operator/ingress: Add logging API #616

Miciah · 2020-04-02T02:53:15Z

This commit implements NE-284.

operator/v1/types_ingress.go (IngressControllerSpec): Add Logging field with the new IngressControllerLogging type.
(LoggingDestinationType): New type.
(ContainerLoggingDestinationType, SyslogLoggingDestinationType): New constants to identify types of destinations for log messages.
(ContainerLoggingSidecarContainerName): New constant.
(SyslogLoggingDestinationParameters): New type. Describe a syslog endpoint and facility.
(ContainerLoggingDestinationParameters): New type. Empty for now.
(LoggingDestination): New type. Describe a destination for log messages using LoggingDestinationType, SyslogLoggingDestinationParameters, and ContainerLoggingDestinationParameters.
(AccessLogging): New type. Describe how client requests are logged, using LoggingDestination.
(IngressControllerLogging): New type. Describe what should be logged where, using AccessLogging. For now, other types of logging cannot be specified.
operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml:
operator/v1/zz_generated.deepcopy.go:
operator/v1/zz_generated.swagger_doc_generated.go: Regenerate.

operator/v1/types_ingress.go

Miciah · 2020-04-14T04:23:47Z

Latest push replaces the spec.logging.access.destination.syslog.endpoint field with spec.logging.access.destination.syslog.address and spec.logging.access.destination.syslog.port fields with appropriate validation: The former field's value is required to be a string in "ipv4" or "ipv6" format, and the latter field's value is required to be an integer in the range of 1 to ~~63356~~ 65535 (inclusive). @ironcladlou, is this a reasonable approach?

I added a patch file to do the required validation because I couldn't figure out how to do it using kubebuilder markers. In order to get crd-schema-gen.mk to apply the patch file, I had to rename to 0000_50_ingress-operator_00-custom-resource-definition.yaml to 0000_50_ingress-operator_00-ingresscontroller.crd.yaml.

An alternative would be to use a regexp, which would be very messy to match IPv4 and IPv6 addresses.

This commit implements NE-284. https://issues.redhat.com/browse/NE-284 * operator/v1/types_ingress.go (IngressControllerSpec): Add Logging field with the new IngressControllerLogging type. (LoggingDestinationType): New type. (ContainerLoggingDestinationType, SyslogLoggingDestinationType): New constants to identify types of destinations for log messages. (ContainerLoggingSidecarContainerName): New constant. (SyslogLoggingDestinationParameters): New type. Describe a syslog endpoint and facility. (ContainerLoggingDestinationParameters): New type. Empty for now. (LoggingDestination): New type. Describe a destination for log messages using LoggingDestinationType, SyslogLoggingDestinationParameters, and ContainerLoggingDestinationParameters. (AccessLogging): New type. Describe how client requests are logged, using LoggingDestination. (IngressControllerLogging): New type. Describe what should be logged where, using AccessLogging. For now, other types of logging cannot be specified. * operator/v1/0000_50_ingress-operator_00-custom-resource-definition.yaml: Rename... * operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml: ...to this. The file name must end in .crd.yaml so it can be patched. * operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-merge-patch: New file. Patch the validation of the spec.logging.access.destination.syslog.address field to require its value to be either ipv4 or ipv6 * operator/v1/zz_generated.deepcopy.go: * operator/v1/zz_generated.swagger_doc_generated.go: Regenerate.

ironcladlou · 2020-04-14T17:02:36Z

operator/v1/types_ingress.go

+	//
+	// +kubebuilder:validation:Required
+	// +required
+	Address string `json:"address"`


@sttts @deads2k any guidance on the best way to represent and validate endpoints (addr/port, ipv4/ipv6)? Are there any meaningful static validations we can apply in openapi?

https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apis/apiextensions/v1/types_jsonschema.go#L53

There is an URL. Otherwise, we split host and port usually, don't we?

By "split host and port", do you mean using separate fields? I changed to using separate fields to enable us to perform stricter validation. Our goal is to perform as much validation as possible using OpenAPI.

ironcladlou · 2020-04-15T16:00:55Z

/approve

Any other feedback? @openshift/sig-network-edge

ironcladlou · 2020-04-16T11:53:56Z

/lgtm

ironcladlou · 2020-04-16T16:14:50Z

/approve

ironcladlou · 2020-04-16T16:15:34Z

Whoops, I don't have the power :)

knobunc · 2020-04-16T16:16:20Z

/approve

openshift-ci-robot · 2020-04-16T16:16:47Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ironcladlou, knobunc, Miciah

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [knobunc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Miciah · 2020-04-16T17:08:20Z

All jobs are failing with the following:

2020/04/16 16:20:11 Tagging https://api.ci.openshift.org/openshift/release:golang-1.13 into pipeline:root
2020/04/16 16:55:01 waiting for importing pipeline:root ...
...
2020/04/16 16:55:01 waiting for importing pipeline:root ...
2020/04/16 16:55:11 could not resolve tag root in imagestream pipeline: timed out waiting for the condition

