nfd-worker: Add support to configure the ownerReference to Node#2041
nfd-worker: Add support to configure the ownerReference to Node#2041ozhuraki wants to merge 1 commit intokubernetes-sigs:masterfrom
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @ozhuraki. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ozhuraki The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
size/L
✅ Deploy Preview for kubernetes-sigs-nfd ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
marquiz
left a comment
marquiz
left a comment
There was a problem hiding this comment.
Thanks @ozhuraki for this.
I started to wonder should we make this default behavior, instead, name the option OwnerRefPod (defaulting to false). In this case we'd also need to update the docs/deployment/uninstallation.md with instructions how to remove stale nodefeature objects. Probably update other pages as well (like docs/deployment/uninstallation.md#uninstallation) and note/warn about stale NodeFeature files after uninstallation.
/cc @ArangoGutierrez @adrianchiris @ahmetb
/ok-to-test
k8s-ci-robot
added
ok-to-test
ozhuraki
force-pushed
the
owner-ref-node
branch
2 times, most recently
from
6335e04 to
3e90be9
Compare
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
|
/retest-required |
|
@ozhuraki: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/lifecycle frozen Still very much interested in this. 🙏 |
|
@ahmetb: The DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/reopen |
|
@marquiz: Reopened this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
ArangoGutierrez
left a comment
ArangoGutierrez
left a comment
There was a problem hiding this comment.
Sorry this sat so long — thanks for your patience. The feature itself makes sense and I'd like to land a version of it. A few things to work through:
- The branch is behind master and needs a rebase; CI has gone red since April.
- Main design question — see the inline note on
setOwnerReference. This currently changes the default owner from Pod to Node, which is a behavior change on upgrade for existing users. I'd prefer keeping Pod as the default and making Node opt-in, and ideally collapsing the two booleans into a single-owner-ref=none|pod|nodeflag (deprecating-no-owner-refs). Happy to discuss alternatives. - The test update in
nfd-worker_test.gosetsNoOwnerRefs: true, which skips the new owner-ref logic entirely — we'd need tests that actually exercise the new Pod and Node paths. - Could you also add
ownerRefPodtodeployment/helm/node-feature-discovery/values.yaml? Helm users won't otherwise discover the new option.
If any of this is a non-starter for you, let me know — happy to talk it through.
| owner.BlockOwnerDeletion = ptr.To(false) | ||
| ownerReference = append(ownerReference, owner) | ||
| if w.config.Core.OwnerRefPod { | ||
| // Get pod owner reference |
There was a problem hiding this comment.
Main concern with the current shape: wrapping the pre-existing Pod path in if OwnerRefPod and making Node the else flips the default owner from Pod to Node. Existing deployments upgrading would see their NodeFeature objects stop being owned by the worker Pod/DaemonSet.
Could we keep Pod as the default and make Node the opt-in? And, larger question: would you be open to a single enum flag -owner-ref=none|pod|node (deprecating -no-owner-refs) so we don't have two booleans encoding three states?
| return err | ||
| } else { | ||
| ownerReference = append(ownerReference, metav1.OwnerReference{ | ||
| APIVersion: "v1", |
There was a problem hiding this comment.
For the Node case, worth setting Controller and BlockOwnerDeletion explicitly — there's no other controller claiming NodeFeature, and being explicit matches the Pod branch and K8s conventions.
| nodeName := os.Getenv("NODE_NAME") | ||
| if nodeName != "" { | ||
| if selfNode, err := w.k8sClient.CoreV1().Nodes().Get(context.TODO(), nodeName, metav1.GetOptions{}); err != nil { | ||
| klog.ErrorS(err, "failed to get self node, cannot inherit ownerReference for NodeFeature") |
There was a problem hiding this comment.
Small thing while we're here: could we thread a context.Context into this function instead of context.TODO()? Pre-existing on the Pod branch, nice to fix on the way through.
| b := true | ||
| args := &worker.Args{ | ||
| Oneshot: true, | ||
| Oneshot: true, |
There was a problem hiding this comment.
Setting NoOwnerRefs: true here skips the new owner-ref logic entirely — the new code isn't exercised by any test. Could we add a table-driven test over the {none, pod, node} configurations, pre-creating a fake Node with a known UID and asserting the resulting OwnerReferences? That would also cover the Node-not-found error path.
| manually delete stale NodeFeature objects. | ||
|
|
||
| ```bash | ||
| kubectl delete -n node-feature-discovery NodeFeature $(kubectl get -o json -n node-feature-discovery NodeFeature | jq ".items[].metadata.name") |
There was a problem hiding this comment.
Small fix: jq ".items[].metadata.name" emits quoted strings, which kubectl delete will reject. Two options — add -r to jq, or simpler: kubectl delete -n node-feature-discovery nodefeatures.nfd.k8s-sigs.io --all.
6 participants
Closes: #2039