WIP: status: Report Upgradeable status condition #508
Conversation
|
@Miciah: No Bugzilla bug is referenced in the title of this pull request. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
the
approved
|
One of the control plane nodes failed to become ready (see nodes.json). |
|
@Miciah: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
This depends on #507, right? |
Yeah. Also, I need to change the logic not to set |
Miciah
force-pushed
the
status-report-Upgradeable-status-condition
branch
from
598553c to
9d2a3cd
Compare
openshift-ci-robot
added
the
needs-rebase
Miciah
force-pushed
the
status-report-Upgradeable-status-condition
branch
from
9d2a3cd to
59a8d36
Compare
openshift-ci-robot
removed
the
needs-rebase
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Miciah
force-pushed
the
status-report-Upgradeable-status-condition
branch
from
59a8d36 to
385e5d6
Compare
|
Looks like tests passed but must-gather failed. |
|
must-gather failed again. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
* pkg/operator/controller/ingress/controller.go (Reconcile): Compute the platform status from the infrastructure config using GetPlatformStatus. Pass the platform status to ensureIngressController. (ensureIngressController): Add a parameter for the platform status. Pass the platform status instead of the infrastructure config to ensureLoadBalancerService. * pkg/operator/controller/ingress/load_balancer_service.go (ensureLoadBalancerService): Delete the parameter for the infrastructure config. Add a parameter for the platform status. Delete redundant computation of platform status (since it is now a parameter). Delete computation of the PROXY protocol flag (desiredLoadBalancerService can compute it). (desiredLoadBalancerService): Delete PROXY protocol parameter. Instead, compute the value using IsProxyProtocolNeeded. * pkg/operator/controller/ingress/load_balancer_service_test.go (TestDesiredLoadBalancerService): Refactor to be more table-driven. Change test cases to specify which annotations are expected to be present, and which are expected to be absent, in order to simplify the test logic. (checkServiceHasAnnotation): Fix logic for when expectValue is false.
Miciah
force-pushed
the
status-report-Upgradeable-status-condition
branch
from
385e5d6 to
ac32762
Compare
Miciah
force-pushed
the
status-report-Upgradeable-status-condition
branch
from
ac32762 to
1995b03
Compare
Add an "Upgradeable" status condition for ingresscontrollers and for the ingress clusteroperator. Compute the clusteroperator's status condition from the individual ingresscontrollers'. Compute each ingresscontroller's "Upgradeable" status by checking its load balance service (if the ingresscontroller has one). If the service is missing the correct owner reference or if something or someone other than the operator has modified the service, mark the ingresscontroller as not upgradeable. This ensures that the administrator cannot modify the service and then upgrade to a version of the operator that reverts the administrator's modification. This commit is related to bug 1905490. https://bugzilla.redhat.com/show_bug.cgi?id=1905490 * assets/router/service-cloud.yaml: Add spec.sessionAffinity with the default value to simplify comparisons of desired and actual service. * pkg/manifests/bindata.go: Regenerate. * pkg/operator/controller/ingress/controller.go (ensureIngressController): Pass the deployment reference and platform status to syncIngressControllerStatus. * pkg/operator/controller/ingress/load_balancer_service.go (loadBalancerServiceExternallyModified): New function. Check if the given load balancer services differ. (loadBalancerServiceIsUpgradeable): New function. Check if the given load balancer service is missing the owner reference or differs from the expected service for the given ingresscontroller, deployment, and platform status. * pkg/operator/controller/ingress/load_balancer_service_test.go (TestLoadBalancerServiceExternallyModified): New test. * pkg/operator/controller/ingress/status.go (syncIngressControllerStatus): Add parameters for the deployment reference and platform status. Use these parameters and the new computeIngressUpgradeableCondition function to compute the ingresscontroller's "Upgradeable" status condition. (computeIngressUpgradeableCondition): New function. Compute the ingresscontroller's "Upgradeable" status condition. * pkg/operator/controller/ingress/status_test.go (TestComputeIngressUpgradeableCondition): New test. * pkg/operator/controller/status/controller.go (Reconcile): Use the new computeOperatorUpgradeableCondition function to compute the clusteroperator's "Upgradeable" status condition. (computeOperatorUpgradeableCondition): New function. Compute the clusteroperator's "Upgradeable" status condition from each ingresscontrollers' "Upgradeable" status condition. * pkg/operator/controller/status/controller_test.go (TestComputeOperatorUpgradeableCondition): New test.
