first cut at multi-tenant broker #2760
Conversation
knative-prow-robot
added
the
do-not-merge/work-in-progress
knative-prow-robot
added
the
size/XXL
knative-prow-robot
added
the
approved
cmd/mtbroker/ingress/main.go
Outdated
| configMapWatcher.Watch(loggingConfigMapName, logging.UpdateLevelFromConfigMap(sl, atomicLevel, component)) | ||
|
|
||
| bin := tracing.BrokerIngressName(tracing.BrokerIngressNameArgs{ | ||
| Namespace: "knative-eventing", |
There was a problem hiding this comment.
| Namespace: "knative-eventing", | |
| Namespace: system.Namespace(), |
config/500-mt-broker-controller.yaml
Outdated
| @@ -0,0 +1,64 @@ | |||
| # Copyright 2020 The Knative Authors | |||
There was a problem hiding this comment.
These should all go under ./brokers/mt-channel-broker
| configMapWatcher.Watch(loggingConfigMapName, logging.UpdateLevelFromConfigMap(sl, atomicLevel, component)) | ||
|
|
||
| bin := tracing.BrokerFilterName(tracing.BrokerFilterNameArgs{ | ||
| Namespace: env.Namespace, |
There was a problem hiding this comment.
This is the only use of Namespace, is this MT yet? Could it be system.Namespace() and drop that field?
pkg/reconciler/mtbroker/broker.go
Outdated
| // TODO(vaikas): Can we just add this into the controller as part of the filtering | ||
| // so they won't even get queued into my queue??? | ||
| if r.brokerClass != "" { | ||
| if b.GetAnnotations()[eventing.BrokerClassKey] != r.brokerClass { |
There was a problem hiding this comment.
Didn't the current broker just drop this logic?
| triggerLister: triggerInformer.Lister(), | ||
| brokerClass: env.BrokerClass, | ||
| } | ||
| impl := brokerreconciler.NewImpl(ctx, r) |
There was a problem hiding this comment.
I believe this needs to pass ClassName
pkg/reconciler/mtbroker/broker.go
Outdated
| b.Status.MarkFilterFailed("DeploymentFailure", "%v", err) | ||
| return err | ||
| } | ||
| b.Status.PropagateFilterDeploymentAvailability(filterDeployment) |
There was a problem hiding this comment.
This assumes a particular anatomy, which isn't particularly flexible. Given that all you really care about is whether the network endpoint is "ready", I would change this (and the same below) to examine the Endpoints resources for non-empty addresses.
This approach should also be portable to the single-tenant Broker, and is actually (very slightly) more correct because even if the Deployment is "ready" it doesn't necessarily follow that the Endpoints have observed that and been updated to reflect it.
There was a problem hiding this comment.
ack yes +1, just kept the existing behaviour for now as discussed offline :) I'll port your changes here.
Today the fact that the Broker lifecycle stuff propagates *Deployment* status for filter/ingress leaks implementation details into the API types. An example of where this leakage is bas would be if I were to run a multi-tenant broker (knative#2760) as something other than a Deployment. This change corrects one small part of this leaky interface by shifting from Deployment to Endpoints as the canonical resource for establishing readiness. This is also slightly more correct as it assesses not just whether the Deployment is ready, but whether that information has propagated to the Service / Endpoints.
Today the fact that the Broker lifecycle stuff propagates *Deployment* status for filter/ingress leaks implementation details into the API types. An example of where this leakage is bas would be if I were to run a multi-tenant broker (knative#2760) as something other than a Deployment. This change corrects one small part of this leaky interface by shifting from Deployment to Endpoints as the canonical resource for establishing readiness. This is also slightly more correct as it assesses not just whether the Deployment is ready, but whether that information has propagated to the Service / Endpoints.
knative-prow-robot
removed
the
do-not-merge/work-in-progress
|
/retest This test is flaky on testgrid |
Today the fact that the Broker lifecycle stuff propagates *Deployment* status for filter/ingress leaks implementation details into the API types. An example of where this leakage is bas would be if I were to run a multi-tenant broker (#2760) as something other than a Deployment. This change corrects one small part of this leaky interface by shifting from Deployment to Endpoints as the canonical resource for establishing readiness. This is also slightly more correct as it assesses not just whether the Deployment is ready, but whether that information has propagated to the Service / Endpoints.
| @@ -0,0 +1 @@ | |||
| roles/filter-clusterrole.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| roles/filter-clusterrole.yaml | |
| roles/filter-clusterrole.yaml | |
| @@ -0,0 +1 @@ | |||
| roles/filter-serviceaccount.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| roles/filter-serviceaccount.yaml | |
| roles/filter-serviceaccount.yaml | |
| @@ -0,0 +1 @@ | |||
| roles/ingress-clusterrole.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| roles/ingress-clusterrole.yaml | |
| roles/ingress-clusterrole.yaml | |
| @@ -0,0 +1 @@ | |||
| roles/ingress-serviceaccount.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| roles/ingress-serviceaccount.yaml | |
| roles/ingress-serviceaccount.yaml | |
| @@ -0,0 +1 @@ | |||
| roles/filter-clusterrolebinding.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| roles/filter-clusterrolebinding.yaml | |
| roles/filter-clusterrolebinding.yaml | |
| @@ -0,0 +1 @@ | |||
| roles/ingress-clusterrolebinding.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| roles/ingress-clusterrolebinding.yaml | |
| roles/ingress-clusterrolebinding.yaml | |
| @@ -0,0 +1 @@ | |||
| deployments/broker-filter.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| deployments/broker-filter.yaml | |
| deployments/broker-filter.yaml | |
| @@ -0,0 +1 @@ | |||
| deployments/broker-ingress.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| deployments/broker-ingress.yaml | |
| deployments/broker-ingress.yaml | |
| @@ -0,0 +1 @@ | |||
| deployments/controller.yaml | |||
There was a problem hiding this comment.
Add trailing newline:
| deployments/controller.yaml | |
| deployments/controller.yaml | |
|
The following is the coverage report on the affected files.
|
|
/test pull-knative-eventing-unit-tests |
|
/lgtm Awesome work. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: n3wscott, vaikas The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes #
Introduce a Multi Tenant Channel Based Broker that shares the running pieces of the code in knative-eventing namespace, instead of in the brokers namespace to make it easier, cheaper and simpler to operate brokers.
This uses a MTChannelBasedBroker class, and is not installed out of the box, so totes won't affect any existing code unless you want to play with it.
Proposed Changes
https://docs.google.com/document/d/1qYnmkRduWLUFQ3vEsaw7jU_mxS_nDHHkDkcGRf1_Fy4/edit#heading=h.ra3is5gwyzel
Release Note
Docs