Skip to content

Bug 1997226: Fix enabling PROXY protocol on an upgraded cluster #681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 2 commits into from
Dec 17, 2021
Merged

Bug 1997226: Fix enabling PROXY protocol on an upgraded cluster #681

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7741c74
setDefaultPublishingStrategy: Reformat with switch
Nov 30, 2021
4bfff11
setDefaultPublishingStrategy: Fix PROXY protocol
Nov 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 51 additions & 32 deletions pkg/operator/controller/ingress/controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -396,44 +396,63 @@ func setDefaultPublishingStrategy(ic *operatorv1.IngressController, infraConfig
return true
}

// Detect changes to GCP LB provider parameters, which is something we can safely roll out.
statusLB := ic.Status.EndpointPublishingStrategy.LoadBalancer
specLB := effectiveStrategy.LoadBalancer
if specLB != nil && statusLB != nil {
// If the ProviderParameters field does not exist for spec or status,
// just propagate (or remove) ProviderParameters in it's entirety
// (as long as GCP parameters are specified one way or the other).
if specLB.ProviderParameters == nil && statusLB.ProviderParameters != nil && statusLB.ProviderParameters.GCP != nil ||
specLB.ProviderParameters != nil && specLB.ProviderParameters.GCP != nil && statusLB.ProviderParameters == nil {
ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters = specLB.ProviderParameters
// Detect changes to endpoint publishing strategy parameters that the
// operator can safely update.
switch effectiveStrategy.Type {
case operatorv1.LoadBalancerServiceStrategyType:
// Update if GCP LB provider parameters changed.
statusLB := ic.Status.EndpointPublishingStrategy.LoadBalancer
specLB := effectiveStrategy.LoadBalancer
if specLB != nil && statusLB != nil {
changed := false

// Detect changes to LB scope.
if specLB.Scope != statusLB.Scope {
ic.Status.EndpointPublishingStrategy.LoadBalancer.Scope = effectiveStrategy.LoadBalancer.Scope
changed = true
}

// If the ProviderParameters field does not exist for spec or status,
// just propagate (or remove) ProviderParameters in its entirety
// (as long as GCP parameters are specified one way or the other).
if specLB.ProviderParameters == nil && statusLB.ProviderParameters != nil && statusLB.ProviderParameters.GCP != nil ||
Copy link
Contributor

@miheer miheer Dec 1, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Miciah just to understand... Why do we add conditions specific for GCP only ?

Copy link
Contributor Author

@Miciah Miciah Dec 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GCP is the only platform where the provider parameters can be changed without deleting and recreating the service load-balancer. In particular, GCP has the "global client access" option that can be turned on and off. The only other platform with provider parameters is AWS, which has an option to specify whether a Classic ELB or an NLB should be provisioned, and changing that option requires deleting and recreating the service load-balancer.

specLB.ProviderParameters != nil && specLB.ProviderParameters.GCP != nil && statusLB.ProviderParameters == nil {
ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters = specLB.ProviderParameters
changed = true
}

if specLB.ProviderParameters != nil && statusLB.ProviderParameters != nil &&
specLB.ProviderParameters.GCP != statusLB.ProviderParameters.GCP {
ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.GCP = specLB.ProviderParameters.GCP
changed = true
}

return changed
}
case operatorv1.NodePortServiceStrategyType:
// Update if PROXY protocol is turned on or off.
if ic.Status.EndpointPublishingStrategy.NodePort == nil {
ic.Status.EndpointPublishingStrategy.NodePort = &operatorv1.NodePortStrategy{}
}
statusNP := ic.Status.EndpointPublishingStrategy.NodePort
specNP := effectiveStrategy.NodePort
if specNP != nil && specNP.Protocol != statusNP.Protocol {
Copy link
Contributor

@candita candita Dec 17, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to try to set NodePort to nil? Then if specIP == nil, we might want to delete statusNP?

statusNP.Protocol = specNP.Protocol
Copy link
Contributor

@candita candita Dec 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
statusNP.Protocol = specNP.Protocol
ic.Status.EndpointPublishingStrategy.NodePort.Protocol = specNP.Protocol

return true
}

if specLB.ProviderParameters != nil && statusLB.ProviderParameters != nil &&
specLB.ProviderParameters.GCP != statusLB.ProviderParameters.GCP {
ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.GCP = specLB.ProviderParameters.GCP
case operatorv1.HostNetworkStrategyType:
// Update if PROXY protocol is turned on or off.
if ic.Status.EndpointPublishingStrategy.HostNetwork == nil {
ic.Status.EndpointPublishingStrategy.HostNetwork = &operatorv1.HostNetworkStrategy{}
}
statusHN := ic.Status.EndpointPublishingStrategy.HostNetwork
specHN := effectiveStrategy.HostNetwork
if specHN != nil && specHN.Protocol != statusHN.Protocol {
statusHN.Protocol = specHN.Protocol
Copy link
Contributor

@candita candita Dec 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
statusHN.Protocol = specHN.Protocol
ic.Status.EndpointPublishingStrategy.HostNetwork.Protocol = specHN.Protocol

Copy link
Contributor Author

@Miciah Miciah Dec 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ic.Status.EndpointPublishingStrategy.HostNetwork is a pointer, so the following:

statusHN := ic.Status.EndpointPublishingStrategy.HostNetwork
statusHN.Protocol = specHN.Protocol

is equivalent to the following:

ic.Status.EndpointPublishingStrategy.HostNetwork.Protocol = specHN.Protocol

I'll rustle up some unit tests.

Copy link
Contributor

@candita candita Dec 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to see the same style throughout this switch then.

return true
}
}

// Update if PROXY protocol is turned on or off.
statusNP := ic.Status.EndpointPublishingStrategy.NodePort
specNP := effectiveStrategy.NodePort
if specNP != nil && statusNP != nil && specNP.Protocol != statusNP.Protocol {
statusNP.Protocol = specNP.Protocol
return true
}
statusHN := ic.Status.EndpointPublishingStrategy.HostNetwork
specHN := effectiveStrategy.HostNetwork
if specHN != nil && statusHN != nil && specHN.Protocol != statusHN.Protocol {
statusHN.Protocol = specHN.Protocol
return true
}

// Detect changes to LB scope.
if specLB != nil && statusLB != nil && specLB.Scope != statusLB.Scope {
ic.Status.EndpointPublishingStrategy.LoadBalancer.Scope = effectiveStrategy.LoadBalancer.Scope
}
return false
}

Expand Down