-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Predict the GlanceAPI volumes order #509
Predict the GlanceAPI volumes order #509
Conversation
With this change I can make sure to only have two revisions: the first one w/o TLS, and the second is the CR patched:
The previous situation required three or more sts revisions to converge [1]. |
I am not sure I understand the problem correct. we have an array of volumes and volumemounts and the way volumes/mounts get added has a specific order. so parts of the array change because of conditions (expected), but the ordering should not change since we always append. As said, it is expected that the deployment restarts when the certificate got created and passed into via the overrides, but when the list is complete it should not change and right now I do not get why ordering the volumes would change the behavior. In general it won't hurt to sort, but then we might want to add the funcs to lib-common as we may want to do it across all operators? |
It shouldn't hurt, indeed, and we can consider to have this kind of utility as a lib-common function so we can hide this implementation detail. I didn't analyze the other operators so far, but this might be a problem related to a couple of things:
Sorting |
don't think its an issue which way to be used. there is also a mount for when kolla is used. it could also flip if it flips
you are referring to
right now I don't think we have this issue in other operators since we don't have there the concept of multiple apis as it is in glance.
We could only solve this if we agree that the openstack-operator has knowledge how the service operators create the services so that we can pre-create the certificates without having the created services. This is what I had initially but there were concerns that the openstack-operator has/needs internal knowledge on how the service operators create their k8s services. |
We can discuss about this in a different context, but it might be predictable what services the operators are going to create. I understand the concern, so in case TLS is enabled it might be the logic within the service operators to create the service and "properly wait" until the TLS input are ready. if we're able to catch this information at bootstrap time, we could probably avoid the rollout because we can requeue the reconciliation loop until we have the data we need. |
The above logic is very simple, and from a pure coding point of view it's the fastest approach.
|
@stuggi FYI I switched to the approach you proposed. I tested it locally (w/ |
When TLS is enabled at Pod level (which is the new default introduced by the openstack-operator), and a statefulset is created, a new revision is rolled out because of the overrides passed by the OpenStack operator to the service CR. In glance this introduced an additional issue: in case of multiple APIs, an iteration is performed through the Spec instances, and the TLS override is checked out for each endpoint. No one ensures that the StatefulSet has the same order of the provided mountpoints, and this might generate multiple (random) rollouts until it converges with two subsequent revisions that keep the same order. To avoid multiple restarts, this patch sorts the iteration on the resulting endpoints associated with the GlanceAPI StatefulSet. By doing this we can always predict the mount order of Volumes and VolumeMounts and avoid unnecessary restarts. Signed-off-by: Francesco Pantano <[email protected]>
@stuggi seems good to go |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm thanks!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fmount, stuggi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
676f29f
into
openstack-k8s-operators:main
When
TLS
is enabled atPod
level (which is the new default introduced by theopenstack-operator
), and aStatefulSet
is created, a newrevision
is rolled out because of the overrides passed by theOpenStack
operator to the serviceCR
. InGlance
this introduced an additional issue: in case of multipleAPIs
, an iteration is performed through theSpec
instances, and theTLS
override is checked out for each endpoint. No one ensures that theStatefulSet
has the same order of the providedVolumes
, and this might generate multiple (random)rollout(s)
until the StatefulSet converges with two subsequent revisions that keep the same mount order. To avoid multiple restarts, this patch sorts the iteration through the endpoints, so we can always predict the mount order and avoid unnecessary restarts.Related: OSPRH-6331