rphillips]

Thank you for all the reviews and hard work on this.

/lgtm

[yuqi-zhang]

There are a few more locations where there seems to be extra non-needed debug statements, as well as %v instead of %w in the error formatting, but let's fix those up as a follow up PR, no need to block the actual functionality on that.

Thanks for all the fixups. I think we are good to go.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rphillips, sairameshv, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [yuqi-zhang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment