Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade: controller-gen v0.5.0, conversion-gen v0.20.2 #111

Merged

Conversation

julianKatz
Copy link
Contributor

@julianKatz julianKatz commented Apr 23, 2021

frameworks/constraint had previously been reliant on an outdated version
of the controller-gen library for generating CRDs with embedded
JSONSchemas. The older version of the library wasn't built to detect
a nested JSONSchema, and thus would not refuse it.

With the requirement of v1 CRDs around the corner in k8s 1.22,
framework/constraint requires the newer controller-gen v0.5.0. This
library version can output v1 CRD.

The conversion logic was also in need of a library upgrade, with
conversion-gen v0.21.0 now generating the necessary files.

This PR does not output a v1 CRD for Constraint Template. That will
be left for a future PR. This PR brings the two binaries up-to-date.

Note: I attempted to dockerize these two binaries. Controller-gen
worked fine, but for some reason conversion-gen couldn't write to the
filesystem. The output looked fine, but no dice. Rather than figure
out why, I decided to punt on the dockeriziation effort.

@julianKatz julianKatz force-pushed the upgrade-controller-gen branch from 40c7936 to 97d09fe Compare April 23, 2021 00:25
@julianKatz julianKatz requested a review from maxsmythe April 23, 2021 00:25
served: true
storage: false

version: v1beta1
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would love to get rid of this completely, but I'm not sure how.

@maxsmythe you know the kubebuilder annotations pretty well... do you know how to change it?

That said, all the v1beta1 CRD examples in this kubernetes documentation don't even include the version: field, so maybe we can just remove it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the version field just needs to equal the first item in the versions list, if present.

From the looks of it, this can be removed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like leaving it in is actually breaking the unit tests

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed it using kustomize

Copy link
Contributor

@maxsmythe maxsmythe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically LGTM with two nits.

@sozercan Can you see if this alone is enough to unblock your upgrading controller-runtime in GK? I'm skeptical because I'm not seeing new methods in the autogenned code.

If not, maybe controller-gen takes its cues from the version of controller-runtime used. And we'll need to upgrade that dependency and regen.

served: true
storage: false

version: v1beta1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the version field just needs to equal the first item in the versions list, if present.

From the looks of it, this can be removed.

@sozercan
Copy link
Member

sozercan commented Apr 23, 2021

@maxsmythe I think we will need to regenerate the conversions for it to work with new apimachinery. Sounds like when we regenerate with new version, it should remove s.Convert() or have it accept 2 args.

https://github.com/julianKatz/frameworks/blob/upgrade-controller-gen/constraint/pkg/apis/templates/v1beta1/zz_generated.conversion.go#L438

#17 59.04 # github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1alpha1
#17 59.04 vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1alpha1/zz_generated.conversion.go:438:22: too many arguments in call to s.Convert
#17 59.04 	have (*v1beta1.JSONSchemaProps, *apiextensions.JSONSchemaProps, number)
#17 59.04 	want (interface {}, interface {})
#17 59.04 vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1alpha1/zz_generated.conversion.go:457:22: too many arguments in call to s.Convert
#17 59.04 	have (*apiextensions.JSONSchemaProps, *v1beta1.JSONSchemaProps, number)
#17 59.04 	want (interface {}, interface {})
#17 59.07 # github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1
#17 59.07 vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1/zz_generated.conversion.go:438:22: too many arguments in call to s.Convert
#17 59.07 	have (*v1beta1.JSONSchemaProps, *apiextensions.JSONSchemaProps, number)
#17 59.07 	want (interface {}, interface {})
#17 59.07 vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1/zz_generated.conversion.go:457:22: too many arguments in call to s.Convert
#17 59.07 	have (*apiextensions.JSONSchemaProps, *v1beta1.JSONSchemaProps, number)
#17 59.07 	want (interface {}, interface {})

@maxsmythe
Copy link
Contributor

@sozercan WDYT of committing this as-is (as this change at least gets us to a workable version of controller-gen), then we can play around with figuring out whatever kind of poking we need to do to update the conversion function signatures?

@maxsmythe
Copy link
Contributor

@sozercan @julianKatz It looks like controller-gen doesn't integrate conversion-gen, which is what is used to generate the conversion functions. We'll need to keep building/applying that one manually (if possible):

https://pkg.go.dev/k8s.io/code-generator/cmd/conversion-gen

Luckily conversion-gen appears to be versioned in lockstep with K8s, so we should be able to upgrade it along with controller-runtime.

@maxsmythe
Copy link
Contributor

Also, because we can just move dependencies in lockstep now, we wont need to run conversion-gen as it's own, self-contained gomodule/docker container.

