Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ocs-to-ocs api server design #1413

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

sp98
Copy link
Contributor

@sp98 sp98 commented Nov 30, 2021

This PR adds the design for API server that would help
Consumer clusters to communicate with OCS Provider cluster.

Signed-off-by: Santosh Pillai sapillai@redhat.com

@sp98 sp98 force-pushed the api-server-design branch 2 times, most recently from bdc271a to 32bb718 Compare December 6, 2021 01:43
- Current use case does not involve frequent requests between client and server. So performance aspect of the gRPC can be ignored.

- #### Security:
- Both provide security with SSL/TLS support.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Both provide security with SSL/TLS support.
- Both provide security with TLS support.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

### gRPC vs REST

- #### Performance:
- gRPC is more performant than REST due to smaller payloads (and other reasons).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Name the other reasons or remove the statement?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would change it to: gRPC is more performant than REST due to the binary payload

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add that the binary format (protobuf) allows for compile time validation.

Copy link
Contributor Author

@sp98 sp98 Dec 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the verbiage and added some more reasons.

- Both provide security with SSL/TLS support.
- gRPC endpoint can't be invoked via browser/postman.

We will use gRPC as we are on k8s and gRPC has more advantages compared to REST
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this stage, the advantages are not clear... Also, I'm not sure why being on k8s justifies using gRPC.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security is a big concern especially when discussing services.
There is no benefit to use REST

- Read the `status.state` of the StorageConsumer CR:
- if `status` is `onboarding`, then update the `spec.Capacity` in the CR. Return `UNAVAILABLE`.
- if `status` is `Provisioning`, return `UNAVAILABLE`.
- if `status` is `Ready`, fetch the `rbdPoolName` and the`cephUser` details from the CR status. Generate and return json connection details.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace rbdPoolName with blockPoolName?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

docs/design/ocs-to-ocs-api-server.md Show resolved Hide resolved
This document defines the API server used for communication between OCS provider and OCS consumer clusters.


## Tool
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already decided on gRPC.
You can mention that REST can be supported easily.
I don't see the need to mention OpenAPI3

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed OpenAPI3

@sp98 sp98 force-pushed the api-server-design branch 2 times, most recently from fa1e77f to 076d5f8 Compare December 6, 2021 11:52
message OnBoardConsumerRequest{
// token provided by the provider cluster admin to authenticate the consumer
string token =1;
// capacity is a valid k8s resource quantity
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a protobuf defined for capacity in k8s already?
Please document that this is the desired capacity and that the provider may grant less

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, there is protobuf for Resource Capacity in K8s already. Using that now. Also updated the doc.

Copy link
Contributor Author

@sp98 sp98 Dec 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it seems that K8s protobuf is using an older version. And we won't be able to use it in our project. Getting following error

protoc-gen-go: invalid Go import path "resource" for "k8s.io/apimachinery/pkg/api/resource/generated.proto"

The import path must contain at least one forward slash ('/') character.

See https://developers.google.com/protocol-buffers/docs/reference/go-generated#package for more information.

--go_out: protoc-gen-go: Plugin failed with status code 1.

Existing issue on github

// StorageConfigResponse holds the response for the GetStorageConfig API request
message StorageConfigResponse{
// data contains the json blob to be used by the consumer cluster to connect with the provider cluster
google.protobuf.Struct data = 1;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about calling it blob?

Copy link
Member

@oritwas oritwas Dec 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The type should be bytes[] (byte array)

Copy link
Contributor Author

@sp98 sp98 Dec 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replaced google.protobuf.Struct with bytes. I don't think blob might be good idea. It would be equally confusing as data, if not less.

@sp98 sp98 force-pushed the api-server-design branch from 076d5f8 to ff7d173 Compare December 7, 2021 14:18
@sp98 sp98 requested a review from leseb December 7, 2021 14:24
@sp98 sp98 force-pushed the api-server-design branch from ff7d173 to a5457a1 Compare December 7, 2021 14:26
docs/design/ocs-to-ocs-api-server.md Show resolved Hide resolved
Comment on lines 166 to 150
// UpdateCapacityResponse holds the response for UpdateCapacity API request
message UpdateCapacityResponse{

}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similarly here, provide the granted capacity, just in case.

Comment on lines 176 to 177
| Invalid ID | 3 INVALID_ARGUMENT | Request failed to invalid Consumer ID | Contact the Provider Cluster Admin to verify the StorageConsumer ID
| Invalid Capacity | 3 INVALID_ARGUMENT | Request failed due to invalid capacity | Contact the Provider Cluster Admin to get the valid capacity value
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do you distinguish between these two? Might it be more accurate to say:

Invalid | 3 INAVLID_ARGUMENT | Request failed due to invalid Consumer ID or Capacity | ....

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done


## PROJECT STRUCTURE
- The API server would be part of the OCS Operator.
- It would be deployed as separate deployment on the OCS cluster only after user has enabled it in the StorageCluster CR via `spec.allowRemoteStorageConsumers`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- It would be deployed as separate deployment on the OCS cluster only after user has enabled it in the StorageCluster CR via `spec.allowRemoteStorageConsumers`
- It would be deployed as separate Deployment only after user has enabled it in the StorageCluster CR via `spec.allowRemoteStorageConsumers`

docs/design/ocs-to-ocs-api-server.md Show resolved Hide resolved
This document defines the API server used for communication between OCS provider and OCS consumer clusters.


## Tool
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move all this to the bottom as an ## Alternatives section.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved this section at the end.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 7, 2021

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sp98
To complete the pull request process, please ask for approval from jarrpa after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sp98 sp98 force-pushed the api-server-design branch from eb2cfdc to b9be71e Compare December 7, 2021 15:28
This PR adds the design for API server that would help
Consumer clusters to communicate with OCS Provider cluster.

Signed-off-by: Santosh Pillai <sapillai@redhat.com>
@sp98 sp98 force-pushed the api-server-design branch from b9be71e to a69c7a9 Compare December 7, 2021 15:29
@sp98 sp98 requested a review from jarrpa December 7, 2021 15:31
@sp98
Copy link
Contributor Author

sp98 commented Dec 8, 2021

/retest

@malayparida2000
Copy link
Contributor

@sp98 is this pr relevant now?

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 17, 2023

@sp98: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/red-hat-storage-ocs-ci-e2e-aws a69c7a9 link false /test red-hat-storage-ocs-ci-e2e-aws
ci/prow/ocs-operator-bundle-e2e-aws a69c7a9 link true /test ocs-operator-bundle-e2e-aws

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants