feat: ListNodeImageVersions + shared image gallery support #526
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pull Request Test Coverage Report for Build 11371322239Details
💛 - Coveralls |
Bryce-Soghigian
commented
Oct 16, 2024
| func (n NodeImageVersionsAPI) List(_ context.Context, _, _ string) (imagefamily.NodeImageVersionsResponse, error) { | ||
| return imagefamily.NodeImageVersionsResponse{ | ||
| Values: []imagefamily.NodeImageVersion{ | ||
| { |
There was a problem hiding this comment.
TODO: Codegen this data
Bryce-Soghigian
commented
Oct 16, 2024
pkg/cloudprovider/drift.go
Outdated
|
|
||
| expectedImageID, err := c.imageProvider.GetImageID(ctx, communityImageName, publicGalleryURL, nodeClass.Spec.GetImageVersion()) | ||
| expectedImageID, err := c.imageProvider.GetLatestImageID(ctx, imageStub, nodeClass.Spec.GetImageVersion()) |
There was a problem hiding this comment.
note this will trigger drift when we switch it on going from community to sig
Bryce-Soghigian
commented
Oct 16, 2024
pkg/operator/options/options.go
Outdated
| @@ -90,6 +94,8 @@ func (o *Options) AddFlags(fs *coreoptions.FlagSet) { | |||
| fs.StringVar(&o.SubnetID, "vnet-subnet-id", env.WithDefaultString("VNET_SUBNET_ID", ""), "The default subnet ID to use for new nodes. This must be a valid ARM resource ID for subnet that does not overlap with the service CIDR or the pod CIDR") | |||
| fs.Var(newNodeIdentitiesValue(env.WithDefaultString("NODE_IDENTITIES", ""), &o.NodeIdentities), "node-identities", "User assigned identities for nodes.") | |||
| fs.StringVar(&o.NodeResourceGroup, "node-resource-group", env.WithDefaultString("AZURE_NODE_RESOURCE_GROUP", ""), "[REQUIRED] the resource group created and managed by AKS where the nodes live") | |||
| fs.BoolVar(&o.ManagedKarpenter, "managed-karpenter", env.WithDefaultBool("MANAGED_KARPENTER", false), "Whether Karpenter is managed by AKS or not.") | |||
There was a problem hiding this comment.
Suggested change
| fs.BoolVar(&o.ManagedKarpenter, "managed-karpenter", env.WithDefaultBool("MANAGED_KARPENTER", false), "Whether Karpenter is managed by AKS or not.") | |
| fs.BoolVar(&o.ManagedKarpenter, "managed-karpenter", env.WithDefaultBool("MANAGED_KARPENTER", false), "[MANAGED-FLAG] Whether Karpenter is managed by AKS or not.") |
Bryce-Soghigian
commented
Oct 16, 2024
| @@ -90,6 +94,8 @@ func (o *Options) AddFlags(fs *coreoptions.FlagSet) { | |||
| fs.StringVar(&o.SubnetID, "vnet-subnet-id", env.WithDefaultString("VNET_SUBNET_ID", ""), "The default subnet ID to use for new nodes. This must be a valid ARM resource ID for subnet that does not overlap with the service CIDR or the pod CIDR") | |||
| fs.Var(newNodeIdentitiesValue(env.WithDefaultString("NODE_IDENTITIES", ""), &o.NodeIdentities), "node-identities", "User assigned identities for nodes.") | |||
| fs.StringVar(&o.NodeResourceGroup, "node-resource-group", env.WithDefaultString("AZURE_NODE_RESOURCE_GROUP", ""), "[REQUIRED] the resource group created and managed by AKS where the nodes live") | |||
| fs.BoolVar(&o.ManagedKarpenter, "managed-karpenter", env.WithDefaultBool("MANAGED_KARPENTER", false), "Whether Karpenter is managed by AKS or not.") | |||
| fs.StringVar(&o.SIGSubscriptionID, "sig-subscription-id", env.WithDefaultString("SIG_SUBSCRIPTION_ID", ""), "The subscription ID of the shared image gallery.") | |||
There was a problem hiding this comment.
