Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add labels for workload parent #1032

Merged
merged 4 commits into from
Aug 3, 2023
Merged

Add labels for workload parent #1032

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fb1a28d
Added labels for workload parent
achernevskii Aug 2, 2023
2478cbd
Replace parent name and group-kind labels with parent uid
achernevskii Aug 2, 2023
866a09a
Rename parent-uid label to job-uid, change label validation
achernevskii Aug 3, 2023
0350ad8
Update job-uid label validation
achernevskii Aug 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 3 additions & 6 deletions pkg/controller/constants/constants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,7 @@ const (
// status based on the admission status of the parent workload.
ParentWorkloadAnnotation = "kueue.x-k8s.io/parent-workload"

// ParentGroupKindLabel is the label key in the workload that holds the Kind
// and Group of a parent.
ParentGroupKindLabel = "kueue.x-k8s.io/parent-group-kind"
// ParentNameLabel is the label key in the workload that holds the Name of a
// parent.
ParentNameLabel = "kueue.x-k8s.io/parent-name"
// ParentUIDLabel is the label key in the workload resource, that holds the UID of
// a parent.
ParentUIDLabel = "kueue.x-k8s.io/parent-uid"
)
12 changes: 3 additions & 9 deletions pkg/controller/jobframework/reconciler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -459,11 +459,9 @@ func (r *JobReconciler) stopJob(ctx context.Context, job GenericJob, object clie
func (r *JobReconciler) constructWorkload(ctx context.Context, job GenericJob, object client.Object) (*kueue.Workload, error) {
podSets := job.PodSets()

jobGVK := job.GetGVK()

wl := &kueue.Workload{
ObjectMeta: metav1.ObjectMeta{
Name: GetWorkloadNameForOwnerWithGVK(object.GetName(), jobGVK),
Name: GetWorkloadNameForOwnerWithGVK(object.GetName(), job.GetGVK()),
Namespace: object.GetNamespace(),
Labels: map[string]string{},
},
Expand All @@ -473,12 +471,8 @@ func (r *JobReconciler) constructWorkload(ctx context.Context, job GenericJob, o
},
}

if utf8.RuneCountInString(job.Object().GetName()) < 64 {
wl.Labels[controllerconsts.ParentNameLabel] = job.Object().GetName()
}

if utf8.RuneCountInString(jobGVK.GroupKind().String()) < 64 {
wl.Labels[controllerconsts.ParentGroupKindLabel] = jobGVK.GroupKind().String()
if uid := string(job.Object().GetUID()); utf8.RuneCountInString(uid) < 64 && uid != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

k8s validation just uses len
https://github.com/kubernetes/kubernetes/blob/2c6c4566eff972d6c1320b5f8ad795f88c822d09/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go#L169

I think using the rune len would be weaker.

I'm wondering if we should just try to put the label and let the apiserver return an error. Note that there is a regex check, so that could potentially fail as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we should just try to put the label and let the apiserver return an error.

We can do that, but I would rather create a workload without a job-uid label, since this functionality is not essential for the controller. We could also log a warning if a label can't be added to a workload. Please let me know which of those three options is the best in your opinion.

Note that there is a regex check, so that could potentially fail as well.

According to this page, UIDs are standardized as ISO/IEC 9834-8 and as ITU-T X.667. And ISO/IEC 9834-8 says the following:

UUIDs forming a component of an OID are represented in ASN.1 value notation as the decimal representation of their integer value, but for all other display purposes it is more usual to represent them with hexadecimal digits with a hyphen separating the different fields within the 16-octet UUID.

Regex that kuberentes is using for label validation is the following (([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?, if I'm not mistaken. This regex should match the UID format, so I think we're good here.

Copy link
Contributor Author

@achernevskii achernevskii Aug 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

k8s validation just uses len

Replaced RuneCountInString call with len call in 866a09a

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can do that, but I would rather create a workload without a job-uid label, since this functionality is not essential for the controller.

