Add ability to install porter plugins

[VinozzZ]

This PR implements the ability to allow users to configure plugins they need in agent-config resource.

Current workflow:

It creates a new agent config controller to manage the lifecycle of the plugin installation. The controller dispatch jobs to the porter agent to install plugins onto a persistent volume through a pvc (temporary persistent volume claim) managed by the agent config controller. Once the installation is done, the controller sets labels, including all installed plugins and the agent config name, on the persistent volume. Then the controller will create a new pvc. The new pvc will use the hash of all the plugins information as its name and the plain text version of all the plugin information as its label.
When a new agent action is created, it will query using the plugin hash derived from its agent config and mount a plugin pvc using that name.
If no existing plugin pvc exits, the agent action will wait for the pvc to be created before kubernetes schedules it.
When a plugin volumes is no longer needed, the current approach is to allow k8s GC to do the work for us. All the operator is doing when a agent config is deleted is to make sure to remove itself from the pvc's and pv's OwnerReferences value. Once no other resource is referencing a volume, GC will know to delete it permanently.
To make sure we are not deleting any volumes that still could being used, when a volume is being reused by multiple agent config, the controller will make sure to add all agent config into the owner reference before marking the agent config status has complete.

Couple issues that may need to be worked out before this feature is complete:

• - Since currently, the operator doesn't have the capability to clean up pods after each job has been finished, the above cleanup workflow for plugin volumes only removes the deleted agent config from the plugin volume's owner reference list. we need to validate that when all the pods are deleted, the plugin volumes will be deleted too. Delete temporary resources when agent completes #54

  Resolution: I would like to work on this as a separate PR and just have the current deletion behavior as only removing OwnerReference.

• - Another issue that the current code has not solved is how to install multiple porter plugins with one agent job. From my discovery, porter currently does not seem to allow installation for multiple plugins with one command. Ability to install multiple plugins defined in one agent config #123

  Resolution: This will be a separate PR in porter to implement this new feature. For now, only kubernetes plugins will be installed. Users will only able to define kubernetes plugin and configure its version and feedURL

• - We probably should set default plugin configuration in both the installer bundle and the controller code. If someone were to delete the default agent config defined by the installer bundle, the controller can still set a default kubernetes pluin in the code

• - We need to add integration tests for delete behavior

• - This feature is also missing document. For example, where all the default values for plugin configs are set Add document for plugin install feature #122

[codecov]

Codecov Report

Merging #108 (f733fe2) into main (4c2faac) will decrease coverage by 2.71%.
The diff coverage is 68.45%.

@@            Coverage Diff             @@
##             main     #108      +/-   ##
==========================================
- Coverage   78.30%   75.58%   -2.72%     
==========================================
  Files          12       13       +1     
  Lines        1014     1536     +522     
==========================================
+ Hits          794     1161     +367     
- Misses        138      242     +104     
- Partials       82      133      +51     

Flag	Coverage Δ
unit-tests	75.58% <68.45%> (-2.72%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
api/v1/agentaction_types.go	44.44% <0.00%> (-22.23%)	⬇️
controllers/porter_resource.go	77.61% <ø> (ø)
api/v1/agentconfig_types.go	58.97% <54.28%> (-14.36%)	⬇️
controllers/agentconfig_controller.go	71.04% <71.04%> (ø)
controllers/agentaction_controller.go	83.29% <84.61%> (+2.38%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[carolynvs]

I didn't have time to do a full review but here is some initial feedback. I can take another review after the logic in reconcile is split up into functions.

[carolynvs]

Can you document this function and maybe tweak the name to better fit what it does? I don't think it is checking if an action is an agent config. Is it checking if we are running an action on behalf of an agent config?

[carolynvs]

Would you please add godocs for any exported fields and functions? I've made an issue for us to figure out how to enforce that in CI (#131)

[carolynvs]

This seems like a validation error that we should handle. Is that something we look for elsewhere?