@sozercan
Copy link
Member

can we re-add the conversion-gen parts back to makefile (and whatever else is missing)? So we can only focus on upgrading controller-gen in this PR and follow up on conversion-gen later.

@julianKatz julianKatz force-pushed the upgrade-controller-gen branch 2 times, most recently from 4c29f6c to 56ce6ad Compare April 27, 2021 20:07
@codecov-commenter
Copy link

codecov-commenter commented Apr 27, 2021

Codecov Report

Merging #111 (4c29f6c) into master (804ff2e) will decrease coverage by 0.26%.
The diff coverage is n/a.

❗ Current head 4c29f6c differs from pull request most recent head 56ce6ad. Consider uploading reports for the commit 56ce6ad to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##           master     #111      +/-   ##
==========================================
- Coverage   44.15%   43.89%   -0.27%     
==========================================
  Files          27       27              
  Lines        2405     2383      -22     
==========================================
- Hits         1062     1046      -16     
+ Misses       1023     1017       -6     
  Partials      320      320              
Flag Coverage Δ
unittests 43.89% <ø> (-0.27%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...kg/apis/templates/v1beta1/zz_generated.deepcopy.go 29.46% <0.00%> (-3.87%) ⬇️
...g/apis/templates/v1alpha1/zz_generated.deepcopy.go 29.46% <0.00%> (-3.87%) ⬇️
...apis/templates/v1beta1/constrainttemplate_types.go 100.00% <0.00%> (ø)
...pis/templates/v1alpha1/constrainttemplate_types.go 100.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 804ff2e...56ce6ad. Read the comment docs.

@julianKatz julianKatz force-pushed the upgrade-controller-gen branch 2 times, most recently from 6f0e4bb to b7f544a Compare April 28, 2021 00:07
@julianKatz julianKatz changed the title Dockerize and upgrade controller-gen to v0.5.0 Upgrade: controller-gen v0.5.0, conversion-gen v0.21.0 Apr 28, 2021
return err
}
// FIXME: Provide conversion function to convert apiextensionsv1beta1.JSONSchemaProps to apiextensions.JSONSchemaProps
compileErrorOnMissingConversion()
Copy link
Member

@sozercan sozercan Apr 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is an issue generating these conversions (and why lint is failing). not sure why this happens since these conversions exists.

example:

func autoConvert_v1beta1_Validation_To_templates_Validation(in *Validation, out *templates.Validation, s conversion.Scope) error {
        if in.OpenAPIV3Schema != nil {
                in, out := &in.OpenAPIV3Schema, &out.OpenAPIV3Schema
                *out = new(apiextensions.JSONSchemaProps)
                if err := v1.Convert_v1_JSONSchemaProps_To_apiextensions_JSONSchemaProps(*in, *out, s); err != nil {
                        return err
                }
        } else {
                out.OpenAPIV3Schema = nil
        }
        return nil
}

func autoConvert_templates_Validation_To_v1beta1_Validation(in *templates.Validation, out *Validation, s conversion.Scope) error {
        if in.OpenAPIV3Schema != nil {
                in, out := &in.OpenAPIV3Schema, &out.OpenAPIV3Schema
                *out = new(v1.JSONSchemaProps)
                if err := v1.Convert_apiextensions_JSONSchemaProps_To_v1_JSONSchemaProps(*in, *out, s); err != nil {
                        return err
                }
        } else {
                out.OpenAPIV3Schema = nil
        }
        return nil
}

Copy link
Contributor Author

@julianKatz julianKatz Apr 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this is a bug (kubernetes/kubernetes#98380)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

False alarm! I just needed to make that package available to conversion-gen. Thanks for posting that example @sozercan, that was the clue I needed.

Copy link
Member

@sozercan sozercan Apr 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue says it's for types containing an array of pointers to custom objects. Does this apply to our types?

Is this a blocker? What are our options here?

glad it's resolved!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, it isn't completely resolved. I've included notes in Makefile.

But, I've got us frankensteined together enough to move forward.

# Install the generation dependencies on the location machine
gen-dependencies:
GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/[email protected]
GO111MODULE=on go get k8s.io/code-generator/cmd/[email protected]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we align this with controller-gen dependency version (v0.20.2)?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want to align this with the cert-controller dependency version (but that is also v0.20.2):

https://github.com/open-policy-agent/cert-controller/blob/c6f841d912f7d057a4e9fc3fe2c49951b68ba931/go.mod#L9-L11

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will update

@julianKatz julianKatz force-pushed the upgrade-controller-gen branch from b7f544a to eedf931 Compare April 28, 2021 20:51
@maxsmythe
Copy link
Contributor

Checks are failing.

