Inherit scheduling for workloads from Compliance Operator manager #756
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JAORMX
requested review from
jhrozek,
Vincent056 and
mrogers950
and removed request for
jhrozek and
Vincent056
openshift-ci
bot
added
the
approved
JAORMX
changed the title
When the Compliance Operator was first coded, some assumptions were made that were specific to Openshift. One of these assumptions was the fact that the `node-role.kubernetes.io/` was more actively used amongst other distros. An even worst assumption was that the `master` role was always available. These statements hold true for OpenShift, but not for other distros like EKS. This PR removes that assumption by making every workload inherit the same `nodeSelector` and `tolerations` from the controller manager. This is done by passing this information to every controller. However, using the information is optional. When CO begins, the manager will query it's own pod and fetch this information. Failure to do so will result in an error. Since we fetch the operator name and namespace from constants, the constants were modified to not depend any more on k8sutils. the aforementioned library will no longer be available in further versions of operator-sdk, so it's better to move away from it now little by little. Signed-off-by: Juan Antonio Osorio Robles <[email protected]>
rhmdnd
reviewed
Dec 9, 2021
| @@ -219,8 +220,14 @@ func RunOperator(cmd *cobra.Command, args []string) { | |||
| os.Exit(1) | |||
| } | |||
|
|
|||
| getSIErr, si := getSchedulingInfo(ctx, mgr.GetAPIReader()) | |||
| if getSIErr != nil { | |||
| log.Error(getSIErr, "Getting control plane schedling info") | |||
| - key: "node.kubernetes.io/not-ready" | ||
| operator: "Exists" | ||
| effect: "NoExecute" | ||
| tolerationSeconds: 120 |
There was a problem hiding this comment.
Ok - so by removing these here, we're inheriting a set of global tolerances somewhere?
There was a problem hiding this comment.
was this here to prevent pods from getting evicted on node updates? @JAORMX
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JAORMX, Vincent056 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the Compliance Operator was first coded, some assumptions were made
that were specific to Openshift. One of these assumptions was the fact
that the
node-role.kubernetes.io/was more actively used amongst otherdistros. An even worst assumption was that the
masterrole was alwaysavailable. These statements hold true for OpenShift, but not for other
distros like EKS.
This PR removes that assumption by making every workload inherit the
same
nodeSelectorandtolerationsfrom the controller manager. Thisis done by passing this information to every controller. However, using
the information is optional.
When CO begins, the manager will query it's own pod and fetch this
information. Failure to do so will result in an error.
Since we fetch the operator name and namespace from constants, the
constants were modified to not depend any more on k8sutils. the
aforementioned library will no longer be available in further versions
of operator-sdk, so it's better to move away from it now little by
little.
Signed-off-by: Juan Antonio Osorio Robles [email protected]