Scheduler can recieve its policy configuration from a ConfigMap

[bsalamat]

What this PR does / why we need it: This PR adds the ability to scheduler to receive its policy configuration from a ConfigMap. Before this, scheduler could receive its policy config only from a file. The logic to watch the ConfigMap object will be added in a subsequent PR.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

Release note:

[k8s-reviewable]

This change is 

[bsalamat]

@kubernetes/sig-scheduling-pr-reviews

[bsalamat]

@davidopp

[bsalamat]

Looks like I need to manually add some conversion functions. I will add them soon.

[gyliu513]

s/It must exist in the system namespace before scheduler initialization./It must exist in the system namespace before scheduler initialization if scheduler is not using legacy policy config.

[bsalamat]

Done.

[gyliu513]

As the PolicyConfigMapName and PolicyConfigFile are some internal used words, how about s/PolicyConfigMapName and uses PolicyConfigFile/policy config map and uses policy config file.

[bsalamat]

Good point. Done.

[timothysc]

If our component config reduces to a config map, should all other params shuffle to config map and be removed from the component config?

Also we need a means to generate a config map with all the defaults.

[timothysc]

Also do we need to know it's a configmap? Isn't it just loading a file and the config map is an implementation detail.

[bsalamat]

@timothysc This PR is not going to make any changes to scheduler's component config. This is only about scheduler's policy config. Policy config used to be a file whose path is provided in the component config. With this PR we support the file and also a ConfigMap to configure scheduler's policy.
This PR implements part of "Approach 2" as described in:
https://docs.google.com/document/d/19AKH6V6ejOeIvyGtIPNvRMR4Yi_X8U3Q1zz2fgTNhvM

[timothysc]

This is super important we get this right, and @k8s-mirror-cluster-lifecycle-misc will need to be involved.

[timothysc]

I have some chicken-egg questions that need to be resolved 1st.

[k82cn]

Why not just get data directly?

[bsalamat]

The key can be any arbitrary string and we don't know it.

[k82cn]

oh, yes. never mind :).

[k82cn]

ditto

[bsalamat]

Done

[k82cn]

ditto

[k82cn]

prefer just after "stop".

[bsalamat]

Is there any style guide or recommendation on this? Other tests in the file use this pattern and I think consistency is more important, unless there is a strong reason to use a different pattern.

[k82cn]

IMO, the style is from golang, prefer to call "defer" close to where the object was build, e.g. for "sync.Mutex", we'll call

l.Lock()
defer l.Unlock()

// other codes.

For the consistency, I'd like to correct other lines in this file :).

[k82cn]

BTW, which line do you mean "Other tests in the file use this pattern"? Here's an example about defer.

 56 func TestUnschedulableNodes(t *testing.T) {
 57     _, s := framework.RunAMaster(nil)
 58     defer s.Close()
 59
 60     ns := framework.CreateTestingNamespace("unschedulable-nodes", s, t)
 61     defer framework.DeleteTestingNamespace(ns, s, t)

[bsalamat]

Oh, sorry, I didn't understand what you meant by your first comment. Done.

[k82cn]

This verification can not make sure the config from ConfigMap was took place; default config can also pass this test, right?

Similar to the following test, whether return err can not make sure the config was updated as expected; I'd like suggest to find a way to check the data/config with the scheduler.

[bsalamat]

Scheduler does not expose its internal configuration for testing. I could change things in scheduler to make it testable, but but I am not changing any logic around applying the config to the scheduler in this PR. That's why I thought those tests may not belong to this PR.

[davidopp]

I think it's probably fine to do in a different PR, but I think as part of this overall feature it's important to test that the values read from the ConfigMap were actually applied by the scheduler. (I realize we had no useful testing for the file case previously.) I think you were mentioning the other day that the factory test could be adapted to do this? Or something simple like what @k82cn suggested in the next comment (just tweak one policy and see that it is respected in how a pod is scheduled).

[k82cn]

prefer to get data directly and remove the comments :).

[bsalamat]

Please see my previous answer.

[k82cn]

prefer just after "stop:=..."

[k82cn]

The verification can not check whether the config from ConfigMap was set, as the default config can also pass it.

Similar comments to the following cases, the err from app.CreateScheduler can not make sure the config was set in sched; prefer to check sched's data directly or only enable part of predicates/priorities to check the result.

[bsalamat]

I guess this is the same point as above. I will try to add a test.

[k82cn]

Yes, similar point; used to close and re-open browser, the previous comments was "lost" but it's here when I submit new comments :(. Sorry for the confuse.

The sched's did not expose data to check; but I think we can only enable part of predicates/priorities to check, e.g. disable "PortFit" predicates and dispatch two pods with same port to the same host , the second one should NOT be Unscheduable. But I think you will get a better test than that :).

[k82cn]

ditto

[k82cn]

ditto

[bsalamat]

Done

[davidopp]

I only skimmed it, looks good overall, just a few comments.

