Refactor and konnectivity #25
Conversation
mendrugory
commented
May 26, 2022
•
mendrugory
commented
- Refactoring to include custom group of resources
- Konnectivity addon
mendrugory
force-pushed
the
gonzalo/issues/10
branch
from
f6d0826
to
4007d99
Compare
mendrugory
force-pushed
the
gonzalo/issues/10
branch
7 times, most recently
from
c296737
to
90bffda
Compare
mendrugory
force-pushed
the
gonzalo/issues/10
branch
from
90bffda
to
7e98d31
Compare
mendrugory
force-pushed
the
gonzalo/issues/10
branch
6 times, most recently
from
fc18228
to
306590d
Compare
internal/resources/konnectivity/cluster_role_binding_resource.go
Outdated
Show resolved
Hide resolved
mendrugory
force-pushed
the
gonzalo/issues/10
branch
10 times, most recently
from
6bc47ce
to
2240c18
Compare
|
There's something broken with these changes since the creation of TCP stuck.
|
mendrugory
force-pushed
the
gonzalo/issues/10
branch
from
2240c18
to
317aaf3
Compare
mendrugory
force-pushed
the
gonzalo/issues/10
branch
5 times, most recently
from
e313547
to
7205534
Compare
| func (in *TenantControlPlane) GetAddress(ctx context.Context, client client.Client) (string, error) { | ||
| func (in *TenantControlPlane) GetAddress(ctx context.Context, client client.Client, namespacedName k8stypes.NamespacedName, specAddress string) (string, error) { |
There was a problem hiding this comment.
This does not entirely convince me: we got a pointer receiver with in *TenantControlPlane, which means we can access the struct data, however, we're taking as argument specAddress string used in this way.
Same here
Honestly, I'd go for different functions in order to decrease the possibility of typo in passing the wrong value, something as GetControlPlaneAddress and GetKonnectivityServerAddress.
There was a problem hiding this comment.
That's the way of reusing the same logic without different implementations inside the funcion (one for the api server service and another for the konnectivity service)
From my opinion, we will increase the risk of bugs if we have several functions with the same logic (I have a TODO comment to decrease that approach in other parts of the project)
There was a problem hiding this comment.
If we want to go for delegating the caller to specify the right address, I'd say we should use a function that is not bounded to the TenantControlPlane. Eventually, also an enum could be used.
I'd go for two functions here since the domain is slightly different (CP vs Konnectivity) and eventually we can replicate the same underlying logic by abstracting it.
We just need to avoid passing receiver struct members as parameters.
| // +kubebuilder:default=8132 | ||
| ProxyPort int32 `json:"proxyPort,omitempty"` |
There was a problem hiding this comment.
Port 8132 is not recommended here since we're deploying as NodePort type: unless the TCP is running with the host network (and it's not), Kubernetes is going to complain.
We could use a higher value in the range of allowed NodePorts (generally speaking, 30132), or avoid a default value since otherwise every different TCP could have collision.
IIRC, by not specifying a port, a new one should be assigned automatically: can't we go in that way? It means we would accept a *int32.
There was a problem hiding this comment.
I would try to keep the default value (known one) in order to facilitate the use of kamaji to new comers. But going to port "auto-assignation" could increase a lot the complexity and I do not think that it deserves the effort because that port should be exposed, therefore, it will depend on the infrastructure where kamaji is deployed
There was a problem hiding this comment.
The issue of a default value, since using a NodePort, would end up having multiple Tenant Control Plane w/ Konnectivity enabled, in which just the first one would work and be able to get a Service due to a collision.
I see two options, here:
- nullable port, in order to get the allocated one by the Admin cluster
- marking the field as required if the feature is enabled, with no default values
With the first one, we have to decide how the admin can retrieve that port: it could be stored in the KonnectivityStatus, as we're doing with the Kubeconfig.
With the latter one, unfortunately, we would need a webhook, and we don't have yet the support for it, and that would require an error handling in the controller.
There was a problem hiding this comment.
if the solution is not clear, let's open a new improvement task
There was a problem hiding this comment.
We have to address it right now since it's a new feature and we can shape the feature as we wish.
According to OAPIv3, there's no way on setting up a condition.
A possible workaround could be the following: allowing an empty object.
... addons: konnectivity: host: "fqdn.io" port: 30123 coreDNS: {} kubeProxy: {}
It means that all of the addons are activated since there are options.
Instead:
... addons: konnectivity: host: "fqdn.io" port: 30123 coreDNS: {}
in this case kubeProxy is disabled because we don't have any option declared, it's nil.
The benefit of this approach is that we can make the port required only when the object is declared, and not on the condition of enabled=true.
This is a refactoring, that must be addressed before the konnectivity feature in a different commit of this PR.
mendrugory
force-pushed
the
gonzalo/issues/10
branch
4 times, most recently
from
d13eede
to
c9bf06e
Compare
| @@ -97,6 +97,7 @@ kustomize: ## Download kustomize locally if necessary. | |||
|
|
|||
| manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. | |||
| $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases | |||
| cp config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml helm/kamaji/crds/tenantcontrolplane.yaml | |||
There was a problem hiding this comment.
The lack of this kind of automation was provoking the e2e failure
internal/utilities/utilities.go
Outdated
| func IsValidIPV4(ip string) bool { | ||
| pattern := "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" | ||
|
|
||
| return validateRegex(pattern, ip) | ||
| } |
There was a problem hiding this comment.
Why not use net.ParseIP here?
There was a problem hiding this comment.
no idea about that function. I will change
mendrugory
force-pushed
the
gonzalo/issues/10
branch
2 times, most recently
from
4fa234f
to
35ae2e6
Compare
| // TODO: refactor and merge with /internal/resources/kubeadm_utils.go | ||
| // Logic is pretty close |
There was a problem hiding this comment.
Please, could you open an issue for this @mendrugory?
| KubeProxy AddonSpec `json:"kubeProxy,omitempty"` | ||
| CoreDNS *AddonSpec `json:"coreDNS,omitempty"` | ||
| Konnectivity *KonnectivitySpec `json:"konnectivity,omitempty"` | ||
| KubeProxy *AddonSpec `json:"kubeProxy,omitempty"` |
There was a problem hiding this comment.
Since the changes, I'm having trouble understanding if we're checking the pointers here.
Did you enforce the check of the pointers? I'd like to avoid issues with nil pointer dereference.
There was a problem hiding this comment.
Logic about kubeadm addons was changed into internal/resources/kubeadm_addons.go
let me know if you see anything weird
helm/kamaji/README.md
Outdated
| | addons.coreDNS | boolean | | Enabling CoreDNS installation. | | ||
| | addons.kubeProxy | boolean | | Enabling KubeProxy installation | |
There was a problem hiding this comment.
Wrong type here, it shouldn't be boolean, but rather, object.
mendrugory
force-pushed
the
gonzalo/issues/10
branch
from
35ae2e6
to
31e7edc
Compare
