From e827574bc2a3b27b753a6f32951d0308d9fbfd73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Wed, 20 Nov 2024 22:07:35 +0100 Subject: [PATCH 1/3] Stabilize scs-0214-v1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- Standards/scs-0214-v2-k8s-node-distribution.md | 13 +++---------- ...-k8s-node-distribution-implementation-testing.md | 6 +----- .../kaas/k8s-node-distribution/check_nodes_test.py | 2 +- .../k8s_node_distribution_check.py | 2 -- 4 files changed, 5 insertions(+), 18 deletions(-) diff --git a/Standards/scs-0214-v2-k8s-node-distribution.md b/Standards/scs-0214-v2-k8s-node-distribution.md index 3b4915492..82936aac8 100644 --- a/Standards/scs-0214-v2-k8s-node-distribution.md +++ b/Standards/scs-0214-v2-k8s-node-distribution.md @@ -1,7 +1,8 @@ --- title: Kubernetes Node Distribution and Availability type: Standard -status: Draft +status: Stable +stabilized_at: 2024-11-21 replaces: scs-0214-v1-k8s-node-distribution.md track: KaaS --- @@ -100,18 +101,10 @@ These labels MUST be kept up to date with the current state of the deployment. The field gets autopopulated most of the time by either the kubelet or external mechanisms like the cloud controller. -- `topology.scs.community/host-id` - - This is an SCS-specific label; it MUST contain the hostID of the physical machine running - the hypervisor (NOT: the hostID of a virtual machine). Here, the hostID is an arbitrary identifier, - which need not contain the actual hostname, but it should nonetheless be unique to the host. - This helps identify the distribution over underlying physical machines, - which would be masked if VM hostIDs were used. - ## Conformance Tests The script `k8s-node-distribution-check.py` checks the nodes available with a user-provided -kubeconfig file. Based on the labels `topology.scs.community/host-id`, +kubeconfig file. Based on the labels `topology.kubernetes.io/zone`, `topology.kubernetes.io/region` and `node-role.kubernetes.io/control-plane`, the script then determines whether the nodes are distributed according to this standard. If this isn't the case, the script produces an error. diff --git a/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md index 4366365a0..44caa88b1 100644 --- a/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md +++ b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md @@ -16,11 +16,7 @@ Worker nodes can also be distributed over "failure zones", but this isn't a requ Distribution must be shown through labelling, so that users can access these information. Node distribution metadata is provided through the usage of the labels -`topology.kubernetes.io/region`, `topology.kubernetes.io/zone` and -`topology.scs.community/host-id` respectively. - -At the moment, not all labels are set automatically by most K8s cluster utilities, which incurs -additional setup and maintenance costs. +`topology.kubernetes.io/region` and `topology.kubernetes.io/zone`. ## Automated tests diff --git a/Tests/kaas/k8s-node-distribution/check_nodes_test.py b/Tests/kaas/k8s-node-distribution/check_nodes_test.py index d32edccfb..7f8aac7a2 100644 --- a/Tests/kaas/k8s-node-distribution/check_nodes_test.py +++ b/Tests/kaas/k8s-node-distribution/check_nodes_test.py @@ -52,7 +52,7 @@ def test_no_distribution(yaml_key, caplog, load_testdata): assert record.levelname == "ERROR" -def test_missing_label(caplog, load_testdata): +def notest_missing_label(caplog, load_testdata): data = load_testdata["missing-labels"] assert check_nodes(data.values()) == 2 hostid_missing_records = [ diff --git a/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py b/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py index efac000d4..25a7aab42 100755 --- a/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py +++ b/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py @@ -22,7 +22,6 @@ and does require these labels to be set, but should yield overall pretty good initial results. - topology.scs.openstack.org/host-id # previously kubernetes.io/hostname topology.kubernetes.io/zone topology.kubernetes.io/region node-role.kubernetes.io/control-plane @@ -47,7 +46,6 @@ LABELS = ( "topology.kubernetes.io/region", "topology.kubernetes.io/zone", - "topology.scs.community/host-id", ) logger = logging.getLogger(__name__) From 8c06055ddc72365fa8a9d97693381be7c4e2ca90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Mon, 25 Nov 2024 22:43:10 +0100 Subject: [PATCH 2/3] Relax wording to reflect weaknesses in the test for scs-0214-v2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- Standards/scs-0214-v2-k8s-node-distribution.md | 9 --------- ...k8s-node-distribution-implementation-testing.md | 14 ++++---------- .../k8s_node_distribution_check.py | 11 +++++------ 3 files changed, 9 insertions(+), 25 deletions(-) diff --git a/Standards/scs-0214-v2-k8s-node-distribution.md b/Standards/scs-0214-v2-k8s-node-distribution.md index 82936aac8..37af338ee 100644 --- a/Standards/scs-0214-v2-k8s-node-distribution.md +++ b/Standards/scs-0214-v2-k8s-node-distribution.md @@ -101,15 +101,6 @@ These labels MUST be kept up to date with the current state of the deployment. The field gets autopopulated most of the time by either the kubelet or external mechanisms like the cloud controller. -## Conformance Tests - -The script `k8s-node-distribution-check.py` checks the nodes available with a user-provided -kubeconfig file. Based on the labels -`topology.kubernetes.io/zone`, `topology.kubernetes.io/region` and `node-role.kubernetes.io/control-plane`, -the script then determines whether the nodes are distributed according to this standard. -If this isn't the case, the script produces an error. -It also produces warnings and informational outputs, e.g., if labels don't seem to be set. - ## Previous standard versions This is version 2 of the standard; it extends [version 1](scs-0214-v1-k8s-node-distribution.md) with the diff --git a/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md index 44caa88b1..6460cc195 100644 --- a/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md +++ b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md @@ -20,17 +20,11 @@ Node distribution metadata is provided through the usage of the labels ## Automated tests -### Notes +Currently, automated testing is not readily possible because we cannot access information about +the underlying host of a node (as opposed to its region and zone). Therefore, the test will only output +a tentative result. -The test for the [SCS K8s Node Distribution and Availability](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0214-v2-k8s-node-distribution.md) -checks if control-plane nodes are distributed over different failure zones (distributed into -physical machines, zones and regions) by observing their labels defined by the standard. - -### Implementation - -The script [`k8s_node_distribution_check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py) -connects to an existing K8s cluster and checks if a distribution can be detected with the labels -set for the nodes of this cluster. +The current implementation can be found in the script [`k8s_node_distribution_check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py). ## Manual tests diff --git a/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py b/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py index 25a7aab42..038d8a67c 100755 --- a/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py +++ b/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py @@ -162,12 +162,11 @@ def compare_labels(node_list, node_type="control"): ) return - if node_type == "control": - raise DistributionException("The distribution of nodes described in the standard couldn't be detected.") - elif node_type == "worker": - logger.warning("No node distribution could be detected for the worker nodes. " - "This produces only a warning, since it is just a recommendation.") - return + # + # if node_type == "control": + # raise DistributionException("The distribution of nodes described in the standard couldn't be detected.") + logger.warning("No node distribution could be detected for the worker nodes. " + "This produces only a warning, since it is just a recommendation.") def check_nodes(nodes): From da439b1188d68a80dfa565e313b90e606e5a714f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Mon, 25 Nov 2024 22:54:54 +0100 Subject: [PATCH 3/3] skip unit test because it no longer applies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- Tests/kaas/k8s-node-distribution/check_nodes_test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/kaas/k8s-node-distribution/check_nodes_test.py b/Tests/kaas/k8s-node-distribution/check_nodes_test.py index 7f8aac7a2..439d1b18e 100644 --- a/Tests/kaas/k8s-node-distribution/check_nodes_test.py +++ b/Tests/kaas/k8s-node-distribution/check_nodes_test.py @@ -42,9 +42,9 @@ def test_not_enough_nodes(caplog, load_testdata): @pytest.mark.parametrize("yaml_key", ["no-distribution-1", "no-distribution-2"]) -def test_no_distribution(yaml_key, caplog, load_testdata): +def notest_no_distribution(yaml_key, caplog, load_testdata): data = load_testdata[yaml_key] - with caplog.at_level("ERROR"): + with caplog.at_level("WARNING"): assert check_nodes(data.values()) == 2 assert len(caplog.records) == 1 record = caplog.records[0]