migtools / crane-ui-plugin Goto Github PK
View Code? Open in Web Editor NEWOpenShift Dynamic Plugin for Crane UI
OpenShift Dynamic Plugin for Crane UI
The wizard form validation is missing one check: making sure the user-entered target PVC names don't already exist in the target namespace. This should involve similar logic to the pipeline name uniqueness check (useK8sWatchResource
to pull in PVC names to compare with).
There are some issues with syntax highlighting and other styles with the PF CodeEditor we're using due to stylesheets conflicting with the ones for the console's built in editor. Now that that editor is available in the plugin SDK we should switch to it.
Edit: Not sure if this is going to work. The ResourceYAMLEditor
exposed by the SDK is intended for editing an existing resource, not editing unsaved YAML before creating a resource. It has save/cancel/reload buttons that don't make sense here and if you click Cancel it will weirdly redirect you to the project resource page. There seems to be no way to disable that behavior and render only the editor itself. This will either be a WONTFIX or we need to enhance the editor in the SDK, and either way it's not going to make Tech Preview.
Edit 2: There's a new development here, we may be getting the plain YAMLEditor
in a future SDK version. Discussion here: https://coreos.slack.com/archives/C011BL0FEKZ/p1658168646396789
See early attempt at this that was closed: #66
By changing the URL prefix to /k8s/ns/:namespace/*
the console automatically shows this project switcher at the top of the page. However, when doing this, if the user selects "All projects" in the bar the UI ends up on a 404 page. We can likely work around this by handling that all-namespaces
route, but there is a bug in the console that prevents this (BZ coming soon for that, will edit it in here).
However, the URL prefix change is possibly not the best way of implementing this. Comparing to the Add page and Pipelines page, we see they do this without using /k8s
in their URL (which is intended for pages representing individual k8s resources) by using components that are not currently exposed by the plugin SDK, CreateProjectListPage
and NamespacedPage
. I attempted a PR to add these to the SDK but it needs reevaluation: openshift/console#11823
Also, currently when you reach the management page without a project selected, you reach a stub page that just directs you to the Projects page where you can select and create a project, then you have to navigate back to our management page. Using CreateProjectListPage
to handle the "all projects" state is a better solution.
Here's a patch for hitting 3 bugs I had to fix with the tasks
diff --git a/src/api/pipelineHelpers.ts b/src/api/pipelineHelpers.ts
index b816dfe..3113669 100644
--- a/src/api/pipelineHelpers.ts
+++ b/src/api/pipelineHelpers.ts
@@ -83,7 +83,7 @@ export const formsToTektonResources = (
params: [
{
name: 'cluster-secret',
- value: '$(params.source-cluster-secret)',
+ value: '$(params.destination-cluster-secret)',
},
{
name: 'context-name',
@@ -228,6 +228,10 @@ export const formsToTektonResources = (
name: 'kustomize',
workspace: 'shared-data',
},
+ {
+ name: 'kubeconfig',
+ workspace: 'kubeconfig',
+ },
],
},
],
@@ -277,7 +281,17 @@ export const formsToTektonResources = (
},
{
name: 'kubeconfig',
- emptyDir: {},
+ volumeClaimTemplate: {
+ spec: {
+ accessModes: ['ReadWriteOnce'],
+ resources: {
+ requests: {
+ storage: '10Mi',
+ },
+ },
+ },
+ },
},
],
pipelineRef: {
Getting the following error while creating pipeline through UI to migrate application with multiple PVCs
Cannot create Pipeline and PipelineRun
admission webhook "validation.webhook.pipeline.tekton.dev" denied the request: validation failed: expected exactly one, got both: spec.tasks[10].name, spec.tasks[8].name, spec.tasks[9].name invalid value: task transfer-pvc is already present in Graph, can't add it again: duplicate pipeline task: spec.tasks
The cause of the error likely seems to be UI trying to add the same task name transfer-pvc
in the pipeline for each PVC present in the namespace that needs to be migrated.
There are some cases where a migration might fail to create some resources, but otherwise the migration succeeded.
One scenario we're currently aware of is migrating from a DevSandbox instance to your own OpenShift cluster as a non-admin. In this scenario you will be able to read some resources that can only be created as a cluster admin, such as limitranges.
As a namespace admin on both clusters you will be able to read and export the limitrange, but unable to create it on the destination.
This doesn't affect the application from migrating or running, but at present will cause the pipeline to fail.
In MTC we had the notion of a success with warnings, which would have covered the case where some resources could not be recreated.
test
Found by @stillalearner (see slack conversation here)
As soon as we type something in the select/edit PVC filter field, This dialog box blocks the UI unnecessarily
however, This only happens once and it doesnt appear again after clicking on Cancel. But it shouldnt appear at all.
UI changes to complement migtools/crane-reverse-proxy#7 and work around #45.
May wait on this a little longer to see if we can get the underlying console UI bug backported before having to undo this work.
Once migtools/crane-runner#54 is implemented, we have all the information we need to update our main migration pipeline to:
registry-replacement
optional-flag to the crane-transform ClusterTask to update kube workloads with the new image reference.In #88, all of these actions just happen immediately when you click the button. We should add confirmation modals to each, with an explanation of what will happen.
The code that references this task should be removed.
The dynamic plugin guidelines state:
Prefix your CSS class names with your plug-in name to avoid collisions. For example, my-plugin__heading and my-plugin__icon.
We have some custom className
s in our code that do not follow this such as .summary-table
, .json-popover
and .advanced-switch
.
Now that patternfly/patternfly-react#7061 is merged, if we can upgrade PatternFly we can make use of the DescriptionList with a wider term column for the content at the top of the wizard's Review step (instead of our Table workaround which is less accessible).
I believe that fix is now available in the PF version used by OCP 4.11. We can also use this in other places we have key/value summaries, like on the Project Details step of the wizard and in the summary section of the management page.
It appears kubectl apply and pvc transfer are happening at the same time.
The apply probably shouldn't happen until after the transfer is complete, otherwise pods may start up and try to initialize storage with new data (think like mysql or postgres setting up the db on first run) before the transfer happens.
I missed this criteria from https://issues.redhat.com/projects/MTRHO/issues/MTRHO-11 in #88.
When a PVC is renamed in the UI the transfer updates the pvc name, but it's not updated on any of the resources that mount it so they're stuck pending looking for the pvc by the old name.
migtools/crane-lib#104 is in progress. Once that's complete and merged we need to fix the ClusterTask (migtools/crane-runner#48) to accept the option, and then we need to update the UI here to pass it in when one or more renames are specified.
When you try to migrate an application with PVC the following error comes up in transfer-pvc
task
invalid input params for task crane-transfer-pvc: didn't need these params but they were provided anyway: [dest-pvc-capacity]
Cause of the error seem to be a parameter mismatch here which should be this.
Reaching either of our pages with no defined namespace should result in a message instructing the user to go choose a namespace first. This experience will improve when we can address #106, but it shouldn't be broken.
Something about the query caching or form state memoization is causing the "project name" field to stay green once it's green for any given value. It should only ever be green if the source cluster credentials are currently valid and that project exists in that cluster.
It's a corner case, but this could bite us if you:
On the management page being introduced in #88, there is an additional feature we've mentioned in meetings that I want to capture: a button somewhere (action in the kebab menu?) for letting the user refresh the oauth tokens stored in the secrets associated with the pipelines.
If the user created the pipelines some time ago, their tokens are likely to have expired. There should be an easy way to refresh them without having to create new pipelines or manually edit secrets. This includes (a) pasting in a new oauth token for the source cluster and (b) triggering a patch via crane-secret-service that will automatically refresh the oauth token for the target/host cluster. Not sure if these should be separate functions or always be done together.
Another idea @vconzola mentioned was that when the user clicks the Stage or Cutover buttons, the UI could first run a check via crane-reverse-proxy to see if the source cluster's token is still valid (and maybe also somehow check the host cluster's token) and prompt the user to refresh it before running the pipelines. We could also possibly just automatically refresh the host oauth token via crane-secret-service immediately before starting any pipelinerun, although that might be too much magic.
If we intend to support rollbacks, that would involve generating and managing an additional type of pipeline. Is this in scope? needs investigation.
openshift/console#11108 backports the fix for MIG-1093 to OpenShift 4.10, but it is on hold. We need to make sure that backport goes through if we are going to target 4.10.z for our GA.
On the Project Details step of the wizard, we currently only show the number of Pods, PVCs and Services. We should revisit this when other tech-preview priorities are handled, and see if there is any other data we can practically show here.
Trying to migrate from DevSandbox to Single Node OpenShift the UI gets stopped with:
Cannot load source cluster namespaces Request failed with status code 403 namespaces is forbidden: User "rhn-engineering-jmontleo" cannot list resource "namespaces" in API group "" at the cluster scope
After discussing
There is a TODO comment in the PVCEditStep for potentially adding a filter by storage class, with allowed filter values based on the actual storage classes in the table.
We should revisit these tables and see if there are any other filters we should add (from original mockups or otherwise).
If I am not an admin on the destination I receive the following error.
Cannot configure crane-proxy
configmaps "crane-proxy" is forbidden: User "jason" cannot get resource "configmaps" in API group "" in the namespace "openshift-migration"
FWIW, the proxy no longer requires use of this config-map. If nothing else does either, we can probably skip trying to access it.
If the user proceeds past the Edit PVCs step of the wizard and then goes back to the first step and changes the source project name, the rest of the wizard form state should be reset. Instead, the selected PVCs and their edit values remain cached and e.g. if you proceed to the end of the wizard you may get a stage pipeline even though you didn't select any PVCs for the new project.
Changing anything on the "Source cluster and project" screen should reset the PVC select and edit steps (the form fields whose data comes from the source cluster).
I believe I already fixed a similar issue once, so this may be a regression.
In the import wizard, we need to recognize when a source for import includes ImageStreams. If ImageStreams are found we ask the user if they wish to migrate them (future iterations may determine this for the user). The resulting pipeline should look something like:
crane-export
targeting source cluster, we must have the manifestsoc-registry-info
targeting source and destination clusterscrane-skopeo-sync-gen
using the emitted results from oc registry info
andskopeo-sync
targeting destination clusterDependent issues include:
Updates based on Shawn's comment https://github.com/konveyor/enhancements/pull/77/files#r922514703 that made me realize we could fallback to oc get route
when oc registry info
doesn't get us what we want.
The dynamic plugin guidelines state that we should use react-i18next
for localization, and the template repo we started with already had it installed. We currently still have it as a dependency but we are not using it (all text is just hard-coded in English).
We need to decide whether we will actually be doing localization. If so, we need to determine a process for that and implement it, and if not we should remove this dependency.
Currently clicking Cancel in the wizard takes you to the Add page even if you reached the wizard from the management page.
@vconzola and I also realized that when you go to the wizard directly from the management page, you may never see the description on the Add card "Import a manually deployed application on another cluster to an automated GitOps workflow". Maybe that's fine? One idea was to open a modal with that description when you reach the wizard if you came from the management page. Needs further discussion.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.