Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Upgrade external OCI cloud controller manager #11378

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Feat: Upgrade external OCI cloud controller manager #11378

wants to merge 3 commits into from
+445 −0

Conversation

tico88612
Copy link
Member

@tico88612 tico88612 commented Jul 13, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

  • Upgrade OCI cloud controller manager and unify the variable naming.
  • In-tree cloud provider will remove at K8s v1.31. To avoid ambiguity, I suggest v2.27 would be better to remove roles/kubernetes-app/cloud-provider.
  • Unified puts the external cloud controller manager into role/kubernetes-app/external_cloud_controller.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Upgrade external Oracle cloud infrastructure cloud controller manager

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. labels Jul 13, 2024
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 13, 2024
@tico88612 tico88612 force-pushed the feat/external-oci-cloud-controller-manager branch from f095ad4 to 466ec5c Compare July 13, 2024 08:28
@yankay
Copy link
Member

yankay commented Jul 15, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Jul 15, 2024
@yankay
Copy link
Member

yankay commented Aug 6, 2024
edited
Loading

Thanks @tico88612

The release note maybe
”Add external Oracle cloud infrastructure cloud controller manager “
is better.

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tico88612, yankay

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 6, 2024
@ant31
Copy link
Contributor

ant31 commented Aug 8, 2024

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 8, 2024
@tico88612
Copy link
Member Author

/retest-required

@tico88612 tico88612 force-pushed the feat/external-oci-cloud-controller-manager branch from 466ec5c to a94fb0f Compare August 8, 2024 11:52
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 8, 2024
@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@tico88612 tico88612 force-pushed the feat/external-oci-cloud-controller-manager branch from a94fb0f to 3d71a93 Compare September 11, 2024 16:53
@tico88612
Copy link
Member Author

@VannTen, Could you help me with this PR? I want to remove the cloud provider from roles and call it Cloud Controller Manager. Thank you!

@VannTen
Copy link
Contributor

VannTen commented Oct 4, 2024

Hum, OCI is somewhat ambiguous name ... is there a way to use which denotes clearly this is the oracle cloud infra controller ? I know the previous internal was named OCI, but since we're creating a new one anyway, maybe we could have a less confusing name ? (-> confusion with open container image)

For the content itself:
I've seen several check of the form : var is defined and var == something -> can we have the var in defaults instead or is there some things preventing that ?

Thanks

@tico88612
Copy link
Member Author

Hum, OCI is somewhat ambiguous name ... is there a way to use which denotes clearly this is the oracle cloud infra controller ? I know the previous internal was named OCI, but since we're creating a new one anyway, maybe we could have a less confusing name ? (-> confusion with open container image)

OCI is an awkward acronym; it conflicts with the Open Container Initiative, and I don't have a better idea now.

Some of the code was migrated from roles/kubernetes-app/cloud-provider because the (in-tree) cloud-provider was removed to avoid confusion later. Incidentally, the Oracle cloud provider was upgraded.

For the content itself:
I've seen several check of the form : var is defined and var == something -> can we have the var in defaults instead or is there some things preventing that ?

Previously, the variables cloud_provider and external_cloud_provider were defined before executing the associated tasks. I was under the impression that there were anti-dumbing checks.

@VannTen
Copy link
Contributor

VannTen commented Oct 4, 2024 via email

VannTen
VannTen reviewed Oct 4, 2024
View reviewed changes
roles/kubernetes-apps/external_cloud_controller/oci/tasks/oci-credential-check.yml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not that you can use the assert module for all these checks

Copy link
Member Author

@tico88612 tico88612 Oct 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean like this?

- name: "External OCI Cloud Controller Manager | Credentials Check | external_oci_auth_key"
  ansible.builtin.assert:
    that:
      - not oci_use_instance_principals
      - external_oci_auth_key is not defined or not external_oci_auth_key
    fail_msg: "external_oci_auth_key is missing"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, if the check are not conditional, maybe you can add all put them in one assert ? (since it accepts multiples statement).

We still get the assert in the error message, I figure it's as good as "is missing" wdty ?

@tico88612 tico88612 force-pushed the feat/external-oci-cloud-controller-manager branch from 3d71a93 to 6610267 Compare October 8, 2024 15:31
@tico88612
Copy link
Member Author

I meant more stuf list oci_security_lists or external_oci_auth_user

I think giving a default value to the user setting is unnecessary because it's not a required option in Kubespray, and it's only triggered if external_cloud_provider is set to oci.

@VannTen
Copy link
Contributor

VannTen commented Oct 8, 2024 via email

@tico88612
Copy link
Member Author

It's not only about defaults, it's also about documentation. One of the goals is to use roles/defaults/*.yml as documentation ultimately, rather than the sample inventory. It also makes templates more readable (IMO) to not have the double checks (is defined + testing the value)

What do you mean? Do other user settings go to roles/kubernetes-apps/external_cloud_controller/oci/defaults/main.yml?

@VannTen
Copy link
Contributor

VannTen commented Oct 11, 2024 via email

@tico88612
Feat: add external OCI cloud controller manager template & variable
a9000fe 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
@tico88612
Feat: add external OCI cloud controller manager workflow
0ec94d2 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
@tico88612
Feat: migrate external OCI CCM config check from OCI cloud provider
b58a8ef 
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
@tico88612 tico88612 force-pushed the feat/external-oci-cloud-controller-manager branch from 6610267 to b58a8ef Compare October 13, 2024 04:15
@tico88612
Copy link
Member Author

Wouldn't adding the user setting eliminate the need for roles/kubernetes-apps/external_cloud_controller/oci/tasks/oci-credential-check.yml? (except that the value check for external_oracle_load_balancer_security_list_management_mode must be [“All”, “Frontend”, “None”])

@VannTen
Copy link
Contributor

VannTen commented Oct 14, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ErikJiang ErikJiang Awaiting requested review from ErikJiang

@mzaian mzaian Awaiting requested review from mzaian

@VannTen VannTen Awaiting requested review from VannTen

Assignees

@ant31 ant31

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tico88612 @yankay @k8s-ci-robot @ant31 @VannTen