WIP: POC: Leverage of autovar kustomize feature by kubeflow #502
Conversation
…gressgateway (kubeflow#383)" This reverts commit 8196f65.
- update names in kfdef - update tree structure in kfdef - start to use autovar with ConfigMap - start to use autovar with KfDef
|
Hi @jbrette. Thanks for your PR. I'm waiting for a kubeflow member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@kkasravi @jlewi @yanniszark Please have look at the proposed code changes. This will give you an idea how the autovar feature we created for our project could be useful for kubeflow |
|
/ok-to-test |
|
awesome @jbrette Does this include changes from |
|
@jbrette: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Do we need airshipit in the group of the CRD?
Could we generate the CRD and schema using a different tool?
Is kfdef/kfctl_gcp_iap/kfdef-app.yaml the output of running kustomize build kfdef/kfctl_gcp_iap?
Are the builtin transformers under kfdef/kfctl_gcp_iap applied automatically?
Is KindOrderTransformer equivalent to kustomize build --reorder none?
Since kfctl generates the kustomization.yaml for all top-level manifests what if we were to
define top-level manifests that (taking /manifests/gcp/iap-ingress as an example) look like
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- base
- overlays/managed-cert/cert.yaml
commonLabels:
kustomize.component: iap-ingress
generators:
- kfdef/kfctl_gcp_iap/kfdef-app.yaml
and the plugin does the generation rather than kfctl?
| @@ -6,4 +6,4 @@ spec: | |||
| iap: | |||
| enabled: true | |||
| oauthclientCredentials: | |||
| secretName: $(oauthSecretName) | |||
| secretName: $(ConfigMap.parameters.data.oauthSecretName) | |||
There was a problem hiding this comment.
Other manifest targets also use the name 'parameters' in configMapGenerator.
Should we make each ConfigMap name unique?
| name: $(ingressName) | ||
| namespace: $(istioNamespace) | ||
| name: $(ConfigMap.parameters.data.ingressName) | ||
| namespace: $(ConfigMap.parameters.data.istioNamespace) |
There was a problem hiding this comment.
I think we can do
KfDef.app.spec.applications[name=iap-ingress].kustomizeConfig.parameters[name=namespace].value
in config-map.yaml where we are using ConfigMap.parameters.data.namespace
There was a problem hiding this comment.
This is fine. I left both options so that the team can understand what is possible. My project is more using the approach of a central index KfDef rather than small ConfigMap.
| istioNamespace=istio-system |
There was a problem hiding this comment.
i think it would be better to move these vars into KfDef.app.applications[name=iap-ingress].kustomizeConfig.parameters and reference them in the ConfigMap
| @@ -138,8 +134,7 @@ subjects: | |||
| roleRef: | |||
| kind: ClusterRole | |||
| name: efs-csi-node-clusterrole | |||
| apiGroup: rbac.authorization.k8s.io | |||
| `) | |||
| apiGroup: rbac.authorization.k8s.io`) | |||
There was a problem hiding this comment.
I think these diffs are related to go fmt and can probably be ignored
There was a problem hiding this comment.
I do believe there are small trailing white spaces in the yaml, or trailing end of file/line character. I think somebody should run a beauty printer on the yaml files and regenerate the go code.
| kind: CustomResourceDefinition | ||
| metadata: | ||
| creationTimestamp: null | ||
| name: kfdefs.kubeflow.airshipit.org |
There was a problem hiding this comment.
can you provide some background on the mapping between kfdef/kfctl_gcp_iap.yaml and the CRD generation.
| @@ -1,9 +1,8 @@ | |||
| # Please set project and email! | |||
| apiVersion: kfdef.apps.kubeflow.org/v1alpha1 | |||
| apiVersion: kubeflow.airshipit.org/v1beta1 | |||
There was a problem hiding this comment.
was the CRD generated by airshipctl?
There was a problem hiding this comment.
First, this PR should not be merged, the airshipit is just a temporary hack.
Indeed I tried to get a PR merged in kubeflow/kubeflow but:
- I did not really understood what is using the v1alpha1 and what is using v1beta1.
- I ended up having circular dependencies on kustomize, and logrus...all the things which in kubeflow/bootstrap/go.mod
If you check a lot of the projects involving CRDs, they often have the API in a standalone go module. This should be possible long term with the kubeflow/kfctl package. To get the POC going, I copy pasted the KfDef.go here and get it to work in standalone. An example on how to use the newest version of controller-gen is here
What is also intersting is that we could run that script against the CRD known in kfctl. This generates the kubeval.json which also to verify that the syntax of the objects are correct even before running the "kubectl apply". For instance look at here
As for the SMP anotation, it could be really usefull to apply kustomize to the kfdefs.
Now that kustomize is a standalone library, we just have to "register" the types in kfctls liked I tried here.
The examples of merge are here for Argo Workflow, Rollout, KfDef...
|
@kkasravi @jlewi I was explicitly told today that autovar feature will not be merged in kustomize because there is a $ which looks like too much like template and that would prevent kubectl apply -f for working. I was forced to withdraw the PR that was left rotten since 4 months. There is a new proposal involving adding even more complicated field structures in the kustomization.yaml. I don't think that is what you need but would you will to adapt kfctl because the complete removal of variable support by kustomize is likely to follow. |
|
@jbrette could you give a link to the discussion? |
|
kfctl will soon be in an interesting situation
So I always tried to contribute to kubeflow because it helped to understand how to use kustomize at scale, but sometimes I wonder how kfctl would be behave it was internally doing something like "helm template xxx | kubectl apply -f" instead of "kustomize build xxx | kubectl apply -f" |
Which issue is resolved by this Pull Request:
Resolves #
DO NOT MERGE. This PR is only here to highlight the potential usage of autovar feature by kubeflow.
$(ConfigMap.parameters.data.xxx) is simplier. No need to change add the varReference nor the var in the kustomization.yaml. The configMapGenerator is still used.
$(KfDef.app.applications[name=xxx].kustomizeConfig.parameters[name=xxx].Value: This avoid using intermediate config map and allows to point a central variable CRD.
Description of your changes:
Checklist:
cd manifests/testsmake generatemake testThis change is