Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update olm addon to v0.17.0 #10947

Merged
merged 2 commits into from
May 3, 2021
Merged

Update olm addon to v0.17.0 #10947

merged 2 commits into from
May 3, 2021

Conversation

kadel
Copy link
Member

@kadel kadel commented Mar 29, 2021
edited
Loading

  • update olm addon to use OLM v0.17.0

fixes #10768

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 29, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kadel
To complete the pull request process, please assign tstromberg after the PR has been reviewed.
You can assign the PR to them by writing /assign @tstromberg in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Mar 29, 2021
@minikube-bot
Copy link
Collaborator

Can one of the admins verify this patch?

medyagh
medyagh requested changes Mar 30, 2021
View reviewed changes
Copy link
Member

@medyagh medyagh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the crds.yaml.tmpl diff says

11,302 additions, 10,357 deletions not shown because the diff is too large. Please use a local Git client to view these changes.

this doesnt sound right, do u mind clarifying what is inside that file?

deploy/addons/olm/olm.yaml.tmpl
@@ -78,9 +78,9 @@ spec:
command:
- /bin/olm
args:
- -namespace
- --namespace
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the reason for the additional -- ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

old OLM versions were using flags at some point they switched to github.com/spf13/pflag library, hence move from - to --

@kadel
Copy link
Member Author

kadel commented Mar 30, 2021
edited
Loading

the crds.yaml.tmpl diff says

11,302 additions, 10,357 deletions not shown because the diff is too large. Please use a local Git client to view these changes.

this doesnt sound right, do u mind clarifying what is inside that file?

This is correct. It contains all CustomeResourceDefinitions used by OLM. This is taken from the official v0.17.0 release artifcats. You can check it at https://github.com/operator-framework/operator-lifecycle-manager/releases/tag/v0.17.0

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 30, 2021
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 30, 2021
@sharifelgamal
Copy link
Collaborator

sharifelgamal commented Apr 1, 2021
edited
Loading

Hey @kadel, we have a test (in test/integration/addons_test.go) that currently skips testing the OLM addon. Could you remove the skip so that we can properly test this PR?

Thanks!

@kadel
Copy link
Member Author

kadel commented Apr 2, 2021

Hey @kadel, we have a test (in test/integration/addons_test.go) that currently skips testing the OLM addon. Could you remove the skip so that we can properly test this PR?

Thanks!

oh, I haven't noticed the integration test.
Done.

@sharifelgamal
Copy link
Collaborator

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Apr 2, 2021
@minikube-pr-bot
Copy link

kvm2 Driver
error collecting results for kvm2 driver: timing run 0 with Minikube (PR 10947): timing cmd: [/home/performance-monitor/.minikube/minikube-binaries/10947/minikube start --driver=kvm2]: starting cmd: fork/exec /home/performance-monitor/.minikube/minikube-binaries/10947/minikube: exec format error
docker Driver
error collecting results for docker driver: timing run 0 with Minikube (PR 10947): timing cmd: [/home/performance-monitor/.minikube/minikube-binaries/10947/minikube start --driver=docker]: starting cmd: fork/exec /home/performance-monitor/.minikube/minikube-binaries/10947/minikube: exec format error

medyagh
medyagh requested changes Apr 8, 2021
View reviewed changes
deploy/addons/olm/olm.yaml.tmpl
@@ -326,8 +328,16 @@ spec:
requests:
cpu: 10m
memory: 50Mi
securityContext:
runAsUser: 1000
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this required ? this seems to give Root Access to the addon,
do u mind clarifying why we need to run with more special access ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't work on OLM directly I'm just a user and I did not write this definition. This comes from the official OLM release artifacts.

But If I'm not mistaken root has uid 0. This is not giving any special access to the container, it is doing quite the opposite. It ensures that the container can't run anything as root.
1000 is the first non-root user. Even if the image is built in a way that it runs as root inside the container, this will force it to be non-root.

