NE-1402: Add service endpoint override capability to IBM DNS provider

[marcsello]

This PR adds the ability for custom service endpoints to be configured and used by the IBM DNS provider. If no overrides configured, it falls back to the default endpoints it used before.

The overrides are read from the cluster's Infrastrucutre configuration (Specifically from .status.platformStatus.ibmcloud.serviceEndpoints): https://github.com/openshift/cluster-ingress-operator/blob/dev-add-service-overrides/vendor/github.com/openshift/api/config/v1/types_infrastructure.go#L1218

Since PowerVS uses IBM DNS provider, and uses the same configuration format, this capability is implemented for it as well.

Jira reference: https://issues.redhat.com/browse/NE-1402

[openshift-ci]

Hi @marcsello. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cjschaef]

/retitle NE-1402: Add service endpoint override capability to IBM DNS provider

[openshift-ci-robot]

@marcsello: This pull request references NE-1402 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set.

Details

In response to this:

This PR adds the ability for custom service endpoints to be configured and used by the IBM DNS provider. If no overrides configured, it falls back to the default endpoints it used before.

The overrides are read from the cluster's Infrastrucutre configuration (Specifically from .status.platformStatus.ibmcloud.serviceEndpoints): https://github.com/openshift/cluster-ingress-operator/blob/dev-add-service-overrides/vendor/github.com/openshift/api/config/v1/types_infrastructure.go#L1218

Since PowerVS uses IBM DNS provider, and uses the same configuration format, this capability is implemented for it as well.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[Miciah]

Please copy the description from the PR to the commit message, and add a reference to https://issues.redhat.com/browse/NE-1402 in commit message as well.

I have some other comments inline, mostly trivial suggestions, but we should codify the service endpoint names in openshift/api if they aren't already defined somewhere.

It's unfortunate that we don't have E2E for IBM Cloud or Power VS, but we can at least make sure verify, unit tests, etc. pass and that nothing breaks on other platforms.
/ok-to-test

[Miciah]

I was going to suggest writing a helper using Go generics, but it turns out that generics isn't flexible enough for this case (see golang/go#48522). Given that, I'll just note that the comment here should be updated per my earlier suggestion.

[Miciah]

Oh, and thanks for the PR! It looks good overall, aside from some trivial things as I mentioned.

[cjschaef]

Incorporating the changes to the installer, CCM, and MAPI, in a Disconnected environment (no Internet access), I tested these changes successfully. The Ingress operator successfully deployed and created the two router pods, interacting with IBM Cloud Services, via private endpoints (overrides).

# oc --kubeconfig cluster-deploys/us-east-splat-1097-26/auth/kubeconfig get co ingress; curl -m3 https://iam.cloud.ibm.com
NAME      VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
ingress   4.15.0-0.nightly-2023-11-06-142702   True        False         False      14m     
curl: (28) Failed to connect to iam.cloud.ibm.com port 443 after 2955 ms: Connection timed out

# oc --kubeconfig cluster-deploys/us-east-splat-1097-26/auth/kubeconfig get po -n openshift-ingress
NAME                              READY   STATUS    RESTARTS   AGE
router-default-6f88d989dc-8sq92   1/1     Running   0          32m
router-default-6f88d989dc-tlmb8   1/1     Running   0          32m

# oc --kubeconfig cluster-deploys/us-east-splat-1097-26/auth/kubeconfig get infrastructure/cluster -oyaml | yq .status.platformStatus.ibmcloud.serviceEndpoints
- name: iam
  url: https://private.us-east.iam.cloud.ibm.com
- name: vpc
  url: https://us-east.private.iaas.cloud.ibm.com/v1
- name: resourcecontroller
  url: https://private.resource-controller.cloud.ibm.com
- name: resourcemanager
  url: https://private.resource-controller.cloud.ibm.com
- name: dnsservices
  url: https://api.private.dns-svcs.cloud.ibm.com/v1
- name: cos
  url: https://s3.direct.us-east.cloud-object-storage.appdomain.cloud

I will run some regression tests for Public, Private, and BYON with these changes and report back this week.

Regression tests completed, everything appears fine.

[openshift-ci-robot]

@marcsello: This pull request references NE-1402 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set.

