Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow uploading of ISO for creating kubernetes supported versions #9561

Open
wants to merge 2 commits into
base: 4.20
Choose a base branch
from
Open

Allow uploading of ISO for creating kubernetes supported versions #9561

wants to merge 2 commits into from

Conversation

vishesh92
Copy link
Member

@vishesh92 vishesh92 commented Aug 21, 2024
edited
Loading

Description

This PR fixes #8417 by allowing the user to register an ISO by uploading from local.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • build/CI
  • test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

@codecov Codecov
Copy link

codecov bot commented Aug 21, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 9.77444% with 120 lines in your changes missing coverage. Please review.

Project coverage is 15.98%. Comparing base (42a77c7) to head (19f4f64).
Report is 5 commits behind head on 4.20.

Files with missing lines Patch % Lines
...bernetes/version/KubernetesVersionManagerImpl.java 23.63% 41 Missing and 1 partial ⚠️
...tUploadParamsForKubernetesSupportedVersionCmd.java 0.00% 36 Missing ⚠️
...che/cloudstack/api/AbstractGetUploadParamsCmd.java 0.00% 21 Missing ⚠️
...api/command/user/iso/GetUploadParamsForIsoCmd.java 0.00% 18 Missing ⚠️
...oudstack/api/response/GetUploadParamsResponse.java 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               4.20    #9561      +/-   ##
============================================
- Coverage     15.98%   15.98%   -0.01%     
  Complexity    13077    13077              
============================================
  Files          5649     5650       +1     
  Lines        495617   495781     +164     
  Branches      59997    60013      +16     
============================================
+ Hits          79247    79250       +3     
- Misses       407520   407681     +161     
  Partials       8850     8850
Flag Coverage Δ
uitests 4.00% <ø> (-0.01%) ⬇️
unittests 16.82% <9.77%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@vishesh92 vishesh92 force-pushed the k8s-version-add-iso-id branch from 158acb9 to 364f4ce Compare August 21, 2024 09:58
@vishesh92
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10728

@FelipeM525
Copy link
Collaborator

@vishesh92 would you mind adding some images to the description?

@shwstppr
Copy link
Contributor

@vishesh92 will this create access issues? Currently, k8s ISOs are registered as public and are accessible to all. But now will it allow linking any existing ISO which can be seen by root admin.
Also, earlier such ISOs were owned by system account to prevent direct deletion. Is there a check to prevent deletion if it is linked to a k8s version?

@vishesh92
Copy link
Member Author

@vishesh92 will this create access issues? Currently, k8s ISOs are registered as public and are accessible to all. But now will it allow linking any existing ISO which can be seen by root admin. Also, earlier such ISOs were owned by system account to prevent direct deletion. Is there a check to prevent deletion if it is linked to a k8s version?

I can add checks on the backend to ensure that the ISO has the required configuration settings. But it might be confusing for the end user.

Let me revisit the approach and directly allow uploading of ISO for k8s.

@vishesh92 vishesh92 force-pushed the k8s-version-add-iso-id branch from 364f4ce to be1539f Compare August 22, 2024 10:47
@vishesh92 vishesh92 changed the title Provide option to use existing ISOs for kubernetes supported version Allow uploading of ISO for creating kubernetes supported versions Aug 22, 2024
@vishesh92
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 10747

@vishesh92 vishesh92 force-pushed the k8s-version-add-iso-id branch from be1539f to 6d378b5 Compare August 23, 2024 06:34
@vishesh92
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@weizhouapache
Copy link
Member

@vishesh92
To be frank, I think this is too complicated.
We could add an API to transform a regular ISO (registered or uploaded from local) to a CKS ISO, it will be simple and cover mose cases (e.g. Update an existing ISO to support CKS)

@vishesh92
Copy link
Member Author

@vishesh92 To be frank, I think this is too complicated. We could add an API to transform a regular ISO (registered or uploaded from local) to a CKS ISO, it will be simple and cover mose cases (e.g. Update an existing ISO to support CKS)

@weizhouapache My initial PR was for linking an existing ISO with a CKS Supported version (main...shapeblue:cloudstack:k8s-version-add-iso-id-backup). @shwstppr had some concerns regarding the iso's permissions. So, I made the implementation similar to how it is there right now for templates & ISOs.