Copy link
Member

@medyagh medyagh May 3, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that makes sense ! thanks for the clarifying, I mistakenly thought it was user 1

deploy/addons/olm/olm.yaml.tmpl
@@ -308,7 +310,7 @@ spec:
- --global-namespace
- olm
image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}}
imagePullPolicy: IfNotPresent
imagePullPolicy: Always
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this change related to bumping the version ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

@minikube-pr-bot
Copy link

kvm2 Driver
Times for minikube start: 50.3s 48.5s 48.3s 49.9s 52.1s
Average time for minikube start: 49.8s

Times for minikube ingress: 43.3s 36.4s 46.3s 43.8s 36.4s
Average time for minikube ingress: 41.2s

Times for minikube (PR 10947) start: 47.8s 51.8s 52.5s 48.9s 48.7s
Average time for minikube (PR 10947) start: 49.9s

Times for minikube (PR 10947) ingress: 43.3s 43.3s 45.0s 36.7s 34.8s
Average time for minikube (PR 10947) ingress: 40.6s

Averages Time Per Log

+--------------------------------------------+----------+---------------------+
|                    LOG                     | MINIKUBE | MINIKUBE (PR 10947) |
+--------------------------------------------+----------+---------------------+
| * minikube v1.19.0 on Debian               | 0.0s     | 0.0s                |
| 9.13 (kvm/amd64)                           |          |                     |
|   - MINIKUBE_LOCATION=10947                | 0.0s     | 0.0s                |
| * Using the kvm2 driver based              | 0.0s     |                     |
| on existing profile                        |          |                     |
| * Starting control plane node              | 0.0s     | 0.0s                |
| minikube in cluster minikube               |          |                     |
| * Creating kvm2 VM (CPUs=2,                | 30.2s    | 30.4s               |
| Memory=6000MB, Disk=20000MB)               |          |                     |
| ...                                        |          |                     |
| * Preparing Kubernetes v1.20.2             | 14.2s    | 8.0s                |
| on Docker 20.10.4 ...                      |          |                     |
|   - Generating certificates                | 0.6s     | 1.8s                |
| and keys ...                               |          |                     |
|   - Booting up control plane               | 2.4s     | 7.2s                |
| ...                                        |          |                     |
|   - Configuring RBAC rules ...             | 1.1s     | 1.3s                |
| * Verifying Kubernetes                     | 0.0s     | 0.0s                |
| components...                              |          |                     |
|   - Using image                            | 1.0s     | 1.0s                |
| gcr.io/k8s-minikube/storage-provisioner:v5 |          |                     |
| * Enabled addons:                          | 0.1s     | 0.2s                |
| storage-provisioner,                       |          |                     |
| default-storageclass                       |          |                     |
| * Done! kubectl is now                     | 0.0s     | 0.0s                |
| configured to use "minikube"               |          |                     |
| cluster and "default"                      |          |                     |
| namespace by default                       |          |                     |
+--------------------------------------------+----------+---------------------+

docker Driver
Times for minikube start: 22.3s 21.3s 22.9s 21.2s 21.3s
Average time for minikube start: 21.8s

Times for minikube ingress: 37.0s 35.0s 37.0s 31.0s 34.0s
Average time for minikube ingress: 34.8s

Times for minikube (PR 10947) start: 21.5s 22.5s 21.0s 21.8s 22.0s
Average time for minikube (PR 10947) start: 21.8s

Times for minikube (PR 10947) ingress: 32.5s 35.0s 33.5s 33.5s 38.0s
Average time for minikube (PR 10947) ingress: 34.5s

