* Enable HA by default.
This consolidates the core of sharedmain around the new leaderelection logic, which will now be **enabled by default**.
This can now be disabled with `--disable-ha` or by passing `sharedmain.WithHADisabled(ctx)` to `sharedmain.MainWithConfig`.
* vagababov comments, build failure
* Open an issue for enabledComponents removal.
* Move the configmap watcher startup.
This race was uncovered by the chaos duck on knative/serving! When we have enabled a feature flag, e.g. multi-container, and the webhook pods are restarted, there is a brief window where the webhook is up and healthy before the configmaps have synchronized and the new webhook pod realizes the feature is enabled.
* Drop the import alias
This change allows for (just webhook for now) controllers going through sharedmain to opt into Yanwei's logic by setting several environment variables.
I was able to pull this change in downstream and change the webhook to use a StatefulSet with the following environment:
```
+ # These settings are used for statefulset-based
+ # leader selection.
+ - name: CONTROLLER_ORDINAL
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: STATEFUL_SERVICE_NAME
+ value: "webhook"
```
Running the above with 10 replicas and 10 buckets worked as intended (keys were evenly distributed across the replicas).
* generate krshaped logic
* add logic to the tag
* Update injection/README.md
Co-authored-by: Matt Moore <mattmoor@vmware.com>
* move var to reconciler
Co-authored-by: Matt Moore <mattmoor@vmware.com>
- use more performant functions (mostly remove formatters were possible)
- move zap.Error() to the call site, rather than creating a new sugared logger with a key attached (not cheap)
- fix *w usages where the key was not provided.
This makes the config used to start all the clients available on the context starting the controllers. That enables us to use that config to create secondary clients in the controllers with the same config.
* Change StartAll to take context.
This has bugged me since we started using `ctx`, which containers a `stopCh` of sorts as `Done()`. This is somewhat for consistency, but by using `ctx` explicitly we enable ourselves to take advantage of more contextual information.
I did a quick scan of call sites and the good news is that the `sharedmain` change should be the place through which the vast majority of calls occur, however, the one outlier here is the KPA which calls this manually. I will stage a PR to manually import pkg into serving to fix this once this lands.
* Add a Run shim for back-compat
* Retry to get logging configmap when failed
When deploying pods with Istio sidecar, it takes a few seconds until
network is configured. In fact, Serving's system pods always fail when
Istio sidecar is enbled.
To fix it, this patch changes to retry to get logging configmap for 5
seconds.
* Add IsNotFound error check
* Remove if error condition
* Start the webhook before informers sync.
Some webhooks (e.g. conversion) are required to list resources, so by delaying those until after informers have synced, we create a deadlock when they run in the same process. This change has two key parts:
1. Start the webhook immediately when our process starts, and issue a callback from sharedmain when the informers have synced.
2. Block `Admit` calls until informers have synced (all conversions are exempt), unless they have been designated by implementing `webhook.StatelessAdmissionController`.
Our built-in admission controllers (defaulting, validation, configmap validation) have all been marked as stateless, the main case where we want to block `Admit` calls is when we require the informer to have synchronized to populate indices for Bindings.
* Add missing err declaration
* Add leader election config and to sharedmain
* Add new dependencies
* Extract method for RunLeaderElected
* Make leader election config constructor validate
* Rename leader election files
* Always start profiling server whether component has LE lock or not
* Fix entering unreachable section when leader election is disabled
* Address PR feedback
* Revert "Add support for client TLS to pkg/metrics (#1045)"
This reverts commit 945b556708.
* Roll forward "Add support for client TLS to pkg/metrics (#1045)"
Adds support for client TLS certs for opencensus export
* Switch sharedmain to only pass a getter rather than an all-namespace lister.
* Add a TODO about using a cached copy if this generates undue load
* Update deps per build failure.
* Refactor per @anniefu suggestion
* looking at annotations for group overrides.
* checkpoint.
* checkpoint
* I think it is correct.
* ok
* trim down the files.
* simulate tekton
* working test out of checkin
* remove test client
* update docs
* and test.
* lint
* it ok
* update codegen
* Document the plan for metrics
* Update with issue links
* Update with other @mattmoor comments.
* Address feedback from @anniefu
* Update export address since `localhost` won't work for a DaemonSet.