In that case, use IsValidLabelValue from https://github.com/kubernetes/kubernetes/blob/2c6c4566eff972d6c1320b5f8ad795f88c822d09/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go#L167

We could also log a warning if a label can't be added to a workload.

Logging is not visible to users. Webhooks support warnings https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#best-practices-and-warnings:~:text=Admission%20webhooks%20can%20optionally%20return%20warning%20messages%20that%20are%20returned%20to%20the%20requesting%20client%20in%20HTTP%20Warning%20headers%20with%20a%20warning%20code%20of%20299.%20Warnings%20can%20be%20sent%20with%20allowed%20or%20rejected%20admission%20responses.

But in our case, it's not end users creating Workloads, but users. Maybe a log is not so bad so administrators can take action.

UIDs are standardized as ISO/IEC 9834-8 and as ITU-T X.667.

I think there is a way where an end user can override the UID and potentially use something that wouldn't pass label validation. However this should be very uncommon.
The log should be enough :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaced len label check with IsValidLabelValue, and added the log message in 0350ad8.

wl.Labels[controllerconsts.ParentUIDLabel] = uid
}

priorityClassName, p, err := r.extractPriority(ctx, podSets, job)
Expand Down
28 changes: 12 additions & 16 deletions pkg/controller/jobs/job/job_controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ limitations under the License.
package job

import (
controllerconsts "sigs.k8s.io/kueue/pkg/controller/constants"
"strings"
"testing"
"time"
Expand All @@ -33,6 +32,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"

kueue "sigs.k8s.io/kueue/apis/kueue/v1beta1"
controllerconsts "sigs.k8s.io/kueue/pkg/controller/constants"
"sigs.k8s.io/kueue/pkg/controller/jobframework"
"sigs.k8s.io/kueue/pkg/features"
"sigs.k8s.io/kueue/pkg/util/pointer"
Expand Down Expand Up @@ -429,46 +429,42 @@ func TestReconciler(t *testing.T) {
Clone().
Suspend(false).
Queue("test-queue").
UID("test-uid").
Obj(),
wantJob: *baseJobWrapper.
Clone().
Queue("test-queue").
UID("test-uid").
Obj(),
wantWorkloads: []kueue.Workload{
*utiltesting.MakeWorkload("job", "ns").
PodSets(*utiltesting.MakePodSet(kueue.DefaultPodSetName, 10).Request(corev1.ResourceCPU, "1").Obj()).
Queue("test-queue").
Priority(0).
SetLabels(map[string]string{
controllerconsts.ParentGroupKindLabel: "Job.batch",
controllerconsts.ParentNameLabel: "job",
controllerconsts.ParentUIDLabel: "test-uid",
}).
Obj(),
},
},
"the workload without parent name label is created when job's name is longer than 63 characters": {
job: *utiltestingjob.MakeJob(strings.Repeat("long-name", 8), "ns").
"the workload without uid label is created when job's uid is longer than 63 characters": {
job: *baseJobWrapper.
Clone().
Suspend(false).
Parallelism(10).
Request(corev1.ResourceCPU, "1").
Image("", nil).
Queue("test-queue").
UID(strings.Repeat("long-uid", 8)).
Obj(),
wantJob: *utiltestingjob.MakeJob(strings.Repeat("long-name", 8), "ns").
Suspend(true).
Parallelism(10).
Request(corev1.ResourceCPU, "1").
Image("", nil).
wantJob: *baseJobWrapper.
Clone().
Queue("test-queue").
UID(strings.Repeat("long-uid", 8)).
Obj(),
wantWorkloads: []kueue.Workload{
*utiltesting.MakeWorkload("job", "ns").
PodSets(*utiltesting.MakePodSet(kueue.DefaultPodSetName, 10).Request(corev1.ResourceCPU, "1").Obj()).
Queue("test-queue").
Priority(0).
SetLabels(map[string]string{
controllerconsts.ParentGroupKindLabel: "Job.batch",
}).
SetLabels(map[string]string{}).
Obj(),
},
},
Expand Down