NE-621: Support changing ingresscontroller load balancer scope #582
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
Miciah
force-pushed
the
mutable-publishing-scope-2
branch
2 times, most recently
from
ad1d844 to
5d08c79
Compare
|
/test e2e-azure-operator |
Miciah
force-pushed
the
mutable-publishing-scope-2
branch
from
5d08c79 to
1db1da3
Compare
|
/test e2e-azure-operator |
| } | ||
|
|
||
| // IsServiceInternal returns a Boolean indicating whether the provided service | ||
| // Is annotated to request an internal load balancer. |
There was a problem hiding this comment.
nit
| // Is annotated to request an internal load balancer. | |
| // is annotated to request an internal load balancer. |
|
|
||
| platform, err := oputil.GetPlatformStatus(r.client, infraConfig) | ||
| if err != nil { | ||
| return fmt.Errorf("failed to determine infrastructure platform status for ingresscontroller %s/%s: %w", ic.Namespace, ic.Name, err) |
There was a problem hiding this comment.
is %w preferable for err over %v?
There was a problem hiding this comment.
Yeah, IMO we should use %w in new code, and eventually update old code to use %w as well, so that we can unwrap errors and more easily check the type of an error (see https://blog.golang.org/go1.13-errors). Eventually, consistent use of %w will enable us to simplify some error-handling code (e.g., the retryable-error logic).
| message := fmt.Sprintf("Have load balancer with scope %q, want load balancer with scope %q.", haveScope, wantScope) | ||
| switch platform.Type { | ||
| case configv1.AWSPlatformType, configv1.IBMCloudPlatformType: | ||
| message = fmt.Sprintf("%s You can delete the %s/%s service to proceed, and the service load-balancer will be deprovisioned and recreated.", message, service.Namespace, service.Name) |
There was a problem hiding this comment.
I think as is, this message could be confusing to a cluster administrator:
-
I think
recreatedin this context sort of implies that the new load-balancer will have the same hostname and IP as the last load-balancer. Should we explicitly state that when deleting the load-balancer service, a new load-balancer will be stood up that will most likely have a new hostname and IP? -
Should we make it clear to the cluster administrator that they are free to "undo" their scope change without any reprocussions? I think some more details in general could be useful here as to not confuse a cluster administrator.
There was a problem hiding this comment.
I've updated the message to convey these points. Does it look all right? (I hope it isn't too verbose.)
Miciah
force-pushed
the
mutable-publishing-scope-2
branch
from
1db1da3 to
1a45ce8
Compare
openshift-ci-robot
added
the
needs-rebase
|
Rebased. |
Miciah
force-pushed
the
mutable-publishing-scope-2
branch
from
1a45ce8 to
7daeb6f
Compare
openshift-ci-robot
removed
the
needs-rebase
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
lifecycle/stale
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci
bot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@Miciah: Reopened this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: frobware, Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
7 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
#687 merged. |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
Must-gather failed. |
|
|
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
Unschedulable worker node. |
|
@Miciah: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
6 participants
Add support for changing ingresscontroller load balancer scope. On AWS and IBM cloud, this requires deleting the existing load balancer service and recreating it with the desired scope; if the administrator changes the scope on the ingresscontroller, the operator will report
Progressing=Trueuntil the administrator either reverts the change or deletes the service. If the administrator deletes the service, then the operator will recreate the service with the desired scope. On Azure and GCP, it suffices to update the existing service's annotations.This commit is based on #472, which was reverted by commit #514. Unlike the original implementation of this feature, the operator does not delete the service but instead leaves it up to the administrator to do so as needed.
pkg/operator/controller/ingress/controller.go(setDefaultPublishingStrategy): Update scope if needed.(
ensureIngressController): PassinfraConfigtosyncIngressControllerStatus.pkg/operator/controller/ingress/load_balancer_service.go(externalLBAnnotations): New variable. Map platform type to the annotation for that platform that makes the load balancer external, if the platform requires an explicit annotation.(
desiredLoadBalancerService): Use newexternalLBAnnotationsvariable to simplify logic.(
updateLoadBalancerService): PassplatformtoloadBalancerServiceScopeChanged.(
loadBalancerServiceChanged): Addplatformparameter. Check if the scope changed and if the platform supports changing scope without recreating the service, and update the appropriate annotations if so.(
loadBalancerServiceScopeChanged): New function. Check if the load balancer's scope changed.(
IsServiceInternal): New function. Return a Boolean value indicating whether the provided service is annotated to request an internal load-balancerpkg/operator/controller/ingress/load_balancer_service_test.go(TestLoadBalancerServiceChanged): Update to pass platform status toloadBalancerServiceChanged.pkg/operator/controller/ingress/status.go(syncIngressControllerStatus): AddinfraConfigparameter. UseinfraConfigto get the platform type. Call the newcomputeIngressProgressingConditionfunction with the ingresscontroller, service, and platform to compute a "Progressing" status condition for the ingresscontroller.(
computeIngressProgressingCondition): New function. Compute a "Progressing" status condition. In particular, this status condition will indicate if it is necessary to delete the service so that it can be recreated with the updated scope.pkg/operator/controller/ingress/status_test.go(TestComputeIngressProgressCondition): New test. Verify thatcomputeIngressProgressingConditionreturns the expected status condition.pkg/operator/controller/status/controller.go(Reconcile): Pass ingresscontrollers tocomputeOperatorProgressingCondition.(
computeOperatorProgressingCondition): ReportProgressing=Trueon the clusteroperator if any ingresscontroller reportsProgressing=True.pkg/operator/controller/status/controller_test.go(TestComputeOperatorProgressingCondition): Add test case where an ingresscontroller is progressing.test/e2e/operator_test.go(TestScopeChange): New test. Verify that the operator performs the appropriate behavior for the platform on which the test is running when an ingresscontroller's scope is changed from the default external scope to internal and then back to external.