-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor and konnectivity #25
Conversation
mendrugory
commented
May 26, 2022
•
edited
edited
- Refactoring to include custom group of resources
- Konnectivity addon
f6d0826
to
4007d99
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing Konnectivity code, please, add it.
c296737
to
90bffda
Compare
90bffda
to
7e98d31
Compare
fc18228
to
306590d
Compare
internal/resources/konnectivity/cluster_role_binding_resource.go
Outdated
Show resolved
Hide resolved
6bc47ce
to
2240c18
Compare
There's something broken with these changes since the creation of TCP stuck.
|
2240c18
to
317aaf3
Compare
e313547
to
7205534
Compare
func (in *TenantControlPlane) GetAddress(ctx context.Context, client client.Client) (string, error) { | ||
func (in *TenantControlPlane) GetAddress(ctx context.Context, client client.Client, namespacedName k8stypes.NamespacedName, specAddress string) (string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does not entirely convince me: we got a pointer receiver with in *TenantControlPlane
, which means we can access the struct data, however, we're taking as argument specAddress string
used in this way.
address, err := tenantControlPlane.GetAddress(ctx, r.Client, namespacedName, tenantControlPlane.Spec.NetworkProfile.Address) |
Same here
address, _ := tenantControlPlane.GetAddress(ctx, r.Client, namespacedName, tenantControlPlane.Spec.Addons.Konnectivity.ProxyHost) |
Honestly, I'd go for different functions in order to decrease the possibility of typo in passing the wrong value, something as GetControlPlaneAddress
and GetKonnectivityServerAddress
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's the way of reusing the same logic without different implementations inside the funcion (one for the api server service and another for the konnectivity service)
From my opinion, we will increase the risk of bugs if we have several functions with the same logic (I have a TODO comment to decrease that approach in other parts of the project)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we want to go for delegating the caller to specify the right address, I'd say we should use a function that is not bounded to the TenantControlPlane. Eventually, also an enum could be used.
I'd go for two functions here since the domain is slightly different (CP vs Konnectivity) and eventually we can replicate the same underlying logic by abstracting it.
We just need to avoid passing receiver struct members as parameters.
// +kubebuilder:default=8132 | ||
ProxyPort int32 `json:"proxyPort,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Port 8132
is not recommended here since we're deploying as NodePort
type: unless the TCP is running with the host network (and it's not), Kubernetes is going to complain.
We could use a higher value in the range of allowed NodePorts (generally speaking, 30132
), or avoid a default value since otherwise every different TCP could have collision.
IIRC, by not specifying a port, a new one should be assigned automatically: can't we go in that way? It means we would accept a *int32
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would try to keep the default value (known one) in order to facilitate the use of kamaji to new comers. But going to port "auto-assignation" could increase a lot the complexity and I do not think that it deserves the effort because that port should be exposed, therefore, it will depend on the infrastructure where kamaji is deployed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue of a default value, since using a NodePort
, would end up having multiple Tenant Control Plane w/ Konnectivity enabled, in which just the first one would work and be able to get a Service due to a collision.
I see two options, here:
- nullable port, in order to get the allocated one by the Admin cluster
- marking the field as required if the feature is enabled, with no default values
With the first one, we have to decide how the admin can retrieve that port: it could be stored in the KonnectivityStatus
, as we're doing with the Kubeconfig.
With the latter one, unfortunately, we would need a webhook, and we don't have yet the support for it, and that would require an error handling in the controller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the solution is not clear, let's open a new improvement task
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have to address it right now since it's a new feature and we can shape the feature as we wish.
According to OAPIv3, there's no way on setting up a condition.
A possible workaround could be the following: allowing an empty object.
... addons: konnectivity: host: "fqdn.io" port: 30123 coreDNS: {} kubeProxy: {}
It means that all of the addons are activated since there are options.
Instead:
... addons: konnectivity: host: "fqdn.io" port: 30123 coreDNS: {}
in this case kubeProxy
is disabled because we don't have any option declared, it's nil
.
The benefit of this approach is that we can make the port required only when the object is declared, and not on the condition of enabled=true
.
This is a refactoring, that must be addressed before the konnectivity
feature in a different commit of this PR.
d13eede
to
c9bf06e
Compare
@@ -97,6 +97,7 @@ kustomize: ## Download kustomize locally if necessary. | |||
|
|||
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. | |||
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases | |||
cp config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml helm/kamaji/crds/tenantcontrolplane.yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's great, well done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The lack of this kind of automation was provoking the e2e failure
internal/utilities/utilities.go
Outdated
func IsValidIPV4(ip string) bool { | ||
pattern := "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" | ||
|
||
return validateRegex(pattern, ip) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not use net.ParseIP
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no idea about that function. I will change
4fa234f
to
35ae2e6
Compare
// TODO: refactor and merge with /internal/resources/kubeadm_utils.go | ||
// Logic is pretty close |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, could you open an issue for this @mendrugory?
KubeProxy AddonSpec `json:"kubeProxy,omitempty"` | ||
CoreDNS *AddonSpec `json:"coreDNS,omitempty"` | ||
Konnectivity *KonnectivitySpec `json:"konnectivity,omitempty"` | ||
KubeProxy *AddonSpec `json:"kubeProxy,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the changes, I'm having trouble understanding if we're checking the pointers here.
Did you enforce the check of the pointers? I'd like to avoid issues with nil pointer dereference.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Logic about kubeadm addons was changed into internal/resources/kubeadm_addons.go
let me know if you see anything weird
helm/kamaji/README.md
Outdated
| addons.coreDNS | boolean | | Enabling CoreDNS installation. | | ||
| addons.kubeProxy | boolean | | Enabling KubeProxy installation | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrong type here, it shouldn't be boolean, but rather, object
.
35ae2e6
to
31e7edc
Compare