David Eads deads2k

## same fields owned by two managers???.json
{
  "apiVersion": "testing.openshift.io/v1",
  "kind": "SSAWithSet",
  "metadata": {
    "creationTimestamp": "2024-04-24T20:58:42Z",
    "generation": 1,
    "managedFields": [
      {
        "apiVersion": "testing.openshift.io/v1",
        "fieldsType": "FieldsV1",

## clusteroperator-usage.json
        {
            "GroupVersionResource": {
                "Group": "config.openshift.io",
                "Version": "v1",
                "Resource": "clusteroperators"
            },
            "RequestCounts": {
                "RequestStartedCount": 0,
                "RequestFinishedCount": 25256,
                "ClientFailedRequestCount": 1716,

## gist:94210d6f4a80c4a25bb5b7e32df59b02
how do we ensure only a resource is managed by at most one operator install.

naivest approach:  **This one is subpar**
1. in-process controller determines list of all resources to be created
2. check each resource in the controller to see if it is owned by something else
   (probably a list across all namespaces of something (extensions?) )
3. if there is another owner, the contorller refuses to create the resource

When I install an app I get a namespaced extension resource
1. extension resource exists in the namespace I installed the app in

## gist:b868a1178581c84bdbd0914a2ca9d6a2
apiVersion
kind: NeverCreated
metadata
  annotations:
    "include.release.openshift.io/ibm-cloud-managed": false
spec:
  featureGateTests:
  - featureGateName: Example
    tests:
    - "[sig-arch][OCPFeatureGate:Example] should only run FeatureGated test when enabled"

## change.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                deads2k
                / change.md
            
            
              Created
              March 22, 2024 18:47
            
          
FeatureGate
Default on Hypershift
Default on SelfManagedHA
Default on SingleNode
LatencySensitive on Hypershift
LatencySensitive on SelfManagedHA
LatencySensitive on SingleNode
TechPreviewNoUpgrade on Hypershift
TechPreviewNoUpgrade on SelfManagedHA
TechPreviewNoUpgrade on SingleNode


BareMetalLoadBalancer
Adding as Enabled
Adding as Enabled
Adding as Enabled
Not Available
Not Available
Not Available
Adding as Enabled
Adding as Enabled
Adding as Enabled


KMSv1


## cases in the field
k8s.io/apiserver
  rapid-reset, defaulted to off.  In repos vendoring, I needed to enable/disable

k8s.io/client-go
  aggregated-discovery - had a bug and needed  way for every vendoring binary we cannot recompile to disable. We added env vars.
  streaming-list - desire to have different default in kube-controller-manager versus kubelet

kube-controller-manager
  client-go/streaming-list - disabled by default in library, kcm wants it enabled by default and controlled via flag.


## kube_features.go
func init() {
  registerOpenshiftFeatures()
	runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates))
}

## pod-network-to-service-disruption-poller-65d867cdbd-drk7j
Logs for -n e2e-pod-network-disruption-test-k92nt pod/pod-network-to-service-disruption-poller-65d867cdbd-drk7j
Initializing to watch clusterIP 172.30.19.181:80
Initializing to watch clusterIP 172.30.136.5:80
Watching configmaps...
Adding and starting: http://172.30.136.5:80 on node/ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx
Successfully started: http://172.30.136.5:80 on node/ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx
Interrupted, terminating
Waiting for watchers to close...
{"level":"Info","locator":"backend-disruption-name/pod-to-service-reused-connections connection/reused disruption/pod-to-service-to-service-from-node-ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx-to-clusterIP-172.30.136.5","message":"reason/DisruptionEnded backend-disruption-name/pod-to-service-reused-connections connection/reused disruption/pod-to-service-to-service-from-node-ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx-to-clusterIP-172.30.136.5 started responding to GET requests over reused connections","tempSource":"Disruption","tempStructured

