Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support VMI eviction also for external infra clusters #242

Merged
merged 1 commit into from
Jun 26, 2023
Merged

Support VMI eviction also for external infra clusters #242

merged 1 commit into from
Jun 26, 2023

Conversation

nunnatsa
Copy link
Contributor

@nunnatsa nunnatsa commented Jun 7, 2023

What this PR does / why we need it:
CAPK now can drain a node when its VMI is evicted, even if the VMI is running at an external cluster.

CAPK now can drain a node when its VMI is evicted, even if the VMI is running at an external cluster.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jun 7, 2023
@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 7, 2023
@nunnatsa
Copy link
Contributor Author

nunnatsa commented Jun 7, 2023

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Jun 7, 2023
@coveralls
Copy link

Pull Request Test Coverage Report for Build 5199391506

  • 62 of 127 (48.82%) changed or added relevant lines in 2 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-1.8%) to 50.836%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/kubevirt/machine.go 55 120 45.83%
Totals Coverage Status
Change from base Build 4993600089: -1.8%
Covered Lines: 912
Relevant Lines: 1794
💛 - Coveralls

@nunnatsa nunnatsa force-pushed the node-drain-external branch 11 times, most recently from 5a8c14e to 84c9e65 Compare June 11, 2023 12:59
davidvossel
davidvossel reviewed Jun 12, 2023
View reviewed changes
Copy link
Contributor

@davidvossel davidvossel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great, i left two minor comments

templates/cluster-template-kccm.yaml Outdated
Comment on lines 178 to 186
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
capk.cluster.x-k8s.io/template-kind: extra-resource
cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME}
name: manager
namespace: ${NAMESPACE}
---
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need this new serviceAccount?

e2e/create-cluster_test.go Outdated
Comment on lines 228 to 230
// debug
buff.Reset()
_ = enc.Encode(machineList.Items)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

debug needs removal

davidvossel
davidvossel reviewed Jun 12, 2023
View reviewed changes
controllers/kubevirtmachine_controller.go Outdated
@@ -65,7 +65,7 @@ type KubevirtMachineReconciler struct {
// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters;machines,verbs=get;list;watch
// +kubebuilder:rbac:groups="",resources=secrets;,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=kubevirt.io,resources=virtualmachines;,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=kubevirt.io,resources=virtualmachineinstances;,verbs=get;list;watch
// +kubebuilder:rbac:groups=kubevirt.io,resources=virtualmachineinstances;,verbs=get;list;watch;patch;update;delete
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you want to remove the watch item here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@davidvossel - the test was constantly failed without this watch. I put it back.

config/kccm/kustomization.yaml Outdated
Comment on lines 17 to 18
- ../rbac

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is adding the rbac used to install capk to the template used to create a guest cluster with kccm

@nunnatsa nunnatsa force-pushed the node-drain-external branch 6 times, most recently from e303e1a to fc21fe8 Compare June 14, 2023 07:39
@nunnatsa nunnatsa closed this Jun 14, 2023
@nunnatsa nunnatsa reopened this Jun 14, 2023
@nunnatsa nunnatsa force-pushed the node-drain-external branch from fc21fe8 to c1dd6e4 Compare June 14, 2023 11:46
@nunnatsa nunnatsa force-pushed the node-drain-external branch 4 times, most recently from bce14c4 to 32d5f40 Compare June 15, 2023 07:06
davidvossel
davidvossel reviewed Jun 20, 2023
View reviewed changes
config/rbac/role.yaml Outdated
Comment on lines 104 to 105
- list
- patch
- update
- watch
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we also remove the list and watch rbac here? This helps validate that the controller can operator entirely without those two rbac permissions

@nunnatsa nunnatsa force-pushed the node-drain-external branch 5 times, most recently from adadef9 to 020a265 Compare June 23, 2023 16:01
davidvossel
davidvossel reviewed Jun 23, 2023
View reviewed changes
Copy link
Contributor

@davidvossel davidvossel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great, I just had a couple of minor comments.

config/rbac/role.yaml
Comment on lines -104 to -107
- list
- patch
- update
- watch
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also remove list and watch from the virtualmachines entry that's slightly below this one

e2e/create-cluster_test.go Outdated
Comment on lines 229 to 231
setFakeAnnotationOnMachine(g)
defer removeFakeAnnotationFromMachine(g)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see how forcing the reconciliation improves the test time and consistency, but my concern is that it might mask real issues caused by the reconcile loop not popping when we need it to.

Is it possible for us to test this without forcing the reconciliation? it's okay if the wait time needs to increase?

@nunnatsa nunnatsa force-pushed the node-drain-external branch 8 times, most recently from 3c173b5 to faea995 Compare June 26, 2023 12:27
@nunnatsa
Copy link
Contributor Author

Closing and reopening. Maybe this will release the CI?

@nunnatsa nunnatsa closed this Jun 26, 2023
@nunnatsa nunnatsa reopened this Jun 26, 2023
@nunnatsa
Support VMI eviction also for external infra clusters
87a8fb7 
CAPK now can drain a node when its VMI is evicted, even if the VMI is
running at an external cluster.

Signed-off-by: Nahshon Unna-Tsameret <nunnatsa@redhat.com>
@nunnatsa nunnatsa force-pushed the node-drain-external branch from faea995 to 87a8fb7 Compare June 26, 2023 14:29
davidvossel
davidvossel approved these changes Jun 26, 2023
View reviewed changes
Copy link
Contributor

@davidvossel davidvossel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 26, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidvossel, nunnatsa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [davidvossel,nunnatsa]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 44140e4 into kubernetes-sigs:main Jun 26, 2023
@nunnatsa nunnatsa deleted the node-drain-external branch June 26, 2023 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidvossel davidvossel davidvossel approved these changes

@qinqon qinqon Awaiting requested review from qinqon

Assignees

@davidvossel davidvossel

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nunnatsa @coveralls @k8s-ci-robot @davidvossel