Averages Time Per Log

+--------------------------------------------+----------+---------------------+
|                    LOG                     | MINIKUBE | MINIKUBE (PR 10947) |
+--------------------------------------------+----------+---------------------+
| * minikube v1.19.0 on Debian               | 0.0s     | 0.0s                |
| 9.13 (kvm/amd64)                           |          |                     |
|   - MINIKUBE_LOCATION=10947                | 0.1s     | 0.1s                |
| * Using the docker driver                  | 0.1s     |                     |
| based on existing profile                  |          |                     |
| * Starting control plane node              | 0.1s     | 0.1s                |
| minikube in cluster minikube               |          |                     |
| * Creating docker container                | 6.9s     | 6.7s                |
| (CPUs=2, Memory=8000MB) ...                |          |                     |
| * Preparing Kubernetes v1.20.2             | 4.2s     | 4.0s                |
| on Docker 20.10.5 ...                      |          |                     |
|   - Generating certificates                | 1.7s     | 2.0s                |
| and keys ...                               |          |                     |
|   - Booting up control plane               | 6.8s     | 6.9s                |
| ...                                        |          |                     |
|   - Configuring RBAC rules ...             | 1.1s     | 1.2s                |
| * Verifying Kubernetes                     | 0.1s     | 0.1s                |
| components...                              |          |                     |
|   - Using image                            | 0.5s     | 0.5s                |
| gcr.io/k8s-minikube/storage-provisioner:v5 |          |                     |
| * Enabled addons:                          | 0.0s     | 0.0s                |
| storage-provisioner,                       |          |                     |
| default-storageclass                       |          |                     |
| * Done! kubectl is now                     | 0.0s     | 0.0s                |
| configured to use "minikube"               |          |                     |
| cluster and "default"                      |          |                     |
| namespace by default                       |          |                     |
+--------------------------------------------+----------+---------------------+

@medyagh
Copy link
Member

medyagh commented May 3, 2021

/ok-to-test

@minikube-pr-bot
Copy link

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 10947) |
+----------------+----------+---------------------+
| minikube start | 56.5s    | 56.2s               |
| enable ingress | 38.9s    | 40.7s               |
+----------------+----------+---------------------+

Times for minikube start: 57.7s 58.2s 54.4s 58.7s 53.4s
Times for minikube (PR 10947) start: 58.3s 54.1s 56.1s 56.8s 55.9s

Times for minikube ingress: 36.9s 43.5s 38.5s 36.4s 39.4s
Times for minikube (PR 10947) ingress: 44.4s 38.5s 38.4s 37.4s 44.9s

docker driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 10947) |
+----------------+----------+---------------------+
| minikube start | 23.4s    | 22.8s               |
| enable ingress | 44.4s    | 30.6s               |
+----------------+----------+---------------------+

Times for minikube ingress: 32.1s 32.6s 91.1s 32.6s 33.6s
Times for minikube (PR 10947) ingress: 36.5s 30.5s 28.0s 28.7s 29.1s

Times for minikube start: 23.5s 23.0s 23.6s 23.5s 23.2s
Times for minikube (PR 10947) start: 22.0s 23.3s 22.8s 22.9s 23.0s

docker driver with containerd runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 10947) |
+----------------+----------+---------------------+
| minikube start | 45.4s    | 45.1s               |
| enable ingress |          |                     |
+----------------+----------+---------------------+

Times for minikube start: 44.8s 48.5s 43.8s 45.6s 44.4s
Times for minikube (PR 10947) start: 44.4s 44.0s 44.6s 48.5s 43.8s

@medyagh
Copy link
Member

medyagh commented May 3, 2021

Looks good to me @kadel , Thank you for this PR and improving olm addon

look forward for more PRs for you

@medyagh medyagh merged commit 114e826 into kubernetes:master May 3, 2021
@kadel kadel mentioned this pull request May 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@medyagh medyagh medyagh requested changes

@sharifelgamal sharifelgamal Awaiting requested review from sharifelgamal

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. pr_verified size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

update the Outdated catalog in OLM addon
6 participants
@kadel @k8s-ci-robot @minikube-bot @sharifelgamal @minikube-pr-bot @medyagh