Data mover micro service design #7576
Conversation
Lyndon-Li
requested review from
reasonerjt,
blackpiglet,
qiuming-best and
allenxu404
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #7576 +/- ##
==========================================
- Coverage 61.70% 58.80% -2.91%
==========================================
Files 263 345 +82
Lines 28861 28759 -102
==========================================
- Hits 17808 16911 -897
- Misses 9793 10420 +627
- Partials 1260 1428 +168 ☔ View full report in Codecov by Sentry. |
Lyndon-Li
force-pushed
the
data-mover-micro-service-design
branch
from
adc1979
to
2264d56
Compare
| - This enable users to to control resource (i.e., cpu, memory) request/limit in a granular manner, e.g., control them per backup/restore of a volume | ||
| - This increases the resilience, crash of one VGDP activity won't affect others | ||
| - In the cases that the backup storage must be represented by a Kubernetes persistent volumes (i.e., nfs storage, [COSI][3]), this avoids to dynamically mount the persistent volumes to node-agent pods and cause node-agent pods to restart (this is not accepted since node-agent lose it current state after its pods restart) | ||
| - This prevents unnecessary full backup. Velero's fs uploaders support file level incremental backup by comparing the file name and metadata. However, at present the files are visited by host path, while pod and PVC's ID are part of the host path, so once the pod is recreated, the same file is regarded as a different file since the pod's ID has been changed. If the fs uploader is in a dedicate pod and files are visited by pod's volume path, files' full path are not changed after pod restarts, so incremental backups could continue. |
There was a problem hiding this comment.
... once the pod is recreated, the same file is regarded as a different file....
Here is the pod the backuppod created by VBDM? Have you verified the incremental backup scenario?
There was a problem hiding this comment.
The pod refers to the source pod to be backed up.
The incremental backup compares the full path for each file, while the source pod's ID is part of the full path. Once the pod is recreated, the full path will change, so the same file will be treated as a new file.
|
|
||
| ## Goals | ||
| - Create a solution to make VGDP instances as micro services | ||
| - Modify the VBDM to launch VGDP micro services instead of running the VGDP instances in place |
There was a problem hiding this comment.
I suggest modifying this statement or adding one more statement to specify what we wanna implement.
Like offload the work of data movement from node agent to backup pod
| ## Detailed Design | ||
| ### Exposer | ||
| At present, the exposer sets ```velero-helper pause``` as the command run by backupPod/restorePod. Now, VGDP-MS command will be used, the command is like below: | ||
| ```velero vgdp-ms backup --this-pod xxx --this-container xxx --this-volume xxx --resource-timeout xxx --log-format xxx --log-level xxx``` |
There was a problem hiding this comment.
This is subjective but isn't it easier to understand by calling it velero data-move? Or compile into another binary like velero-data-mover
There was a problem hiding this comment.
To lower the overhead to build the extra binary, we should keep it in velero, but rename the sub-command.
There was a problem hiding this comment.
Done, changed the command name to velero data-mover
| Below are the parameters of the commands: | ||
| **this-pod**: Deliver the backupPod/restorePod's name to VGDP-MS. Even though VGDP-MS is running inside the backupPod/restorePod, it is not easy to get the name of pod it is running in, so it is simply delivered through the parameter. | ||
| **this-container**: When backupPod/restorePod is started, the cluster may insert other containers to the pod, so we cannot assume that the container running VGDP-MS is always the first container in the pod. So the container name is simply delivered through the parameter. | ||
| **this-volume**: The name of the snapshot/target volume. VGDP-MS accesses the snapshot/target volume by matching this-volume to the volumeMount/volumeDevice in backupPod/restorePod's spec, so that it could access the snapshot/target volume locally. |
There was a problem hiding this comment.
Why not pass the path directly to the command?
I have the same concern about passing this-pod and this-container to the command.
The workload should not need to know the pod or container name of where it runs.
There was a problem hiding this comment.
Besides the full path, we also need the volume mode(fs or block) to initialize the backup. So instead of passing more detailed parameters (path, mode, etc.), it is better to simply pass these 3 parameters and let the VGDP to get the detailed info from them.
Moreover, the fileSystemBR should work for both host-path mode(for PVB/PVR) and pod-path mode(data mover), passing 3 simple parameters and deducing the info varying from different modes is helpful to reduce the code redundancy.
Conclusively, we need these 3 parameters for below purposes:
- Find the path of the volume to be backed up
- Find the DUCR/DDCR this pod is for
- Create events to the backupPod/restorePod
- Retrieve the volume mode(fs or block)
There was a problem hiding this comment.
this-pod is a workload created by velero right? or a user workload mounting the volume prior to backup?
There was a problem hiding this comment.
this-pod runs a subcommand of velero
There was a problem hiding this comment.
After the further discussion, we will not use this-pod, this-container and this-volume, instead, we will pass the specific info required by the vgdp-ms --- volume path, volume mode, DUCR/DDCR
There was a problem hiding this comment.