Ignore the "service.beta.kubernetes.io/load-balancer-source-ranges" service annotation when computing the Upgradeable status condition so that users can continue to use the annotation with OpenShift 4.8. Setting the spec.loadBalancerSourceRanges field still affects the Upgradeable status condition. This means that users who have been setting spec.loadBalancerSourceRanges will be prompted to migrate to using the "service.beta.kubernetes.io/load-balancer-source-ranges" annotation on OpenShift 4.8 before upgrading to OpenShift 4.9. In OpenShift 4.9, we will add an API field to IngressController for configuring source ranges and set Upgradeable=False if the annotation is set to prompt users to switch to the new API field, so the user will be able to migrate from the annotation to this API after upgrading to OpenShift 4.9. * pkg/operator/controller/ingress/load_balancer_service.go (loadBalancerServiceExternallyModified): Ignore the "service.beta.kubernetes.io/load-balancer-source-ranges" annotation. * pkg/operator/controller/ingress/load_balancer_service_test.go (TestLoadBalancerServiceExternallyModified): * pkg/operator/controller/ingress/status_test.go (TestComputeIngressUpgradeableCondition): Expect the "service.beta.kubernetes.io/load-balancer-source-ranges" annotation to be ignored and not to affect the Upgradeable status condition.
Miciah
force-pushed
the
status-report-Upgradeable-status-condition
branch
from
1995b03 to
aa24de8
Compare
| protocol: TCP | ||
| port: 443 | ||
| targetPort: https | ||
| sessionAffinity: None |
There was a problem hiding this comment.
I'm curious to find out if any customers are currently setting sessionAffinity to a non-default value :)
| changed, updated := loadBalancerServiceExternallyModified(current, desired, platform) | ||
| if changed { | ||
| diff := cmp.Diff(current, updated, cmpopts.EquateEmpty()) | ||
| return fmt.Errorf("load balancer service has been modified; changes must be reverted before upgrading: %s", diff) |
There was a problem hiding this comment.
Great idea to log bubble up the diff here!
|
@Miciah: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci
bot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
openshift-ci
bot
added
the
needs-rebase
|
@Miciah: PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@openshift-bot: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
5 participants
Add an "Upgradeable" status condition for ingresscontrollers and for the ingress clusteroperator. Compute the clusteroperator's status condition from the individual ingresscontrollers'. Compute each ingresscontroller's "Upgradeable" status by checking its load balance service (if the ingresscontroller has one). If someone or something other than the operator has modified the service, mark the ingresscontroller as not upgradeable. This ensures that the administrator cannot modify the service and then upgrade to a version of the operator that reverts the administrator's modification.
pkg/operator/controller/ingress/controller.go(Reconcile): Compute the platform status from the infrastructure config usingGetPlatformStatus. Pass the platform status toensureIngressController.(
ensureIngressController): Add a parameter for the platform status. Pass the platform status instead of the infrastructure config toensureLoadBalancerService. Pass the deployment reference and platform status tosyncIngressControllerStatus.pkg/operator/controller/ingress/load_balancer_service.go(externalLBAnnotations): New variable. Map platform type to the annotation for that platform that makes the load balancer external, if the platform requires an explicit annotation.(
ensureLoadBalancerService): Delete the parameter for the infrastructure config. Add a parameter for the platform status. Delete redundant computation of platform status (since it is now a parameter). Delete computation of the PROXY protocol flag (desiredLoadBalancerServicecan compute it).(
desiredLoadBalancerService): Delete PROXY protocol parameter. Instead, compute the value usingIsProxyProtocolNeeded.(
loadBalancerServiceScopeChanged): New function. Check if the load balancer scope's changed. This function is only added for consistency with the main branch.(
loadBalancerServiceChanged): New function. Check if the given load balancer services differ.(
loadBalancerServiceIsUpgradeable): New function. Check if the given load balancer service differs from the expected service for the given ingresscontroller, deployment, and platform status.pkg/operator/controller/ingress/load_balancer_service_test.go(TestDesiredLoadBalancerService): Refactor to be more table-driven. Change test cases to specify which annotations are expected to be present, and which are expected to be absent, in order to simplify the test logic.(
checkServiceHasAnnotation): Fix logic for whenexpectValueis false.(
TestLoadBalancerServiceChanged): New test.(
TestLoadBalancerServiceChangedScopeNeedsRecreate): New test.(
TestLoadBalancerServiceIsUpgradeable): New test.pkg/operator/controller/ingress/status.go(syncIngressControllerStatus): Add parameters for the deployment reference and platform status. Use these parameters and the newcomputeIngressUpgradeableConditionfunction to compute the ingresscontroller's "Upgradeable" status condition.(
computeIngressUpgradeableCondition): New function. Compute the ingresscontroller's "Upgradeable" status condition.pkg/operator/controller/status/controller.go(Reconcile): Use the newcomputeOperatorUpgradeableConditionfunction to compute the clusteroperator's "Upgradeable" status condition.(
computeOperatorUpgradeableCondition): New function. Compute the clusteroperator's "Upgradeable" status condition from each ingresscontrollers' "Upgradeable" status condition.Related to #507.