[WIP] MCO-1669: add BootImageSkewEnforcement API #2357
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@djoshy: This pull request references MCO-1669 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Hello @djoshy! Some important instructions when contributing to openshift/api: |
openshift-ci
bot
added
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: djoshy The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@djoshy: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| @@ -56,8 +56,66 @@ type MachineConfigurationSpec struct { | |||
| // +openshift:enable:FeatureGate=NodeDisruptionPolicy | |||
| // +optional | |||
| NodeDisruptionPolicy NodeDisruptionPolicyConfig `json:"nodeDisruptionPolicy"` | |||
| // bootImageSkewEnforcement allows an admin to set the behavior of the boot image skew enforcement mechanism. | |||
There was a problem hiding this comment.
Why does an admin care about configuring this? What does configuring this allow them to achieve?
|
|
||
| // +kubebuilder:validation:XValidation:rule="has(self.mode) && (self.mode == 'Automatic' || self.mode =='Manual') ? has(self.clusterBootImage) : !has(self.clusterBootImage)",message="clusterBootImage is required when type is Automatic or Manual, and forbidden otherwise" | ||
| // +union | ||
| type SkewEnforcementSelector struct { |
There was a problem hiding this comment.
Nit: Being more explicit in the type name helps eliminate potential for future conflicts in naming of similar features within the same package. Also makes it a bit more clear from the dev perspective that this type is explicitly used for boot image skew enforcement.
| type SkewEnforcementSelector struct { | |
| type BootImageSkewEnforcementSelector struct { |
| type SkewEnforcementSelector struct { | |
| type SkewEnforcementSelector struct { |
| // associated with the last boot image update in the clusterBootImage field. | ||
| // In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the | ||
| // skew limit described by the release image. | ||
| // Disabled means that the MCO will permit upgrades when the boot image exceeds the skew limit |
There was a problem hiding this comment.
Nit: In general we try to avoid using the term Disabled because it is often overloaded to mean different things. I don't think this usage is particularly concerning, but maybe something like None is more intuitive for a field like this?
| Automatic SkewEnforcementSelectorMode = "Automatic" | ||
|
|
||
| // Manual represents a configuration mode that allows manual skew enforcement. | ||
| Manual SkewEnforcementSelectorMode = "Manual" | ||
|
|
||
| // Disabled represents a configuration mode that disables boot image skew enforcement. | ||
| Disabled SkewEnforcementSelectorMode = "Disabled" |
There was a problem hiding this comment.
Prevent naming conflicts and maintain consistency with how we define constants within OpenShift by following the format {typeAlias}{name}:
| Automatic SkewEnforcementSelectorMode = "Automatic" | |
| // Manual represents a configuration mode that allows manual skew enforcement. | |
| Manual SkewEnforcementSelectorMode = "Manual" | |
| // Disabled represents a configuration mode that disables boot image skew enforcement. | |
| Disabled SkewEnforcementSelectorMode = "Disabled" | |
| SkewEnforcementSelectorModeAutomatic SkewEnforcementSelectorMode = "Automatic" | |
| // Manual represents a configuration mode that allows manual skew enforcement. | |
| SkewEnforcementSelectorModeManual SkewEnforcementSelectorMode = "Manual" | |
| // Disabled represents a configuration mode that disables boot image skew enforcement. | |
| SkewEnforcementSelectorModeDisabled SkewEnforcementSelectorMode = "Disabled" |
| // Disabled means that the MCO will permit upgrades when the boot image exceeds the skew limit | ||
| // described by the release image. This may affect the cluster's ability to scale. | ||
| // +unionDiscriminator | ||
| // +required |
There was a problem hiding this comment.
Explicitly mention in the GoDoc that this field is required
| type ClusterBootImage struct { | ||
| // ocpVersion provides a string which represents the OCP version of the boot image | ||
| // +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]+\\\\.[0-9]+\\\\.[0-9]+$')",message="bootImageOCPVersion must match the OCP semver compatible format of x.y.z" | ||
| // +kubebuilder:validation:MaxLength:=8 |
There was a problem hiding this comment.
Curious, why was 8 chosen?
| // +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]+\\\\.[0-9]+\\\\.[0-9]+$')",message="bootImageOCPVersion must match the OCP semver compatible format of x.y.z" | ||
| // +kubebuilder:validation:MaxLength:=8 | ||
| // +required | ||
| OCPVersion string `json:"ocpVersion"` |
There was a problem hiding this comment.
Are you wanting to allow the empty string "" as a valid value here? If not, you'll probably want a minimum length here to prevent the empty string being valid.
If you do, what does this being an empty string mean?
| // +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]+\\\\.[0-9]+\\\\.[0-9]{8}-[0-9]+$')",message="rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber]" | ||
| // +kubebuilder:validation:MaxLength:=15 | ||
| // +optional |
There was a problem hiding this comment.
Explicitly mention these constraints in the godoc.
|
|
||
| // rhcosVersion provides a string which represents the RHCOS version of the boot image | ||
| // +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]+\\\\.[0-9]+\\\\.[0-9]{8}-[0-9]+$')",message="rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber]" | ||
| // +kubebuilder:validation:MaxLength:=15 |
There was a problem hiding this comment.
Why 15? is this long enough?
Looking at https://access.redhat.com/solutions/3787021 it looks like something like 416.94.202411201433-0 would be valid and is 21 characters long.
| } | ||
|
|
||
| // ClusterBootImage describes the boot image of a cluster. It stores the RHCOS version of the boot image and | ||
| // the OCP release version which shipped with that RHCOS boot image. | ||
| type ClusterBootImage struct { |
There was a problem hiding this comment.
What is the relationship between ocpVersion and rhcosVersion here? What happens if I do/don't include rhcosVersion?
WIP boot image enforcement API, based on discussions from openshift/enhancements#1761