## gist:a4b820462c4b5f6c9d17960c3bf8aa98
bash: alias: `cd-github.com/deads2k/structured-merge-diff': invalid alias name
deads@fedora:~/workspaces/aws-ebs-csi-driver-operator/src/github.com/openshift/aws-ebs-csi-driver-operator$ cd ~/workspaces/jupierce/intervals-viewer/
deads@fedora:~/workspaces/jupierce/intervals-viewer$ source venv/bin/activate
(venv) deads@fedora:~/workspaces/jupierce/intervals-viewer$ pip install -r requirements.txt
Collecting arcade==2.6.17 (from -r requirements.txt (line 1))
  Using cached arcade-2.6.17-py3-none-any.whl (39.4 MB)
Collecting pandas==2.2.0 (from -r requirements.txt (line 2))
  Obtaining dependency information for pandas==2.2.0 from https://files.pythonhosted.org/packages/b2/a5/7f14d11f5bb3ca5681f6827616ccfbb03ec9504322674e4f962a5e9e404b/pandas-2.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata
  Using cached pandas-2.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (19 kB)
Collecting requests==2.31.0 (from -r requirements.txt (line 3))

## console access
from https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/logs/periodic-ci-openshift-release-master-ci-4.16-e2e-aws-sdn-serial/1750498185056358400/artifacts/e2e-aws-sdn-serial/gather-audit-logs/artifacts/

deads@fedora:~/workspaces/cluster-debug-tools/src/github.com/openshift/cluster-debug-tools$ ./kubectl-dev_tool audit -f '/home/deads/Downloads/audit-logs(4)/9e67a938c529c2e045643d88bb48f105d0d45369e4e535d8e3b1163a47e22dca/audit_logs/kube-apiserver'   -otop --by=verb --user=system:serviceaccount:openshift-console-operator:console-operator
had 8600 line read failures
count: 36796, first: 2024-01-25T08:02:24-05:00, last: 2024-01-25T10:12:01-05:00, duration: 2h9m36.97217s

Top 10 "CREATE" (of 41 total hits):
     23x [  10.92813ms] [409-22] /apis/console.openshift.io/v1/consolenotifications                                      [system:serviceaccount:openshift-console-operator:console-operator]
      5x [    6.9752ms] [201-4]  /api/v1/namespaces/openshift-console/configmaps
	{
	"apiVersion": "testing.openshift.io/v1",
	"kind": "SSAWithSet",
	"metadata": {
	"creationTimestamp": "2024-04-24T20:58:42Z",
	"generation": 1,
	"managedFields": [
	{
	"apiVersion": "testing.openshift.io/v1",
	"fieldsType": "FieldsV1",
	{
	"GroupVersionResource": {
	"Group": "config.openshift.io",
	"Version": "v1",
	"Resource": "clusteroperators"
	},
	"RequestCounts": {
	"RequestStartedCount": 0,
	"RequestFinishedCount": 25256,
	"ClientFailedRequestCount": 1716,
	how do we ensure only a resource is managed by at most one operator install.

	naivest approach: This one is subpar
	1. in-process controller determines list of all resources to be created
	2. check each resource in the controller to see if it is owned by something else
	(probably a list across all namespaces of something (extensions?) )
	3. if there is another owner, the contorller refuses to create the resource

	When I install an app I get a namespaced extension resource
	1. extension resource exists in the namespace I installed the app in
	apiVersion
	kind: NeverCreated
	metadata
	annotations:
	"include.release.openshift.io/ibm-cloud-managed": false
	spec:
	featureGateTests:
	- featureGateName: Example
	tests:
	- "[sig-arch][OCPFeatureGate:Example] should only run FeatureGated test when enabled"
FeatureGate	Default on Hypershift	Default on SelfManagedHA	Default on SingleNode	LatencySensitive on Hypershift	LatencySensitive on SelfManagedHA	LatencySensitive on SingleNode	TechPreviewNoUpgrade on Hypershift	TechPreviewNoUpgrade on SelfManagedHA	TechPreviewNoUpgrade on SingleNode
BareMetalLoadBalancer	Adding as Enabled	Adding as Enabled	Adding as Enabled	Not Available	Not Available	Not Available	Adding as Enabled	Adding as Enabled	Adding as Enabled
KMSv1
	k8s.io/apiserver
	rapid-reset, defaulted to off. In repos vendoring, I needed to enable/disable

