Refactor NTO to use controller runtime lib

[yanirq]

Refactor cluster node tuning operator to use controller runtime library (release 0.11).
The functionality is internal only and replaces the direct application of a controller with the controller runtime scheme.

The new controller(s) structure:

• 2 Controllers under one manager : CVO controller and Tuned controller using controller runtime library.
• Metrics server added as runnable to the controller runtime manager.
• Tuned daemon controller left untouched.

Current implementation that might be subject to change depending on the operator performance (or reviews):

• Tuned controller does not keep internal maps for tracking node names and pods. It watches pod and node label changes and in the reconcile logic will list all nodes before syncing tuned profiles.
• Pod labels watch will run always but will never act on changes if no tuned CR has pod type.

Pending tasks checklist:

• Ensure metric reporting works as expected (not only on e2e)
• e2e and unit test coverage should be added (either in this PR or the following)
• Unused methods will be removed once the PR is in an acceptable review state.
• Add profile deletion when a node is deleted
• Test managed state
• Test operator's performance vs previous implementation
• Test all status reporting scenarios
• Client-go leader election changes applied correctly

This is also a preliminary work to set up the stage for moving Performance addons operator under NTO as documented here: openshift/enhancements#867

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: yanirq
To complete the pull request process, please assign jmencak after the PR has been reviewed.
You can assign the PR to them by writing /assign @jmencak in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[yanirq]

/test e2e-aws-operator

[yanirq]

/test e2e-aws-operator

[jmencak]

Congrats on the e2e-aws-operator tests passing @yanirq , We will start a review this week.
/cc @dagrayvid

[yanirq]

Congrats on the e2e-aws-operator tests passing @yanirq , We will start a review this week. /cc @dagrayvid

All the previous PRs can be closed.
There is a checklist still to be completed but reviews should definitely start asap.
You will notice that there are some//TODOsections with alternatives to the current implementation in some sections.

/cc @cynepco3hahue

[yanirq]

/retest

[yanirq]

/retest

[yanirq]

/retest

[yanirq]

/retest

[dagrayvid]

@yanirq @jmencak,

I did a bit more testing similar to what Jiri already shared. I tested 3 cases for the old code and the new code: 1. fully idle 2. creating ~1000 pods in the background without any custom profile, 3. creating ~1000 pods in the background with a Profile that matches to those pods. Here are the results:

1. Fully idle:

Old implementation:                 Controller-runtime rewrite:
2022-04-02 17:39:25: 101 18         2022-04-02 16:36:52: 103 20
2022-04-02 17:40:25: 103 19         2022-04-02 16:37:52: 106 22
2022-04-02 17:41:25: 105 20         2022-04-02 16:38:52: 110 24
2022-04-02 17:42:25: 105 20         2022-04-02 16:39:52: 114 25
delta:               4   2                               11  5

2. Creating pods with no label matching used. Should be pretty idle…

Old implementation:                 Controller-runtime rewrite:
2022-04-02 17:46:33: 112 22         2022-04-02 16:48:01: 153 44
2022-04-02 17:47:33: 113 22         2022-04-02 16:49:01: 226 55
2022-04-02 17:48:33: 115 23         2022-04-02 16:50:01: 299 67
2022-04-02 17:49:33: 117 23         2022-04-02 16:51:01: 365 76
delta:               5   1                               212 32

3. Creating pods with a profile that matches to the pods (3 master 3 worker cluster)

Old implementation:                 Controller-runtime rewrite:
2022-04-02 17:53:18: 169  33        2022-04-02 17:04:48: 104  21
2022-04-02 17:54:18: 539  56        2022-04-02 17:05:48: 1122 85
2022-04-02 17:55:18: 969  72        2022-04-02 17:06:48: 2959 189
2022-04-02 17:56:18: 1488 86        2022-04-02 17:07:48: 5740 299
delta:               1319 53                             5636 278

This confirms that the controller-runtime implementation is doing some work when pods are created even when the pod label matching functionality is unused. It also shows that when the pod label matching functionality is used, the new implementation is using many more CPU cycles than the old implementation.

[yanirq]

/retest

[openshift-ci]

@yanirq: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[yanirq]

/hold - #316 is examined as an alternative for this PR

[camilamacedo86]

Why are you defining a lease duration? see:

. // LeaseDuration is the duration that non-leader candidates will
// wait to force acquire leadership. This is measured against time of
// last observed ack. Default is 15 seconds.
LeaseDuration *time.Duration

Is not the default time good enough?

