-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ingress: Migrate to networking.k8s.io/v1 #172
ingress: Migrate to networking.k8s.io/v1 #172
Conversation
This enhancement updates the [ingress-to-route](https://github.com/openshift/openshift-controller-manager/blob/master/pkg/route/ingress/ingress.go) controller to use the stable `networking.k8s.io/v1` version of the Ingress API. Although the API server already supports the v1 API version without this enhancement, the ingress-to-route controller requires changes to transition from using the v1beta1 client to using the v1 client and to support new v1 features. These new features include the `spec.pathType` and `spec.ingressClassType` fields as well as the associated IngressClass API. This enhancement does *not* extend the Route API to accommodate new features in the Ingress API; these are only supported to the extent that they are compatible with the Route API. --- Implementation PRs: - [ ] [openshift/cluster-ingress-operator#574 WIP: ingressclass: New controller.](openshift/cluster-ingress-operator#574) - [ ] [openshift/openshift-controller-manager#172 WIP: ingress: Migrate to networking.k8s.io/v1.](openshift/openshift-controller-manager#172) - [ ] TODO openshift/api PR for `openshift.io/ingress-to-route` ingressclass controller name. - [ ] TODO openshift/cluster-monitoring-operator PR for alerts.
5c1311a
to
396a918
Compare
pkg/route/ingress/ingress.go
Outdated
@@ -370,6 +372,27 @@ func (c *Controller) sync(key queueKey) error { | |||
return err | |||
} | |||
|
|||
// If the ingress specifies an ingressclass and the ingressclass does | |||
// not specify OpenShift Router as its controller, ignore the ingress. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should ignore ingresses that do not specify openshift.io/ingress-to-route
as their controller, right? (OpenShift Router
seems a little vague, but perhaps thats intentional?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. An earlier version of these changes used the controller name "openshift.io/haproxy-router", which I changed to "openshift.io/ingress-to-route" (since it's really the ingress-to-route controller that is managing the ingresses), and I forgot to update the comment when I changed the controller name. Thanks for catching that!
pkg/route/ingress/ingress.go
Outdated
var ingressClassName *string | ||
if v, ok := ingress.Annotations["kubernetes.io/ingress.class"]; ok { | ||
ingressClassName = &v | ||
} else if ingress.Spec.IngressClassName != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
} else if ingress.Spec.IngressClassName != nil { | |
} else { |
No need to check for nil twice, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. Thanks!
@Miciah CI builds for this PR don't look too hot. Maybe try running |
396a918
to
6d88436
Compare
I already did that. Hmm... |
6d88436
to
fbf918e
Compare
I had forgotten to |
/test unit |
/test e2e-aws |
fixups look good. /lgtm |
/test e2e-aws |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will upgrades work? What will happen to existing routes linked to v1beta1
Ingress instances?
go.mod
Outdated
k8s.io/api v0.20.0 | ||
k8s.io/apimachinery v0.20.0 | ||
k8s.io/api v0.21.0-rc.0 | ||
k8s.io/apimachinery v0.21.0-rc.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems that the openshift/api bump tries to pull in the rebase to k8s 1.21. This doesn't actually happen in this PR because of the replaces below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, should we drop the replaces? Who is responsible for fixing that?
pkg/route/ingress/ingress.go
Outdated
if err != nil { | ||
return err | ||
} | ||
if ingressclass.Spec.Controller != routev1.IngressToRouteIngressClassControllerName { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this constant added before or after we started rebasing to k8s v1.21?
I'd rather not pull in go.mod changes that try to add k8s 1.21 deps in this PR. If this is the only reason that we need an openshift/api bump, can we hard-code the controller name here and mark a TODO to use the api constant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was merged after. https://github.com/openshift/api/commits/abd04f148867b326211c90f798235565572efd01
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dropped the openshift/api bump from this PR and replaced routev1.IngressToRouteIngressClassControllerName
with "openshift.io/ingress-to-route"
, with a TODO comment per your suggestion.
var validOwnerRefAPIVersions = sets.NewString( | ||
"networking.k8s.io/v1", | ||
"networking.k8s.io/v1beta1", | ||
"extensions.k8s.io/v1beta1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If IIRC, extensions.k8s.io/v1beta1
has been removed in k8s, and was not previously allowed. Why are we allowing this apiVersion here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We allow it because a route might have been created with an owner reference that uses the old apiVersion. See https://bugzilla.redhat.com/show_bug.cgi?id=1896678
for example.