Done on the changes
|
|
||
| In order to have the same capability and permission with node-agent, below pod configurations are inherited from node-agent and set to backupPod/restorePod's spec: | ||
| - Volumes: Some configMaps will be mapped as volumes to node-agent, so we add the same volumes of node-agent to the backupPod/restorePod | ||
| - Environment Variables |
There was a problem hiding this comment.
If time permits, we should follow the best practice to limit/minimize the scope and capability of the backupPod/restorePod.
There was a problem hiding this comment.
Yes, theoretically, the backupPod/restorePod only needs to host the VGDP instance. And besides that, we also need a kube client so as to fulfill below communicating and controlling purposes:
- Watch some status of DUCR/DDCR for synchronization with the controller, i.e., ready for start VGDP; VGDP cancellation
- Deliver information to the controller, i.e., VGDP progress
There is no other functionalities in backupPod/restorePod
There was a problem hiding this comment.
We may open an issue to limit the scope of the roles of the backupPod/restorePod but it can be optional for phase 1 implementation.
There was a problem hiding this comment.
Added a clarification for the roles/privileges/capabilities of the backupPod/restorePod.
We can open an issue for further changes after this micro service feature is merged.
|
|
||
| We use two mechanism to make the watch: | ||
| **Pod Phases**: VGDP Watcher watches the backupPod/restorePod's phases updated by Kubernetes. That is, VGDP Watcher creates an informer to watch the pod resource for the backupPod/restorePod and detect that the pod reaches to one of the terminated phases (i.e., PodSucceeded, PodFailed). We also check the availability & status of the backupPod/restorePod at the beginning of the watch so as to detect the starting of the backupPod/restorePod. | ||
| **Custom Kubernetes Events**: VGDP-MS generates Kubernetes events and associates them to the backupPod/restorePod at the time of VGDP instance starting/stopping and progress update, then VGDP Watcher creates another informer to watch the Event resource associated to the backupPod/restorePod. |
There was a problem hiding this comment.
What's the specific use case for this? reporting the transfer status?
IMHO, we wanna try to make the code that runs in backupPod less k8s-aware or k8s-dependent, so we can test it or verify certain cases more easily. But this is an immature thought and we can have further discussions on this topic.
There was a problem hiding this comment.
Custom Kubernetes Events doesn't mean a mechanism out of k8s scope, so it is still k8s aware/dependent.
Here the Events refer to the Kubernetes Event resource, that is, we generate events to the backupPod/restorePod during the data movement.
We use the Events to transfer message to the controller during the data movement, since the Pod Phase and Pod Terminate Message mechanism can only deliver info at the time of pod terminates.
There was a problem hiding this comment.
After offline discussion, we agreed to choose k8s events as the approach for backup/restore pod to communicate to the node-agent, but maybe point the involvedObject to the DUCR is a better choice.
There was a problem hiding this comment.
After some further checks, I can see below negative points if we want to make involvedObject as DUCR/DDCR:
- Kubernetes' etcd is not good at to store huge number of objects, this is why the event objects are automatically removed after 1 hour(by default). Since DUCR/DDCR are to be permanently kept, it will increase the burden to etcd when there are lots of DUCR/DDCR. On the other hand, since the events are deleted after 1 hour, we have no way to keep the events for further use, so there is no gain to keep the events with DUCR/DDCR.
- The ms-service solution introduced in this design is capable to be reused by other requirements in future and Event is a core part of this solution. Adding DUCR/DDCR as
involvedObjectrequires adding one more input parameter for the ms-service. As a comparison, originally, we only requirethis-pod,this-containerandthis-volumeas the input.
There was a problem hiding this comment.
After a further discussion, we decided to associate the events to DUCR/DDCR
There was a problem hiding this comment.
Done on the changes
The scope of this design is for VGDP, VGDP is a part of VBDM (Velero Build-in Data Mover), so this design doesn't cover 3rd data movers. I can add a clarification for this in the design. |
Lyndon-Li
force-pushed
the
data-mover-micro-service-design
branch
from
2264d56
to
3527da1
Compare
|
So my thought process was: We could use a generic controller to handle the DUCR/DDCR and then move all the data movers to micro services and have the generic controller be able to control what data mover is called when. The biggest problem with the design at the moment is that I can only have a single Data Mover. I have to copy the full VBDM code and extend it for my use case (a particular volume for a particular driver). Maybe this isn't how you want to solve that problem, and that is ok, but it is an option. I would like to see us think through a solution to this problem though. |
I think this is possible theoretically, though we still need to cover lots of details, e.g., how do we publish the communication mechanism so that 3rd data movers could implement. Anyway, this is out of the scope of the current design. I suggest to open another issue after this design is merged and we can continue this discussion in the issue. |
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
Lyndon-Li
force-pushed
the
data-mover-micro-service-design
branch
from
3527da1
to
470484d
Compare
Fix issue #7198. Add the design for data mover micro service