Details

In response to this:

This PR adds the ability for custom service endpoints to be configured and used by the IBM DNS provider. If no overrides configured, it falls back to the default endpoints it used before.

The overrides are read from the cluster's Infrastrucutre configuration (Specifically from .status.platformStatus.ibmcloud.serviceEndpoints): https://github.com/openshift/cluster-ingress-operator/blob/dev-add-service-overrides/vendor/github.com/openshift/api/config/v1/types_infrastructure.go#L1218

Since PowerVS uses IBM DNS provider, and uses the same configuration format, this capability is implemented for it as well.

Jira reference: https://issues.redhat.com/browse/NE-1402

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[marcsello]

Thank you for all comments! I've fixed most of them. One exception is the named constants, I'll wait for what the outcome of @cjschaef's PR openshift/library-go#1612 with that.

Regarding the failing test, I can not see any relation to my changes, I'll try re-running the test to see if it was an intermittent issue.

/retest

[marcsello]

This time different, unrelated tests have failed.

/retest

[cjschaef]

Looks like this revert has caused us to lose the necessary openshift/api change we need (for ServiceEndpoints)
#982

So we no longer have access to the IBMCloudServiceEndpoint
openshift/api@2f259e8

[marcsello]

I have rebased my commit off master, and added a new commit to update the openshift/api dependency to the first version that includes IBMCloudServiceEndpoint.

[marcsello]

There seems to be a temporarily issue with the build.

/retest

[marcsello]

It seems like unrelated tests have failed again.

/retest

[marcsello]

/retest

[marcsello]

/retest

[jeffnowicki]

/retest

[Miciah]

A few additional comments:

• Please put the openshift/api bump commit first and the implementation commit second. The goal is that every commit should build and pass tests (this is helpful to anyone using git bisect in the future, for example).
• Please mention in the bump commit message that the purpose of the bump is to get the IBM Cloud service override API.
• Would you mind adding the go get commands that you used to bump the vendored packages to the commit message for the openshift/api bump? See e501577 for an example. (Sorry for adding this chore; this is a relatively new expectation regarding commit messages that the team has agreed on.)

[marcsello]

Thanks for the feedback @Miciah! I'll try to sort all this out by today.

[Miciah]

Excellent! Thank you very much!
/approve
/lgtm

[Miciah]

The bot must be having a bad case of the Mondays!
/joke
/approve
/lgtm

[openshift-ci]

@Miciah: Where does Napoleon keep his armies? In his sleevies.

Details

In response to this:

The bot must be having a bad case of the Mondays!
/joke
/approve
/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Miciah

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Miciah]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 9e77590 and 2 for PR HEAD 21971b4 in total

[jeffnowicki]

/retest-required

[Miciah]

Other than the vendored packages, all of the changes in this PR are specific to IBM Cloud. Moreover, TestUnmanagedDNSToManagedDNSInternalIngressController is failing on other PRs, so I am confident that the failures are not caused by changes in this PR. Let's override the failing test.
/override ci/prow/e2e-gcp-operator
(In the meantime, there is an ongoing investigation into why TestUnmanagedDNSToManagedDNSInternalIngressController is failing on various PRs.)

[openshift-ci]

@Miciah: Overrode contexts on behalf of Miciah: ci/prow/e2e-gcp-operator

Details

In response to this:

Other than the vendored packages, all of the changes in this PR are specific to IBM Cloud. Moreover, TestUnmanagedDNSToManagedDNSInternalIngressController is failing on other PRs, so I am confident that the failures are not caused by changes in this PR. Let's override the failing test.
/override ci/prow/e2e-gcp-operator
(In the meantime, there is an ongoing investigation into why TestUnmanagedDNSToManagedDNSInternalIngressController is failing on various PRs.)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@marcsello: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-single-node	21971b4	link	false	/test e2e-aws-ovn-single-node
ci/prow/e2e-azure-ovn	21971b4	link	false	/test e2e-azure-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-cluster-ingress-operator-container-v4.15.0-202311280332.p0.g30833ad.assembly.stream for distgit ose-cluster-ingress-operator.
All builds following this will include this PR.

[mjturek]

I just saw this, and it is very useful for us. Thank you!!