	k8s.io/client-go
	aggregated-discovery - had a bug and needed way for every vendoring binary we cannot recompile to disable. We added env vars.
	streaming-list - desire to have different default in kube-controller-manager versus kubelet

	kube-controller-manager
	client-go/streaming-list - disabled by default in library, kcm wants it enabled by default and controlled via flag.
	func init() {
	registerOpenshiftFeatures()
	runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates))
	}
	Logs for -n e2e-pod-network-disruption-test-k92nt pod/pod-network-to-service-disruption-poller-65d867cdbd-drk7j
	Initializing to watch clusterIP 172.30.19.181:80
	Initializing to watch clusterIP 172.30.136.5:80
	Watching configmaps...
	Adding and starting: http://172.30.136.5:80 on node/ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx
	Successfully started: http://172.30.136.5:80 on node/ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx
	Interrupted, terminating
	Waiting for watchers to close...
	{"level":"Info","locator":"backend-disruption-name/pod-to-service-reused-connections connection/reused disruption/pod-to-service-to-service-from-node-ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx-to-clusterIP-172.30.136.5","message":"reason/DisruptionEnded backend-disruption-name/pod-to-service-reused-connections connection/reused disruption/pod-to-service-to-service-from-node-ci-op-89h3f2lm-9825d-5bzsl-worker-c-slpbx-to-clusterIP-172.30.136.5 started responding to GET requests over reused connections","tempSource":"Disruption","tempStructured
	bash: alias: `cd-github.com/deads2k/structured-merge-diff': invalid alias name
	deads@fedora:~/workspaces/aws-ebs-csi-driver-operator/src/github.com/openshift/aws-ebs-csi-driver-operator$ cd ~/workspaces/jupierce/intervals-viewer/
	deads@fedora:~/workspaces/jupierce/intervals-viewer$ source venv/bin/activate
	(venv) deads@fedora:~/workspaces/jupierce/intervals-viewer$ pip install -r requirements.txt
	Collecting arcade==2.6.17 (from -r requirements.txt (line 1))
	Using cached arcade-2.6.17-py3-none-any.whl (39.4 MB)
	Collecting pandas==2.2.0 (from -r requirements.txt (line 2))
	Obtaining dependency information for pandas==2.2.0 from https://files.pythonhosted.org/packages/b2/a5/7f14d11f5bb3ca5681f6827616ccfbb03ec9504322674e4f962a5e9e404b/pandas-2.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata
	Using cached pandas-2.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (19 kB)
	Collecting requests==2.31.0 (from -r requirements.txt (line 3))
	from https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/logs/periodic-ci-openshift-release-master-ci-4.16-e2e-aws-sdn-serial/1750498185056358400/artifacts/e2e-aws-sdn-serial/gather-audit-logs/artifacts/

	deads@fedora:~/workspaces/cluster-debug-tools/src/github.com/openshift/cluster-debug-tools$ ./kubectl-dev_tool audit -f '/home/deads/Downloads/audit-logs(4)/9e67a938c529c2e045643d88bb48f105d0d45369e4e535d8e3b1163a47e22dca/audit_logs/kube-apiserver' -otop --by=verb --user=system:serviceaccount:openshift-console-operator:console-operator
	had 8600 line read failures
	count: 36796, first: 2024-01-25T08:02:24-05:00, last: 2024-01-25T10:12:01-05:00, duration: 2h9m36.97217s

	Top 10 "CREATE" (of 41 total hits):
	23x [ 10.92813ms] [409-22] /apis/console.openshift.io/v1/consolenotifications [system:serviceaccount:openshift-console-operator:console-operator]
	5x [ 6.9752ms] [201-4] /api/v1/namespaces/openshift-console/configmaps