exec remote host collectors in a daemonset

[hedge-sparrow]

Description, Motivation and Context

This PR changes how remote host collection is scheduled.

it switches the runners to be exec calls to pods managed by a daemonset, rather than one runner per pod.

Checklist

• New and existing tests pass locally with introduced changes.
• Tests for the changes have been added (for bug fixes / features)
• The commit message(s) are informative and highlight any breaking changes
• Any documentation required has been added/updated. For changes to https://troubleshoot.sh/ create a PR here

Does this PR introduce a breaking change?

• Yes
• No

[nvanthao]

Potential panic when ds is not created

[DexterYan]

I have added

	_, err := clientset.AppsV1().DaemonSets(ds.Namespace).Get(ctx, ds.Name, metav1.GetOptions{})
		if err != nil {
			klog.Errorf("Failed to verify remote host collector daemonset %s still exists: %v", ds.Name, err)
			return
		}

		if err := clientset.AppsV1().DaemonSets(ds.Namespace).Delete(ctx, ds.Name, metav1.DeleteOptions{}); err != nil {
			klog.Errorf("Failed to delete remote host collector daemonset %s: %v", ds.Name, err)
		}

[DexterYan]

I think if the ds is not created, it will log the not found error.

[banjoh]

To improve reliability, should we poll if the user does not have the necessary "watch" permissions?

[DexterYan]

Thank you! I have checked to polling method

[banjoh]

Same here. Poll if no "watch" permissions.

We might just default to polling if it does not introduce a significant delay.

[DexterYan]

changed to polling

[banjoh]

Is this 0 timeout intentional?

[DexterYan]

I have changed to TimeoutSeconds: ptr.To(int64(defaultTimeout)),

[banjoh]

Wouldn't limit=0 mean that no pods should be returned? I might be missing something here though

[DexterYan]

0 means that there is no limit on the number of pods returned in this list operation. It will attempt to return all matching pods without restricting the count.

[banjoh]

Using stdin instead of relying on configmaps is pretty neat!

[DexterYan]

yes, that is very efficient!

[banjoh]

Wouldn't it be sufficient to just delete the DaemonSet and log the error if it wasn't present?

[DexterYan]

Yes, it should be sufficient to just delete the DaemonSet and log the not found error. I have modified the code.

[banjoh]

Should we allow passing in the namespace? In embedded cluster for example, kotsadm & embedded-cluster namespaces exist. KOTS may have permissions on one of these but not to the default namespace

[DexterYan]

good catch. Namespace has been added

[banjoh]

Should we use a versioned tag instead? You can get the version string from https://github.com/replicatedhq/troubleshoot/blob/main/pkg/version/version.go

[DexterYan]

I found the challenging part is that if we are using version string in local development, I found the image was not existed. We have to build it in local first. Do you have any idea about that?

[DexterYan]

I found one to use version tag. It has to be semantic version

[DexterYan]

It seems cannot pass the tests. I reverts docker image versioned tag.

[DexterYan]

I suggest that we can switch to version tag in next PR

[banjoh]

If we use a tag, perhaps this should be IfNotPresent

[DexterYan]

changed to IfNotPresent

[banjoh]

Collection shouldn't take longer than 30s but I'm thinking we should have a better way of handling this. We can for example implement a collect pause subcommand to pause and wait for a termination signal then exit gracefully.

[DexterYan]

I have changed to use

Command:         []string{"tail", "-f", "/dev/null"},

It effectively blocks forever without doing anything.

[DexterYan]

@diamonwiggins

Copy from another PR

Is the reporting and the progress updates accurate if the flow is:

for pod in pods:
    run each collector

or should it be:

for collector in collectors:
    run in each pod

[DexterYan]

The remote collectors has been using

for collector in collectors:
   tracing start
    run in each pod
   tracing end

[nvanthao]

LGTM

[banjoh]

LGTM