Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PVC syncing support #179

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add PVC syncing support #179

wants to merge 1 commit into from

Conversation

galal-hussein
Copy link
Collaborator

@galal-hussein galal-hussein commented Jan 10, 2025
edited
Loading

  • Adds PVC syncing support by default in shared mode.
  • Creates a webhook to assign spec.nodeName to the virtual-kubelet node name.
  • Automatically generates the certs bundle and ca bundle for the webhook configuration.
  • The webhook will run in k3k-kubelet process and will listen to port 9443.
  • Automatically creates the mutation webhook configuration to the virtual cluster and assign the CA bundle to it.

@galal-hussein
Add pvc syncing support
f2ca5d7 
Signed-off-by: galal-hussein <[email protected]>
enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go

const (
pvcController = "pvc-syncer-controller"
pvcFinalizerName = "pv.k3k.io/finalizer"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be pvc.k3k.io/finalizer?

Suggested change
pvcFinalizerName = "pv.k3k.io/finalizer"
pvcFinalizerName = "pvc.k3k.io/finalizer"

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go
HostScheme *runtime.Scheme
logger *log.Logger
Translater translate.ToHostTranslater
//objs sets.Set[types.NamespacedName]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we drop the comment?

Suggested change
//objs sets.Set[types.NamespacedName]

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go
Complete(&reconciler)
}

func (v *PVCReconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably a nit but I had some issues to understand what v was. Maybe an r for Reconciler` is clearer?

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go
func (v *PVCReconciler) pvc(obj *v1.PersistentVolumeClaim) *v1.PersistentVolumeClaim {
hostPVC := obj.DeepCopy()
v.Translater.TranslateTo(hostPVC)
// don't sync finalizers to the host
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it mean we are still missing to remove the finalizers here?

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go
Comment on lines +84 to +87
// deleting the synced service if exists
if err := v.hostClient.Delete(ctx, syncedPVC); err != nil {
return reconcile.Result{}, ctrlruntimeclient.IgnoreNotFound(err)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I think this could lead to some orphaned resource. I.e. what if the syncedPVC does not exist? This will error, and it will not be requed because of the IgnoreNotFound.

Maybe it's better to return only if the error is a different one. In case of ErrNotFound we should continue the deletion of the virtual PVC.

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go
Comment on lines +89 to +94
if controllerutil.ContainsFinalizer(&virtPVC, pvcFinalizerName) {
controllerutil.RemoveFinalizer(&virtPVC, pvcFinalizerName)
if err := v.virtualClient.Update(ctx, &virtPVC); err != nil {
return reconcile.Result{}, err
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be shortened using only the RemoveFinalizer func. It does the same login of checking the finalizer, and it returns if the finalizer list was updated:

Suggested change
if controllerutil.ContainsFinalizer(&virtPVC, pvcFinalizerName) {
controllerutil.RemoveFinalizer(&virtPVC, pvcFinalizerName)
if err := v.virtualClient.Update(ctx, &virtPVC); err != nil {
return reconcile.Result{}, err
}
}
if controllerutil.RemoveFinalizer(&virtPVC, pvcFinalizerName) {
if err := v.virtualClient.Update(ctx, &virtPVC); err != nil {
return reconcile.Result{}, err
}
}

Probably the Contains is useful when you need to check the existence and do some logic before actually remove it.

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go
Comment on lines +100 to +106
// Add finalizer if it does not exist
if !controllerutil.ContainsFinalizer(&virtPVC, pvcFinalizerName) {
controllerutil.AddFinalizer(&virtPVC, pvcFinalizerName)
if err := v.virtualClient.Update(ctx, &virtPVC); err != nil {
return reconcile.Result{}, err
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as before:

Suggested change
// Add finalizer if it does not exist
if !controllerutil.ContainsFinalizer(&virtPVC, pvcFinalizerName) {
controllerutil.AddFinalizer(&virtPVC, pvcFinalizerName)
if err := v.virtualClient.Update(ctx, &virtPVC); err != nil {
return reconcile.Result{}, err
}
}
// Add finalizer if it does not exist
if controllerutil.AddFinalizer(&virtPVC, pvcFinalizerName) {
if err := v.virtualClient.Update(ctx, &virtPVC); err != nil {
return reconcile.Result{}, err
}
}

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/persistentvolumeclaims.go
return reconcile.Result{}, err
}
}
// create or update the pv on host
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// create or update the pv on host
// create or update the pvc on host

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
k3k-kubelet/controller/webhook/pod.go
webhookName = "nodename.podmutator.k3k.io"
webhookTimeout = int32(10)
webhookPort = "9443"
webhookPath = "/mutate--v1-pod"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the -- a convention?

enrichman
enrichman reviewed Jan 10, 2025
View reviewed changes
Copy link
Collaborator

@enrichman enrichman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments, it looks ok, I'm just not completely aware of the TLS/cert stuff, but just because I'm not an expert.

IIRC cert-manager is a required dependency, or maybe not yet, and it will be required for the CAPI provider? Could it simplify that part?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enrichman enrichman enrichman left review comments

@briandowns briandowns Awaiting requested review from briandowns

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@galal-hussein @enrichman