Kubernetes Operator for Nessie

[adutra]

No description provided.

[snazy]

Not really reviewing yet - just adding comments "randomly".

[snazy]

Just another batch of review comments.

[snazy]

Do you know where these messages during the build come from?

Invalid AnsiLogger Stream -> Swapping to default sdt out logger.
[WARN] Could not detect project version. Using 'latest'.

[adutra]

I don't know where the first line comes from.

The second one is from dekorate:

https://github.com/dekorateio/dekorate/blob/1c405a7a5228ec4459ef16c91e171aac46dddfb9/core/src/main/java/io/dekorate/project/GradleInfoReader.java#L133

[snazy]

All three HorizontalPodAutoScaler* classes look quite similar, rather equal. Any chance to unify the common/similar code?

[adutra]

Difficult because the classes look similar but share no common code in fabric8's code. However we can ask ourselves if it's still useful to support the beta variants, they have been all deprecated for a while now.

[snazy]

🤷

[snazy]

./gradlew :nessie-operator:test prints a lot to the console.

Some are warnings:

ismatched Quarkus version found: "3.10.0", expected: "3.8.3" by at least a minor version and things might not work as expected.
Mismatched Quarkus-provided Fabric8 Kubernetes Client version found: "6.11.0", expected: "6.10.0" by at least a minor version and things might not work as expected.
Build time property cannot be changed at runtime:
 - quarkus.tls.trust-all is set to 'true' but it is build time fixed to 'false'. Did you change the property quarkus.tls.trust-all after building the application?

Any chance to not let the exception be printed to the console?

[snazy]

Got this during the bigtable IT:

Unable to mount a file from test host into a running container. This may be a misconfiguration or limitation of your Docker environment. Some features might not work.

and then this output

[snazy]

Anything that needs to be configured for podman?

[adutra]

Any chance to not let the exception be printed to the console?

The first line comes from here:

https://github.com/quarkiverse/quarkus-operator-sdk/blob/b9f9ccb9a88c31947e169a2ca5d163e5921cdbf8/core/deployment/src/main/java/io/quarkiverse/operatorsdk/deployment/VersionAlignmentCheckingStep.java#L49

The "build time property cannot be changed" message comes probably from some dev service, but I couldn't find which one. See also quarkusio/quarkus#23680.

I don't know how to suppress these messages since they are logged during build, not during tests.

Got this during the bigtable IT:

Is this happening all the time, or randomly? I've never seen this. I will have to install podman to investigate. It's not related to BigTableIT, but rather to the start of the K3s container before the tests.

[rsvihladremio]

I went through the CRDs, reviewed some of the code and this is a good start for an operator. The operator framework is a decent fit and cuts down on the amount of logic to write and lifecycle to manage.

Note, I have not used it in anger, so I don't have any comments on the usability aspect beyond being able to say the CRDs are well formed and logica, in otherwords, I know what I'm configuring just by reading them.

Also, I think you may find that you will ultimately get a request for an operator UI as what you see here https://github.com/zalando/postgres-operator/blob/master/docs/operator-ui.md

Final comment, generally speaking, it does seem helm charts still remain very popular, so you will have to maintain both this and a helm chart, if there are not resources and you have to pick one I would pick the helm chart, but you will have users that prefer the operator, or even demand it.

[dorsegal]

I went through the CRDs, reviewed some of the code and this is a good start for an operator. The operator framework is a decent fit and cuts down on the amount of logic to write and lifecycle to manage.

Note, I have not used it in anger, so I don't have any comments on the usability aspect beyond being able to say the CRDs are well formed and logica, in otherwords, I know what I'm configuring just by reading them.

Also, I think you may find that you will ultimately get a request for an operator UI as what you see here https://github.com/zalando/postgres-operator/blob/master/docs/operator-ui.md

Final comment, generally speaking, it does seem helm charts still remain very popular, so you will have to maintain both this and a helm chart, if there are not resources and you have to pick one I would pick the helm chart, but you will have users that prefer the operator, or even demand it.

Note about the helm chart, I feel we (devops) want to use operators if we can but want to do it using regular helm charts. There are a lot of operators support installation + configuration using helm chart.

[adutra]

@dorsegal our plan is to distribute the operator using Helm charts initially. Operator Hub would be the ultimate goal, but that requires a lot more work.

[snazy]

Suggested change

	intTestCompileOnly(libs.microprofile.openapi)
	intTestCompileOnly(libs.microprofile.openapi)
	intTestCompileOnly(libs.immutables.value.annotations)

[snazy]

Suggested change

	FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:483.0.0-debian_component_based
	FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:484.0.0-debian_component_based

[snazy]

Suggested change

	FROM rancher/k3s:v1.30.2-k3s2
	FROM docker.io/rancher/k3s:v1.30.2-k3s2

[snazy]

Suggested change

	FROM mongo:7.0.12
	FROM docker.io/mongo:7.0.12

[snazy]

Suggested change

	FROM postgres:16.3
	FROM docker.io/postgres:16.3

[snazy]

Just a heads-up - when it's merged.

[snazy]

🤷

[snazy]

Suggested change

	.withLogConsumer(new Slf4jLogConsumer(logger))
	.withLogConsumer(new Slf4jLogConsumer(logger).withPrefix(container.getDockerImageName()))

[snazy]

Suggested change

	protected String inDockerIpAddress;
	private String inDockerIpAddress;
	protected String inDockerIpAddress() {
	if (inDockerIpAddress == null) {
	inDockerIpAddress = getInDockerIpAddress();
	}
	return inDockerIpAddress;
	}

[snazy]

Suggested change

	inDockerIpAddress =
	Objects.requireNonNull(
	getInDockerIpAddress(), "could not determine container's in-docker IP address");

[snazy]

Suggested change

	Logger logger = LoggerFactory.getLogger(getClass());
	inDockerIpAddress = null;
	Logger logger = LoggerFactory.getLogger(getClass());

[snazy]

Still can't get the integration tests to work. K3s doesn't work properly in rootless. There seem to be some ways to get that working - but currently hitting this error from k3s.

expected sysctl value \"net.ipv4.ip_forward\" to be \"1\", got \"0\"; try adding \"net.ipv4.ip_forward=1\" to /etc/sysctl.conf and running `sudo sysctl --system`

[adutra]

Still can't get the integration tests to work. K3s doesn't work properly in rootless.

Yeah I'm not sure running a Kubernetes cluster inside a rootless container is even possible.

[snazy]

Suggested change

	commandParts.add("--kubelet-arg=feature-gates=KubeletInUserNamespace=true");
	commandParts.add("--kubelet-arg=feature-gates=KubeletInUserNamespace=true");
	commandParts.add("--rootless");
	commandParts.add("--snapshotter=fuse-overlayfs");

[adutra]

K3s refuses to start for me:

2024-07-22 10:21:14 time="2024-07-22T08:21:14Z" level=warning msg="Running RootlessKit as the root user is unsupported."
2024-07-22 10:21:14 time="2024-07-22T08:21:14Z" level=warning msg="The host root filesystem is mounted as \"master:34\". Setting child propagation to \"\" is not supported."
2024-07-22 10:21:14 time="2024-07-22T08:21:14Z" level=fatal msg="failed to setup UID/GID map: failed to compute uid/gid map: open /etc/subuid: no such file or directory"

[dorsegal]

Do you plan to have GC implemented as part of the operator? I think it can be useful to have CRD for it

[adutra]

Do you plan to have GC implemented as part of the operator? I think it can be useful to have CRD for it

See here: #9415

So it's planned yes, but no ETA at the moment due to lack of interest from the community.