[davidopp]

s/there we/we/

[bsalamat]

Done

[davidopp]

s/through/though/

[bsalamat]

Done

[davidopp]

I would say "or --use-legacy-policy-config==true" instead of "or scheduler is using legacy policy config"

[bsalamat]

Done

[davidopp]

I would say "if --use-legacy-policy-config==false" instead of "if scheduler is not using legacy policy config"

[bsalamat]

Done

[davidopp]

I think it's probably fine to do in a different PR, but I think as part of this overall feature it's important to test that the values read from the ConfigMap were actually applied by the scheduler. (I realize we had no useful testing for the file case previously.) I think you were mentioning the other day that the factory test could be adapted to do this? Or something simple like what @k82cn suggested in the next comment (just tweak one policy and see that it is respected in how a pod is scheduled).

[timothysc]

Given multi-schedulers and #42961, I think we should probably allow for the flexibility of specifying another namespace.

[bsalamat]

Done.

[wanghaoran1988]

@bsalamat I think maybe you should update the rbac bootstrap policy for the scheduler as you involve new resource type to access.

[wanghaoran1988]

Is it better to add to the defaults.go ?

[bsalamat]

Good point. Done.

[wanghaoran1988]

Do we have default policyConfigMapName ?

[bsalamat]

No, we don't. If it is empty, we ignore it.

[bsalamat]

@wanghaoran1988 is the rbac permissions needed to let scheduler access its ConfigMap?

[wanghaoran1988]

@bsalamat I am not completely sure about that, I met that problem when I update the scheduler lock location in this #42961 , you can have a try to enable rbac in your cluster.

[timothysc]

lgtm to me now, if someone else wants to once over.

[k82cn]

The default value should be "kube-system"

[wanghaoran1988]

Wait, we do not need that if we have that set in the defaults.go @k82cn

[k82cn]

When the default.go will execute? AFAIK, the default will be set by apiserver; not sure when the componentconfig is update.

[k82cn]

En, it's set in NewSchedulerServer manually. Also prefer to the set the default value to kube-system so the help message [default=kube-system] will be included.

Anyway, not a block comments.

[k82cn]

d/a pointer to/
or
s/pointer/reference/

[k82cn]

LGTM, minor comments.

[wanghaoran1988]

@liggitt @jayunit100 I am not sure whether openshift will enable user to use configMap change the policy config, but I know that openshift are try to reuse the controller rolebindings, if so, we need update the bootstrap policy for scheduler controller, and I prefer we have an default policy-configmap if we enabled them by default.

[liggitt]

This is a very similar discussion to the one kube-dns had, which wanted to make use of dynamic config, and started by making the pod watch a config map. That was modified to allow reading config from a file instead, which allowed mounting the config map holding the config into the pod. This meant no API entanglement or permissions needed for purposes of reading the config, and no modifications to the dns pod whether it was reading from a static file or one mounted from a config map.

[k82cn]

/lgtm

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bsalamat, k82cn
We suggest the following additional approver: @smarterclayton

Needs approval from an approver in each of these OWNERS Files:

• hack/verify-flags/OWNERS
• pkg/OWNERS
• plugin/cmd/kube-scheduler/OWNERS
• plugin/pkg/scheduler/OWNERS
• test/OWNERS

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[k8s-github-robot]

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

[k8s-github-robot]

Automatic merge from submit-queue

[smarterclayton]

I would expect these comments to be fixed - is there an issue for that?

…

On Tue, Apr 11, 2017 at 10:41 PM, Jordan Liggitt ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In plugin/cmd/kube-scheduler/app/configurator.go <#43892 (comment)> : > +func (sc schedulerConfigurator) getSchedulerPolicyConfig() (*schedulerapi.Policy, error) { + var configData []byte + var policyConfigMapFound bool + var policy schedulerapi.Policy + + // If not in legacy mode, try to find policy ConfigMap. + if !sc.useLegacyPolicyConfig && len(sc.policyConfigMap) != 0 { + namespace := sc.policyConfigMapNamespace + policyConfigMap, err := sc.GetClient().CoreV1().ConfigMaps(namespace).Get(sc.policyConfigMap, metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("Error getting scheduler policy ConfigMap: %v.", err) + } + if policyConfigMap != nil { + // We expect the first element in the Data member of the ConfigMap to + // contain the policy config. + if len(policyConfigMap.Data) != 1 { the scheduler should either look for a fixed key or be able to be told which key to use — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#43892 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABG_p9YR9BBzSps-l6qLiJ6L1n339Qquks5rvDm-gaJpZM4MvS1C> .

[liggitt]

Seeing test failures on this

[liggitt]

https://k8s-gubernator.appspot.com/build/kubernetes-jenkins/pr-logs/pull/39716/pull-kubernetes-unit/26428/

[bsalamat]

/ref #41600