Define new selector for building image job

[erusso7]

#140

[netlify]

✅ Deploy Preview for kubernetes-sigs-kmm ready!

Name	Link
🔨 Latest commit	b6fb69c
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-kmm/deploys/643d4453477aaf000847cca3
😎 Deploy Preview	https://deploy-preview-311--kubernetes-sigs-kmm.netlify.app/
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[k8s-ci-robot]

Hi @erusso7. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov-commenter]

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.03 ⚠️

Comparison is base (d8ed348) 82.27% compared to head (b6fb69c) 82.25%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #311      +/-   ##
==========================================
- Coverage   82.27%   82.25%   -0.03%     
==========================================
  Files          31       31              
  Lines        3075     3082       +7     
==========================================
+ Hits         2530     2535       +5     
- Misses        448      450       +2     
  Partials       97       97              

Impacted Files	Coverage Δ
api/v1beta1/module_types.go	100.00% <ø> (ø)
internal/build/job/maker.go	90.49% <100.00%> (+0.17%)	⬆️

... and 2 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[yevgeny-shnaidman]

why do we need to set the nodeSelector at all for Builds? Why not let kubernetes decide where to run the Build job?

[ybettan]

This is a good point. Removing it completely will also solve #140 (comment)

[qbarrand]

Why not let kubernetes decide where to run the Build job?

This comes from that issue. You may want to reserve nodes equipped with expensive hardware for some workloads only, for example.

[yevgeny-shnaidman]

I don't see in that issue any mention of nodes with expensive hardware. They just say that it would be nice if build/sign can also run on other nodes, and not only those with specific hardware. Also, allowing kuberentes to pick the running node makes use of the schedule, which probably has much more data to decide which nodes are less "overloaded"

[ybettan]

I have understood the issue the same way as @yevgeny-shnaidman did.

[qbarrand]

Also, allowing kuberentes to pick the running node makes use of the schedule, which probably has much more data to decide which nodes are less "overloaded"

This change makes a user able to do just that, with selector: {} in the build section.

[yevgeny-shnaidman]

I agree, but why give him an option at all?

[ybettan]

/ok-to-test

[ybettan]

https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/kubernetes-sigs_kernel-module-management/311/pull-kernel-module-management-check-api-changes/1630142470052384768#1:build-log.txt%3A201

Please run `make generate bundle` and repush

[qbarrand]

/hold
This change may brake flows for users building for a specific architecture in multi-arch clusters.
Let us consider a cluster with amd64 and arm64 nodes.
Before this change, if you created a Module targeting amd64 nodes, the builds would be automatically scheduled on amd64 nodes.
With this change, the build may run on an arm64 node, which by default will produce a module for arm64, not amd64.

cc @hershpa @yevgeny-shnaidman @ybettan

[yevgeny-shnaidman]

/hold This change may brake flows for users building for a specific architecture in multi-arch clusters. Let us consider a cluster with amd64 and arm64 nodes. Before this change, if you created a Module targeting amd64 nodes, the builds would be automatically scheduled on amd64 nodes. With this change, the build may run on an arm64 node, which by default will produce a module for arm64, not amd64.

cc @hershpa @yevgeny-shnaidman @ybettan

@qbarrand maybe all we need to add a label to the Build/Sign job node selector is architecture label. I think that all the nodes are label with it anyways, and it can be derived from the KernelMapping

[ybettan]

This change may brake flows for users building for a specific architecture in multi-arch clusters.
Let us consider a cluster with amd64 and arm64 nodes.
Before this change, if you created a Module targeting amd64 nodes, the builds would be automatically scheduled on amd64 nodes.
With this change, the build may run on an arm64 node, which by default will produce a module for arm64, not amd64.

@qbarrand @yevgeny-shnaidman I would instead just ask kaniko to build for a specific arch (regardless of the host) using https://github.com/GoogleContainerTools/kaniko#flag---customplatform.

This will also allow to build for ARM in a x86 cluster or any other combination. This is especially handy in the hub-spoke topology.

This will requires extending the build section in our CRD though.

[yevgeny-shnaidman]

This change may brake flows for users building for a specific architecture in multi-arch clusters.
Let us consider a cluster with amd64 and arm64 nodes.
Before this change, if you created a Module targeting amd64 nodes, the builds would be automatically scheduled on amd64 nodes.
With this change, the build may run on an arm64 node, which by default will produce a module for arm64, not amd64.

@qbarrand @yevgeny-shnaidman I would instead just ask kaniko to build for a specific arch (regardless of the host) using https://github.com/GoogleContainerTools/kaniko#flag---customplatform.

This will also allow to build for ARM in a x86 cluster or any other combination. This is especially handy in the hub-spoke topology.

This will requires extending the build section in our CRD though.

@ybettan does kaniko support something like that? build Dockerfile will probably include Makefile that needs to know how to cross-compile, not sure if customer will want to support it.

[ybettan]

This PR is blocked by #325 unless we modify the CRD to contain a nodeSelector for build/sign which is not ideal as we wish not to extend the API unless there is a requirement for it.

[qbarrand]

we wish not to extend the API unless there is a requirement for it

Sounds like it's the only way to properly address #140 though.

[ybettan]

@qbarrand
We have kubernetes.io/arch: amd64 on the nodes, how about we just set the inner selector of the build to match the same arch as of the module's selector node?

[ybettan]

As agreed in the community meeting we will proceed with the following:

We add a new selector for build. Regarding the default value we differentiate between v1 and v2.

v1:
If the build selector is not set, we use the selector from the module to maintain the same behavior that we had until now.

v2:
If the build selector is not set, we do not set any selector for the build job and let k8s make the scheduling.

[k8s-ci-robot]

@erusso7: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kernel-module-management-test-deploy	9514d5a	link	true	/test pull-kernel-module-management-test-deploy

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[ybettan]

/unhold
/lgtm
/assign @qbarrand @yevgeny-shnaidman

[yevgeny-shnaidman]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erusso7, yevgeny-shnaidman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [yevgeny-shnaidman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment