Add NetworkPolicyRecommendation Controller implementations #114
Conversation
Codecov Report
@@ Coverage Diff @@
## main #114 +/- ##
===========================================
+ Coverage 30.65% 48.39% +17.74%
===========================================
Files 11 15 +4
Lines 1442 2461 +1019
Branches 0 41 +41
===========================================
+ Hits 442 1191 +749
- Misses 978 1194 +216
- Partials 22 76 +54
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
yanjunz97
force-pushed
the
manager-controller
branch
from
35a5be5
to
97b03d3
Compare
yanjunz97
force-pushed
the
manager-controller
branch
2 times, most recently
from
4e7e504
to
28522b4
Compare
yanjunz97
force-pushed
the
manager-controller
branch
from
28522b4
to
c59fab8
Compare
yanjunz97
force-pushed
the
manager-controller
branch
from
ab93cad
to
ac232dd
Compare
| return err | ||
| } | ||
|
|
||
| func (c *NPRecommendationController) startSparkApplication(npReco *crdv1alpha1.NetworkPolicyRecommendation) error { |
There was a problem hiding this comment.
can we abstract these validation logic to some querrier-like interface so it can be shared with API server REST handler? This way we can move the error reporting at REST CREATE time. Otherwise a success response from API server could end up in invalid state due to user input error, which looks confusing. cc @yuntanghsu
There was a problem hiding this comment.
As Yanjun pointed out offline, as the similar checks are also done on CLI, and no other component / user is expected to be directly calling the API server at the moment, validation at REST handler doesn't provide much benefit at the moment. probably can skip this at the moment until when UI is to be added and we can reevaluate.
There was a problem hiding this comment.
Will the user directly create a NPR CR to start the SparkApplication? If no, maybe we can validate the input only on CLI side.
There was a problem hiding this comment.
We do not suggest user to do this. But we do not prevent user from doing this. I think the validation here could be a protection in case this happens.
| for i := 0; i < defaultWorkers; i++ { | ||
| go wait.Until(c.worker, time.Second, stopCh) | ||
| } | ||
| <-stopCh | ||
| } | ||
|
|
||
| func (c *NPRecommendationController) deletionworker() { |
There was a problem hiding this comment.
We need some GC logic to recycle stale resources (rnp and db entry) in case npr is removed during manager downtime, or manager is restarted without finishing the cleanup job. this may be addressed in a future pr.
There was a problem hiding this comment.
The idea of GC sounds great to me. As we may remove rnp in next release, maybe it will be a periodic job checking db to remove an entry with an id not in the current npr list?
Besides, I'm also thinking about whether to do the similar GC for the stale SparkApplication. But I'm a little bit worry about whether this will delete some jobs not created by the manager in the future.
There was a problem hiding this comment.
one way around is we introduce additional metadata (annotation / labels) for the ones created by Theia. This way we won't bother with other unrelated SparkApplications. Periodical is good but at least this should be triggered once per mgr init.
| } | ||
|
|
||
| func getPolicyRecommendationResult(client kubernetes.Interface, id string, namespace string) (recommendedNetworkPolicy *crdv1alpha1.RecommendedNetworkPolicy, err error) { | ||
| connect, err := setupClickHouseConnection(client, namespace) |
There was a problem hiding this comment.
can we cache / resue connection within the controller instead of reestablishing connection each time db check is needed?
yanjunz97
force-pushed
the
manager-controller
branch
from
d142742
to
ed81eda
Compare
| recommendedNetworkPolicy := obj.(*crdv1alpha1.RecommendedNetworkPolicy) | ||
| err = c.crdClient.CrdV1alpha1().RecommendedNetworkPolicies(namespace).Delete(context.TODO(), recommendedNetworkPolicy.Name, metav1.DeleteOptions{}) | ||
| if err != nil { | ||
| aggregatedErrorMsg += fmt.Sprintf("failed to delete the RecommendedNetworkPolicy %s, error: %v\n", recommendedNetworkPolicy.Name, err) |
There was a problem hiding this comment.
typically we don't want to have multi-line error messages. could collect failed name and err in 2 lists and call fmt when returning error.
There was a problem hiding this comment.
Make sense to me. Updated, thanks!
yanjunz97
force-pushed
the
manager-controller
branch
2 times, most recently
from
8ddd85e
to
c255d55
Compare
Signed-off-by: Yanjun Zhou <[email protected]>
yanjunz97
force-pushed
the
manager-controller
branch
from
c255d55
to
c5db0f4
Compare
This PR implements the controller workflow for NetworkPolicyRecommendation
and adds RecommendedNetworkPolicy CRD to store the results.
To run the NetworkPolicyRecommendation, please follow the steps below:
You can observe the Spark Application starts, runs and stops. You could run the following command to get the details about the NetworkPolicyRecommendation anytime.
The output would look like the following. When the job is finished, you will also be able to see the recommendedNetworkPolicy in the NetworkPolicyRecommendation status.
{ "apiVersion": "crd.theia.antrea.io/v1alpha1", "kind": "NetworkPolicyRecommendation", ... "status": { "completedStages": 4, "sparkApplication": "97186a4d-5681-470d-82d6-e890ba539c34", "state": "RUNNING", "totalStages": 5, } }After deleting the NetworkPolicyRecommendation
pr-test, the corresponding RecommendedNetworkPolicy CR and the row in ClickHouse database will be deleted at the same time.Signed-off-by: Yanjun Zhou [email protected]