STOR-2040: CLI command to display bound pvc filesystem usage percentage

[gmeghnag]

The code makes use of a Prometheus query to implement the oc adm top persistentvolumeclaims and show usage statistics for bound persistentvolumeclaims, as follows:

oc adm top pvc --insecure-skip-tls-verify=true -n reproducer-pvc
NAMESPACE      NAME               USAGE(%) 
reproducer-pvc pvc-reproducer-pvc 98.28    
reproducer-pvc pvc-test-pvc       14.56    

It supports the following flags:

    -A, --all-namespaces=false:
	If present, list the pvc usage across all namespaces. Namespace in current context is ignored even if
	specified with --namespace

    --insecure-skip-tls-verify=false:
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections
	insecure

[openshift-ci-robot]

@gmeghnag: This pull request references STOR-2040 which is a valid jira issue.

In response to this:

The code makes use of a Prometheus query to implement the oc adm top persistentvolumeclaims and show usage statistics for bound persistentvolumeclaims, as follows:

oc adm top pvc --insecure-skip-tls-verify=true -n reproducer-pvc
NAMESPACE      NAME               USAGE(%) 
reproducer-pvc pvc-reproducer-pvc 98.28    
reproducer-pvc pvc-test-pvc       14.56    

It supports the following flags:

   -A, --all-namespaces=false:
  If present, list the pvc usage across all namespaces. Namespace in current context is ignored even if
  specified with --namespace

   --insecure-skip-tls-verify=false:
  If true, the server's certificate will not be checked for validity. This will make your HTTPS connections
  insecure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ardaguclu]

Thank you for spending time on this nice and useful feature. But that requires a KEP first to sync on the feature and implementation.

[gmeghnag]

Hey @ardaguclu, what is a KEP? And how to create one? Thanks :)

[ardaguclu]

Hey @ardaguclu, what is a KEP? And how to create one? Thanks :)

I think, you'd write an enhancement proposal under /~https://github.com/openshift/enhancements/tree/master/enhancements/oc and we'll discuss the design and align on it. Once it merges, we can return to this PR.

[dobsonj]

Thanks a lot @gmeghnag :) This is nice work, I just have a few suggestions.

[dobsonj]

/retest

[ropatil010]

/test e2e-agnostic-ovn-cmd

[gmeghnag]

/retest

[gmeghnag]

DO NOT MERGE, I have to fix first https://issues.redhat.com/browse/OCPBUGS-44011

[gmeghnag]

https://issues.redhat.com/browse/OCPBUGS-44011 fixed.

[gmeghnag]

/retest

[ardaguclu]

I still believe that this is a cool feature and thanks for spending time on this. I think it requires major code refactorings though.

/label tide/merge-method-squash

[ardaguclu]

Since you'll be the maintainer of this command, there should be a separate OWNERS file like this /~https://github.com/openshift/oc/blob/master/pkg/cli/admin/inspectalerts/OWNERS

[ardaguclu]

This comment is still valid. We need OWNERS file to maintain and triage the issues with respect to this comment.

[gmeghnag]

@ardaguclu Thank you a lot for the code review!

Before spending time answering your questions and proceeding with the code modifications I would like to ask @tsmetana if doing so will make this PR merged, because, from our last chat I understood that you (with the storage leads) chose to go upstream first with this functionality, and doing so will probably need a different approach since Prometheus is not provided by default in vanilla Kubernetes.

In short, I don't want to spend time modifying the code if this PR will not be merged anyway.
Instead, if you think we can merge this PR in a future oc release, I'll work on that tomorrow.

Thanks

[tsmetana]

@gmeghnag labelling the feature as experimental is exactly what would make it merge even if we want to implement this also in upstream kubectl. The experimental / TP nature gives us the possibility to have the feature early in oc, but be able to change it later in case the kubectl implementation would differ in an incompatible way.

Thanks for the awesome work!

[gmeghnag]

@ardaguclu @tsmetana I've updated the PR, please let me know if anything else is needed! (:

[gmeghnag]

/retest-required

[ardaguclu]

Thank you. I quickly skimmed over the current code but we need to iterate a couple of times to be ready for merge. I think, it would be safer to defer this to 4.19 as unfortunately I don't have time for 4.18.

[ardaguclu]

How do we know promOutputDataResult.Value's length is greater than 1 and we don't panic?

[gmeghnag]

Because this is a "dogma" from Prometheus output, see here [1][2]:

Instant vectors are returned as result type vector. The corresponding result property has the following format:

[
  {
    "metric": { "<label_name>": "<label_value>", ... },
    "value": [ <unix_time>, "<sample_value>" ],
    "histogram": [ <unix_time>, <histogram> ]
  },
  ...
]

[1] https://prometheus.io/docs/prometheus/latest/querying/api/#instant-queries
[2] https://prometheus.io/docs/prometheus/latest/querying/api/#instant-vectors

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: gmeghnag
Once this PR has been reviewed and has the lgtm label, please assign ardaguclu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ardaguclu]

This comment is still valid. We need OWNERS file to maintain and triage the issues with respect to this comment.

[ardaguclu]

I don't think using an arbitrary namespace would be allowed (especially using the openshift-kube-apiserver which is an important one). If there is no bearer tokens, it is better to return error?.

[ardaguclu]

options is unexported which makes sense but why some of its fields are exported?

[ardaguclu]

nit: Better to export

[ardaguclu]

We need to continue with whatever we have defined in kubeconfig and should not try to use any other secret, etc.

[ardaguclu]

We can unexport this and the other nested ones.

[ardaguclu]

It is better to add approvers and reviewers from which team will maintain this. I'd prefer not to be in here.

[ardaguclu]

pkg/cli/admin/top command exists and it is maintained by workloads team. What about moving this command to pkg/cli/admin/toppvc, etc. and have dedicated OWNERS?.

[ardaguclu]

It is also better to have an alias like this /~https://github.com/openshift/oc/blob/master/pkg/cli/admin/inspectalerts/OWNERS and

oc/OWNERS_ALIASES

Line 9 in e005223

monitoring-approvers:

[ardaguclu]

Also keep in mind that, kubeconfig has many fields to access cluster, not only bearer token. As a result, this command will not be usable if kubeconfig authentication mechanism is certificates, exec credential plugins, etc.

[openshift-ci]

@gmeghnag: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-serial	64325f9	link	true	/test e2e-aws-ovn-serial
ci/prow/e2e-agnostic-ovn-cmd	64325f9	link	true	/test e2e-agnostic-ovn-cmd
ci/prow/unit	64325f9	link	true	/test unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.