Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(dp): handle PodDisruptionBudget reconciliation for deployment #464

Merged
merged 3 commits into from
Aug 9, 2024
Merged

feat(dp): handle PodDisruptionBudget reconciliation for deployment #464

merged 3 commits into from
Aug 9, 2024

Conversation

czeslavo
Copy link
Contributor

@czeslavo czeslavo commented Aug 7, 2024
edited
Loading

What this PR does / why we need it:

Adds PodDisruptionBudget reconciliation for DataPlanes.

Which issue this PR fixes

Fixes #142.

PR Readiness Checklist:

Complete these before marking the PR as ready to review:

  • the CHANGELOG.md release notes have been updated to reflect significant changes

@czeslavo czeslavo self-assigned this Aug 7, 2024
@czeslavo czeslavo force-pushed the feat/dp-pdb branch 3 times, most recently from fae1cd7 to 1278780 Compare August 7, 2024 10:40
@czeslavo czeslavo changed the title feat(dp): handle creating PodDisruptionBudget for deployment feat(dp): handle PodDisruptionBudget reconciliation for deployment Aug 7, 2024
@czeslavo czeslavo force-pushed the feat/dp-pdb branch 3 times, most recently from d19eae8 to 93cc2e4 Compare August 7, 2024 11:16
@czeslavo czeslavo added this to the KGO v1.4.x milestone Aug 7, 2024
@czeslavo czeslavo marked this pull request as ready for review August 7, 2024 12:34
@czeslavo czeslavo requested a review from a team as a code owner August 7, 2024 12:34
pmalek
pmalek requested changes Aug 7, 2024
View reviewed changes
pkg/utils/kubernetes/reduce/reduce.go Outdated Show resolved Hide resolved
pkg/utils/kubernetes/reduce/reduce.go Outdated Show resolved Hide resolved
config/rbac/role/role.yaml Outdated Show resolved Hide resolved
controller/dataplane/owned_resources.go Outdated Show resolved Hide resolved
@czeslavo czeslavo requested a review from pmalek August 7, 2024 19:24
pmalek
pmalek reviewed Aug 8, 2024
View reviewed changes
pkg/utils/kubernetes/reduce/filters.go Show resolved Hide resolved
pkg/utils/kubernetes/reduce/reduce.go Outdated Show resolved Hide resolved
pkg/utils/kubernetes/resources/pdbs.go Show resolved Hide resolved
pkg/utils/test/predicates.go Outdated Show resolved Hide resolved
@czeslavo czeslavo requested a review from pmalek August 8, 2024 12:11
@pmalek
Copy link
Member

pmalek commented Aug 8, 2024

The E2E are failing due to policy rules not being in place in the helm chart (a sad reality of chicken and egg problem in tests :/)

2024-08-08T14:05:16.22262256Z stderr F W0808 14:05:16.222529       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:16.222648388Z stderr F E0808 14:05:16.222563       1 reflector.go:150] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: Failed to watch *v1.PodDisruptionBudget: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:16.319688827Z stderr F {"level":"info","ts":"2024-08-08T14:05:16Z","msg":"Starting workers","controller":"gatewayclass","controllerGroup":"gateway.networking.k8s.io","controllerKind":"GatewayClass","worker count":1}
2024-08-08T14:05:17.816154465Z stderr F W0808 14:05:17.816064       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:17.816173621Z stderr F E0808 14:05:17.816095       1 reflector.go:150] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: Failed to watch *v1.PodDisruptionBudget: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:19.759403497Z stderr F W0808 14:05:19.759318       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:19.759425408Z stderr F E0808 14:05:19.759349       1 reflector.go:150] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: Failed to watch *v1.PodDisruptionBudget: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:25.542095916Z stderr F W0808 14:05:25.542015       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:25.542113007Z stderr F E0808 14:05:25.542046       1 reflector.go:150] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: Failed to watch *v1.PodDisruptionBudget: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:37.972238936Z stderr F W0808 14:05:37.972165       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:37.972260346Z stderr F E0808 14:05:37.972194       1 reflector.go:150] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: Failed to watch *v1.PodDisruptionBudget: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:51.355521461Z stderr F W0808 14:05:51.355402       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:05:51.355544163Z stderr F E0808 14:05:51.355438       1 reflector.go:150] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: Failed to watch *v1.PodDisruptionBudget: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:06:40.474584374Z stderr F W0808 14:06:40.474497       1 reflector.go:547] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:06:40.474609751Z stderr F E0808 14:06:40.474523       1 reflector.go:150] pkg/mod/k8s.io/client-go@v0.30.3/tools/cache/reflector.go:232: Failed to watch *v1.PodDisruptionBudget: failed to list *v1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:5670ced5-4151-4c84-8449-a08266eb6387:controller-manager" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
2024-08-08T14:07:16.212545541Z stderr F {"level":"error","ts":"2024-08-08T14:07:16Z","msg":"Could not wait for Cache to sync","controller":"dataplane","controllerGroup":"gateway-operator.konghq.com","controllerKind":"DataPlane","error":"failed to wait for dataplane caches to sync: timed out waiting for cache to be synced for Kind *v1beta1.DataPlane","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.1\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:198\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:203\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:229\nsigs.k8s.io/controller-runtime/pkg/manager.(*runnableGroup).reconcile.func1\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/manager/runnable_group.go:226"}

I'm not sure if we want to solve it differently than adding rules from this PR to helm chart already.

We could be tempted to patch the policy rules in tests but that can be error prone.

I'm curious to your thoughts on this.

@czeslavo
Copy link
Contributor Author

czeslavo commented Aug 9, 2024

We could be tempted to patch the policy rules in tests but that can be error prone.

Yeah, I agree that's better to add the rules already to the helm chart. At least by having these E2Es failing, it gives us direct feedback on the missing pieces and we're fixing them in the right place. By patching them, we'd still have to remember to add the rules to the chart eventually.

Adding them and releasing straight away: Kong/charts#1114

@czeslavo czeslavo requested a review from pmalek August 9, 2024 07:24
@czeslavo czeslavo enabled auto-merge (squash) August 9, 2024 08:23
@czeslavo czeslavo merged commit ec80e42 into main Aug 9, 2024
20 checks passed
@czeslavo czeslavo deleted the feat/dp-pdb branch August 9, 2024 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmalek pmalek Awaiting requested review from pmalek

Assignees

@czeslavo czeslavo

Labels
area/dataplane
Projects
None yet
Milestone
KGO v1.4.x
Development

Successfully merging this pull request may close these issues.

DataPlane: support PodDisruptionBudget
2 participants
@czeslavo @pmalek