Add native Azure Blob support to BucketController #513
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
laozc
force-pushed
the
azblob
branch
4 times, most recently
from
658faf0
to
77bf538
Compare
Signed-off-by: Zhongcheng Lao <Zhongcheng.Lao@microsoft.com>
Signed-off-by: Zhongcheng Lao <Zhongcheng.Lao@microsoft.com>
Signed-off-by: Zhongcheng Lao <Zhongcheng.Lao@microsoft.com>
This commit introduces new Condition types to the v1beta1 API, facilitating easier observation of (potentially) problematic state for end-users. - `ArtifactUnavailableCondition`: indicates there is no artifact available for the resource. This Condition should be set by the reconciler as soon as it observes the absence of an artifact for a source. - `CheckoutFailedCondition`: indicates a transient or persistent checkout failure. This Condition should be set by the reconciler as soon as it observes a Git checkout failure, including any prerequisites like the unavailability of the referenced Secret used for authentication. It should be deleted as soon as a successful checkout has been observed again. - `SourceVerifiedCondition`: indicates the integrity of the source has been verified. The Condition should be set to True or False by the reconciler based on the result of the integrity check. If there is no verification mode and/or secret configured, the Condition should be removed. - `IncludeUnavailableCondition`: indicates one of the referenced includes is not available. This Condition should for example be set by the reconciler when the include does not exist, or does not have an artifact. If the includes become available, it should be deleted. - `ArtifactOutdatedCondition`: indicates the current artifact of the source is outdated. This Condition should for example be set by the reconciler when it notices there is a newer revision for an artifact, or the previously included artifacts differ from the current available ones. The Condition should be removed after writing a new artifact to the storage. Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit ensures all API objects implement the interfaces used by the runtime package to work with conditions, etc., and prepares the test suite to work with the `pkg/runtime/testenv` wrapper. Changes are made in a backwards compatible way (that being: the existing code can still be build and works as expected), but without proper dependency boundaries. The result of this is that the API package temporary depends on the runtime package, which is resolved when all reconcilers have been refactored and the API package does no longer contain condition modifying functions. Signed-off-by: Hidde Beydals <hello@hidde.co>
NOTE: Remove `hasArtifactUpdated` in the future once it's no longer used. Signed-off-by: Hidde Beydals <hello@hidde.co>
The problem with `GetInterval()` was that the returned type was of `metav1.Duration`, while almost anywhere it was used, a type of `time.Duration` was requested. The result of this was that we had to call `GetInterval().Duration` all the time, which would become a bit cumbersome after awhile. To prevent this, we introduce a new `GetRequeueAfter() time.Duration` method, which both results the right type, and bears a name that is easier to remember where the value is used most; while setting the `Result.RequeueAfter` during reconcile operations. The introduction of this method deprecates `GetInterval()`, which should be removed in a future MINOR release. Signed-off-by: Sunny <darkowlzz@protonmail.com> Co-authored-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Also, introduce FetchFailedCondition for generic fetch failures. Signed-off-by: Sunny <darkowlzz@protonmail.com> Co-authored-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Sunny <darkowlzz@protonmail.com> Co-authored-by: Hidde Beydals <hello@hidde.co>
Please remove this option, mounting files inside a Flux controller breaks multi-tenancy. |
phillebaba
previously approved these changes
Dec 6, 2021
|
@laozc looks good, left a few smaller comments 🌹 |
hiddeco
requested changes
Dec 6, 2021
There was a problem hiding this comment.
Generally supportive of adding support for Azure Blob, but I think the changes need to be carefully aligned with the work in #455 and additional pending work in https://github.com/fluxcd/source-controller/tree/reconcilers-dev-bucket.
Which means it may take some time before the prerequisites for this PR are in place, and I can provide a precise insight into what needs further addressing.
Signed-off-by: Zhongcheng Lao <Zhongcheng.Lao@microsoft.com>
|
I'll hold on this PR for a bit until the #455 is merged. |
Could you elaborate more details on your concern? |
Signed-off-by: Sunny <darkowlzz@protonmail.com>
This commit rewrites the `BucketReconciler` to new standards, while implementing the newly introduced Condition types, and trying to adhere better to Kubernetes API conventions. More specifically it introduces: - Implementation of more explicit Condition types to highlight abnormalities. - Extensive usage of the `conditions` subpackage from `runtime`. - Better and more conflict-resilient (status)patching of reconciled objects using the `patch` subpackage from runtime. - Proper implementation of kstatus' `Reconciling` and `Stalled` conditions. - Refactor of reconciler logic, including more efficient detection of changes to bucket objects by making use of the etag data available, and downloading of object files in parallel with a limited number of workers (4). - Integration tests that solely rely on `testenv` and do not use Ginkgo. There are a couple of TODOs marked in-code, these are suggestions for the future and should be non-blocking. In addition to the TODOs, more complex and/or edge-case test scenarios may be added as well. Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit consolidates the `DownloadFailed` and `CheckoutFailed` Condition types into a new more generic `FetchFailed` type to simplify the API and observations by consumers. Signed-off-by: Hidde Beydals <hello@hidde.co>
Add `BucketReconciler.reconcileArtifact` tests based on `GitRepositoryReconciler.reconcileArtifact` test cases. Signed-off-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Sunny <darkowlzz@protonmail.com>
- Introduce mock GCP Server to test the gcp bucket client against mocked gcp server results. - Add tests for reconcileGCPSource(). - Patch GCPClient.BucketExists() to return no error when the bucket doesn't exists. This keeps the GCP client compatible with the minio client. Signed-off-by: Sunny <darkowlzz@protonmail.com>
NOTE: Remove `hasArtifactUpdated` in the future once it's no longer used. Signed-off-by: Hidde Beydals <hello@hidde.co>
The problem with `GetInterval()` was that the returned type was of `metav1.Duration`, while almost anywhere it was used, a type of `time.Duration` was requested. The result of this was that we had to call `GetInterval().Duration` all the time, which would become a bit cumbersome after awhile. To prevent this, we introduce a new `GetRequeueAfter() time.Duration` method, which both results the right type, and bears a name that is easier to remember where the value is used most; while setting the `Result.RequeueAfter` during reconcile operations. The introduction of this method deprecates `GetInterval()`, which should be removed in a future MINOR release. Signed-off-by: Sunny <darkowlzz@protonmail.com> Co-authored-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Also, introduce FetchFailedCondition for generic fetch failures. Signed-off-by: Sunny <darkowlzz@protonmail.com> Co-authored-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Sunny <darkowlzz@protonmail.com> Co-authored-by: Hidde Beydals <hello@hidde.co>
Embedding runtime.Object in Source interface makes the Source type more useful to interact with k8s API machinery. Signed-off-by: Sunny <darkowlzz@protonmail.com>
- internal/error - Contains internal error type used across the source-controller reconcilers. - internal/reconcile - Contains helper abstractions for the controller-runtime reconcile Result type and functions to interact with the abstractions. Signed-off-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Sunny <darkowlzz@protonmail.com>
This commit rewrites the `BucketReconciler` to new standards, while implementing the newly introduced Condition types, and trying to adhere better to Kubernetes API conventions. More specifically it introduces: - Implementation of more explicit Condition types to highlight abnormalities. - Extensive usage of the `conditions` subpackage from `runtime`. - Better and more conflict-resilient (status)patching of reconciled objects using the `patch` subpackage from runtime. - Proper implementation of kstatus' `Reconciling` and `Stalled` conditions. - Refactor of reconciler logic, including more efficient detection of changes to bucket objects by making use of the etag data available, and downloading of object files in parallel with a limited number of workers (4). - Integration tests that solely rely on `testenv` and do not use Ginkgo. There are a couple of TODOs marked in-code, these are suggestions for the future and should be non-blocking. In addition to the TODOs, more complex and/or edge-case test scenarios may be added as well. Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit consolidates the `DownloadFailed` and `CheckoutFailed` Condition types into a new more generic `FetchFailed` type to simplify the API and observations by consumers. Signed-off-by: Hidde Beydals <hello@hidde.co>
Add `BucketReconciler.reconcileArtifact` tests based on `GitRepositoryReconciler.reconcileArtifact` test cases. Signed-off-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Sunny <darkowlzz@protonmail.com>
- Introduce mock GCP Server to test the gcp bucket client against mocked gcp server results. - Add tests for reconcileGCPSource(). - Patch GCPClient.BucketExists() to return no error when the bucket doesn't exists. This keeps the GCP client compatible with the minio client. Signed-off-by: Sunny <darkowlzz@protonmail.com>
Ignore "not found" error while patching when the delete timestamp is set. Signed-off-by: Sunny <darkowlzz@protonmail.com>
darkowlzz
force-pushed
the
reconcilers-dev-bucket
branch
from
f4aded7
to
ceec2b0
Compare
- Remove ArtifactUnavailable condition and use Reconciling condition to convey the same. - Make Reconciling condition affect the ready condition. - Introduce summarizeAndPatch() to calculate the final status conditions and patch them. - Introduce reconcile() to iterate through the sub-reconcilers and execute them. Signed-off-by: Sunny <darkowlzz@protonmail.com>
darkowlzz
force-pushed
the
reconcilers-dev-bucket
branch
from
ceec2b0
to
a1e5067
Compare
Signed-off-by: Zhongcheng Lao <Zhongcheng.Lao@microsoft.com>
darkowlzz
force-pushed
the
reconcilers-dev-bucket
branch
4 times, most recently
from
55311a5
to
4b939ee
Compare
|
Ping. |
|
We are working on getting the work of #586 in Sorry about the wait, changes in that PR are so broad that fitting additional things into it is a bit like playing Tetris 😅 |
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds native Azure Blob support to the BucketController
which enables the integration in Azure environment.
To provide the key the user may choose to use account key or resourceId.
kubectl create secret generic blob-credentials --namespace flux-system --from-literal secretkey=[STORAGE_ACCOUNT_KEY]
or
kubectl create secret generic blob-credentials --namespace flux-system --from-literal accesskey=[STORAGE_ACCOUNT_RESOURCE_ID]
When using resourceId as accesskey, the source-controller deployment is required to have Azure cloud-config (
/etc/kubernetes/azure.json) mounted.