Add apis for machine-class

[hardikdr]

What this PR does / why we need it: Adding APIs for Machine-class. Machineclass is a way of externalizing the ProviderConfig from MachineSpec using reference.
This PR is basically re-initiating the work done here: kubernetes-retired/kube-deploy#659

• I will migrate the review-comments from that PR to here.

Which issue(s) this PR fixes : This PR partially resolves- #22 .

Special notes for your reviewer:

Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

Release note:

Added apis for machine-class

[hardikdr]

mvladev: https://github.com/kubernetes/kube-deploy/pull/659/files#r177866614

roberthbailey: I don't think it should be necessary to specify the capacity / allocatable on a single machine if you inline the provider config. I think of the class is a separate way to bring the provider specific data, not something inherent to the spec of the machine.

[roberthbailey]

/cc @mvladev - additional thoughts on this?

[vikaschoudhary16]

@roberthbailey does that mean machine class is just a collection of provider specific configuration?
Advantages of machine classes:

• less configuration lines in the machine objects by keeping common bits in a machine class object

Any other?

[hardikdr]

less configuration lines in the machine objects by keeping common bits in a machine class object

• more precisely, externalize the providerConfig to separate objects.
• as discussed in wg-call, it could also be used for defaulting/versioning via apiserver-webhooks, which could be hard to achieve in only inlined.

[hardikdr]

mvladev: What about namespace?

roberthbailey: Storage classes aren't namespaced, and I used that same pattern here. But it's worth discussing whether they should be part of a namespace.

[hardikdr]

I have entertained the namespaces- should be helpful especially keeping in mind the sensitivity of the data in machine-classes and our approach of isolating the clusters based on namespaces.

[sflxn]

StorageClass are basically templates. Here, we're using namespace for isolating actual clusters. Do we need to also isolate machine templates? I don't see a need for namespace here.

[hardikdr]

As mentioned, machine-classes going forward would be expected to have specific details towards machines and in-turn clusters, and also sensitive information of underlying infra. Separating machine-classes via namespaces will help to avoid unintended consumers of it.

[vikaschoudhary16]

tend to agree with @hardikdr on keeping machine class as namespaced object.

[hardikdr]

krousey: What kinds of things is this meant to override? Capacity? Allocatable? Or stuff in the provider config? All of these seem like they could be deeply nested structures that a map would not be able to fully express.

If ProviderConfig, perhaps we consider json patches?

roberthbailey: My thinking was in the provider config (e.g. parameterize the zone of a class to stamp out identical machine sets in multiple zones).

[roberthbailey]

I think we should leave this out for now. If we find a need for it, we can figure out how to add it later (templating vs. overlays will be contentious). But until there is a concrete need, less is more.

[hardikdr]

krousey: From what I understand, this is the capacity minus the amount that kubelet is going to reserve on the node. I don't think you can know what that reserve is going to be just given a machine class. I know for GKE, we vary the reserve for each release, and possibly by machine size.

Perhaps the best way to represent this would be to officially model the Kubelet reserved resources in the MachineSpec (and therefore MachineSet and MachineDeployment). If we did that, we could drop Allocatable here, and autoscalers of deployments could pick the capacity from machine class and subtract reserved from machine spec.

mvladev: I agree with @krousey. There is no way to calculate in advance the allocated resources - the Machine class doesn't have a knowledge of which kubelet version / container runtime you are going to use and those can affect the kubelet's --kube-reserved and --system-reserved flags.

roberthbailey: The intent is that this would indicate to the cluster autoscaler how much actual capacity would exist once the "node allocatable" overhead was subtracted. The fact that the overhead varies by version makes putting this variable here... difficult, since it would tightly couple a machineclass to a specific k8s version if you wanted to adhere to the warning text.

@krousey - Is your suggestion of putting reserved in the machine spec to put it next to the kubelet version, since it is tightly coupled with it?

[hardikdr]

mladev: Why is this needed?

roberthbailey: I added this comment as an alternate design -- one thing we'd thought about was splitting this data across two objects (class + template) and the template could potentially be used directly by machine in addition to machine class. Not sure if that's valuable or not though, so I put this here to foster discussion.

[vikaschoudhary16]

+1 for keeping capacity and allocatable as MahcineStatus fields. cluster-api controller would initialize these fields once linking with the kubelet node is established. These are "observed" values and mary vary from machine to machine due to some discovery failure or hw failure etc. Therefore should be updated in MachineStatus whatever is actually observed at kubelet node.

+1 for keeping taints in MachineClassSpec. Taints are generally used for scheduling domain isolation and therefore generally applies to a bunch of machines.

[roberthbailey]

/ok-to-test
/assign @roberthbailey

[roberthbailey]

It might be worth waiting to merge this until the kubebuilder stuff lands. I know it will mean a significant rebase, but I think the important thing is to agree on the initial api types. Hopefully putting those into the kubebuilder framework will be straightforward.

[roberthbailey]

/cc @mvladev - additional thoughts on this?

[roberthbailey]

I think we should leave this out for now. If we find a need for it, we can figure out how to add it later (templating vs. overlays will be contentious). But until there is a concrete need, less is more.

[roberthbailey]

Isn't there a "reference" type that we should use instead of objectmeta? Something like LocalReference or ObjectReference?

[hardikdr]

Yes, my bad, made it objectreference.
Also removed the Parameters for now.

