telco-hub: add first set of reference templates for the cluster-compare tool#110
Conversation
…re tool The templates cover the reference CRs for: * LSO * ODF * TALM * ACM (without the observability configuration) * Cluster logging * Quay The ACM MultiClusterHub is also updated to include the SiteConfig Operator.
|
Hi @jmontesi. Thanks for your PR. I'm waiting for a openshift-kni member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
openshift-ci
bot
added
the
needs-ok-to-test
|
/ok-to-test |
openshift-ci
bot
added
ok-to-test
| name: version | ||
| status: | ||
| desired: | ||
| version: {{ template "versionMatch" (list .status.desired.version "4.18") }} |
There was a problem hiding this comment.
Current "main" branch should be 4.19
There was a problem hiding this comment.
The reference-crs still point to channel versions related to 4.18. I guess both the reference-crs and the templates should be updated at once.
There was a problem hiding this comment.
There are a couple of changes for 4.19 which are pending based on testing. Until we merge those we are trying to keep main at 4.19 to make things easier.
| allOrNoneOf: | ||
| - path: optional/logging/clusterLogNS.yaml | ||
| - path: optional/logging/clusterLogOperGroup.yaml | ||
| - path: optional/logging/clusterLogSubscription.yaml |
There was a problem hiding this comment.
Should include ClusterLogForwarder here as well.
There was a problem hiding this comment.
The ClusterLogForwarder CR is not present in the reference-crs, so I think that CR along with its template should be added in another PR.
There was a problem hiding this comment.
Agreed. In reality it is almost entirely customer specific so it can be considered part of their custom overlay and not vetted by the cluster-compare.
| - name: optional-quay | ||
| description: |- | ||
| TODO: Link to Hub RDS Quay section when published | ||
| components: | ||
| - name: quay-operator | ||
| allOrNoneOf: | ||
| - path: optional/quay/quayNS.yaml | ||
| - path: optional/quay/quayOperatorGroup.yaml | ||
| - path: optional/quay/quaySubscription.yaml |
There was a problem hiding this comment.
Quay is not yet published in the RDS. Let's omit it here until it is published.
There was a problem hiding this comment.
Done. Removed the reference to the Quay operator CR templates.
| annotations: | ||
| workload.openshift.io/allowed: management |
There was a problem hiding this comment.
We do not enable workload partitioning for the hub cluster. This annotation should be optional.
One option is we can remove it here entirely and add it to the global ignored list.
| {{- range .spec.storageClassDevices }} | ||
| - storageClassName: {{ .storageClassName }} | ||
| forceWipeDevicesAndDestroyAllData: true | ||
| volumeMode: Block |
There was a problem hiding this comment.
Block or Filesystem is ok.
There was a problem hiding this comment.
Done. Both options allowed in the template.
| @@ -0,0 +1,7 @@ | |||
| --- | |||
There was a problem hiding this comment.
Omit all quay until published.
There was a problem hiding this comment.
I have omitted the Quay operator check by removing it from the metadata.yaml. As the source-crs are present in the repo I assume it's also ok to have the templates.
There was a problem hiding this comment.
There is a pending PR to remove quay from the repo until we've verified. We should remove it here too.
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 20Gi |
There was a problem hiding this comment.
These storage values should check for compliance against a minimum value. (here and below)
There was a problem hiding this comment.
I'm not sure how to enforce this condition with the options currently available in the cluster-compare tool. If it was just a number a logical "greater/lower than" could be used but the fact that different capacity units can be used requires more involved processing. Any idea on how to check this?
There was a problem hiding this comment.
We don't have any "easy" way to do this, but it may not be too hard to write a helper template to do it. In the short term, it's better to just "allow any value" if this is something customers will be customizing, and open up a new story &PR to restrict the value to a minimum value.
There was a problem hiding this comment.
Modified to allow any value.
| # Replace <http-server-address:port> with the address of the local web server that stores the RHCOS images. | ||
| # The images can be downloaded from "https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/". | ||
| - cpuArchitecture: "x86_64" | ||
| openshiftVersion: "4.17" | ||
| rootFSUrl: {{ (index .spec.osImages 0).rootFSUrl }} | ||
| url: {{ (index .spec.osImages 0).url }} | ||
| version: "417.94.202409121747-0" |
There was a problem hiding this comment.
