ingress: Migrate to networking.k8s.io/v1 #172
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
This enhancement updates the [ingress-to-route](https://github.com/openshift/openshift-controller-manager/blob/master/pkg/route/ingress/ingress.go) controller to use the stable `networking.k8s.io/v1` version of the Ingress API. Although the API server already supports the v1 API version without this enhancement, the ingress-to-route controller requires changes to transition from using the v1beta1 client to using the v1 client and to support new v1 features. These new features include the `spec.pathType` and `spec.ingressClassType` fields as well as the associated IngressClass API. This enhancement does *not* extend the Route API to accommodate new features in the Ingress API; these are only supported to the extent that they are compatible with the Route API. --- Implementation PRs: - [ ] [openshift/cluster-ingress-operator#574 WIP: ingressclass: New controller.](openshift/cluster-ingress-operator#574) - [ ] [openshift/openshift-controller-manager#172 WIP: ingress: Migrate to networking.k8s.io/v1.](openshift/openshift-controller-manager#172) - [ ] TODO openshift/api PR for `openshift.io/ingress-to-route` ingressclass controller name. - [ ] TODO openshift/cluster-monitoring-operator PR for alerts.
Miciah
force-pushed
the
ingress-migrate-to-networking.k8s.io-slash-v1
branch
2 times, most recently
from
5c1311a
to
396a918
Compare
Miciah
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
pkg/route/ingress/ingress.go
Outdated
| @@ -370,6 +372,27 @@ func (c *Controller) sync(key queueKey) error { | |||
| return err | |||
| } | |||
|
|
|||
| // If the ingress specifies an ingressclass and the ingressclass does | |||
| // not specify OpenShift Router as its controller, ignore the ingress. | |||
There was a problem hiding this comment.
We should ignore ingresses that do not specify openshift.io/ingress-to-route as their controller, right? (OpenShift Router seems a little vague, but perhaps thats intentional?)
There was a problem hiding this comment.
Right. An earlier version of these changes used the controller name "openshift.io/haproxy-router", which I changed to "openshift.io/ingress-to-route" (since it's really the ingress-to-route controller that is managing the ingresses), and I forgot to update the comment when I changed the controller name. Thanks for catching that!
pkg/route/ingress/ingress.go
Outdated
| var ingressClassName *string | ||
| if v, ok := ingress.Annotations["kubernetes.io/ingress.class"]; ok { | ||
| ingressClassName = &v | ||
| } else if ingress.Spec.IngressClassName != nil { |
There was a problem hiding this comment.
| } else if ingress.Spec.IngressClassName != nil { | |
| } else { |
No need to check for nil twice, right?
|
@Miciah CI builds for this PR don't look too hot. Maybe try running |
Miciah
force-pushed
the
ingress-migrate-to-networking.k8s.io-slash-v1
branch
from
396a918
to
6d88436
Compare
I already did that. Hmm... |
Miciah
force-pushed
the
ingress-migrate-to-networking.k8s.io-slash-v1
branch
from
6d88436
to
fbf918e
Compare
I had forgotten to |
/test unit |
/test e2e-aws |
|
fixups look good. /lgtm |
|
/test e2e-aws |
go.mod
Outdated
| k8s.io/api v0.20.0 | ||
| k8s.io/apimachinery v0.20.0 | ||
| k8s.io/api v0.21.0-rc.0 | ||
| k8s.io/apimachinery v0.21.0-rc.0 |
There was a problem hiding this comment.
It seems that the openshift/api bump tries to pull in the rebase to k8s 1.21. This doesn't actually happen in this PR because of the replaces below.
There was a problem hiding this comment.
Hmm, should we drop the replaces? Who is responsible for fixing that?
pkg/route/ingress/ingress.go
Outdated
| if err != nil { | ||
| return err | ||
| } | ||
| if ingressclass.Spec.Controller != routev1.IngressToRouteIngressClassControllerName { |
There was a problem hiding this comment.
Was this constant added before or after we started rebasing to k8s v1.21?
I'd rather not pull in go.mod changes that try to add k8s 1.21 deps in this PR. If this is the only reason that we need an openshift/api bump, can we hard-code the controller name here and mark a TODO to use the api constant?
There was a problem hiding this comment.
It was merged after. https://github.com/openshift/api/commits/abd04f148867b326211c90f798235565572efd01
There was a problem hiding this comment.
I dropped the openshift/api bump from this PR and replaced routev1.IngressToRouteIngressClassControllerName with "openshift.io/ingress-to-route", with a TODO comment per your suggestion.
| var validOwnerRefAPIVersions = sets.NewString( | ||
| "networking.k8s.io/v1", | ||
| "networking.k8s.io/v1beta1", | ||
| "extensions.k8s.io/v1beta1", |
There was a problem hiding this comment.
If IIRC, extensions.k8s.io/v1beta1 has been removed in k8s, and was not previously allowed. Why are we allowing this apiVersion here?
There was a problem hiding this comment.
We allow it because a route might have been created with an owner reference that uses the old apiVersion. See https://bugzilla.redhat.com/show_bug.cgi?id=1896678
for example.