/retest

Miciah · 2020-04-16T20:16:13Z

/retest

Miciah · 2020-04-16T21:48:41Z

/retest

There's an enhancement proposal for this profile [1], and the Code Ready Containers folks took a run at using it in [2] before backing off in [3]. I don't have any problems with having a specific CRC profile, but until we end up going that way, save ourselves the mental overhead of trying to guess whether it will want each of our manifest resources by dropping the annotation across the board. Effectively reverts abd8a20 (Annotate manifests for single-node-developer cluster profile, 2020-11-27, openshift#498). Generated with: $ sed -i '/single-node-developer/d' manifests/*.yaml $ git checkout HEAD -- manifests/00-custom-resource-definition.yaml where I'm leaving the CRD alone to avoid [4]: hack/verify-generated-crd.sh --- vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml 2021-12-22 07:10:24.000000000 +0000 +++ manifests/00-custom-resource-definition.yaml 2021-12-22 07:10:25.000000000 +0000 @@ -5,7 +5,6 @@ metadata: api-approved.openshift.io: openshift/api#616 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" name: ingresscontrollers.operator.openshift.io spec: group: operator.openshift.io invalid CRD: vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml => manifests/00-custom-resource-definition.yaml [1]: https://github.com/openshift/enhancements/blob/2911c46bf7d2f22eb1ab81739b4f9c2603fd0c07/enhancements/single-node/developer-cluster-profile.md [2]: crc-org/snc#338 [3]: crc-org/snc#373 (comment) [4]: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_cluster-ingress-operator/692/pull-ci-openshift-cluster-ingress-operator-master-verify/1473551168843026432#1:build-log.txt%3A14

There's an enhancement proposal for this profile [1], and the Code Ready Containers folks took a run at using it in [2] before backing off in [3]. I don't have any problems with having a specific CRC profile, but until we end up going that way, save ourselves the mental overhead of trying to guess whether it will want each of our manifest resources by dropping the annotation across the board. Effectively reverts abd8a20 (Annotate manifests for single-node-developer cluster profile, 2020-11-27, openshift#498). Generated with: $ sed -i '/single-node-developer/d' manifests/*.yaml $ git checkout HEAD -- manifests/00-custom-resource-definition* where I'm leaving the CRDs alone to avoid things like [4]: hack/verify-generated-crd.sh --- vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml 2021-12-22 07:10:24.000000000 +0000 +++ manifests/00-custom-resource-definition.yaml 2021-12-22 07:10:25.000000000 +0000 @@ -5,7 +5,6 @@ metadata: api-approved.openshift.io: openshift/api#616 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" name: ingresscontrollers.operator.openshift.io spec: group: operator.openshift.io invalid CRD: vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml => manifests/00-custom-resource-definition.yaml [1]: https://github.com/openshift/enhancements/blob/2911c46bf7d2f22eb1ab81739b4f9c2603fd0c07/enhancements/single-node/developer-cluster-profile.md [2]: crc-org/snc#338 [3]: crc-org/snc#373 (comment) [4]: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_cluster-ingress-operator/692/pull-ci-openshift-cluster-ingress-operator-master-verify/1473551168843026432#1:build-log.txt%3A14

openshift-ci-robot requested review from abhinavdahiya and adambkaplan April 2, 2020 02:53

Miciah mentioned this pull request Apr 2, 2020

Add ingress-logging-api enhancement openshift/enhancements#253

Merged

Miciah force-pushed the NE-284-operator-slash-ingress-add-logging-API branch from 12a2b6a to 776efe2 Compare April 2, 2020 17:29

ironcladlou reviewed Apr 6, 2020

View reviewed changes

operator/v1/types_ingress.go Outdated Show resolved Hide resolved

Miciah force-pushed the NE-284-operator-slash-ingress-add-logging-API branch 2 times, most recently from f57c68d to 307c0bf Compare April 14, 2020 04:18

Miciah force-pushed the NE-284-operator-slash-ingress-add-logging-API branch from 307c0bf to 1fc310b Compare April 14, 2020 04:28

ironcladlou reviewed Apr 14, 2020

View reviewed changes

openshift-ci-robot assigned ironcladlou Apr 16, 2020

openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 16, 2020

openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 16, 2020

openshift-merge-robot merged commit 8cfd791 into openshift:master Apr 16, 2020

Miciah mentioned this pull request Apr 24, 2020

ingress/logging-api: Update status to "implemented" openshift/enhancements#294

Merged

operator/ingress: Add logging API #616

operator/ingress: Add logging API #616

Uh oh!

Conversation

Miciah commented Apr 2, 2020

Uh oh!

Uh oh!

Miciah commented Apr 14, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ironcladlou Apr 14, 2020

Choose a reason for hiding this comment

Uh oh!

sttts Apr 14, 2020

Choose a reason for hiding this comment

Uh oh!

Miciah Apr 14, 2020

Choose a reason for hiding this comment

Uh oh!

ironcladlou commented Apr 15, 2020

Uh oh!

ironcladlou commented Apr 16, 2020

Uh oh!

ironcladlou commented Apr 16, 2020

Uh oh!

ironcladlou commented Apr 16, 2020

Uh oh!

knobunc commented Apr 16, 2020

Uh oh!

openshift-ci-robot commented Apr 16, 2020

Uh oh!

Miciah commented Apr 16, 2020

Uh oh!

Miciah commented Apr 16, 2020

Uh oh!

Miciah commented Apr 16, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Miciah commented Apr 14, 2020 •

edited

Loading