[yanirq]

this was to keep the original behavior before the refactor

[camilamacedo86]

Why would you like to use this option?
How many ns would you like to inform here?

See that if you try to cache all -1 or 2 namespaces on the cluster then, you will probably check performance issues.
Please, check the comment: https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/cache/multi_namespace_cache.go#L40-L46

[yanirq]

the main reason here was to watch cluster resources such as nodes and pods and have a distinct namespace for NTO to be used for filtering

[camilamacedo86]

You are passing an NS and NewCache: cache.MultiNamespacedCacheBuilder(namespaces)
Note that you need to have permissions ( scope ) to read/update/delete resources and in this way cache them where the operator will be installed. Then, you can:

a) Watching/Catching resources in a set of Namespaces
It is possible to use MultiNamespacedCacheBuilder from Options to watch and manage resources in a set of Namespaces.

OR

b) Watching/Catching resources in a single Namespace (where the. operator will be installed) by using the Namespace option. See:

// Namespace if specified restricts the manager's cache to watch objects in
// the desired namespace Defaults to all namespaces
//
// Note: If a namespace is specified, controllers can still Watch for a
// cluster-scoped resource (e.g Node). For namespaced resources the cache
// will only hold objects from the desired namespace.
Namespace string

Ref: https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.11.1/pkg/manager#Manager

OR

c) Do not add both which means grant cluster-scope permission for the project. Your operator will be watching/catching the whole cluster

Be aware that how much more resources/namespaces do you catching/watching more resources you will consume.

[camilamacedo86]

By default SDK/Kubebuilder scaffold the projects as cluster-scope, see: https://github.com/operator-framework/operator-sdk/blob/master/testdata/go/v3/memcached-operator/main.go#L68-L79

But you can change the. scope: https://sdk.operatorframework.io/docs/building-operators/golang/operator-scope/

[camilamacedo86]

by adopting SDK/Kubebuilder you will be able to work with makers, e.g: https://github.com/operator-framework/operator-sdk/blob/master/testdata/go/v3/memcached-operator/controllers/memcached_controller.go#L44-L48

Then, when you run make generate the RBAC will be generated at the config]/rbac/ dir: https://github.com/operator-framework/operator-sdk/tree/master/testdata/go/v3/memcached-operator/config/rbac

Also, you can use make bundle and have the whole OLM bundle generated by you with all your kustomize configs, see: https://github.com/operator-framework/operator-sdk/tree/master/testdata/go/v3/memcached-operator/bundle

That is very helpful to work with the releases and provide the solutions for OLM.
You can also add customizations on in your base CSV: operator-sdk/testdata/go/v3/memcached-operator/config/manifests/bases/

To know more about the default layout see: https://sdk.operatorframework.io/docs/overview/project-layout/

[camilamacedo86]

What means mc.go?
What is its purpose?

[camilamacedo86]

Are you doing it to address the scenarios that the reconciliation fails because the resource changed on the cluster? If yes, I'd suggest using the client and fetching the resource that you want to change/update before calling the update. Then, if it fails return err in the reconciliation to ensure that it will be executed again.

[camilamacedo86]

Why do you need this ultis for leader election?
By default, you have the C+R implementation for leader election : https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/leaderelection/leader_election.go

What is the extra requirement on top of that?

Also, you might give a look in the doc https://sdk.operatorframework.io/docs/building-operators/golang/advanced-topics/#leader-election which has compressive info about it.

[camilamacedo86]

Also, see; wdyt about check it with the bug fix: https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.11.1

[camilamacedo86]

why do you need these replaces?
Why do you import sigs.k8s.io/controller-tools?

[yanirq]

@camilamacedo86 Thank you for the extensive review, it is super informative and helpful (also for deeper understanding of controller runtime "under the hood").
This PR will probably be closed soon since we switched to an alternative solution but it will be kept in case we do choose to use this refactor in the future.
Some of the information is insightful also for the current implementation so thanks again ! I will answer the comments here that could be addressed.

[openshift-ci]

@yanirq: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[camilamacedo86]

Hi @yanirq,

#302 (comment)
Thank you for your reply. I hope that it can help out.

Feel free to reach out if you need.

[yanirq]

This PR will not be the format we will be using.
The solution is to copy over the PAO code and add it to the manager as a runnable instead of refactoring whole of NTO to use controller runtime.
The PR can be reopened or use as a reference if needed.