[roberthbailey]

If we leave out both allocatable and capacity, then machine class == provider config. I think it's important that we address @mvladev's comment above about whether we should have both of those fields on all machines (via an inline class) or only available to the autoscaler on machines that were created via a reference to a machine class.

[hardikdr]

Agreed. I believe these decisions would be easier to take once requirements from cluster-autosclaer requirements are clearer. Shall we evolve the APIs for such fields as and when needed?
See: Initial work has started here kubernetes/community#2653

[mvladev]

I'm not sure if allocatable and capacity is something which should be put in the status of a machine. How can one define allocatable?
At the moment this is calculated by summing kube-reserved, system-reserved and eviction-thresholds https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable

[roberthbailey]

We are going to chat with some folks that work on the autoscaler tomorrow; maybe that will help clarify what is needed here.

[enxebre]

Code on how allocatable is calculated is here https://github.com/kubernetes/kubernetes/blob/426ef9d349bb3a277c3e8826fb772b6bdb008382/pkg/kubelet/cm/node_container_manager.go#L174:33
We could assume a reasonable margin so allocatable is set based on the given capacity when creating a new machineClass. This would be used for the case of scaling out from zero, otherwise the info from running machines/nodes would be used.

Also should taints belongs to the machineClass?

[sflxn]

It seems strange to have allocatable and capacity part of machineclass. Is this defining how many pods we're going to allow to run on this machine? How can we know that without knowing the size of OS, and additional software stack? Shouldn't we let the control plane calculate that?

[hardikdr]

Yes, these fields are expected to be available only after certain calculation, but autoscaler probably would be asking for it from a machine-api stack. We are in talks with autoscaler folks and try to decide right place/design, and hence I have intentionally kept those fields out for the first cut.

[hardikdr]

@enxebre I am not sure about the specific requirements around taints, but I would expect Taints to be available rather at MachineObjects than at class. Class should be seen more for representation of set of machines under MachineDeployment/Set, where subset of them could or could not have taints, which could be best identified by taints on specific MachineObjects.

[roberthbailey]

leave out capacity / allocatable since those are currently commented out.

[hardikdr]

Done. Thanks for pointing out, I missed it.

[roberthbailey]

since we are going to remove the parameters part, make this just us-central1-f instead of my bash-style substitution syntax.

[hardikdr]

Fixed.

[mvladev]

I don't think that this is needed as the MachineClass should contain all the information for that specific machine.

[roberthbailey]

@mvladev - where does the machine class contain that info? Right now it's contained in this string.

[sflxn]

I assume Provider is similar to StorageClass' "provisioner"? If so, shouldn't we also have a name field for the MachineClass? Or is that already built in because of corev1.ObjectReference?

[hardikdr]

Yes, ObjectReference should provide us with the name field in it.

[mvladev]

I'm not sure if allocatable and capacity is something which should be put in the status of a machine. How can one define allocatable?
At the moment this is calculated by summing kube-reserved, system-reserved and eviction-thresholds https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable

[sflxn]

I just want to point out I believe this is different from the way StorageClass and RuntimeClass handles ref. I guess it's ok since we're not handling the class the same way as them. They use just a string. Their controller matches the class' string name to match up the provider. So if we were following the same pattern, we would have some controller that matched up the string with a provider known to the controller. It's been a few months since I looked at this, but I believe that is the pattern.

[sflxn]

I know this is an example, but can provider be defined in the machine class object above? With the way it was defined in the code above, can provider be provided in either machine class or machine objects?

[hardikdr]

I have kept provider at machine-object level, keeping in mind the usecase where we might not want to fetch the complete MachineClass when MachineObject is seen/updated. In the future iterations, we can think if it's needed at any other layers as well to be populated explicitly.

[vikaschoudhary16]

@hardikdr

the usecase where we might not want to fetch the complete MachineClass when MachineObject is seen/updated.

I am struggling to understand this use case. Who is "we"? autoscaler?
If it is intended that provider should use default provider config for this machine object and should not refer machine class, may be following will make more sense:

spec:
  providerConfig:
    provider: gcp
    valueFrom:
      machineClass:
        name: ""
        namepsace: ""

i.e if machine class is mentioned it will be refereed otherwise should be left blank for default.

[hardikdr]

Inline providerConfig will still work as it is currently, classes will only be a parallel mechanism for users to inject the providerConfig via reference. Above comment was explicitly for provider field at MachineObject layer, and not the existence of classes as such :)

[vikaschoudhary16]

Trying to compare machine classes with storage classes. Motivation behind storage classes was the portability across different storage providers. Wondering what is the motivation behind machine class? Can you please link me to a user story that how autoscaler will consume machine classes?

[hardikdr]

@vikaschoudhary16 Though we learn from storage-class, we may have our divergent-points, as underlying usecase is different, for instance - namespaced machineclasses.
You might want to be updated with developments in this WIP-PR, I have described few points there
: kubernetes/community#2653

[vikaschoudhary16]

I think it is a common pattern in kubernetes projects to have a separate commit for generated code. This helps reviewers to focus on the actual changes. If not so late already, you might want to rearrange commits to do so.
Thanks!

[roberthbailey]

@hardikdr - this needs a rebase (for the generated file).

[hardikdr]

@roberthbailey I updated the commits to align with both comment from @vikaschoudhary16 and kubebuilder pr, can you please have a look at the changes made.

[roberthbailey]

/lgtm
/approve

This has been waiting for comments for longe enough. Let's get it in and then we can tweak it going forward if we need to (since the api is still alpha).

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hardikdr, roberthbailey

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [roberthbailey]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment