NE-975: Use ingress config to set default LB type on AWS#837
Merged
openshift-merge-robot merged 1 commit intoopenshift:masterfrom Oct 15, 2022
Merged
NE-975: Use ingress config to set default LB type on AWS#837openshift-merge-robot merged 1 commit intoopenshift:masterfrom
openshift-merge-robot merged 1 commit intoopenshift:masterfrom
Conversation
Contributor
Author
|
/assign @Miciah |
gcs278
force-pushed
the
NE-942
branch
2 times, most recently
from
cbcc588 to
f158d2e
Compare
Contributor
|
/retitle NE-975: Use ingress config to set default LB type on AWS |
openshift-ci
bot
changed the title
Contributor
|
/approved |
Contributor
|
/retest |
|
/label px-approved |
openshift-ci
bot
added
the
px-approved
Contributor
|
/lgtm |
Contributor
Author
|
All failures are cluster installation failures |
Contributor
|
/assign @gcs278 |
|
/label docs-approved |
openshift-ci
bot
added
the
docs-approved
miheer
force-pushed
the
NE-942
branch
2 times, most recently
from
b45db80 to
b21bd96
Compare
Miciah
reviewed
Oct 12, 2022
Comment on lines
506
to
509
| var lbType operatorv1.LoadBalancerProviderType | ||
| if specLB.ProviderParameters != nil { | ||
| lbType = specLB.ProviderParameters.Type | ||
| } | ||
| switch lbType { | ||
| switch specLB.ProviderParameters.Type { |
Contributor
There was a problem hiding this comment.
Now that setDefaultProviderParameters can leave specLB.ProviderParameters with nil, we should revert the change that I am highlighting.
Comment on lines
290
to
388
| Scope: scope, | ||
| Scope: scope, | ||
| ProviderParameters: &operatorv1.ProviderLoadBalancerParameters{}, | ||
| } | ||
| if policy != nil { | ||
| lbs.DNSManagementPolicy = *policy | ||
| } | ||
| return lbs | ||
| } | ||
| lbsWithNoProviderParameters = func(scope operatorv1.LoadBalancerScope, policy *operatorv1.LoadBalancerDNSManagementPolicy) *operatorv1.LoadBalancerStrategy { | ||
| lbs_no_provider_params := &operatorv1.LoadBalancerStrategy{ | ||
| Scope: scope, | ||
| ProviderParameters: nil, | ||
| } | ||
| if policy != nil { | ||
| lbs_no_provider_params.DNSManagementPolicy = *policy | ||
| } | ||
| return lbs_no_provider_params | ||
| } |
Contributor
There was a problem hiding this comment.
Instead of adding lbsWithNoProviderParameters, we can revert the change to lbs.
Contributor
|
This PR needs to pull in openshift/api@24ee13c. I also have a suggested fixup to avoid defaulting |
Contributor
|
/lgtm |
Contributor
|
/approve |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: miheer The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Contributor
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
Contributor
|
/retest |
Contributor
|
Here's an E2E test we could use (lightly tested). Detailsdiff --git a/test/e2e/all_test.go b/test/e2e/all_test.go
index 7c0d5e6d..db162cdf 100644
--- a/test/e2e/all_test.go
+++ b/test/e2e/all_test.go
@@ -83,6 +83,7 @@ func TestAll(t *testing.T) {
t.Run("TestDefaultIngressCertificate", TestDefaultIngressCertificate)
t.Run("TestDefaultIngressClass", TestDefaultIngressClass)
t.Run("TestOperatorRecreatesItsClusterOperator", TestOperatorRecreatesItsClusterOperator)
+ t.Run("TestAWSLBTypeDefaulting", TestAWSLBTypeDefaulting)
t.Run("TestHstsPolicyWorks", TestHstsPolicyWorks)
t.Run("TestIngressControllerCustomEndpoints", TestIngressControllerCustomEndpoints)
t.Run("TestIngressStatus", TestIngressStatus)
diff --git a/test/e2e/operator_test.go b/test/e2e/operator_test.go
index 4b926f38..9cc6010b 100644
--- a/test/e2e/operator_test.go
+++ b/test/e2e/operator_test.go
@@ -1186,6 +1186,103 @@ func TestAWSLBTypeChange(t *testing.T) {
}
}
+// TestAWSLBTypeDefaulting verifies that the ingress operator correctly sets a
+// default load balancer type on AWS when the cluster ingress config specifies
+// one.
