New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NE-1530: IngressController LB Subnet Selection in AWS #1841
base: master
Are you sure you want to change the base?
Conversation
@gcs278: This pull request references NE-705 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target either version "4.16." or "openshift-4.16.", but it targets "openshift-4.13" instead. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Hello @gcs278! Some important instructions when contributing to openshift/api: |
@gcs278: This pull request references NE-1530 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
@gcs278: This pull request references NE-1530 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
@gcs278: This pull request references NE-1530 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/hold |
19737cb
to
c906aa1
Compare
@@ -545,6 +545,20 @@ type AWSLoadBalancerParameters struct { | |||
// | |||
// +optional | |||
NetworkLoadBalancerParameters *AWSNetworkLoadBalancerParameters `json:"networkLoadBalancer,omitempty"` | |||
|
|||
// subnets specifies the list of subnets for the load balancer to | |||
// route traffic to. The values can be either a subnet ID or name. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you find anything that suggests only specific characters are allowed in either the name or ID?
// | ||
// +optional | ||
// +openshift:enable:FeatureGate=IngressControllerLBSubnetsAWS | ||
Subnets []AWSSubnetReference `json:"subnets,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs a listType
tag, its this atomic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've read the docs (https://github.com/kubernetes/kube-openapi/blob/master/pkg/idl/doc.go and https://kubernetes.io/docs/reference/using-api/server-side-apply/), but I'm struggling to totally grasp the difference between an atomic and set listType. I don't totally understand the implications as it relates to my field. I see set:
// Sets are lists that must not have multiple times the same value. Each
// value must be a scalar (or another atomic type).
And atomic:
// Atomic lists will be entirely replaced when updated. This tag may be
// used on any type of list (struct, scalar, ...).
Sounds like atomic only allows one "manager" for server side apply. That seems acceptable for this field.
I also see atomic is the default, so I'll go with that.
/assign |
Yikes, I messed up this rebase bad. Fixing. |
An example failure from verify-crd-schema. Is it in development?
/test verify-crd-schema |
@candita I saw that too, but at the end of the logs is:
And I reviewed the logs and don't see any issue with my added subnets API. Instead, all of the errors are from existing fields. So I think I will require an override when the time comes to it. |
/retest |
features/features.go
Outdated
|
||
FeatureGateIngressControllerLBSubnetsAWS = newFeatureGate("IngressControllerLBSubnetsAWS"). | ||
reportProblemsToJiraComponent("Routing"). | ||
contactPerson("gspence"). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: For network edge features, the contact person is @Miciah , but I don't know if there are rules about it having to be the team lead or not. Otherwise, it should be your github handle.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. I'll put "miciah" down.
type: AWS | ||
aws: | ||
type: Classic | ||
- name: Subnets should be able to add after IC creation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
- name: Subnets should be able to add after IC creation. | |
- name: Should be able to add subnets after IC creation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
operator/v1/types_ingress.go
Outdated
// In order for the load balancer to be provisioned with subnets: | ||
// * Each subnet must exist. | ||
// * Each subnet must be from a different availability zone. | ||
// * The load balancer service must be deleted. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// * The load balancer service must be deleted. | |
// * The load balancer service must be recreated to pick up new values. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
operator/v1/types_ingress.go
Outdated
// * Each subnet must be from a different availability zone. | ||
// * The load balancer service must be deleted. | ||
// | ||
// When omitted, the subnets will be auto-discovered per availability zone. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand this correctly:
// When omitted, the subnets will be auto-discovered per availability zone. | |
// If omitted, the subnets will be auto-discovered per availability zone. | |
// When subnets are auto-discovered, they do not propagate to this list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. Done.
// +optional | ||
// +listType=atomic | ||
// +openshift:enable:FeatureGate=IngressControllerLBSubnetsAWS | ||
// +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="subnets cannot contain duplicates" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know if this validation is case-sensitive? The subnet names can be, so there could correctly be both subnetB and subnetb in the list. You could just add a test to the test yaml.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know how much it matters, but I tested this with two empty subnets and that returns false. https://playcel.undistro.io/?content=H4sIAAAAAAAAA6tWSk7NUbJSKk7NSdNLzMnRqNBRALNTKzKLS4rj8%2FNSNSp1FCoUbG0VKjU1lXSUUhJLEj3zCkpLoLqsYvIUFHQVICRQPjc%2FJRUoBTK2FgCZjmKCXgAAAA%3D%3D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know if this validation is case-sensitive? The subnet names can be, so there could correctly be both subnetB and subnetb in the list. You could just add a test to the test yaml.
Good question. It is indeed case-sensitive. Good idea, I will do that.
I don't know how much it matters, but I tested this with two empty subnets and that returns false.
Oh nice, I didn't know about this CEL playground website.
Good point. The CEL is working as expected with two empty subnets, but an empty length subnet is not a valid subnet reference. Adding // +kubebuilder:validation:MinLength=1
operator/v1/types_ingress.go
Outdated
@@ -556,6 +572,11 @@ const ( | |||
AWSNetworkLoadBalancer AWSLoadBalancerType = "NLB" | |||
) | |||
|
|||
// AWSSubnetReference is a reference to an AWS subnet. It can be either | |||
// be a subnet ID or name. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// be a subnet ID or name. | |
// an AWS subnet ID or a generic name. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
No major concerns on my part, just a few comments/nits. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: candita, gcs278 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Allows users to specify subnets (i.e. Availability Zones) for IngressControllers using load balancers in AWS. Introduce under the `IngressControllerLBSubnetsAWS` FeatureGate.
New changes are detected. LGTM label has been removed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the review @candita
Changes here: https://github.com/openshift/api/compare/81aaf82a567be6f4b42e236e2276d65569c7f056..e8783c84b59e430682265cbbe441614b32ee8ee6
features/features.go
Outdated
|
||
FeatureGateIngressControllerLBSubnetsAWS = newFeatureGate("IngressControllerLBSubnetsAWS"). | ||
reportProblemsToJiraComponent("Routing"). | ||
contactPerson("gspence"). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. I'll put "miciah" down.
@@ -545,6 +545,20 @@ type AWSLoadBalancerParameters struct { | |||
// | |||
// +optional | |||
NetworkLoadBalancerParameters *AWSNetworkLoadBalancerParameters `json:"networkLoadBalancer,omitempty"` | |||
|
|||
// subnets specifies the list of subnets for the load balancer to | |||
// route traffic to. The values can be either a subnet ID or name. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. That's consistent with my experiments that allowed me to create a subnet name tag with every character my keyboard has. I don't think we can restrict characters on the basis of subnet names.
However, after some tedious experimenting, I found that though ,
is a valid in a subnet name, but is impossible to specify in the annotation since it uses that as the delimiter. I will add a restriction for that.
type: AWS | ||
aws: | ||
type: Classic | ||
- name: Subnets should be able to add after IC creation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
operator/v1/types_ingress.go
Outdated
// In order for the load balancer to be provisioned with subnets: | ||
// * Each subnet must exist. | ||
// * Each subnet must be from a different availability zone. | ||
// * The load balancer service must be deleted. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
operator/v1/types_ingress.go
Outdated
// * Each subnet must be from a different availability zone. | ||
// * The load balancer service must be deleted. | ||
// | ||
// When omitted, the subnets will be auto-discovered per availability zone. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. Done.
// +optional | ||
// +listType=atomic | ||
// +openshift:enable:FeatureGate=IngressControllerLBSubnetsAWS | ||
// +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="subnets cannot contain duplicates" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know if this validation is case-sensitive? The subnet names can be, so there could correctly be both subnetB and subnetb in the list. You could just add a test to the test yaml.
Good question. It is indeed case-sensitive. Good idea, I will do that.
I don't know how much it matters, but I tested this with two empty subnets and that returns false.
Oh nice, I didn't know about this CEL playground website.
Good point. The CEL is working as expected with two empty subnets, but an empty length subnet is not a valid subnet reference. Adding // +kubebuilder:validation:MinLength=1
operator/v1/types_ingress.go
Outdated
@@ -556,6 +572,11 @@ const ( | |||
AWSNetworkLoadBalancer AWSLoadBalancerType = "NLB" | |||
) | |||
|
|||
// AWSSubnetReference is a reference to an AWS subnet. It can be either | |||
// be a subnet ID or name. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@gcs278: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Allows users to specify subnets (i.e. Availability Zones) for IngressControllers using load balancers in AWS. Introduce
under the
IngressControllerLBSubnetsAWS
FeatureGate. Works for both CLB and NLBs.Enhancement: openshift/enhancements#1595
Epic: https://issues.redhat.com/browse/NE-705