STOR-2040: CLI command to display bound pvc filesystem usage percentage #1854
Conversation
|
@gmeghnag: This pull request references STOR-2040 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: gmeghnag The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@gmeghnag: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Thank you for spending time on this nice and useful feature. But that requires a KEP first to sync on the feature and implementation. |
|
Hey @ardaguclu, what is a KEP? And how to create one? Thanks :) |
I think, you'd write an enhancement proposal under https://github.com/openshift/enhancements/tree/master/enhancements/oc and we'll discuss the design and align on it. Once it merges, we can return to this PR. |
| urlParams := url.Values{} | ||
| urlParams.Set("query", query) | ||
| uri.RawQuery = urlParams.Encode() | ||
|
|
||
| persistentVolumeClaimsBytes, err := getWithBearer(ctx, getRoute, "openshift-monitoring", "prometheus-k8s", uri, bearerToken, insecureTLS) |
There was a problem hiding this comment.
I get this error when using system:admin KUBECONFIG, but not for the other oc adm top subcommands:
$ ./oc adm top pvc
error: failed to get persistentvolumeclaims from Prometheus: no token is currently in use for this session
Is it possible to avoid this error by using the metrics API interface instead of constructing a raw request w/ bearer token?
oc/vendor/k8s.io/kubectl/pkg/cmd/top/top_pod.go
Lines 223 to 248 in a0501f4
There was a problem hiding this comment.
AFAIU the metricsclientset API allows consumers to access only resource metrics (CPU and memory) for pods and nodes.
So if we strictly want system:admin users authenticated using the KUBECONFIG file to use that command we should evaluate:
- getting a token from a different place, maybe a secret containing it?! (I will try to check if any exists)
- using a different workflow to obtain this information rather than Prometheus API.
There was a problem hiding this comment.
I found out that the token from the secret localhost-recovery-client-token in openshift-kube-apiserver namespace is a valid one to use:
oc get secret -n openshift-kube-apiserver localhost-recovery-client-token -o json | jq '.data.token' -r | base64 -d
| } | ||
|
|
||
| } | ||
| headers := []string{"NAMESPACE", "NAME", "USAGE(%)"} |
There was a problem hiding this comment.
Can we have some additional fields? My suggestion would be NAMESPACE, NAME, VOLUME, CAPACITY, USED, USAGE(%).
VOLUME: name of the PV attached to the PVC so the user can easily see which volume it corresponds to.
CAPACITY: total capacity of the volume in multiple of bytes (same as oc get pv, for example 10Gi or 2Ti).
USED: total used space of the volume in multiple of bytes (same format as capacity bytes).
This would be useful to mention in the enhancement that @ardaguclu requested, in case anyone has other suggestions (or objections).
| // if more pvc are requested as args but one of them does not not exist | ||
| if len(args) != 0 && len(promOutput.Data.Result) != len(args) { | ||
| resultingPvc := make(map[string]bool) | ||
| for _, _promOutputDataResult := range promOutput.Data.Result { | ||
| pvcName, _ := _promOutputDataResult.Metric["persistentvolumeclaim"] | ||
| resultingPvc[pvcName] = true | ||
| } | ||
| for _, arg := range args { | ||
| _, pvcPresentInResult := resultingPvc[arg] | ||
| if !pvcPresentInResult { | ||
| return fmt.Errorf("persistentvolumeclaim %q not found in %s namespace.", arg, o.Namespace) | ||
| } | ||
| } | ||
|
|
||
| } |
There was a problem hiding this comment.
This will immediately return an error if one PVC is not found. Could it instead return the valid ones + errors for the ones that do not exist?
For example:
$ oc get pvc -n testns claim1 foo bar
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS VOLUMEATTRIBUTESCLASS AGE
claim1 Bound pvc-ecf81046-51c4-4fa2-ada3-7797faa670b4 1Gi RWO gp3-csi <unset> 5h14m
Error from server (NotFound): persistentvolumeclaims "foo" not found
Error from server (NotFound): persistentvolumeclaims "bar" not found
You could add resultingPvc[pvcName] = true to the promOutput.Data.Result loop below so you only have to loop through it once, then check for missing PVC's to print error messages at the end.
The code makes use of a Prometheus query to implement the
oc adm top persistentvolumeclaimsand show usage statistics for bound persistentvolumeclaims, as follows:It supports the following flags: