Install CSI driver #3
Conversation
|
/assign @nb-ohad |
Madhu-1
force-pushed
the
install-csi
branch
5 times, most recently
from
1353797 to
e1a38d7
Compare
Madhu-1
force-pushed
the
install-csi
branch
2 times, most recently
from
e8aada6 to
aba8969
Compare
Install ceph-CSI driver based on the kubernetes version where the ocs-client operator is running. Signed-off-by: Madhu Rajanna <[email protected]>
|
@Madhu-1 1,287 files changed is that correct? |
|
@oritwas yes that is correct, most of the changes in that are auto-generated files and imported vendor directory change |
| limitations under the License. | ||
| */ | ||
|
|
||
| package csi |
There was a problem hiding this comment.
csi is a bit too generic, how about csi utils or csi manager?
There was a problem hiding this comment.
This will also change the folder name to csi-manager? if it's fine I can change it.
There was a problem hiding this comment.
As a file that contains code to create and maintain the resources required for a functional CSI driver, it might be appropriate to rename it to csidriver.
Also, shouldn't things like this go under something like pkg/csi/? Or is that out of fashion these days?
| "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" | ||
| ) | ||
|
|
||
| func createEncryptionConfigMap(ctx context.Context, c client.Client, ownerDep *appsv1.Deployment, log klog.Logger) error { |
There was a problem hiding this comment.
Why is it a separate file? let's move it to csi.go
Same for the monconfigmap and rbac, I don't see the advantage of having them separate files
There was a problem hiding this comment.
i kept different logical entities in a new file for maintenance purposes as might add more encryption-related functions and also keep the number of lines in a single file to a lesser number. please let me know if you still want me to move it.
| "sigs.k8s.io/controller-runtime/pkg/client" | ||
| ) | ||
|
|
||
| func createOrUpdateCSIDriver(ctx context.Context, client client.Client, log klog.Logger, csiDriver *v1k8scsi.CSIDriver) error { |
There was a problem hiding this comment.
Why is it a separate file? let's move it to csi.go
There was a problem hiding this comment.
same here as well. i kept different logical entities in a new file for maintenance purposes as it might add more functions and also keep the number of lines in a single file to a lesser number. please let me know if you still want me to move it.
There was a problem hiding this comment.
I just realized midway through reviewing this: is this largely the same code as was committed in my earlier working branch, https://github.com/jarrpa/ocs-client-operator/commits/jarrpa-dev-main ? If so that would explain why there's so much core controller functionality missing. I believe I already reviewed everything that was committed there, so we shouldn't commit this PR at all.
What I remember since August is that my first two PRs didn't get a review for a few weeks, but I see you submitted one on Sep 21st... which would have been around the time I was needing to work on setting up my medical leave. If the majority of this work was already done, I believe I just need to go back and address your latest review on #1, and we can go from there. Is that fair?
| @@ -70,6 +70,7 @@ | |||
| "action", | |||
| "api", | |||
| "bundle", | |||
| "csi", | |||
| @@ -64,6 +64,7 @@ e2e-test: ginkgo ## TODO: Run end to end functional tests. | |||
| ##@ Build | |||
|
|
|||
| build: container-build ## Build manager binary | |||
| go build -o ./bin/manager main.go | |||
There was a problem hiding this comment.
Why are you doing a local build after the container build? Best I remember, the use of a local go build should not be part of the default build procedure, we should always be using the container build unless the developer has a specific reason they need to do the local build during development.
Beyond this, there's already a go-build make target below that uses ./hack/go.build.sh to run the actual go build command.
| // Package v1alpha1 contains API Schema definitions for the odf v1alpha1 API group | ||
| //+kubebuilder:object:generate=true | ||
| //+groupName=odf.openshift.io | ||
| // Package v1alpha1 contains API Schema definitions for the ocs v1alpha1 API group |
There was a problem hiding this comment.
