feat: status check for config-connector

[gsquared94]

Fixes: #6709

Description

This PR implements skaffold's status checker for config connector resources.

Background:
Status check currently works for only deployments and standalone pods. For either type, we poll for the latest status (running kubectl rollout deployment <foo> for deployments, and kubectl get pods ... for standalone pods). We also check the status of individual pods and containers in the deployment.

For config connector resources:

Config connector resources are created from custom resource definitions (CRDs) and there's no direct command to invoke to get their status. However, they all expose a Ready condition that can be waited on.

Testing instructions

• Setup config connector following their guide.
• Clone https://github.com/gsquared94/config-connector-with-skaffold
• In the directory pubsub, run skaffold dev against the k8s cluster with config connector setup.
  You should see the status check happening for the deployed resources:

Starting deploy...
 - service.serviceusage.cnrm.cloud.google.com/pubsub.googleapis.com created
 - pubsubtopic.pubsub.cnrm.cloud.google.com/random-xxljslierjlj-sample created
Waiting for deployments to stabilize...
 - config-connector-resource/pubsub.cnrm.cloud.google.com/v1beta1, Kind=PubSubTopic, Name=random-xxljslierjlj-sample is ready. [1/2 deployment(s) still pending]
 - config-connector-resource/serviceusage.cnrm.cloud.google.com/v1beta1, Kind=Service, Name=pubsub.googleapis.com is ready.
Deployments stabilized in 2.576 seconds
Press Ctrl+C to exit

• In the directory failing run skaffold dev. This should cause the status check to fail

Starting deploy...
 - storagebucket.storage.cnrm.cloud.google.com/random-xxljslierjlj-sample created
Waiting for deployments to stabilize...
 - config-control:config-connector-resource/storage.cnrm.cloud.google.com/v1beta1, Kind=StorageBucket, Name=random-xxljslierjlj-sample: Update call failed: error applying desired state: summary: googleapi: Error 400: The storage class you specified is not valid., invalid
    - config-control:StorageBucket/random-xxljslierjlj-sample: Update call failed: error applying desired state: summary: googleapi: Error 400: The storage class you specified is not valid., invalid
 - config-control:config-connector-resource/storage.cnrm.cloud.google.com/v1beta1, Kind=StorageBucket, Name=random-xxljslierjlj-sample failed. Error: Update call failed: error applying desired state: summary: googleapi: Error 400: The storage class you specified is not valid., invalid.
Cleaning up...
 - storagebucket.storage.cnrm.cloud.google.com "random-xxljslierjlj-sample" deleted
1/1 deployment(s) failed

[gsquared94]

@briandealwis for the purpose of testing I've removed the restriction of only allowing Service kinds. We can add that back, although if this PR is merged, IMO we can start allowing all resource kinds. WDYT?

[briandealwis]

Sounds good.

[codecov]

Codecov Report

Merging #6766 (70dafd2) into main (290280e) will decrease coverage by 1.10%.
The diff coverage is 60.86%.

@@            Coverage Diff             @@
##             main    #6766      +/-   ##
==========================================
- Coverage   70.48%   69.38%   -1.11%     
==========================================
  Files         515      540      +25     
  Lines       23150    24567    +1417     
==========================================
+ Hits        16317    17045     +728     
- Misses       5776     6389     +613     
- Partials     1057     1133      +76     

Impacted Files	Coverage Δ
cmd/skaffold/app/cmd/flags.go	89.00% <ø> (-1.82%)	⬇️
cmd/skaffold/skaffold.go	0.00% <ø> (ø)
cmd/skaffold/app/cmd/lint.go	52.94% <52.94%> (ø)
cmd/skaffold/app/cmd/cmd.go	70.49% <75.00%> (-0.57%)	⬇️
cmd/skaffold/app/cmd/debug.go	100.00% <100.00%> (ø)
cmd/skaffold/app/cmd/runner.go	64.17% <100.00%> (ø)
.../skaffold/kubernetes/status/resource/deployment.go	65.48% <0.00%> (-20.32%)	⬇️
pkg/skaffold/initializer/build/builders.go	42.85% <0.00%> (-17.15%)	⬇️
pkg/skaffold/build/cluster/logs.go	0.00% <0.00%> (-16.67%)	⬇️
pkg/skaffold/event/v2/status_check.go	85.45% <0.00%> (-14.55%)	⬇️
... and 132 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 15f88b6...70dafd2. Read the comment docs.

