refactor: rework options flow to have a more consistent pattern #390
Conversation
… middle layers to eliminate confusion
| ) | ||
| imageResolver := imagefamily.New( | ||
| operator.GetClient(), | ||
| imageProvider, | ||
| ) | ||
| launchTemplateProvider := launchtemplate.NewProvider( | ||
| ctx, | ||
| opts, |
There was a problem hiding this comment.
This should be the highlight worth discussing.
Prior to this, in addition to passing the options (and azConfig) directly that you can see in the changes preview, some of the providers did call options.FromContext(ctx) again. I find this inconsistent and would prefer to stick to one side—either pass all required parameters here, or just pass in ctx/opts.
The current code chooses passing in opts. This will make the providers depends on the knowledge of options (no change), while sparing operator from having to know which provider needs what. This is particularly helpful in launchTemplateProvider, which is have a lot of demands for fields in options.
With that said, each provider have different demands in options fields, but ideally I want to keep the dependencies/pattern consistent for all providers.
There was a problem hiding this comment.
Alternatively, we could stay explicit on the interface and pass all variables that we currently getting from options.FromContext(ctx) through here instead. The interface will be be big for high-demanding providers, but we will be able to cut their dependence on options.
There was a problem hiding this comment.
Another alternative is to add some layering in options to categorize them by uses, appearing at "sub-structs".
But this will force options to contain knowledge about the exact uses of their fields, which is going to add additional complexity, given some fields are shared with multiple uses.
An extension to that is to have additional layer between options (which will mostly take envs in raw) and this layer to map those to its provider uses. But that would be no difference that just creating structs here, which will only be better than explicit passing by extensibility and small reusability, at the cost of additional complexity.
There was a problem hiding this comment.
But all these options are not really making use of options.FromContext(ctx) pattern established by karpenter-core and AWS provider. If we want to keep that, another options is to just pass in ctx to all places and let options.FromContext(ctx) retrieve the options whenever it is needed. This will assume that all instances here are singletons or at least have no differences between each, which is true(?), for now.
If you ask me, I just don't think it is a better option than others. Opinions in offline discussions I had seems to be against this pattern.
Although it is probably the best in terms of consistency.
| ClusterEndpoint string // => APIServerName in bootstrap, except needs to be w/o https/port | ||
| VMMemoryOverheadPercent float64 | ||
| ClusterID string | ||
| // Target cluster information; might be use for both bootstrapping and ARM authentications |
There was a problem hiding this comment.
The idea behind this is I try to categorize this by user-facing behavior (e.g., target cluster for the operations to occur, what will be on provisioned nodes) rather than implementation details.
There was a problem hiding this comment.
Some should be renamed. But let's put that in a different PR
| func (o *Options) Default(ctx context.Context) error { | ||
| var err error | ||
|
|
||
| var authManager *auth.AuthManager |
There was a problem hiding this comment.
This is a flaw in the implementation, as authManager is created in both here and operator. Given core, there is nothing much we can do(?) if we want to follow this pattern.
| ClusterName string | ||
| ClusterEndpoint string // => APIServerName in bootstrap, except needs to be w/o https/port | ||
| ClusterID string | ||
| APIServerName string |
There was a problem hiding this comment.
This and VnetGUID (that I just added) are the options that are not available to be configurable directly by the customer, but directly depends on other options through defaulting. Open to suggestions if this should be elsewhere.
| @@ -44,13 +44,17 @@ import ( | |||
| type Controller struct { | |||
| kubeClient client.Client | |||
| instanceProvider *instance.Provider | |||
|
|
|||
| // Will be used to calculate the goal state | |||
| opts *options.Options | |||
There was a problem hiding this comment.
Another instance of "not sure if options is overkill", see the comments in operator.go for similar discussions. But if you ask me I think this is appropriate given the nature of the controllers.
| value: "" | ||
| - name: AZURE_NODE_RESOURCE_GROUP | ||
| value: ${AZURE_RESOURCE_GROUP_MC} | ||
| - name: ARM_AUTH_METHOD | ||
| value: "workload-identity" |
There was a problem hiding this comment.
nit: the reason its called "from environment" is because its actually using a more generic/general auth option that finds the creds in the environment. This is the flow that works for workload-identity. However, I think the naming should probably keep the more generic term since that is what its actually doing. Unless you have more tied to this.
There was a problem hiding this comment.
So, by theory, there could be "from environment" auth option that is not workload identity, right?