[carolynvs]

You can annotate this field and any other required fields with a comment so that Kubernetes requires that it is filled out. // +kubebuilder:validation:Required

https://book.kubebuilder.io/reference/markers/crd-validation.html

But I think we are configured to require all fields by default, unless the field is nullable.

I'm mostly bringing it up because of that check you have above that looks if the plugin name is empty which made me think you were running into problems with validation not being strong enough. If you need to require a field, let's use the CRD validation so that we don't need checks like if plugin.Name == "" throughout the implementation.

[VinozzZ]

Oh, I did not know this. Thank you for mentioning it.
I think I did the checks in the code is mostly due to issues I ran into with tests. Do you know where in the codebase I can find the logic that all fields are required by default?

[carolynvs]

Sorry I don't. I just read it in the kubebuilder documentation that I linked in my last comment above.

[carolynvs]

Since in the future we may end up mounting more volumes into an agent, how about we make this a bit more specific and whenever we just generally reference a pvc / volume, rename it to be specific to plugins?

[carolynvs]

Suggested change

	// GetPVCName returns an string that's the hash using plugins spec and the AgentConfig's namepsace and name.
	// GetPVCName returns a string that's the hash using plugins spec and the AgentConfig's namespace and name.

[carolynvs]

The feedback we got when Porter generates resources, like when we push the invocation image to the registry first to get the repository digest, that having an easy way to tell it's porter's is helpful.

Would it be possible to prefix the pvc name with porter-DIGEST, so that people can quickly see that they belong to porter? I realize that we have the labels too, this just makes it easier to visually tell while running simple commands with kubectl.

[carolynvs]

Can you add a comment here? It's not immediately clear what's going on and an explanation would help a lot. I can't really tell from the code when we mount this volume.

[carolynvs]

I recommend moving all of this into multiple functions. If you look over the other reconcile functions in the other controller, I've tried real hard to keep them short and readable because otherwise this function is overwhelming and difficult to test/maintain.

[carolynvs]

re-adding comment from last review since I think it was missed:

I recommend moving most of the detailed logic from Reconcile into multiple functions. If you look over the other reconcile implementations in the other controller, I've tried real hard to keep them short/readable, sticking to the high level status transitions, because otherwise this function is overwhelming and difficult to test/maintain.

[sgettys]

Same as above

[carolynvs]

Wow, this is a giant feature. I had no idea when we first started that it would require so much careful logic and design to work properly.

Thank you for taking the time to think through all the workflow and edge cases. This is amazing and I'm really excited to get it merged so everyone can use it! 💖

[carolynvs]

nit: this comment is incomplete

[carolynvs]

nit: I recommend removing omitempty, so that when people look at the status they see all the fields and their current values. As it is, this (hiding ready when false) requires the user to know the schema and that ready defaults to false.

[carolynvs]

This docstring seems a bit misleading since it says that the adapter exists to just provide Plugins as a list instead of a map. But based on our previous discussions around the difficulties in defaulting the plugins, and how you are using the original field to protect people from accidentally directly accessing the fields instead of using the getter functions, makes me think that there's a lot more behind why you split this into it's own data structure.

Can you add a bit of that to the doc so that people can follow why this struct exists and how they should use it?

[carolynvs]

Just a suggestion, but it may be worthwhile for maintenance of this code and the function above to split these lines into a separate function and then use the value for both the label and the hash.

[carolynvs]

There's one more restriction on label values, they must be 63 characters or less

[carolynvs]

phew! This is a mega test 💯, looks great and just shows how much logic is tied up in the AgentConfigController!

[carolynvs]

Can we omit all of these and just specify a plugin?

[carolynvs]

WOOOOOO! 🎉 I love seeing this.

[carolynvs]

Suggested change

	Context("when an existing AgentConfig is delete", func() {
	Context("when an existing AgentConfig is deleted", func() {

[carolynvs]

oops! Thanks for fixing that 👍

[carolynvs]

This is great! Ship it 🚀