We should allow any content here. The specific set of versions they will deploy will vary.
| labels: | ||
| app: assisted-service | ||
| data: | ||
| {{- .data | toYaml | nindent 2 }} |
There was a problem hiding this comment.
| {{- .data | toYaml | nindent 2 }} | |
| {{- .data | toYaml | nindent 2 }} |
There was a problem hiding this comment.
(technically was not needed because {{- ... eats all whitespace and the later nindent 2 adds the proper carriage return and indentation)
| watchAllNamespaces: true | ||
| # some servers do not support virtual media installations | ||
| # when the image is served using the https protocol | ||
| # disableVirtualMediaTLS: true |
There was a problem hiding this comment.
Make this field optional so that an installation which includes it is ok.
| - pathToKey: metadata.ownerReferences | ||
| - pathToKey: spec.finalizers | ||
| allowStatusCheck: | ||
| - include: defatuls |
There was a problem hiding this comment.
Typo
| - include: defatuls | |
| - include: defaults |
lack
left a comment
lack
left a comment
There was a problem hiding this comment.
I added a couple minor coments throughout, but I think one big problem I see is that there's no CI step to ensure that these templates match the actual source-crs in source control. Take a look at how the telco-ran area does this as a good example. Without CI enforcement, you'll get drift as the source-crs and/or cluster-compare templates change over time.
|
The other thing I'd recommend before committing this is to run it against a real cluster (or a few real clusters) to make sure you're starting with a fairly clean set of templates that don't have any obvious false-positives to start with. |
That's right. I will have a look. In any case I think it's better to open a new PR for this. |
I've tested it against a Hub cluster that I've deployed in the lab. That should provide a fairly clean baseline. |
I understand the reasoning here, but if you don't add enforcement right away, all the other outstanding PRs (#111 #232 #208) will suddenly make these templates out-of-sync. |
|
/lgtm |
|
/ok-to-test |
|
/retest |
|
/ok-to-test |
lack
left a comment
lack
left a comment
There was a problem hiding this comment.
Looking good! My only concern is that we should not duplicate the CI scripts.
There was a problem hiding this comment.
Now that we have 2 areas that do the same check (here and telco-ran), maybe we should consider putting more of the logic in a shared helper script instead of copying it?
There was a problem hiding this comment.
To be implemented in a follow-up PR as discussed.
There was a problem hiding this comment.
Likewise, let's share the same compare.sh with telco-ran as opposed to making a copy.
There was a problem hiding this comment.
To be implemented in a follow-up PR as discussed.
| name: version | ||
| status: | ||
| desired: | ||
| version: {{ template "versionMatch" (list .status.desired.version "4.19") }} |
There was a problem hiding this comment.
Currently 4.19 which will very soon get copied back to release-4.19 and then main updated to 4.20
| - name: version-check | ||
| description: |- | ||
| A mismatch here means you may be using the wrong reference. | ||
| This reference was designed for OpenShift 4.18. |
There was a problem hiding this comment.
| This reference was designed for OpenShift 4.18. | |
| This reference was designed for OpenShift 4.20 |
|
/ok-to-test |
imiller0
left a comment
imiller0
left a comment
There was a problem hiding this comment.
Two minor comments, otherwise LGTM
|
|
||
| .PHONY: sync | ||
| sync: convert | ||
| @./compare.sh --sync "../reference-crs" renderedv1 No newline at end of file |
| sync_cr "$RENDERDIR" "$SOURCEDIR" compare_ignore | ||
| else | ||
| compare_cr "$RENDERDIR" "$SOURCEDIR" compare_ignore | ||
| fi No newline at end of file |
|
/ok-to-test |
openshift-ci
bot
added
lgtm
|
/ok-to-test |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: imiller0, jmontesi The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/ok-to-test |
3 participants
The templates cover the reference CRs for the following operators:
Also, a make recipe to prevent any mismatch between the templates and the reference CRs is included.