* Add an explicit action item to migrate Prometheus
* Fix possible (ambiguous) link vs checkbox.
* Fix typo in metrics/README.md
* Add support for client TLS to pkg/metrics
* Address comments from @vagababov and @anniefu
* Finish removing Resource code
* Update name to be shorter and not require a double migration.
* Add tests for opencensus exporting with TLS
* ConversionController implementation
This controller will reconcile target CRDs with the correct
conversion webhook configuration. Specifically, the HTTP path and
CA bundle will be updated.
Additionally, the conversion controller will perform the given
conversions through a hub and spoke model utilizing the
apis.Convertible interface.
* Webhook now can host ConversionControllers
* injection/sharedmain now supports webhook.ConversionControllers
These conversion controllers will be hosted by the webhook that
the sharedmain will start
* support defaulting & include godoc
* tests: Rename 'cm' vars to 'cmw' for consistency
* Filter tracked sharedmain ConfigMaps based on label selector
The ConfigMap watcher only tracks the ConfigMaps which contain the label
defined by the optional SYSTEM_RESOURCE_LABEL env var if the latter
exists.
This augments the injection codegen with the capability to produce a duck.InformerFactory
attached to context for each type that we process.
Now a `duck.InformerFactory` for "Addressable" can be produced by "Get"ing it from the context.
This is triggered by placing `// +genduck` on the type that implements `duck.Implementable`.
With the simplified `webhook.New` signature, this supports detecting when one or more of the controllers we have launched has a `Reconciler` that implements `webhook.AdmissionController` and launching the webhook with this admission controllers registered.
There is still work that needs to be done to refactor the webhooks to follow this shape, but this hopefully starts to paint the picture of where things are headed.
This exposes metrics for the properties available through [here](https://godoc.org/runtime#MemStats) so that we can get some better visibility into things like GC pressure.
* update codegen so the fatal error messages are more informative
String representation of an untyped nil is 'nil' so the Fatal messages weren't useful
* generate k8s injection code
* generate apiextensions injection code
* use Fatal & move output paths
* switch from Fatal to Panic
* injection creates a single factory
* Profiling support
* Move ProfilingPort to profiling package
* Fix golint errors
* Refactor watcher to accept variable length observers
* Cleaner happy path
* Remove profiling handlers argument
* use :8008 string as const
* Make the profiling port package private
* Make UpdateFromConfigMap member of profiling handler
* use mutex when accessing the enabled flag
* test the server as well
* Fixes
* Initialize profiling from configMap at startup
* Use httptest.ResponseRecorder to make the test more lightweight
* Fixes
* Do not initialize from configmap at startup
* Read the logging configmap via API, not from the file system.
This makes it possible to run our controllers locally which can be super handy for quick development cycles.
* Use NewConfigFromConfigMap to avoid conversion.
* Implement a fallback mechanism and create a public helper.
* Remove some duplication.
* Rolling back some of the changes.
Our config loading currently only tries the given flags or in-cluster config. This also adds the KUBECONFIG env variable and the user's home directoy as fallback solutions to find a valid configuration.
That helps running our controllers locally with minimal effort.
This creates a base library that enables us to leverage the dependency
graph to convey injection dependencies. Our controllers will start
to get their informers off of a `context.Context` via `fooinformers.Get(ctx)`.
By simply linking `fooinformers` to access the informer in this way, we trigger
a cascade of `init`-time registrations for the informer, and its transitive
dependencies (e.g. shared informer factory, client).
The `ctx` is infused with these informers in `package main` by linking the
appropriate reconcilers (transitively registering everything) and then calling
`sharedmain.Main()` (from `github.com/knative/pkg/injection/sharedmain`).
Matt Moore
Scott Nichols
Ville Aikas
Victor Agababov
Weston Haught
Markus Thömmes
Matthew Broomfield
Kenjiro Nakayama
Knative Prow Robot
Andrew Su
Paul Morie
Evan Anderson
Scott Nichols
Evan Anderson
Matthias Wessendorf
Dave Protasowski
Antoine Cotten
Vincent
Matt Moore
Antoine Cotten
Spencer Peterson
Martin Gencur
Jean-Rémy Bancel
Joseph Lewis III
mattmoor-sockpuppet
chaodaiG