@weizhouapache
Copy link
Member

weizhouapache commented Aug 23, 2024
edited
Loading

@vishesh92 To be frank, I think this is too complicated. We could add an API to transform a regular ISO (registered or uploaded from local) to a CKS ISO, it will be simple and cover mose cases (e.g. Update an existing ISO to support CKS)

@weizhouapache My initial PR was for linking an existing ISO with a CKS Supported version (main...shapeblue:cloudstack:k8s-version-add-iso-id-backup). @shwstppr had some concerns regarding the iso's permissions. So, I made the implementation similar to how it is there right now for templates & ISOs.

we can add some restrictions

  • only root admin can do (same as add k8s version API)
  • the ISO will be changed to the same properties as k8s ISO (e.g. owner is system account, all users can access)

I had a quick look at your initial PR, it looks ok to me

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10772

@vishesh92
Copy link
Member Author

@vishesh92 To be frank, I think this is too complicated. We could add an API to transform a regular ISO (registered or uploaded from local) to a CKS ISO, it will be simple and cover mose cases (e.g. Update an existing ISO to support CKS)

@weizhouapache My initial PR was for linking an existing ISO with a CKS Supported version (main...shapeblue:cloudstack:k8s-version-add-iso-id-backup). @shwstppr had some concerns regarding the iso's permissions. So, I made the implementation similar to how it is there right now for templates & ISOs.

we can add some restrictions

* only root admin can do (same as add k8s version API)

* the ISO will be changed to the same properties as k8s ISO (e.g. owner is system account, all users can access)

I had a quick look at your initial PR, it looks ok to me

@weizhouapache I am not sure about changing the properties of the existing ISO. I can maybe create a copy of the ISO with required ownership and properties. Do you think that would be a better approach?

@rohityadavcloud rohityadavcloud added this to the 4.20.0.0 milestone Sep 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2024

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

@JoaoJandre JoaoJandre removed this from the 4.20.0.0 milestone Sep 10, 2024
@JoaoJandre JoaoJandre added this to the 4.21.0.0 milestone Sep 10, 2024
@rohityadavcloud rohityadavcloud modified the milestones: 4.21.0.0, 4.20.1.0 Sep 12, 2024
@Pearl1594
Copy link
Contributor

@vishesh92 could you please fix the merge conflicts. Thank you.

@DaanHoogland
Copy link
Contributor

@vishesh92 could you please fix the merge conflicts. Thank you.

@vishesh92 , please also look at target branch and release, these do not match.

@vishesh92 vishesh92 changed the base branch from main to 4.20 February 13, 2025 12:11
@vishesh92 vishesh92 force-pushed the k8s-version-add-iso-id branch from 6d378b5 to 85ae62f Compare February 13, 2025 12:19
@vishesh92
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 12444

Pearl1594
Pearl1594 reviewed Feb 14, 2025
View reviewed changes
...ernetes-service/src/main/java/com/cloud/kubernetes/version/KubernetesVersionManagerImpl.java
uploadIso.setName(isoName);
uploadIso.setPublicIso(true);
if (zoneId != null) {
uploadIso.setZoneId(zoneId);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zoneId - seems to be a mandatory param for upload iso, so I wonder if this could cause some failure if upload iso is done by a user / dom admin
considering https://github.com/apache/cloudstack/blob/main/server/src/main/java/com/cloud/template/TemplateAdapterBase.java#L194-L197

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I followed the existing checks in AddKubernetesSupportedVersionCmd for the upload command.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also need to check if we allow domain admin or a user to add kubernetes versions.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like by default we do not allow registering kubernetes iso for dom admins. Corner case is when we add custom roles. But I think that can be overlooked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pearl1594 Pearl1594 Pearl1594 left review comments

@shwstppr shwstppr Awaiting requested review from shwstppr

Assignees
No one assigned
Labels
component:api component:kubernetes component:UI
Projects
None yet
Milestone
4.20.1
Development

Successfully merging this pull request may close these issues.

Provide an option to upload a kubernetes ISO from Local
9 participants
@vishesh92 @blueorangutan @FelipeM525 @shwstppr @weizhouapache @Pearl1594 @DaanHoogland @rohityadavcloud @JoaoJandre