Can we exclude zz_generated.* files from the linter? Because we don't control their contents we're mostly concerned with whether or not they build.

For the unit tests, it looks like we need to change the controller-gen invocation to go run ...

@sozercan
Copy link
Member

@maxsmythe linter is failing because of undefined function getting generated (which is meant to cause build failure) #111 (review)

@julianKatz julianKatz force-pushed the upgrade-controller-gen branch from eedf931 to 0c5e494 Compare April 29, 2021 18:17
@julianKatz
Copy link
Contributor Author

julianKatz commented Apr 29, 2021

With the default call to conversion-gen, there are four missing conversions, divided into two packages (constraint/pkg/apis/templates/v1alpha1, constraint/pkg/apis/templates/v1beta). The missing conversions are the same two:

apiextensions.JSONSchemaProps to apiextensionsv1beta1.JSONSchemaProps

and

 apiextensions.JSONSchemaProps to v1beta1.JSONSchemaProps

The first is fixed by including the apiextensionsv1beta1 package (containing the auto-genned conversion function) as a flag on converison-gen:

--extra-peer-dirs=k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1

But, the second remains unfixed. Why?

It turns out that the conversion function we'd expect is actually a human written one, found at vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/conversion.go (as opposed to the generated zz_generated.conversion.go within the same package). For some reason, conversion-gen isn't able to handle that when including apiextensions/v1beta.

AFAICT, this is a bug (albeit a different one than the one I mentioned earlier).

In the meantime, I can change the line of code manually and we can move on. I'll file a bug in conversion-gen as well.

EDIT: This isn't quite right actually. It turns out that the necessary function is already generated. See it defined in the generated file.

I'm lost as to why this is happening.

@julianKatz julianKatz force-pushed the upgrade-controller-gen branch from 0c5e494 to f37e4f8 Compare April 29, 2021 20:06
@sozercan
Copy link
Member

@julianKatz there are more investigations at kubernetes/kubernetes#101567

@julianKatz julianKatz force-pushed the upgrade-controller-gen branch 4 times, most recently from a4911cf to 197a4b3 Compare April 30, 2021 22:08
@julianKatz julianKatz changed the title Upgrade: controller-gen v0.5.0, conversion-gen v0.21.0 Upgrade: controller-gen v0.5.0, conversion-gen v0.20.2 Apr 30, 2021
@julianKatz
Copy link
Contributor Author

Update:

I've gotten around the conversion-gen bug with some manual code editing and created an issue (#112) to track the fix in this repository.

In the meantime, I believe this PR can move forward.

@julianKatz
Copy link
Contributor Author

Unit tests are passing now. PTAL: @maxsmythe @sozercan @shomron

Copy link
Contributor

@maxsmythe maxsmythe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM with 1 nit, @sozercan LGTY?

docker build . -t constraint-test && docker run -t constraint-test

# Install CRDs into a cluster
install: manifests
kubectl apply -f config/crds

# Install the generation dependencies on the location machine
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: location => local?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops, will change

@maxsmythe maxsmythe requested a review from sozercan April 30, 2021 22:41
@sozercan
Copy link
Member

sozercan commented May 3, 2021

Not a huge fan of the manual code update, but I don't see any other way forward :( Can we document what to manually update in conversion? (perhaps add in #112)

@julianKatz
Copy link
Contributor Author

julianKatz commented May 3, 2021

@sozercan Good call.

I'll add a sample diff in #112 and link to it in both conversion files

frameworks/constraint had previously been reliant on an outdated version
of the controller-gen library for generating CRDs with embedded
JSONSchemas.  The older version of the library wasn't built to detect
a nested JSONSchema, and thus would not refuse it.

With the requirement of v1 CRDs around the corner in k8s 1.22,
framework/constraint requires the newer controller-gen v0.5.0.  This
library version can output v1 CRD.

The conversion logic was also in need of a library upgrade, with
conversion-gen v0.21.0 now generating the necessary files.

This PR _does not_ output a v1 CRD for Constraint Template.  That will
be left for a future PR.  This PR brings the two binaries up-to-date.

Note: I attempted to dockerize these two binaries.  Controller-gen
worked fine, but for some reason conversion-gen couldn't write to the
filesystem.  The output looked fine, but no dice.  Rather than figure
out why, I decided to punt on the dockeriziation effort.

Signed-off-by: juliankatz <[email protected]>
@julianKatz julianKatz force-pushed the upgrade-controller-gen branch from 197a4b3 to 0e7217e Compare May 3, 2021 20:09
@sozercan
Copy link
Member

sozercan commented May 3, 2021

@julianKatz ready to merge?

@julianKatz julianKatz merged commit 3f51770 into open-policy-agent:master May 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants