Bug 1997226: Fix enabling PROXY protocol on an upgraded cluster #681
Conversation
|
@Miciah: An error was encountered querying GitHub for users with public email ([email protected]) for bug 1997226 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
non-200 OK status code: 403 Forbidden body: "{\n \"documentation_url\": \"https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#secondary-rate-limits\",\n \"message\": \"You have exceeded a secondary rate limit. Please wait a few minutes before you try again.\"\n}\n"
Please contact an administrator to resolve this issue, then request a bug refresh with DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
approved
| // If the ProviderParameters field does not exist for spec or status, | ||
| // just propagate (or remove) ProviderParameters in its entirety | ||
| // (as long as GCP parameters are specified one way or the other). | ||
| if specLB.ProviderParameters == nil && statusLB.ProviderParameters != nil && statusLB.ProviderParameters.GCP != nil || |
There was a problem hiding this comment.
@Miciah just to understand... Why do we add conditions specific for GCP only ?
There was a problem hiding this comment.
GCP is the only platform where the provider parameters can be changed without deleting and recreating the service load-balancer. In particular, GCP has the "global client access" option that can be turned on and off. The only other platform with provider parameters is AWS, which has an option to specify whether a Classic ELB or an NLB should be provisioned, and changing that option requires deleting and recreating the service load-balancer.
openshift-ci
bot
added
the
needs-rebase
Refactor the update logic in setDefaultPublishingStrategy. Also, fix setDefaultPublishingStrategy to return true if the scope changed. (Nothing uses this return value, so this change is only for correctness.) * pkg/operator/controller/ingress/controller.go (setDefaultPublishingStrategy): Use a switch statement for the update logic so that the logic only looks at parameters related to the selected endpoint publishing strategy type.
Fix the update logic in setDefaultPublishingStrategy so that updates are properly handled when status.endpointPublishingStrategy.hostNetwork or status.endpointPublishingStrategy.nodePort is null. Before OpenShift 4.8, the IngressController API did not have any fields under the status.endpointPublishingStrategy.hostNetwork and status.endpointPublishingStrategy.nodePort fields. As result, these fields could be null even if the spec.endpointPublishingStrategy.type field was set to "HostNetwork" or "NodePortService". OpenShift 4.8 added status.endpointPublishingStrategy.hostNetwork.protocol and status.endpointPublishingStrategy.nodePort.protocol fields, and the operator now sets default values for these fields when the operator admits or re-admits an ingresscontroller that specifies the "HostNetwork" or "NodePortService" strategy type, respectively. However, a cluster that was upgraded from a version of OpenShift before 4.8 could have an already admitted ingresscontroller with null values for status.endpointPublishingStrategy.hostNetwork and status.endpointPublishingStrategy.nodePort even when ingresscontroller specifies the "HostNetwork" or "NodePortService" strategy type. In this case, the operator ignored updates to the spec.endpointPublishingStrategy.hostNetwork.protocol or spec.endpointPublishingStrategy.nodePort.protocol fields. This commit fixes the update logic so that it correctly updates the status.endpointPublishingStrategy.hostNetwork.protocol or status.endpointPublishingStrategy.nodePort.protocol field when status.endpointPublishingStrategy.hostNetwork or status.endpointPublishingStrategy.nodePort is null, the spec.endpointPublishingStrategy.hostNetwork.protocol or spec.endpointPublishingStrategy.nodePort.protocol field is set, and the strategy type is "HostNetwork" or "NodePortService", respectively. This commit fixes bug 1997226. https://bugzilla.redhat.com/show_bug.cgi?id=1997226 * pkg/operator/controller/ingress/controller.go (setDefaultPublishingStrategy): Fix logic to properly handle null values for status.endpointPublishingStrategy.hostNetwork or status.endpointPublishingStrategy.nodePort.
Miciah
force-pushed
the
BZ1997226-setDefaultPublishingStrategy-fix-PROXY-protocol
branch
from
ded5193 to
4bfff11
Compare
openshift-ci
bot
removed
the
needs-rebase
|
Rebased to resolve the conflict from #582, and also fixed a tiny, non-consequential issue related to the return value of |
openshift-ci
bot
added
the
bugzilla/severity-high
|
@Miciah: This pull request references Bugzilla bug 1997226, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
bugzilla/valid-bug
|
Must-gather failed (couldn't connect to the API). |
|
@Miciah we don't need unit tests for this ? Or may we can do it in a followup PR ? |
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah, miheer The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| } | ||
| statusNP := ic.Status.EndpointPublishingStrategy.NodePort | ||
| specNP := effectiveStrategy.NodePort | ||
| if specNP != nil && specNP.Protocol != statusNP.Protocol { |
There was a problem hiding this comment.
Is it possible to try to set NodePort to nil? Then if specIP == nil, we might want to delete statusNP?
| statusNP := ic.Status.EndpointPublishingStrategy.NodePort | ||
| specNP := effectiveStrategy.NodePort | ||
| if specNP != nil && specNP.Protocol != statusNP.Protocol { | ||
| statusNP.Protocol = specNP.Protocol |
There was a problem hiding this comment.
| statusNP.Protocol = specNP.Protocol | |
| ic.Status.EndpointPublishingStrategy.NodePort.Protocol = specNP.Protocol |
| statusHN := ic.Status.EndpointPublishingStrategy.HostNetwork | ||
| specHN := effectiveStrategy.HostNetwork | ||
| if specHN != nil && specHN.Protocol != statusHN.Protocol { | ||
| statusHN.Protocol = specHN.Protocol |
There was a problem hiding this comment.
| statusHN.Protocol = specHN.Protocol | |
| ic.Status.EndpointPublishingStrategy.HostNetwork.Protocol = specHN.Protocol |
There was a problem hiding this comment.
ic.Status.EndpointPublishingStrategy.HostNetwork is a pointer, so the following:
statusHN := ic.Status.EndpointPublishingStrategy.HostNetwork
statusHN.Protocol = specHN.Protocolis equivalent to the following:
ic.Status.EndpointPublishingStrategy.HostNetwork.Protocol = specHN.ProtocolI'll rustle up some unit tests.
There was a problem hiding this comment.
It would be nice to see the same style throughout this switch then.
|
@Miciah I made some comments. Can you add a unit test for this? |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@Miciah: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@Miciah: All pull requests linked via external trackers have merged: Bugzilla bug 1997226 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick release-4.9 |
|
@Miciah: #681 failed to apply on top of branch "release-4.9": DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
6 participants
setDefaultPublishingStrategy: Reformat withswitchRefactor the update logic in
setDefaultPublishingStrategy. Also, fixsetDefaultPublishingStrategyto return true if the scope changed. (Nothing uses this return value, so this change is only for correctness.)pkg/operator/controller/ingress/controller.go(setDefaultPublishingStrategy): Use a switch statement for the update logic so that the logic only looks at parameters related to the selected endpoint publishing strategy type.setDefaultPublishingStrategy: Fix PROXY protocolFix the update logic in
setDefaultPublishingStrategyso that updates are properly handled whenstatus.endpointPublishingStrategy.hostNetworkorstatus.endpointPublishingStrategy.nodePortis null.Before OpenShift 4.8, the IngressController API did not have any fields under the
status.endpointPublishingStrategy.hostNetworkandstatus.endpointPublishingStrategy.nodePortfields. As result, these fields could be null even if thespec.endpointPublishingStrategy.typefield was set to "HostNetwork" or "NodePortService".OpenShift 4.8 added
status.endpointPublishingStrategy.hostNetwork.protocolandstatus.endpointPublishingStrategy.nodePort.protocolfields, and the operator now sets default values for these fields when the operator admits or re-admits an ingresscontroller that specifies the "HostNetwork" or "NodePortService" strategy type, respectively.However, a cluster that was upgraded from a version of OpenShift before 4.8 could have an already admitted ingresscontroller with null values for
status.endpointPublishingStrategy.hostNetworkandstatus.endpointPublishingStrategy.nodePorteven when ingresscontroller specifies the "HostNetwork" or "NodePortService" strategy type.In this case, the operator ignored updates to the
spec.endpointPublishingStrategy.hostNetwork.protocolorspec.endpointPublishingStrategy.nodePort.protocolfields.This PR fixes the update logic so that it correctly updates the
status.endpointPublishingStrategy.hostNetwork.protocolorstatus.endpointPublishingStrategy.nodePort.protocolfield whenstatus.endpointPublishingStrategy.hostNetworkorstatus.endpointPublishingStrategy.nodePortis null, thespec.endpointPublishingStrategy.hostNetwork.protocolorspec.endpointPublishingStrategy.nodePort.protocolfield is set, and the strategy type is "HostNetwork" or "NodePortService", respectively.pkg/operator/controller/ingress/controller.go(setDefaultPublishingStrategy): Fix logic to properly handle null values forstatus.endpointPublishingStrategy.hostNetworkorstatus.endpointPublishingStrategy.nodePort.@miheer, does this look like it will resolve the issue?