Describing steps to support out-of-tree providers #463
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
Danil-Grigorev
force-pushed
the
out-of-tree-support
branch
from
277d59c
to
a217f77
Compare
There was a problem hiding this comment.
This is a really really good start! I've left a bunch of comments, suggestions and questions throughout.
I think it would be good to expand on the CCM operator as this isn't really explained in detail, I assume we are going to need an operator that determines what to deploy daemonset wise based on the Infrastructure?
Danil-Grigorev
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
So, discussions from recent call: I think this component should be deployed by whatever operator controls the kube-controller-manager. The lifecycle of this component and that component are tightly coupled, regardless of where the source code lives.
It's likely we'll have to stagger the rollout of out-of-tree providers as some will be ready while others will not, and the ones that are ready to go out of tree are no longer receiving in-tree support. At least for the first iteration, we should make this component part of the same deployment as the KCM, IMO, as it should be a simple enough set of logic to determine whether or not to deploy the out of tree provider and the relevant options for the KCM.
|
@michaelgugino I agree. It should just run as a container next to kcm in same pod. We have experience in this approach with managed cloud services. |
I agree, I expect this to be hidden and abstracted by the infrastructure (where the code runs is not an operational detail for teams) |
There was a problem hiding this comment.
I think we need to add more detail about the CNM on Windows machines, plus I've added a few suggestions to improve the wording as below.
For the CNM on Windows we need to add a section something along the lines of
#### Windows Machine Config Operator
Most changes described in this document should be transparent to WMCO.
WMCO reads the output of MCO's rendered configuration and as such, will pick up the changes we need to make to Kubelet config via that mechanism.
However, on certain platforms (e.g. Azure), the Cloud Node Manager (CNM, responsible for initialising the Node) must be run on the Node itself via a DaemonSet.
Since Red Hat cannot supply or support Windows container images, we cannot run a DaemonSet for the CNM targeted at Windows Nodes as we would do on Linux Nodes.
Instead, we must adapt the WMCO to, on these particular platforms, deploy a new Windows service that runs the CNM on the Node.
This pattern is already in place for other components that are required to run on the host (eg CNI and Kube-Proxy), so we will be able to reuse the existing pattern to add support for CNM on platforms that require a CNM per host.
@aravindhp Could you check over this paragraph above, do you think that captures the content we need for WMCO or have I missed something?
We don't blindly apply the Linux configuration, so we should ensure that WMCO/WMCB picks up the required pieces during the implementation.
Yes, in general this looks good. /cc @openshift/openshift-team-windows-containers |
|
I've made some updates to my previous suggestion around WMCO to make it clearer that there are two changes to consider based on feedback from Aravindh and Danil |
Danil-Grigorev
force-pushed
the
out-of-tree-support
branch
from
25270d1
to
df1d938
Compare
Danil-Grigorev
force-pushed
the
out-of-tree-support
branch
from
df1d938
to
45cbb25
Compare
|
I think this is ready to go now, @aravindhp could I get you to do another pass on the WMCO section? We added it into the proposal with the latest commit on this branch @Danil-Grigorev If everything is ok from the WINC team, then I'll approve this and we can get it merged, thanks for all your work on this over the last year |
Danil-Grigorev
force-pushed
the
out-of-tree-support
branch
from
79eea44
to
40020e4
Compare
| - GCP | ||
|
|
||
| ##### General availability - 4.10 | ||
|
|
||
| - OpenStack upgrade and installation with the out-of-tree CCM by default. (GA) |
There was a problem hiding this comment.
Do we need AWS and Azure in this list too, with the above description as well?
There was a problem hiding this comment.
Yep, added a general direction and missed AWS and Azure in 4.10. Does it now look better? @JoelSpeed
Danil-Grigorev
force-pushed
the
out-of-tree-support
branch
from
40020e4
to
09ab941
Compare
|
/lgtm |
|
Given my email on June 30th proposed that this enhancement would be merged on the 9th of July if there wasn't any further comments, and the updates that have been made since to cater to the remaining few comments, I am happy at this point that we have addressed the concerns of the engineers who have reviewed this project so far and that this proposal now reflects the implementation as it is today, and captures the concerns and questions others may have if they need to work out why or how we implemented this project in the future. Thank you to all those who have been involved in this effort, this is a much larger project than we had anticipated and we have had to work with many teams to get this through. Congrats @Danil-Grigorev /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: elmiko, JoelSpeed, rtheis The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
It seems really problematic that authors are approving their own enhancement This doesn't seem to have approvals from the people it said it needed to have approvals from? |
I agree! But I think this is a wider problem with the enhancement process and something I know Doug (who was looking at this before IIRC) is aware of. The problem in my opinion is a lack of clear ownership for enhancements. Who's responsibility is it to drive an enhancement forward and who's responsibility is it to say it can merge? This has been unclear to me since I joined RH. For projects that only affect a single team, is the tech lead allowed to approve it? What if the tech lead wrote it? They're still the only one able to make an approval on the team, so they have to get someone outside the team to approve? When it crosses team boundaries, do we need to get a What I disagree with however is that we've done anything wrong here. In this particular case:
Finally, I gave everyone a heads up about this on aos-devel and invited final feedback, as per my comment above. It was also mentioned in the "This week in enhancements" that same week. I believe we have given people plenty of time to object to the changes or point out problems. Since there were no further objections, and the recent changes had already been signed off by forum-arch before they were implemented, I felt, and still feel, it was time to merge the enhancement. If you have any additional feedback, I'd be happy to discuss that with you and propose an adjustment to this enhancement in a new PR. |
This enhancement proposal describes the migration of cloud platforms from the deprecated in-tree cloud providers to Cloud Controller Manager services that implement
external cloud providerinterface.