[briandealwis]

Is there a bug that can be referenced here?

[briandealwis]

Why is it necessary to walk the events instead of just using the resource conditions?

[gsquared94]

This is something implemented for deployment type resources. I didn't think there's any harm continuing that pattern here. WDYT?

[briandealwis]

From my understanding, the events are there for debugging and diagnostics purposes, but the object status should be considered the truth.

I think processing the events risks reporting false positives and should not be used for this purpose:

1. The list of event types is not fixed and may have more added, including diagnostic or informational events. This code would mis-report such events as errors.
2. What if the last event is at odds with the actual resource status?

Is there a particular situation you've seen where the events were at odds with the resource status? If there's a specific sequence that you've seen that is a precursor for an error, that might make sense to report.

We could log something at debug level if the event type is not normal. Or even an info message and ask that they report an issue to the Skaffold issue tracker.

[briandealwis]

I don't understand the purpose of this code: we create a selector for a resource that returns the list of other resources with this same type and name — which should be uResource, right?

Is this to fetch the latest copy of the uResource?

[gsquared94]

yes, it's to fetch the latest version. Also we poll on this selector so that if there are any new resources of this type that show up later and they are checked on that iteration (as against just fetching the list once and checking the status of known resources individually).

[yuwenma]

I have a general question:

skaffold does not specifically tie itself to kubernetes which gives it more room to grow as a standalone CICD tooling. Do we really want it to deal with the kubernetes objects (GVK, unstructured) and mechanisms? If so, is that possible to reuse some existing functions to handle GVK, selector operations? I'm worried it may eventually hit many problems that other kubernetes tools have or have been resolved. @tejal29 @briandealwis

[briandealwis]

We're happy for pointers @yuwenma!

[tejal29]

Thanks @yuwenma. Going to take a look at this in depth today.

[gsquared94]

I have a general question:

skaffold does not specifically tie itself to kubernetes which gives it more room to grow as a standalone CICD tooling.
Do we really want it to deal with the kubernetes objects (GVK, unstructured) and mechanisms?

This has become the design philosophy now with the implementation of new deployers like docker deployer. However, the entire codebase already has references to kubernetes internals in deploy and status-check phases. We're already using the following packages in our go.mod file:

	k8s.io/api v0.21.3
	k8s.io/apimachinery v0.22.2
	k8s.io/client-go v0.21.3
	k8s.io/kubectl v0.21.3
	k8s.io/utils v0.0.0-20201110183641-67b214c5f920
	knative.dev/pkg v0.0.0-20201119170152-e5e30edc364a // indirect
	sigs.k8s.io/kustomize/kyaml v0.10.17
	sigs.k8s.io/yaml v1.2.0

The status-check phase currently only works for selected kubernetes resources. The Deployer interface however allows any randomly implemented deployer to define it's own implementation of a Monitor.

If so, is that possible to reuse some existing functions to handle GVK, selector operations? I'm worried it may eventually hit many problems that other kubernetes tools have or have been resolved. @tejal29 @briandealwis

we are using the kstatus library to parse the resource status and other client libraries and constructs. We're happy for pointers to other packages that you think could simplify our status-checker implementation.

[briandealwis]

From my understanding, the events are there for debugging and diagnostics purposes, but the object status should be considered the truth.

I think processing the events risks reporting false positives and should not be used for this purpose:

1. The list of event types is not fixed and may have more added, including diagnostic or informational events. This code would mis-report such events as errors.
2. What if the last event is at odds with the actual resource status?

Is there a particular situation you've seen where the events were at odds with the resource status? If there's a specific sequence that you've seen that is a precursor for an error, that might make sense to report.

We could log something at debug level if the event type is not normal. Or even an info message and ask that they report an issue to the Skaffold issue tracker.

[briandealwis]

I wonder how this would happen!

[gsquared94]

I don't actually think that we'd run into this. But I added it for completion's sake.

[briandealwis]

This is looking good. A few more comments.

[briandealwis]

Sounds good.

[briandealwis]

I like these functions, but they need tests.

[gsquared94]

working on UTs

[briandealwis]

I do wonder if we should have separate interfaces for allowing resource selectors (taking an unstructured.Ubstructured), or GVK, or group+kind. That can be done separately.