Any specific reason for changing the group name? This is technically part of ODF.
| @@ -27,6 +27,7 @@ func contains(slice []string, s string) bool { | |||
| } | |||
|
|
|||
| // Removes a given string from a slice and returns the new slice | |||
| // | |||
| @@ -29,7 +29,7 @@ import ( | |||
| logf "sigs.k8s.io/controller-runtime/pkg/log" | |||
| "sigs.k8s.io/controller-runtime/pkg/log/zap" | |||
|
|
|||
| odfv1alpha1 "github.com/red-hat-storage/ocs-client-operator/api/v1alpha1" | |||
| "github.com/red-hat-storage/ocs-client-operator/api/v1alpha1" | |||
There was a problem hiding this comment.
Move changes like this that just change import names to a separate commit, this will make it clearer which changes are actually relevant to functional changes.
| os.Exit(1) | ||
| } | ||
|
|
||
| err = csi.CreateOrUpdateCSI(ctx, client, setupLog) |
There was a problem hiding this comment.
Why are you doing this in main and not in its own controller? Shouldn't we have a controller that actually watches and reconciles the CSI sidecars rather than having to restart the operator to reconcile them?
| limitations under the License. | ||
| */ | ||
|
|
||
| package csi |
There was a problem hiding this comment.
As a file that contains code to create and maintain the resources required for a functional CSI driver, it might be appropriate to rename it to csidriver.
Also, shouldn't things like this go under something like pkg/csi/? Or is that out of fashion these days?
| // +kubebuilder:rbac:groups="apps",resources=deployments,verbs=get;create;update;delete | ||
| // +kubebuilder:rbac:groups="apps",resources=deployments/finalizers,verbs=update | ||
| // +kubebuilder:rbac:groups="apps",resources=daemonsets,verbs=get;create;update;delete | ||
| // +kubebuilder:rbac:groups="apps",resources=daemonsets/finalizers,verbs=update | ||
| // +kubebuilder:rbac:groups="storage.k8s.io",resources=csidrivers,verbs=get;create;update;delete | ||
| // +kubebuilder:rbac:groups="",resources=configmaps,verbs=create;update;delete | ||
| // +kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,verbs=get;watch;create;patch;update | ||
| // +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;create;update;delete | ||
| // +kubebuilder:rbac:groups="",resources=serviceaccounts/finalizers,verbs=update | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=bind;escalate;get;create;update;delete | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles/finalizers,verbs=update | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=bind;escalate;get;create;update;delete | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings/finalizers,verbs=update | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=bind;escalate;get;create;update;delete | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles/finalizers,verbs=update | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=bind;escalate;get;create;update;delete | ||
| // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings/finalizers,verbs=update |
There was a problem hiding this comment.
This looks like a lot for an initial set of rbac, but that's just at a first glance. Have you tested that these all strictly required for the operation of this operator? Otherwise I can take a closer look at them in a later review pass.
| return err | ||
| } | ||
|
|
||
| err = createOrUpdateRBAC(ctx, client, operatorDeployment, log) |
There was a problem hiding this comment.
For this and all the create* functions, would it make sense to rename them to ensure* since we should be ensuring they all exist and are up to date?
Before addressing the review comments on the PR lets get settled on this one. Yes, @jarrpa you are correct as you know I took over this one after you went on leave. For me, at least this PR is doing more than https://github.com/jarrpa/ocs-client-operator/commits/jarrpa-dev-main before
I will let you and @nb-ohad decide on the review part and take it forward. I dont have any objection to taking your PR forward. |
Sure, but even so this is massively incomplete as far as an actual implementation of the service we want to create. If the goal is to just get the code committed somewhere and write the actual operator as a rebase on that, that seems somewhat backwards. |
...okay, so I only saw your subsequent PRs after dropping this last comment. That's still somewhat backwards, but at least explains why so much in missing. I don't think I can reasonably review this commit in isolation, and certainly can't properly test it myself, so I think we should focus on PR #6 and close the other ones. |
Install CSI Driver based on the kubernetes version where the ocs-client operator is running.
Signed-off-by: Madhu Rajanna [email protected]