Suggested change
| fs.StringVar(&o.SIGSubscriptionID, "sig-subscription-id", env.WithDefaultString("SIG_SUBSCRIPTION_ID", ""), "The subscription ID of the shared image gallery.") | |
| fs.StringVar(&o.SIGSubscriptionID, "sig-subscription-id", env.WithDefaultString("SIG_SUBSCRIPTION_ID", ""), "[MANAGED-FLAG] The subscription ID of the shared image gallery we want to point to") |
rakechill
reviewed
Oct 16, 2024
pkg/operator/options/options.go
Outdated
| @@ -74,6 +74,10 @@ type Options struct { | |||
| SubnetID string // => VnetSubnetID to use (for nodes in Azure CNI Overlay and Azure CNI + pod subnet; for for nodes and pods in Azure CNI), unless overridden via AKSNodeClass | |||
| setFlags map[string]bool | |||
|
|
|||
| ManagedKarpenter bool // => ManagedKarpenter is true if Karpenter is managed by AKS, false if it is a self-hosted karpenter installation | |||
There was a problem hiding this comment.
remind me: is there any way to prevent self-hosted users from setting this?
There was a problem hiding this comment.
no, presumably they good set it if they wanted to, but after we put Agentbaker bootstrapping behind this flag bootstrapping won't work for them.
I guess we could also determine if we are using managed based on the kubeclients or build path(main_ccp.go vs main.go) but i thought we wanted to remove those and consolidate them eventually.
There was a problem hiding this comment.
Maybe this should be an enum?
Mode:
- Managed
- SelfHosted
With default SelfHosted?
@matthchr, feel like I remember best practice of using enums instead of bools?
3 tasks
charliedmcb
reviewed
Oct 17, 2024
pkg/providers/imagefamily/image.go
Outdated
| } | ||
|
|
||
| const ( | ||
| kubernetesVersionCacheKey = "kubernetesVersion" | ||
|
|
||
| // if imageVersion is equal to an "", then we will get the latest version | ||
| autoUpgradeMode = "" |
There was a problem hiding this comment.
Since we are looking to remove imageVersion I think leaving this out for now would be best.
There was a problem hiding this comment.
Oh, missed this is a const. Makes sense for clarity. However, should still be getting removed.
tallaxes
reviewed
Nov 12, 2024
pkg/providers/imagefamily/image.go
Outdated
| // /subscriptions/{subscriptionID}/resourceGroups/{resourceGroup}/providers/Microsoft.Compute/galleries/{galleryName}/images/{imageDefinition}/versions/{imageVersion}. | ||
| // If imageVersion is an empty string, it fetches the latest version of the image and caches it for imageExpirationInterval (3 days). | ||
| func (p *Provider) getImageIDSIG(ctx context.Context, imgStub DefaultImageOutput, imageVersion string) (string, error) { | ||
| key := fmt.Sprintf(sharedImageGalleryImageIDFormat, options.FromContext(ctx).SIGSubscriptionID, imgStub.GalleryResourceGroup, imgStub.GalleryName, imgStub.ImageDefinition, imageVersion) |
There was a problem hiding this comment.
Why does subscription ID need to be part of the key?
There was a problem hiding this comment.
We could reconstruct the full id without the cache including subscription id. Especially since sub is a constant. Good catch.
pkg/providers/imagefamily/image.go
Outdated
| if imageID, ok := p.imageCache.Get(key); ok { | ||
| return imageID.(string), nil | ||
| } | ||
| if imageVersion == autoUpgradeMode { |
There was a problem hiding this comment.