If that's the case then I think keeping "from-environment" would be a better choice, given we doesn't seem to have ties to workload identity (right?).
| // NewCredential provides a token credential | ||
| func (am AuthManager) NewCredential() (azcore.TokenCredential, error) { | ||
| if am.authMethod == AuthMethodWorkloadIdentity { | ||
| klog.V(2).Infoln("cred: using workload identity for new credential") | ||
| return azidentity.NewDefaultAzureCredential(nil) | ||
| } | ||
|
|
||
| if am.authMethod == AuthMethodSysMSI { | ||
| klog.V(2).Infoln("cred: using system assigned MSI for new credential") | ||
| msiCred, err := azidentity.NewManagedIdentityCredential(nil) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| return msiCred, nil | ||
| } | ||
|
|
||
| return nil, fmt.Errorf("cred: unsupported auth method: %s", am.authMethod) | ||
| } |
There was a problem hiding this comment.
Does this belong in the shared SDK? For my token fix i imagine other ppl may want the same fix. Uing azure sdk for go extensions may be a good idea for our auth so we can share that logic too. Should we move this there?
| controllers := []controller.Controller{ | ||
| nodeclaimgarbagecollection.NewController(kubeClient, cloudProvider), | ||
| inplaceupdate.NewController(kubeClient, instanceProvider), | ||
| inplaceupdate.NewController(kubeClient, instanceProvider, opts), |
There was a problem hiding this comment.
why not just options.FromContext(ctx)? or for that matter why not just pass in ctx so that future updates to the controller can access everything from the context object? Are we refactoring options out of ctx?
There was a problem hiding this comment.
(discussed offline)
Although both share the same principle, options.FromContext(ctx) seems to be the pattern that is generally discouraged by all opinions we have discussed with, except karpenter-core.
For my own reasoning, this would allow us to separate options from ctx, which might wanted to be used for other purposes. We could still argue that options still contain things that might not be used, but it still allow extensibility and hide the knowledge of "what this component requires" from the creation interface. So I would say it is something in between ctx and explicitly passing parameters.
Anyway, it is not a strong opinion.
| ) | ||
|
|
||
| // Default sets the default values for the options, but only for those too complicated to be in env default (e.g., depends on other envs) | ||
| func (o *Options) Default(ctx context.Context) error { |
There was a problem hiding this comment.
If we are going to go this far, can't we just resolve a lot of the configuration from having clustername and rg?
Why make users pass in things like "NetworkDataplane" or "NetworkPluginMode"? Why not just use the AKS SDK to dynamically resolve that configuration for them?
For Self hosted at least that might make things easier, if the values aren't updated consistently between the two models on restart for managed that might be a problem.
There was a problem hiding this comment.
Not a bad idea. Now that we establish this framework, we could consider simplifying the integration interface and get obvious fields by ourselves. A trade-off for this is Karpenter will have more responsibility of "getting required info of a cluster" which could at least lead to having more traffic at the initialization.
I think the changes for this, if we decided to, should be in a separate PR at least. But we can start discussing here if we have strong ideas.
| } | ||
|
|
||
| if o.ClusterID, err = getAKSClusterID(o.APIServerName); err != nil { | ||
| return fmt.Errorf("failed to get ClusterID: %w", err) |
There was a problem hiding this comment.
should we make these errors typed? Makes this part easier to test, rachel left this feedback in another of my prs but you touch this part a lot more so lmk what you think about changing all of these to typed errors
There was a problem hiding this comment.
I think it would be a nice to have, but not a necessity at the moment.
| // getAKSClusterID returns cluster ID based on the DNS prefix of the cluster. | ||
| // The logic comes from AgentBaker and other places, originally from aks-engine | ||
| // with the additional assumption of DNS prefix being the first 33 chars of FQDN | ||
| func getAKSClusterID(apiServerFQDN string) (string, error) { | ||
| dnsPrefix := apiServerFQDN[:33] | ||
| h := fnv.New64a() | ||
| h.Write([]byte(dnsPrefix)) | ||
| r := rand.New(rand.NewSource(int64(h.Sum64()))) //nolint:gosec | ||
| return fmt.Sprintf("%08d", r.Uint32())[:8], nil | ||
| } | ||
|
|
There was a problem hiding this comment.
General question, does this belong in agentbaker? We stole it from agentbaker will self contained have this in the pkg/agent/common or wahtever we can just import rather than redefining it?
There was a problem hiding this comment.
Good point. I will dive deeper into this along with the contract interface rework. Hate
| func contains(slice []string, target string) bool { | ||
| for _, element := range slice { | ||
| if target == element { | ||
| return true | ||
| } | ||
| } | ||
| return false |
There was a problem hiding this comment.
kubernetes helpers for slices should have this already
| } | ||
|
|
||
| if o.NodeResourceGroup == "" { | ||
| return fmt.Errorf("missing field, node-resource-group") |
There was a problem hiding this comment.
same comment about shared error type. we really only care that
- its missing
- what is missing
| @@ -40,7 +40,7 @@ type AKS struct { | |||
| Arch string | |||
| TenantID string | |||
| SubscriptionID string | |||
| UserAssignedIdentityID string | |||
| KubeletIdentityClientID string | |||
There was a problem hiding this comment.
great name change!
