CNF-15663: Full DU profile example

[irinamihai]

No description provided.

[openshift-ci-robot]

@irinamihai: This pull request references CNF-15663 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from irinamihai. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[irinamihai]

/hold cleanup

[irinamihai]

/unhold

[browsell]

This should be a default

[imiller0]

+1 -- or going a bit further I think this is static content that likely doesn't need to be part of the defaults either.

[irinamihai]

It has been agreed that this will be locked in the new version of the ClusterLogForwarder, currently WIP under OCPBUGS-44518, so it will be removed from this ClusterTemplate.

[browsell]

This should be a default

[irinamihai]

By default, do you mean have them directly in the Policy Generator and not expose them in the policyTemplateParameters?

[browsell]

No, these would be set in the default configmap vs being passed in by the client

[imiller0]

As proposed above I think we should narrow this down to just the additional labels. One question I have is whether the user/orchestrator would add one or more labels which are cluster specific (like a higher level cluster identifier, etc)? In that case would the labels (or at least one label) need to be part of this schema?

[irinamihai]

The filters are also going to be partially locked in in the ClusterLogForwarder source-cr under OCPBUGS-44518. Yes, these labels will be set in the ClusterInstance defaults ConfigMap, but we also need a way for them to reach the ConfigMap used by the ACM PGs, so they need to also be included in the policyTemplate defaults ConfigMap.

[browsell]

Default

[browsell]

default

[browsell]

default

[browsell]

Not really filters, additional metadata labels

[imiller0]

Do we want to narrow the templating down to just the additional labels, ie the user configures only the value for openshiftLabels?

[browsell]

Remove, see comment above

[browsell]

Remove

[browsell]

delete

[browsell]

delete

[lack]

Generally speaking, if this is something that will need to be kept in-sync with the cnf-features-deploy repo, perhaps it's worth engineering a way to automatically synchronize them or generate one from the other.

[lack]

Should we allow customization of all of this? Or just the Kafka url?

[browsell]

url only

[lack]

We shouldn't override this section, but rely on the source-crs original value

[imiller0]

+1
This is also missing the module_blacklist=irdma

[lack]

Suggested change

	machineConfigPoolSelector:
	pools.operator.machineconfiguration.openshift.io/master: ""
	nodeSelector:
	node-role.kubernetes.io/master: ''
	machineConfigPoolSelector:
	$patch: replace
	pools.operator.machineconfiguration.openshift.io/master: ""
	nodeSelector:
	$patch: replace
	node-role.kubernetes.io/master: ''

And then we don't need the SetSelector cr variant any more.

(Repeat for *-SetSelector.yaml elsewhere in this file!)

[lack]

We shouldn't override these; the source-crs has the right values.

[lack]

i don't think any of this is needed any more since the SiteConfig added cpuPartitioningMode: AllNodes in 4.14

[browsell]

Wouldn't this be in the source cr ?

[lack]

The selector can't be, because depending on whether you're deploying SNO or MNO the source CR may need master or worker.

[browsell]

In this model, the cluster template would only be used for SNO, a MNO would have a different one,

[imiller0]

For SNO we should be able to use either master or worker here since the node has both labels. If we use worker is it valid for all topologies?

[browsell]

Delete

[Missxiaoguo]

Do we need to override the default profile? 🤔 The ztp git example is just using the default profile values.

[browsell]

No need to override the source cr here

[browsell]

Delete

[browsell]

Delete

[browsell]

Delete

[browsell]

Delete

[bartwensley]

nit: values

[bartwensley]

Since this isn't really a progression from v3, but a whole new PG, would it be better to create new sno-ran-full-du directories for the cluster templates and policy templates and start them at v1?

[browsell]

agree

[Missxiaoguo]

By default, observability is not enabled. I think we should just use the default values from source-cr.

[browsell]

we should enable observability.

[Missxiaoguo]

Is this DU profile based on the OCP 4.17? I wonder if adding a comment to mention that might be helpful.

[browsell]

agree

[Missxiaoguo]

Do we want to use disconnected registry as example?

[browsell]

yes

[imiller0]

Is this intentional?

[imiller0]

Reference is now UEFISecureBoot.

[imiller0]

For IBU there is a need for a separate partition for /var/lib/containers. Should this example set that up as well?

[browsell]

yes, good catch

[imiller0]

Is there an intent to include ports eth0 and eth1 in this bond, or other ports in it?

[imiller0]

Do we want to narrow the templating down to just the additional labels, ie the user configures only the value for openshiftLabels?

[imiller0]

As noted above we should use more fixed content in the source CR (ie be more opinionated) and allow the user to override the URL and labels.

[imiller0]

Already in source CR

[imiller0]

These are not in the reference. Is their addition intentional?

[browsell]

remove

[imiller0]

Missing:
group.ice-dplls=0:f:10:*:ice-dplls.*

[imiller0]

For all of these we should not repeat any of the content already in the source CR.

[imiller0]

Is there a reason this is in its own policy? This creates more policies than are necessary. Consider combining with the next policy as "baseline config"

[Missxiaoguo]

Actually, I think this can be included in the v4-config-policy.

[Missxiaoguo]

Could sriov configs be included in the v4-config-policy? I don't see the reason why they couldn't be🤔 .

[browsell]

Can we remove the bond, bonding is going to be very rare for this use case

[openshift-merge-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@irinamihai: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/markdownlint	1629354	link	true	/test markdownlint

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.