For existing routes, we tolerate old apiVersion values in owner references (thus the |
Update the ingress-to-route controller and unit tests to use the networking.k8s.io/v1 API, implement IngressClass, and migrate routes created using older ingress API versions. * pkg/cmd/controller/ingress.go: Update to import and use networking/v1 packages. (RunIngressToRouteController): Pass ingressclass client to NewController. * pkg/route/ingress/ingress.go: Update to import and use networking/v1 packages. (Controller): Add ingressclassLister field. (NewController): Add parameter for ingressclasses informer. Use it to get ingressclassLister. (sync): Check the ingress's kubernetes.io/ingress.class annotation and spec.ingressClassName field. If an ingressclass is specified, look it up and check its spec.controller field value. If the ingress specifies an ingressclass that does not specify the openshift.io/ingress-to-route ingressclass, ignore the ingress. When patching an ingress, replace the existing ownerReferences field value in case the API version has changed. (validOwnerRefAPIVersions): New variable. (hasIngressOwnerRef): Use validOwnerRefAPIVersions to verify that the owner reference specifies some recognized API version. (newRouteForIngress): Update to use the ingress's spec.backend.service field to get the target service. Use the networking.k8s.io/v1 API version in the returned route's owner reference. (routeMatchesIngress): Update to use the ingress's spec.backend.service field. Verify that the route's owner reference uses the networking.k8s.io/v1 API version. (targetPortForService): Replace the ingress path parameter with an ingress service backend parameter. * pkg/route/ingress/ingress_test.go: Update to import and use networking/v1 packages. (ingressclassLister): New type. Implement a fake ingressclass lister. (List, Get): New methods for ingressclassLister. (complexIngress): Update to the v1 API. (TestController_stabilizeAfterCreate): Use a fake ingressclass lister. (TestController_sync): Define fake ingressclass lister with an ingressclass that specifies the OpenShift ingress controller. Update ingresses in test cases to the v1 API. Update test cases to expect the controller to patch ownerReferences. Add test cases: "ignores ingress with third-party ingressclass", "ignores ingress with unsupported path type", "create route - default ingresscontroller", "create route - custom ingresscontroller", "no-op - ignore route created for an ingress with a third-party class", and "update route with old owner reference". Augment the "create route" test case to verify correct behavior for the implemented path types.
Miciah
force-pushed
the
ingress-migrate-to-networking.k8s.io-slash-v1
branch
from
fbf918e
to
0211318
Compare
|
The e2e-aws-upgrade job failed because Multus failed to connect to the API during sandbox creation: /test e2e-aws-upgrade |
|
/approve |
openshift-ci-robot
added
the
approved
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bparees, Miciah, sgreene570 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Update the ingress-to-route controller and unit tests to use the
networking.k8s.io/v1API, implement IngressClass, and migrate routes created using older ingress API versions.pkg/cmd/controller/ingress.go: Update to import and usenetworking/v1packages.(
RunIngressToRouteController): Pass ingressclass client toNewController.pkg/route/ingress/ingress.go: Update to import and usenetworking/v1packages.(
Controller): AddingressclassListerfield.(
NewController): Add parameter foringressclassesinformer. Use it to getingressclassLister.(
sync): Check the ingress'skubernetes.io/ingress.classannotation andspec.ingressClassNamefield. If an ingressclass is specified, look it up and check itsspec.controllerfield value. If the ingress specifies an ingressclass that does not specify theopenshift.io/ingress-to-routeingressclass, ignore the ingress. When patching an ingress, replace the existingownerReferencesfield value in case the API version has changed.(
validOwnerRefAPIVersions): New variable.(
hasIngressOwnerRef): UsevalidOwnerRefAPIVersionsto verify that the owner reference specifies some recognized API version.(
newRouteForIngress): Update to use the ingress'sspec.backend.servicefield to get the target service. Use thenetworking.k8s.io/v1API version in the returned route's owner reference.(
routeMatchesIngress): Update to use the ingress'sspec.backend.servicefield. Verify that the route's owner reference uses thenetworking.k8s.io/v1API version.(
targetPortForService): Replace the ingress path parameter with an ingress service backend parameter.pkg/route/ingress/ingress_test.go: Update to use and importnetworking/v1packages.(
ingressclassLister): New type. Implement a fake ingressclass lister.(
List,Get): New methods foringressclassLister.(
complexIngress): Update to the v1 API.(
TestController_stabilizeAfterCreate): Use a fake ingressclass lister.(
TestController_sync): Define fake ingressclass lister with an ingressclass that specifies the OpenShift ingress controller. Update ingresses in test cases to the v1 API. Update test cases to expect the controller to patchownerReferences. Add test cases: "ignores ingress with third-party ingressclass", "ignores ingress with unsupported path type", "create route - default ingresscontroller", "create route - custom ingresscontroller", "no-op - ignore route created for an ingress with a third-party class", and "update route with old owner reference". Augment the "create route" test case to verify correct behavior for the implemented path types.