Looking forward to simplified code w/o imageVersion
pkg/providers/imagefamily/image.go
Outdated
| imageID, imageExpirationInterval) | ||
| } | ||
| // return the latest version of the image from the cache after we have caached all of the imageDefinitions | ||
| if imageID, ok := p.imageCache.Get(key); ok { |
There was a problem hiding this comment.
What guarantees this key will be available?
There was a problem hiding this comment.
We iterate through all the image definitions + image versions from ListNodeImageVersions call before this section and set them in the cache.
for _, version := range versions.Values {
imageID := fmt.Sprintf(sharedImageGalleryImageIDFormat, options.FromContext(ctx).SIGSubscriptionID, imgStub.GalleryResourceGroup, imgStub.GalleryName, version.SKU, version.Version)
cacheKey := fmt.Sprintf(sharedImageGalleryImageIDFormat, options.FromContext(ctx).SIGSubscriptionID, imgStub.GalleryResourceGroup, imgStub.GalleryName, version.SKU, autoUpgradeMode)
p.imageCache.Set(
cacheKey,
imageID, imageExpirationInterval)
}| @@ -137,11 +140,13 @@ func NewAZClient(ctx context.Context, cfg *auth.Config, env *azure.Environment) | |||
| } | |||
| klog.V(5).Infof("Created azure resource graph client %v, using a token credential", azureResourceGraphClient) | |||
|
|
|||
| imageVersionsClient, err := armcomputev5.NewCommunityGalleryImageVersionsClient(cfg.SubscriptionID, cred, opts) | |||
| communityImageVersionsClient, err := armcomputev5.NewCommunityGalleryImageVersionsClient(cfg.SubscriptionID, cred, opts) | |||
There was a problem hiding this comment.
This client may not be needed, based on SIG flag, right? Would be good to only instantiate clients that are needed.
pkg/operator/options/options.go
Outdated
| @@ -90,6 +94,8 @@ func (o *Options) AddFlags(fs *coreoptions.FlagSet) { | |||
| fs.StringVar(&o.SubnetID, "vnet-subnet-id", env.WithDefaultString("VNET_SUBNET_ID", ""), "The default subnet ID to use for new nodes. This must be a valid ARM resource ID for subnet that does not overlap with the service CIDR or the pod CIDR") | |||
| fs.Var(newNodeIdentitiesValue(env.WithDefaultString("NODE_IDENTITIES", ""), &o.NodeIdentities), "node-identities", "User assigned identities for nodes.") | |||
| fs.StringVar(&o.NodeResourceGroup, "node-resource-group", env.WithDefaultString("AZURE_NODE_RESOURCE_GROUP", ""), "[REQUIRED] the resource group created and managed by AKS where the nodes live") | |||
| fs.BoolVar(&o.ManagedKarpenter, "use-sig", env.WithDefaultBool("USE_SIG", false), "If set to true karpenter will use the AKS managed shared image galleries and the node image versions api. If set to false karpenter will use community image galleries. Only a subset of image features will be available in the community image galleries and this flag is only for the managed node provisioning addon.") | |||
There was a problem hiding this comment.
Can we rename the internal variable?
pkg/providers/imagefamily/image.go
Outdated
| // GetLatestImageID returns the latest image ID for the given image version and image specification | ||
| func (p *Provider) GetLatestImageID(ctx context.Context, defaultImage DefaultImageOutput, imageVersion string) (string, error) { | ||
| // Managed Karpenter will use the AKS Managed Shared Image Galleries | ||
| if options.FromContext(ctx).ManagedKarpenter { |
There was a problem hiding this comment.
Can one cache here, instead of later?
…ng out unsupported galleries
Bryce-Soghigian
force-pushed
the
bsoghigian/list-node-image-versions-poc
branch
from
321f082
to
cc07eb7
Compare
|
<TODO: Move from 04-02 preview to 09-02 preview> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #
Description
This pr introduces
Open Qs:
Are we ok with all Nodes with Community Image gallery node images being drifted over to use SIG in managed karpenter with this change?
How was this change tested?
Does this change impact docs?
Release Note