For existing routes, we tolerate old apiVersion values in owner references (thus the |
Update the ingress-to-route controller and unit tests to use the networking.k8s.io/v1 API, implement IngressClass, and migrate routes created using older ingress API versions. * pkg/cmd/controller/ingress.go: Update to import and use networking/v1 packages. (RunIngressToRouteController): Pass ingressclass client to NewController. * pkg/route/ingress/ingress.go: Update to import and use networking/v1 packages. (Controller): Add ingressclassLister field. (NewController): Add parameter for ingressclasses informer. Use it to get ingressclassLister. (sync): Check the ingress's kubernetes.io/ingress.class annotation and spec.ingressClassName field. If an ingressclass is specified, look it up and check its spec.controller field value. If the ingress specifies an ingressclass that does not specify the openshift.io/ingress-to-route ingressclass, ignore the ingress. When patching an ingress, replace the existing ownerReferences field value in case the API version has changed. (validOwnerRefAPIVersions): New variable. (hasIngressOwnerRef): Use validOwnerRefAPIVersions to verify that the owner reference specifies some recognized API version. (newRouteForIngress): Update to use the ingress's spec.backend.service field to get the target service. Use the networking.k8s.io/v1 API version in the returned route's owner reference. (routeMatchesIngress): Update to use the ingress's spec.backend.service field. Verify that the route's owner reference uses the networking.k8s.io/v1 API version. (targetPortForService): Replace the ingress path parameter with an ingress service backend parameter. * pkg/route/ingress/ingress_test.go: Update to import and use networking/v1 packages. (ingressclassLister): New type. Implement a fake ingressclass lister. (List, Get): New methods for ingressclassLister. (complexIngress): Update to the v1 API. (TestController_stabilizeAfterCreate): Use a fake ingressclass lister. (TestController_sync): Define fake ingressclass lister with an ingressclass that specifies the OpenShift ingress controller. Update ingresses in test cases to the v1 API. Update test cases to expect the controller to patch ownerReferences. Add test cases: "ignores ingress with third-party ingressclass", "ignores ingress with unsupported path type", "create route - default ingresscontroller", "create route - custom ingresscontroller", "no-op - ignore route created for an ingress with a third-party class", and "update route with old owner reference". Augment the "create route" test case to verify correct behavior for the implemented path types.
fbf918e
to
0211318
Compare
The e2e-aws-upgrade job failed because Multus failed to connect to the API during sandbox creation:
/test e2e-aws-upgrade |
/approve |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bparees, Miciah, sgreene570 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Update the ingress-to-route controller and unit tests to use the
networking.k8s.io/v1
API, implement IngressClass, and migrate routes created using older ingress API versions.pkg/cmd/controller/ingress.go
: Update to import and usenetworking/v1
packages.(
RunIngressToRouteController
): Pass ingressclass client toNewController
.pkg/route/ingress/ingress.go
: Update to import and usenetworking/v1
packages.(
Controller
): AddingressclassLister
field.(
NewController
): Add parameter foringressclasses
informer. Use it to getingressclassLister
.(
sync
): Check the ingress'skubernetes.io/ingress.class
annotation andspec.ingressClassName
field. If an ingressclass is specified, look it up and check itsspec.controller
field value. If the ingress specifies an ingressclass that does not specify theopenshift.io/ingress-to-route
ingressclass, ignore the ingress. When patching an ingress, replace the existingownerReferences
field value in case the API version has changed.(
validOwnerRefAPIVersions
): New variable.(
hasIngressOwnerRef
): UsevalidOwnerRefAPIVersions
to verify that the owner reference specifies some recognized API version.(
newRouteForIngress
): Update to use the ingress'sspec.backend.service
field to get the target service. Use thenetworking.k8s.io/v1
API version in the returned route's owner reference.(
routeMatchesIngress
): Update to use the ingress'sspec.backend.service
field. Verify that the route's owner reference uses thenetworking.k8s.io/v1
API version.(
targetPortForService
): Replace the ingress path parameter with an ingress service backend parameter.pkg/route/ingress/ingress_test.go
: Update to use and importnetworking/v1
packages.(
ingressclassLister
): New type. Implement a fake ingressclass lister.(
List
,Get
): New methods foringressclassLister
.(
complexIngress
): Update to the v1 API.(
TestController_stabilizeAfterCreate
): Use a fake ingressclass lister.(
TestController_sync
): Define fake ingressclass lister with an ingressclass that specifies the OpenShift ingress controller. Update ingresses in test cases to the v1 API. Update test cases to expect the controller to patchownerReferences
. Add test cases: "ignores ingress with third-party ingressclass", "ignores ingress with unsupported path type", "create route - default ingresscontroller", "create route - custom ingresscontroller", "no-op - ignore route created for an ingress with a third-party class", and "update route with old owner reference". Augment the "create route" test case to verify correct behavior for the implemented path types.