Update for openshift/api changes to ImageContentSourcePolicy #984
Conversation
openshift-ci-robot
added
do-not-merge/work-in-progress
|
Also needed for #795 |
Adds pods to master and worker nodes as appropriate Updates haproxy container to use openshift/router-haproxy image instead of docker.io/library/haproxy Also adds liveness tests for the coredns,mdns-publisher, haproxy and keepalived static pods, changes worker node /etc/resolv.conf to point to node's IP instead of 127.0.0.1 and fix the bug generating haproxy cfg file Depends-On: openshift#943 Depends-On: openshift#984
mtrmac
force-pushed
the
icsp-explicit-source
branch
from
fa69609 to
1894758
Compare
mtrmac
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
mtrmac
force-pushed
the
icsp-explicit-source
branch
from
1894758 to
454c1e1
Compare
|
/retest |
There was a problem hiding this comment.
Is it harmful to leave source in the list? Would it be possible to prevent source from being added to the list rather than removing it later?
There was a problem hiding this comment.
Right now not removing source from sortedRepos would result in an unnecessary extra attempt to contact that registry (if the image were not available); it’s not catastrophic but it is unnecessary. Plus, removing source from the list results in registries.conf more similar to how a human would write it, especially for the trivial case of a single RepositoryDigestMirrors.
Yes, not adding the source to the list instead of removing it here would be problematic: Consider
[]RepositoryDigestMirrors{
{Source: "S", Mirrors: {"A"}} // Expected order of attempts: AS
{Source: "S", Mirrors: {"BSC"}} // Expected order of attempts: BSC(S) , the second S being redundant/pointless/not applicable
}We need to add the AS edge to topoGraph so that the merged order in sortedRepos is one of ABSC/BASC; without it, it could end up e.g. BSCA (or maybe BSCA(S)), unnecessarily inconsistent with the input entries.
(Sure, this is all corner cases. Everything about including Source as a member of Mirrors is a corner case. Originally I had an assert “Source is last” in here, then I considered the “Source is included in Mirrors” counterexample, and it turned out simpler/clearer/more general to just implement that fully than to detect the case and fail.)
There was a problem hiding this comment.
OK I understand. Thank you for elaborating.
There was a problem hiding this comment.
This comment is identical to the previous test comment. Are these 2 tests testing the same thing? Trying to follow along.
There was a problem hiding this comment.
They test two different things:
Sourceis included inMirrors- Two
RepositoryDigestMirrorsitems contain items inMirrorsin conflicting order.
ICSP does not document how such cases are resolved, it’s not part of the API guarantee.
OTOH, MCC does have an interest of keeping the output stable over time, so that the controller does not issue unnecessary updates to the configuration. So, the implementation sorts the items to behave consistently over time, and these tests hard-code that implementation detail.
The warnings are added to decrease the chance that someone will read the code and the tests, and conclude that the current order is an API promise. Sure, it’s pretty unlikely that anyone will read that, if you think the warnings are too confusing to be worth that, I’d be happy to remove them.
There was a problem hiding this comment.
I think the warnings are a good idea, since like you said there is room for confusion. Just wanted to make sure that the warning did need to be present in two places.
mtrmac
force-pushed
the
icsp-explicit-source
branch
from
454c1e1 to
3272230
Compare
|
/approve |
openshift-ci-robot
added
lgtm
|
/test e2e-aws |
|
/retest |
|
needs rebase |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@mtrmac could you try updating just the api dep? |
mtrmac
force-pushed
the
icsp-explicit-source
branch
from
4d034b3 to
15a34cf
Compare
openshift-ci-robot
added
size/XL
|
Sure, limited the vendor update. |
ImageContentSourcePolicy now explicitly distinguishes between sources (pull specs) and mirrors; update the vendored API and the relevant code. Signed-off-by: Miloslav Trmač <[email protected]>
|
/retest |
|
we're unfortunately still hitting resource limits on AWS :( |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: LorbusChris, mtrmac, runcom The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Adds pods to master and worker nodes as appropriate Updates haproxy container to use openshift/router-haproxy image instead of docker.io/library/haproxy Also adds liveness tests for the coredns,mdns-publisher, haproxy and keepalived static pods, changes worker node /etc/resolv.conf to point to node's IP instead of 127.0.0.1 and fix the bug generating haproxy cfg file Depends-On: openshift#943 Depends-On: openshift#984
Adds pods to master and worker nodes as appropriate Updates haproxy container to use openshift/router-haproxy image instead of docker.io/library/haproxy Also adds liveness tests for the coredns,mdns-publisher, haproxy and keepalived static pods, changes worker node /etc/resolv.conf to point to node's IP instead of 127.0.0.1 and fix the bug generating haproxy cfg file Depends-On: openshift#943 Depends-On: openshift#984 Conflicts: templates/common/baremetal/files/baremetal-coredns-corefile.yaml templates/common/baremetal/files/baremetal-coredns.yaml templates/common/baremetal/files/baremetal-mdns-publisher.yaml templates/master/00-master/baremetal/files/baremetal-haproxy-haproxy.yaml templates/master/00-master/baremetal/files/baremetal-haproxy.yaml templates/master/00-master/baremetal/files/baremetal-keepalived-keepalived.yaml templates/master/00-master/baremetal/files/baremetal-mdns-config.yaml templates/master/00-master/baremetal/files/dhcp-dhclient-conf.yaml templates/worker/00-worker/baremetal/files/baremetal-mdns-config.yaml templates/worker/00-worker/baremetal/files/dhcp-dhclient-conf.yaml
Adds pods to master and worker nodes as appropriate Updates haproxy container to use openshift/router-haproxy image instead of docker.io/library/haproxy Also adds liveness tests for the coredns,mdns-publisher, haproxy and keepalived static pods, changes worker node /etc/resolv.conf to point to node's IP instead of 127.0.0.1 and fix the bug generating haproxy cfg file Due to the fact that both use the same image, there was a bit of confusion here. We want keepalived to track OCP Router 1936 and we want API LB Haproxy pod to have health checked at 50936, which is where we configure haproxy to expose health at. Depends-On: openshift#943 Depends-On: openshift#984
Adds pods to master and worker nodes as appropriate Updates haproxy container to use openshift/router-haproxy image instead of docker.io/library/haproxy Also adds liveness tests for the coredns,mdns-publisher, haproxy and keepalived static pods, changes worker node /etc/resolv.conf to point to node's IP instead of 127.0.0.1 and fix the bug generating haproxy cfg file Due to the fact that both use the same image, there was a bit of confusion here. We want keepalived to track OCP Router 1936 and we want API LB Haproxy pod to have health checked at 50936, which is where we configure haproxy to expose health at. Depends-On: openshift#943 Depends-On: openshift#984
9 participants
DO NOT MERGE as is: Includes an UNMERGED PR to openshift/api.- What I did
openshift/api#384 modifies
ImageContentSourcePolicyto be explicit about sources == pull specs, and mirrors, instead of defining sets of repositories that can be mirrors of each other.This updates the vendored API and the relevant code.
- How to verify it
Updated unit tests, I suppose manual testing that it all works.
- Description for the changelog
Updated for ImageContentSourcePolicy distinguishing mirrors from primary repositories