Optimize start time for TaskRuns with no sidecars #2158
Conversation
tekton-robot
added
the
do-not-merge/work-in-progress
googlebot
added
the
cla: yes
tekton-robot
added
the
size/L
dibyom
force-pushed
the
sidecars
branch
4 times, most recently
from
19d304e
to
2d85c85
Compare
dibyom
changed the title
tekton-robot
removed
the
do-not-merge/work-in-progress
tekton-robot
added
the
approved
Yeah, I was just thinking about that -- feature falgs watching can probably be extracted out to its own package or something |
| @@ -780,6 +884,12 @@ script-heredoc-randomly-generated-78c5n | |||
| if d := cmp.Diff(c.want, &got.Spec, resourceQuantityCmp); d != "" { | |||
| t.Errorf("Diff(-want, +got):\n%s", d) | |||
| } | |||
|
|
|||
| if c.wantAnnotations != nil { | |||
There was a problem hiding this comment.
One thing I realized while adding the tests, is that we were never using the wantAnnotations filed at all (it was only specified for the sidecar tests). I added this block and started ignoring the releaseAnnotation that gets added by default.
There was a problem hiding this comment.
thanks for catching this! might also be a sign that the test cases are a bit too complex
There was a problem hiding this comment.
I have lots of minor feedback, one more major thing: I'm not convinced we definitely need a feature flag for this, it's very hard to imagine why anyone would have been relying on the previous functionality, and feature flags make testing + maintenance more complex
config/config-feature-flags.yaml
Outdated
| # enabling this option can lead to unexpected behavior. | ||
| # | ||
| # See https://github.com/tektoncd/pipeline/issues/2080 for more info. | ||
| enable-ready-annotation-on-pod-create: "false" |
There was a problem hiding this comment.
are we 100% sure we want to use a feature flag for this? i feel like we're quickly going to get to a point where most new features use feature flags - maybe this is what we want!
either way, I assume the idea is that in a future release we'd turn this to "true" by default, and maybe remove the flag? If so can we create an issue to track this and make sure we do it?
There was a problem hiding this comment.
The reason we need this in a feature-flag is due to us supporting injected sidecars like Istio. If the cluster uses injected sidecars, the controller can not set the Ready annotation early since the sidecar injector might inject a sidecar container that the controller does not know about during pod creation time.
If we decide that injected sidecars are something we do not support injected sidecars, then yes, we do not need to feature-flag this. Though if I recall correctly, the feature was initially designed this way because we explicitly wanted to support the injected sidecar use case (correct me if I'm wrong @sbwsg!)
There was a problem hiding this comment.
hm interesting - we definitely want to support injected sidecars!
My understanding of the term "feature flag" is that it's used to control rollouts of features that we eventually intend to make the default - does that match other ppl's understanding? If so, I think this would make sense as a command line config param maybe? or it's own config map? i.e. something separate from feature flags
Or I'm totally wrong and it's normal to use "feature flags" to refer to functionality you intend to retain over the long run.
If the cluster uses injected sidecars, the controller can not set the Ready annotation early since the sidecar injector might inject a sidecar container that the controller does not know about during pod creation time.
I'm a bit sad that we can't find a solution that handles both cases well. 🤔 Have we brainstormed any ideas around this? e.g. what if we did something like:
- set the annotation to ready immediately
- be notified if the pod is modified (i.e. an admission controller has injected a sidecar), set the annotation to not ready <-- is it possible to do this before the pod actually started running? i wonder how crazy it would be to have our own admission controller for this
Is it possible we could name the flag after after exactly what it's intended for? e.g. something like running-in-environment-with-injected-sidecars? I think it would even be reasonable to default it to false in that case eventually, i.e. apply this optimization by default
There was a problem hiding this comment.
My understanding of the term "feature flag" is that it's used to control rollouts of features that we eventually intend to make the default - does that match other ppl's understanding?
Will add a new options or features configMap for this.
I'm a bit sad that we can't find a solution that handles both cases well. 🤔 Have we brainstormed any ideas around this? e.g. what if we did something like:
Some discussion in #2080 and #701. Short of the Sidecar KEP becoming a reality, I think this is the best we can do at this moment
<-- is it possible to do this before the pod actually started running?
No way to guarantee that unfortunately.
Is it possible we could name the flag after after exactly what it's intended for? e.g. something like running-in-environment-with-injected-sidecars? I think it would even be reasonable to default it to false in that case eventually, i.e. apply this optimization by default
I'll change the flag name for now. Maybe we can set the default to false in a later change.
| @@ -224,6 +226,10 @@ func MakePod(images pipeline.Images, taskRun *v1alpha1.TaskRun, taskSpec v1alpha | |||
| podAnnotations := taskRun.Annotations | |||
| podAnnotations[ReleaseAnnotation] = ReleaseAnnotationValue | |||
|
|
|||
| if shouldAddReadyAnnotationonPodCreate(taskSpec.Sidecars, kubeclient) { | |||
| podAnnotations[readyAnnotation] = readyAnnotationValue | |||
There was a problem hiding this comment.
it feels a bit odd to me that we are using readyAnnotation directly here AND we're using it in UpdateReady in a totally different file - could it make sense to call UpdateReady here, or in some way refactor this a bit so we can share the code that accesses readyAnnotation?
There was a problem hiding this comment.
It is a different file but in the same package though. I don't think we can call UpdateReady here because that is updating an already existing Pod while the usage here is adding to a Pod's definition before it is created.
One thing we could do is move this and UpdateReady to its own file in the same package...but that puts UpdateReady in a different file from all the other Sidecar functions in that file.
|
|
||
| for _, c := range []struct { | ||
| desc string | ||
| trs v1alpha1.TaskRunSpec | ||
| ts v1alpha1.TaskSpec | ||
| featureFlags map[string]string |
There was a problem hiding this comment.
this might be a subject for a larger discussion but a couple thoughts here:
- the more feature flags we add, the larger the matrix of test cases we're going to need
- does it make sense for the
podpackage to know about feature flags, or could it be that we tell thepodpackage something more specific like a bool for "update status early if no sidecars"?
There was a problem hiding this comment.
the more feature flags we add, the larger the matrix of test cases we're going to need
Indeed though I can't think of a good way around adding more tests at the moment!
does it make sense for the pod package to know about feature flags, or could it be that we tell the pod package something more specific like a bool for "update status early if no sidecars"?
I think we should refactor the feature flags bit into its own package (#2363 is somewhat related)
| @@ -780,6 +884,12 @@ script-heredoc-randomly-generated-78c5n | |||
| if d := cmp.Diff(c.want, &got.Spec, resourceQuantityCmp); d != "" { | |||
| t.Errorf("Diff(-want, +got):\n%s", d) | |||
| } | |||
|
|
|||
| if c.wantAnnotations != nil { | |||
There was a problem hiding this comment.
thanks for catching this! might also be a sign that the test cases are a bit too complex
ghost
mentioned this pull request
Sorry for the delay on this. I hope the explanation in #2158 (comment) makes sense. Happy to discuss whether or not we should actually support injected sidecars. If not, we can get rid of this feature-flag! |
|
@dibyom @bobcatfish How do we want to proceed here? Seems like we're at an impasse on the fact that this is a feature flag? Does it satisfy if we just rename it for now to If not, do we want to explore other concrete solutions to this problem as part of this PR? Or, finally, do we want to close this PR for now and explore them out-of-band? FWIW I've worked on teams that used the term "feature flags" interchangeably for both 1) limiting exposure to in-development features and 2) long-lived configuration options that give users control over an application's behaviour or layout. I don't feel super strongly either way about Tekton's notion of "feature flags" but I am wondering if we can make some decisions around where this PR is heading next. /kind misc |
tekton-robot
added
the
kind/misc
|
@sbwsg Sorry, forgot about this PR. I'm ok with both renaming the flag. I don't feel too strongly about adding this in a features configMap vs a feature-flag one - I'm ok with adding a new one. |
dibyom
force-pushed
the
sidecars
branch
2 times, most recently
from
b66c776
to
fb20f5e
Compare
|
@sbwsg @bobcatfish I've updated the PR (finally!)....I've both renamed the feature/option name ( |
I'm totally fine with either of these options, with a very very slight preference towards putting it in |
When no sidercars are present **and** the cluster does not use injected sidecars, the pipeline controller can optimize the TaskRun Pod creation process by setting the `tekton.dev/ready` annotation before pod creation itself instead of setting it after the pod has been created. This commit adds an option to a new `config-features` ConfigMap called `running-in-environment-with-injected-sidecars`. Enabling this option will decrease the time it takes for a TaskRun to start running(when no sidecars are present). However, for clusters that use injected sidecars e.g. istio enabling this option can lead to unexpected behavior.By default, the option is set to "true" for backwards compatibility. Fixes tektoncd#2080 Signed-off-by: Dibyo Mukherjee <dibyo@google.com>
dibyom
changed the title
|
Ok, updated PR. Keeping the |
|
/test pull-tekton-pipeline-integration-tests |
There was a problem hiding this comment.
/lgtm
/hold
@bobcatfish for a last look
/cc @adshmh as it will affect #2637 I think
tekton-robot
added
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sbwsg, vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Let's do it! /lgtm /hold cancel |
tekton-robot
removed
the
do-not-merge/hold
Changes
When no sidercars are present and the cluster does not use
injected sidecars, the pipeline controller can optimize the
TaskRun Pod creation process by setting the
tekton.dev/readyannotation before pod creation itself instead of setting it after
the pod has been created.
This commit adds an option to a new
config-featuresConfigMapcalled
running-in-environment-with-injected-sidecars. Enablingthis option will decrease the time it takes for a TaskRun to start
running(when no sidecars are present). However, for clusters that
use injected sidecars e.g. istio enabling this option can lead to
unexpected behavior.By default, the option is set to "true" for
backwards compatibility.
Fixes #2080
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmddir, please updatethe release Task to build and release this image.
Reviewer Notes
If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.
Release Notes