-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ocs-to-ocs api server design #1413
base: main
Are you sure you want to change the base?
Conversation
bdc271a
to
32bb718
Compare
docs/design/ocs-to-ocs-api-server.md
Outdated
- Current use case does not involve frequent requests between client and server. So performance aspect of the gRPC can be ignored. | ||
|
||
- #### Security: | ||
- Both provide security with SSL/TLS support. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Both provide security with SSL/TLS support. | |
- Both provide security with TLS support. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
docs/design/ocs-to-ocs-api-server.md
Outdated
### gRPC vs REST | ||
|
||
- #### Performance: | ||
- gRPC is more performant than REST due to smaller payloads (and other reasons). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Name the other reasons or remove the statement?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would change it to: gRPC is more performant than REST due to the binary payload
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add that the binary format (protobuf) allows for compile time validation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated the verbiage and added some more reasons.
docs/design/ocs-to-ocs-api-server.md
Outdated
- Both provide security with SSL/TLS support. | ||
- gRPC endpoint can't be invoked via browser/postman. | ||
|
||
We will use gRPC as we are on k8s and gRPC has more advantages compared to REST |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At this stage, the advantages are not clear... Also, I'm not sure why being on k8s justifies using gRPC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security is a big concern especially when discussing services.
There is no benefit to use REST
docs/design/ocs-to-ocs-api-server.md
Outdated
- Read the `status.state` of the StorageConsumer CR: | ||
- if `status` is `onboarding`, then update the `spec.Capacity` in the CR. Return `UNAVAILABLE`. | ||
- if `status` is `Provisioning`, return `UNAVAILABLE`. | ||
- if `status` is `Ready`, fetch the `rbdPoolName` and the`cephUser` details from the CR status. Generate and return json connection details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace rbdPoolName
with blockPoolName
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
32bb718
to
1bc3026
Compare
1bc3026
to
adf9058
Compare
docs/design/ocs-to-ocs-api-server.md
Outdated
This document defines the API server used for communication between OCS provider and OCS consumer clusters. | ||
|
||
|
||
## Tool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already decided on gRPC.
You can mention that REST can be supported easily.
I don't see the need to mention OpenAPI3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed OpenAPI3
fa1e77f
to
076d5f8
Compare
docs/design/ocs-to-ocs-api-server.md
Outdated
message OnBoardConsumerRequest{ | ||
// token provided by the provider cluster admin to authenticate the consumer | ||
string token =1; | ||
// capacity is a valid k8s resource quantity |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a protobuf defined for capacity in k8s already?
Please document that this is the desired capacity and that the provider may grant less
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, there is protobuf for Resource Capacity in K8s already. Using that now. Also updated the doc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But it seems that K8s protobuf is using an older version. And we won't be able to use it in our project. Getting following error
protoc-gen-go: invalid Go import path "resource" for "k8s.io/apimachinery/pkg/api/resource/generated.proto"
The import path must contain at least one forward slash ('/') character.
See https://developers.google.com/protocol-buffers/docs/reference/go-generated#package for more information.
--go_out: protoc-gen-go: Plugin failed with status code 1.
Existing issue on github
docs/design/ocs-to-ocs-api-server.md
Outdated
// StorageConfigResponse holds the response for the GetStorageConfig API request | ||
message StorageConfigResponse{ | ||
// data contains the json blob to be used by the consumer cluster to connect with the provider cluster | ||
google.protobuf.Struct data = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about calling it blob?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The type should be bytes[] (byte array)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
replaced google.protobuf.Struct
with bytes. I don't think blob
might be good idea. It would be equally confusing as data
, if not less.
076d5f8
to
ff7d173
Compare
ff7d173
to
a5457a1
Compare
docs/design/ocs-to-ocs-api-server.md
Outdated
// UpdateCapacityResponse holds the response for UpdateCapacity API request | ||
message UpdateCapacityResponse{ | ||
|
||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly here, provide the granted capacity, just in case.
docs/design/ocs-to-ocs-api-server.md
Outdated
| Invalid ID | 3 INVALID_ARGUMENT | Request failed to invalid Consumer ID | Contact the Provider Cluster Admin to verify the StorageConsumer ID | ||
| Invalid Capacity | 3 INVALID_ARGUMENT | Request failed due to invalid capacity | Contact the Provider Cluster Admin to get the valid capacity value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do you distinguish between these two? Might it be more accurate to say:
Invalid | 3 INAVLID_ARGUMENT | Request failed due to invalid Consumer ID or Capacity | ....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
docs/design/ocs-to-ocs-api-server.md
Outdated
|
||
## PROJECT STRUCTURE | ||
- The API server would be part of the OCS Operator. | ||
- It would be deployed as separate deployment on the OCS cluster only after user has enabled it in the StorageCluster CR via `spec.allowRemoteStorageConsumers` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- It would be deployed as separate deployment on the OCS cluster only after user has enabled it in the StorageCluster CR via `spec.allowRemoteStorageConsumers` | |
- It would be deployed as separate Deployment only after user has enabled it in the StorageCluster CR via `spec.allowRemoteStorageConsumers` |
docs/design/ocs-to-ocs-api-server.md
Outdated
This document defines the API server used for communication between OCS provider and OCS consumer clusters. | ||
|
||
|
||
## Tool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Move all this to the bottom as an ## Alternatives
section.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved this section at the end.
a5457a1
to
eb2cfdc
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sp98 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
eb2cfdc
to
b9be71e
Compare
This PR adds the design for API server that would help Consumer clusters to communicate with OCS Provider cluster. Signed-off-by: Santosh Pillai <[email protected]>
b9be71e
to
a69c7a9
Compare
/retest |
@sp98 is this pr relevant now? |
@sp98: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This PR adds the design for API server that would help
Consumer clusters to communicate with OCS Provider cluster.
Signed-off-by: Santosh Pillai [email protected]