+//
+// This test is a serial test because it modifies the cluster ingress config and
+// therefore cannot run in parallel with other tests.
+func TestAWSLBTypeDefaulting(t *testing.T) {
+ if infraConfig.Status.Platform != configv1.AWSPlatformType {
+ t.Skipf("test skipped on platform %q", infraConfig.Status.Platform)
+ }
+
+ clbName := types.NamespacedName{Namespace: operatorNamespace, Name: "aws-lb-type-defaulting-to-clb"}
+ clbIC := newLoadBalancerController(clbName, clbName.Name+"."+dnsConfig.Spec.BaseDomain)
+ t.Logf("creating ingresscontroller %s with default LB type, which is Classic", clbName)
+ if err := kclient.Create(context.TODO(), clbIC); err != nil {
+ t.Fatalf("failed to create ingresscontroller %s: %v", clbName, err)
+ }
+ defer assertIngressControllerDeleted(t, kclient, clbIC)
+
+ if err := waitForIngressControllerCondition(t, kclient, 5*time.Minute, clbName, availableConditionsForIngressControllerWithLoadBalancer...); err != nil {
+ t.Fatalf("failed to observe expected conditions: %v", err)
+ }
+
+ t.Logf("verifying that ingresscontroller %s's LoadBalancer service doesn't specify NLB", clbName)
+ assertServiceAnnotation(t, controller.LoadBalancerServiceName(clbIC), ingresscontroller.AWSLBTypeAnnotation, "", false)
+
+ t.Log("changing the default LB type to NLB")
+ if err := updateIngressConfigSpecWithRetryOnConflict(t, clusterConfigName, timeout, func(spec *configv1.IngressSpec) {
+ spec.LoadBalancer.Platform.Type = configv1.AWSPlatformType
+ spec.LoadBalancer.Platform.AWS = &configv1.AWSIngressSpec{
+ Type: configv1.NLB,
+ }
+ }); err != nil {
+ t.Fatalf("failed to update ingress config: %v", err)
+ }
+ defer func() {
+ t.Log("resetting the default LB type to Classic")
+ if err := updateIngressConfigSpecWithRetryOnConflict(t, clusterConfigName, timeout, func(spec *configv1.IngressSpec) {
+ spec.LoadBalancer.Platform.AWS.Type = configv1.Classic
+ }); err != nil {
+ t.Errorf("failed to restore ingress config: %v", err)
+ }
+ }()
+
+ t.Logf("updating ingresscontroller %s to trigger re-admission", clbName)
+ if err := kclient.Get(context.TODO(), clbName, clbIC); err != nil {
+ t.Fatalf("failed to get ingresscontroller: %v", err)
+ }
+ clbIC.Spec.UnsupportedConfigOverrides = runtime.RawExtension{
+ Raw: []byte(`{"foo":"bar"}`),
+ }
+ // This unsupported config override does not cause any changes to the
+ // operands but does force the reconciler to re-admit the
+ // ingresscontroller. The purpose of this update is to verify that
+ // re-admission does not cause the operator to update the existing
+ // ingresscontroller with the new default LB type.
+ if err := kclient.Update(context.TODO(), clbIC); err != nil {
+ t.Fatalf("failed to update ingresscontroller %s: %v", clbName, err)
+ }
+
+ nlbName := types.NamespacedName{Namespace: operatorNamespace, Name: "aws-lb-type-defaulting-to-nlb"}
+ nlbIC := newLoadBalancerController(nlbName, nlbName.Name+"."+dnsConfig.Spec.BaseDomain)
+ t.Logf("creating ingresscontroller %s with default LB type, which is now NLB", nlbName)
+ if err := kclient.Create(context.TODO(), nlbIC); err != nil {
+ t.Fatalf("failed to create ingresscontroller %s: %v", nlbName, err)
+ }
+ defer assertIngressControllerDeleted(t, kclient, nlbIC)
+
+ if err := waitForIngressControllerCondition(t, kclient, 5*time.Minute, nlbName, availableConditionsForIngressControllerWithLoadBalancer...); err != nil {
+ t.Fatalf("failed to observe expected conditions: %v", err)
+ }
+
+ t.Logf("verifying that ingresscontroller %s's LoadBalancer service specifies NLB", nlbName)
+ assertServiceAnnotation(t, controller.LoadBalancerServiceName(nlbIC), ingresscontroller.AWSLBTypeAnnotation, ingresscontroller.AWSNLBAnnotation, true)
+
+ t.Logf("verifying that ingresscontroller %s's LoadBalancer service still doesn't specify NLB", clbName)
+ // This is step is to verify that updating the cluster ingress config
+ // doesn't impact ingresscontrollers that have previously taken the
+ // default setting.
+ assertServiceAnnotation(t, controller.LoadBalancerServiceName(clbIC), ingresscontroller.AWSLBTypeAnnotation, "", false)
+
+ t.Log("resetting the default LB type to Classic")
+ if err := updateIngressConfigSpecWithRetryOnConflict(t, clusterConfigName, timeout, func(spec *configv1.IngressSpec) {
+ spec.LoadBalancer.Platform.Type = configv1.AWSPlatformType
+ spec.LoadBalancer.Platform.AWS = &configv1.AWSIngressSpec{
+ Type: configv1.NLB,
+ }
+ }); err != nil {
+ t.Fatalf("failed to update ingress config: %v", err)
+ }
+
+ t.Logf("verifying that ingresscontroller %s's LoadBalancer service still specifies NLB", nlbName)
+ assertServiceAnnotation(t, controller.LoadBalancerServiceName(clbIC), ingresscontroller.AWSLBTypeAnnotation, "", false)
+ t.Logf("verifying that ingresscontroller %s's LoadBalancer service still doesn't specify NLB", clbName)
+ assertServiceAnnotation(t, controller.LoadBalancerServiceName(nlbIC), ingresscontroller.AWSLBTypeAnnotation, ingresscontroller.AWSNLBAnnotation, true)
+}
+
// TestScopeChange creates an ingresscontroller with the "LoadBalancerService"
// endpoint publishing strategy type and verifies that the operator behaves
// correctly when the ingresscontroller's scope is mutated. The correct
@@ -3490,6 +3587,27 @@ func deleteIngressController(t *testing.T, cl client.Client, ic *operatorv1.Ingr
return nil
}
+// assertServiceAnnotation asserts that the given service has the specified
+// annotation set (or not) as specified by the expectedValue and expected
+// arguments.
+func assertServiceAnnotation(t *testing.T, serviceName types.NamespacedName, annotationKey, expectedValue string, expected bool) {
+ t.Helper()
+
+ service := &corev1.Service{}
+ if err := kclient.Get(context.TODO(), serviceName, service); err != nil {
+ t.Fatalf("expected service %s to be present: %v", serviceName, err)
+ }
+ actualValue, ok := service.Annotations[annotationKey]
+ switch {
+ case !expected && ok:
+ t.Errorf("service %s has unexpected %s=%s annotation", serviceName, annotationKey, actualValue)
+ case expected && !ok:
+ t.Errorf("service %s is missing expected %s=%s annotation: %v", serviceName, annotationKey, expectedValue, service.Annotations)
+ case expected && expectedValue != actualValue:
+ t.Errorf("expected service %[1]s to have annotation %[2]s=%[3]s, found %[2]s=%[4]s", serviceName, annotationKey, expectedValue, actualValue)
+ }
+}
+
// assertServiceNotDeleted asserts that a provide service wasn't deleted.
