-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oc import-image: deprecate legacy path using annotations #19673
oc import-image: deprecate legacy path using annotations #19673
Conversation
pkg/oc/cli/cmd/importimage.go
Outdated
var err error | ||
is, err = o.isClient.Get(o.Name, metav1.GetOptions{ResourceVersion: resourceVersion}) | ||
if err != nil { | ||
if errors.IsNotFound(err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assumed that if IS is not found, we would like to continue polling. But if error is anything else, stop polling and report the error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't need to. This is the old path, for which the stream should be already created for you.
pkg/oc/cli/cmd/importimage.go
Outdated
@@ -3,15 +3,14 @@ package cmd | |||
import ( | |||
"fmt" | |||
"io" | |||
"k8s.io/apimachinery/pkg/util/wait" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move this import down
pkg/oc/cli/cmd/importimage.go
Outdated
if !ok { | ||
return nil, fmt.Errorf("image stream watch ended prematurely") | ||
var is *imageapi.ImageStream | ||
err := wait.Poll(1*time.Second, 60*time.Second, func() (bool, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wait.PollImmediate
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
during testing, it usually polled ~3 times, would we gain anything with wait.PollImmediate
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in case the server is fast, we don't have to wait 1s at least
pkg/oc/cli/cmd/importimage.go
Outdated
return nil, fmt.Errorf("image stream watch ended prematurely") | ||
var is *imageapi.ImageStream | ||
err := wait.Poll(1*time.Second, 60*time.Second, func() (bool, error) { | ||
var err error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't shadow the outer-err ;-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is what I took as a reference:
origin/pkg/cmd/server/origin/openshift_apiserver.go
Lines 675 to 684 in 74a6a14
var securityClient securityclient.Interface | |
err := wait.Poll(1*time.Second, 30*time.Second, func() (bool, error) { | |
var err error | |
securityClient, err = securityclient.NewForConfig(context.LoopbackClientConfig) | |
if err != nil { | |
utilruntime.HandleError(fmt.Errorf("unable to initialize client: %v", err)) | |
return false, nil | |
} | |
return true, nil | |
}) |
could you recommend what pattern should I rather follow? I would like to get the is
out of the polled function and ideally name error vars as err
pkg/oc/cli/cmd/importimage.go
Outdated
var is *imageapi.ImageStream | ||
err := wait.Poll(1*time.Second, 60*time.Second, func() (bool, error) { | ||
var err error | ||
is, err = o.isClient.Get(o.Name, metav1.GetOptions{ResourceVersion: resourceVersion}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why passing the resourceVersion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because the original code was also passing it and didn't want to cause any regression
origin/pkg/oc/cli/cmd/importimage.go
Line 302 in 74a6a14
streamWatch, err := o.isClient.Watch(metav1.ListOptions{FieldSelector: fields.OneTermEqualSelector("metadata.name", o.Name).String(), ResourceVersion: resourceVersion}) |
Should I remove it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, you don't need that anymore now that you're using GET
, it was there to explicitly watch newer events only.
43474fe
to
7e44ef4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder how long we want to keep supporting the legacy path when importing images.
pkg/oc/cli/cmd/importimage.go
Outdated
var is *imageapi.ImageStream | ||
err := wait.Poll(1*time.Second, 60*time.Second, func() (bool, error) { | ||
var err error | ||
is, err = o.isClient.Get(o.Name, metav1.GetOptions{ResourceVersion: resourceVersion}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, you don't need that anymore now that you're using GET
, it was there to explicitly watch newer events only.
pkg/oc/cli/cmd/importimage.go
Outdated
var err error | ||
is, err = o.isClient.Get(o.Name, metav1.GetOptions{ResourceVersion: resourceVersion}) | ||
if err != nil { | ||
if errors.IsNotFound(err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't need to. This is the old path, for which the stream should be already created for you.
133b79b
to
0e364d7
Compare
@soltysh @mfojtik @bparees quick question related to the issue. If the origin/pkg/oc/cli/cmd/importimage.go Lines 343 to 365 in 74a6a14
but using restricted Command serviceaccount
role.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: r1
namespace: test
rules:
- apiGroups:
- "image.openshift.io"
resourceNames:
- image_name
resources:
- imagestreams
- imagestreams/layers
verbs:
- create
- delete
- edit
- get
- list
- update
- watch rolebinding.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: r1-to-sa
namespace: test
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: r1
subjects:
- kind: ServiceAccount
name: sa
namespace: test imagestream.yamlkind: ImageStream
apiVersion: v1
metadata:
name: image_name oc create -f imagestream.yaml --as=system:serviceaccount:test:sa --loglevel=9
|
27948d3
to
2724ac5
Compare
Don't use resourceName, there's on other way around it. |
@soltysh why doesn't resourceName work?
I don't know what purpose this serves? you're going to end up w/ an empty imagestream that has no import source, so why bother? there are other/more appropriate ways to create an imagestream if that is your goal. I would love to deprecate this behavior unless someone can tell me its use case (@mfojtik @soltysh ?) |
correct |
/test gcp |
@bparees actually, considering earlier comment from @soltysh
maybe this PR doesn't add much value since it addresses part of the legacy path. Should I rather try to deprecate the legacy path instead? |
It's not obvious to me what "// Legacy path, remove when support for older importers is removed" is referring to. What part of this code is legacy path? I would expect any import operation to need to wait for the import to complete to report the results. @soltysh can you elaborate on what part of this code is legacy path vs new and why? (also still interested in why we create an imagestream if it does not exist, since nothing will be imported in that case, as i understand it) |
Yes, updating existing does make sense. I was talking about the UC where the IS is to be created as a result of |
14f5fcc
to
afeb760
Compare
5b0717a
to
8183c53
Compare
/retest Docker flake and rpm flake?
|
/test e2e-gcp flake, test timed out |
/lgtm /hold |
post-rebase feel free to un-hold |
/hold cancel |
8183c53
to
72300b7
Compare
72300b7
to
1f5b299
Compare
/test cmd
|
/retest flake #20149 |
/test gcp |
@bparees post rebase (only conflict was new imports), good for lgtm? |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bparees, soltysh, wozniakjan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
WATCH
doesn't work with RBACresourceNames
as well asGET
. Changing thewaitForImport
to poll aGET
instead.fixes #13214
NOTE: I selected both pollPeriod:1*time.Second
and pollTimeout:60*time.Second
based on what I saw when going over a couple of polls in our codebase but not sure if it is appropriate and fits here.ptal @openshift/sig-developer-experience