There was a problem hiding this comment.
Do we worry about these values being different from those in azure json? So people may grep for UserAssignedIdentityID since its called that everywhere else?
There was a problem hiding this comment.
(discussed offline)
It is better this way given that the UserAssignedIdentityID that is known by azure.json is in fact KubeletIdentityClientID that is known by the cluster. This confusion is the prime motivation for this entire work.
Currently, I choose to keep this variable name until we feed it to the bootstrap module. There could be even more opportunities around that area to make it even more clear...
There was a problem hiding this comment.
Now that we have this knowledge, we should be aware when coming across their uses in those "everywhere else." Maybe we can catch some big bugs.
| return &Provider{ | ||
| kubernetesVersionCache: kubernetesVersionCache, | ||
| imageCache: cache.New(imageExpirationInterval, imageCacheCleaningInterval), | ||
| location: location, | ||
| location: opts.Location, |
There was a problem hiding this comment.
why not just put options in the Provider struct itself and we can access location from that? I also will need some values from options in some of these providers in this pr https://github.com/Azure/karpenter-provider-azure/pull/365/files so that pattern would make access a bit easier.
There was a problem hiding this comment.
(discussed offline)
I am still hesitate to make these providers depends on options entirely.
Right now it does module-wise, but not the struct, as the only reference to options is on creation function (NewProvider). Maybe the better name to this is NewProviderFromOptions.
But again, not a strong opinion. Wondering what do others think? Should we be more extreme on one side (e.g., using opts/ctx everywhere)?
| memory := resources.Quantity(fmt.Sprintf("%dGi", int64(memoryGiB(sku)))) | ||
| // Account for VM overhead in calculation | ||
| memory.Sub(resource.MustParse(fmt.Sprintf("%dMi", int64(math.Ceil( | ||
| float64(memory.Value())*options.FromContext(ctx).VMMemoryOverheadPercent/1024/1024))))) |
There was a problem hiding this comment.
does this come from core?
There was a problem hiding this comment.
There was a problem hiding this comment.
But, yes, this will introduce a difference between the two.
In general, I think our changes it will be for the better (at least, intention-wise). But the trade-off is consistency.
In this case, I am not completely sure, but leaning towards keeping current change.
Current changes mean consistency with this pattern within our provider (e.g., providers).
Restoring to original means consistency with the AWS provider. But regardless whether we keep other changes or restore all, inconsistency remains within our provider, unless we become more extreme with the use of ctx.
| // TODO(bsoghigian): this should be refactored to lo.Ternary(nodeClass.Spec.VnetSubnetID != nil, lo.FromPtr(nodeClass.Spec.VnetSubnetID), os.Getenv("AZURE_SUBNET_ID")) when we add VnetSubnetID to the nodeclass | ||
| vnetSubnetComponents, err := utils.GetVnetSubnetIDComponents(options.FromContext(ctx).SubnetID) | ||
| func (p *Provider) getVnetInfoLabels(_ *v1alpha2.AKSNodeClass) (map[string]string, error) { | ||
| // TODO(bsoghigian): this should be refactored to lo.Ternary(nodeClass.Spec.SubnetID != nil, lo.FromPtr(nodeClass.Spec.SubnetID), p.opts.SubnetID) when we add VnetSubnetID to the nodeclass |
There was a problem hiding this comment.
are you sure we should differ from the AKS Agentpool api in what we call SubnetID? We discussed this somewhere on the other PR and i thought we agreed on calling it VnetSubnetID
There was a problem hiding this comment.
I named it SubnetID from the start but got feedback we should change it to be VNETSubnetID
There was a problem hiding this comment.
I think this change is a mistake from mass text replace. My bad.
There was a problem hiding this comment.
But there will be similar changes (not in this PR) that I intend to rename all SubnetID to VnetSubnetID. We can discuss more later along with the rest of the renames.
| @@ -64,7 +65,9 @@ func NewAPI() client.PricingAPI { | |||
| return client.New() | |||
| } | |||
|
|
|||
| func NewProvider(ctx context.Context, pricing client.PricingAPI, region string, startAsync <-chan struct{}) *Provider { | |||
| func NewProvider(ctx context.Context, opts *options.Options, pricing client.PricingAPI, startAsync <-chan struct{}) *Provider { | |||
| region := opts.Location | |||
There was a problem hiding this comment.
why not just use opts.Location in the map lookup?
There was a problem hiding this comment.
It is being used in other places (at least line 76/79) as well. But I don't think any choice matters.
Fixes #
Description
How was this change tested?
Does this change impact docs?
Release Note