func assertServiceNotDeleted(t *testing.T, serviceName types.NamespacedName, oldUid types.UID) {
t.Helper() |
gcs278
commented
Oct 14, 2022
The cluster ingress config object can now specify the AWS ELB type that was specified when installing the cluster. The ingress operator will refer to this object whenever someone deletes the default ingresscontroller and the operator has to recreate it. Before this commit, the operator would always set the default ELB type (Classic ELB) when creating the default ingresscontroller. This commit implements NE-975. https://issues.redhat.com/browse/NE-975 * pkg/operator/ingress/controller.go (Reconcile): Pass the result of isAdmitted to admit. (admit): Add an "alreadyAdmitted" parameter to indicate whether the ingresscontroller has previously been admitted and is being re-admitted. Pass alreadyAdmitted and ingressConfig to setDefaultPublishingStrategy. (setDefaultPublishingStrategy): Add parameters for the cluster ingress config and the ingresscontroller's admitted status. Refactor some defaulting logic into the new setDefaultProviderParameters function. (setDefaultProviderParameters): New function. Initialize the given EndpointPublishingStrategy's ProviderParameters field and subfields as appropriate, using the cluster ingress config to set a default LB type on AWS if the ingresscontroller is being admitted for the first time. * pkg/operator/controller/ingress/controller_test.go (TestSetDefaultPublishingStrategySetsPlatformDefaults): Add test cases to verify the default LB type that is specified in the cluster ingress config is used for AWS. (TestSetDefaultPublishingStrategyHandlesUpdates): Add test cases to verify that changing the default LB type in the cluster ingress config does not change the LB type on an already admitted ingresscontroller. * pkg/operator/operator.go (Start): Get the cluster ingress config and pass it to ensureDefaultIngressController. (determineReplicasForDefaultIngressController): Delete function. This is no longer needed after some refactoring in ensureDefaultIngressController. (ensureDefaultIngressController): Add a parameter for the cluster ingress config. Use it to determine desired replicas and to determine the default ELB type on AWS. * test/e2e/operator_test.go (TestAWSLBTypeDefaulting): New test for LB type defaulting. * test/e2e/all_test.go (TestAll): Add new E2E test. Modified-by: Grant Spence <[email protected]> Modified-by: Miciah Dashiel Butler Masters <[email protected]>
Contributor
Author
|
/lgtm |
Contributor
|
@gcs278: you cannot LGTM your own PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Contributor
|
/lgtm |
Contributor
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
Contributor
Contributor
Contributor
Contributor
Contributor
|
/test e2e-azure-operator |
Contributor
|
@gcs278: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This was referenced Oct 15, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note: Cloned from #798 so that I could modify.
The cluster ingress config object can now specify the AWS ELB type that was specified when installing the cluster. The ingress operator will refer to this object whenever someone deletes the default ingresscontroller and the
operator has to recreate it. Before this commit, the operator would always set the default ELB type
(Classic ELB) when creating the default ingresscontroller. Fixes https://issues.redhat.com/browse/NE-975
pkg/operator/operator.go: Check if infrastructure object was set with the LB type "NLB" and create the ingresscontroller accordingly.pkg/operator/ingress/controller.go: setDefaultPublishingStrategy refactoring. Introduce a new setDefaultPublishingStrategy function to simplify setDefaultPublishingStrategy, correct the defaulting behavior when status.endpointPublishingStrategy is nil.pkg/operator/controller/ingress/controller_test.go: Add some test cases to TestSetDefaultPublishingStrategySetsPlatformDefaults andchanges to TestSetDefaultPublishingStrategyHandlesUpdates.