Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates Gateway Status Checking #12955

Merged
merged 4 commits into from Mar 29, 2023
Merged

Updates Gateway Status Checking #12955

merged 4 commits into from Mar 29, 2023

Conversation

danehans
Copy link
Contributor

Please provide a description for what this PR is for.

Updates the Gateway status condition check for the ambient getting started guide due to istio/istio#43975.

And to help us figure out who should review this PR, please
put an X in all the areas that this PR affects.

  • Ambient
  • Docs
  • Installation
  • Networking
  • Performance and Scalability
  • Extensions and Telemetry
  • Security
  • Test and Release
  • User Experience
  • Developer Infrastructure

@danehans danehans requested a review from a team as a code owner March 27, 2023 16:05
@istio-testing istio-testing added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-ok-to-test labels Mar 27, 2023
@istio-testing
Copy link
Contributor

Hi @danehans. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@danehans
Copy link
Contributor Author

xref: #12940

@danehans danehans mentioned this pull request Mar 27, 2023
Merged
10 tasks
@ericvn
Copy link
Contributor

ericvn commented Mar 27, 2023

/ok-to-test

But you will need to run the go get and go mod tidy and submit the go.* changes here.

@istio-testing istio-testing added ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. and removed needs-ok-to-test labels Mar 27, 2023
@danehans danehans requested a review from a team as a code owner March 27, 2023 16:09
@ericvn
Copy link
Contributor

ericvn commented Mar 27, 2023

@danehans To fix the gencheck failure, run make clean since you ran some tests locally, and run go mod tidy again.

@danehans
Copy link
Contributor Author

Looking into why TestDocs/tasks/traffic-management/ingress/ingress-sni-passthrough/gtwapi_test.sh is failing.

@danehans
Copy link
Contributor Author

Job doc.test.profile_minimal_istio.io is failing due to #12940 (comment).

@ericvn
Copy link
Contributor

ericvn commented Mar 27, 2023

@howardjohn mentioned in the CI PR that failing to get the host address may be a bug.

@danehans
Updates Gateway Status Check for Ambient Guide
ed2630d 
Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
@danehans
Copy link
Contributor Author

For the doc.test.profile_minimal_istio.io failing test, I have repro'd the issue. The Gateway's service does not get an IP assigned. Since the _wait_for_gateway func only waits for the Programmed=true" condition, this check passes and the INGRESS_HOST` env var is unassigned.

 build-tools:/work$ kubectl get gtw/mygateway -o yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"gateway.networking.k8s.io/v1beta1","kind":"Gateway","metadata":{"annotations":{},"name":"mygateway","namespace":"default"},"spec":{"gatewayClassName":"istio","listeners":[{"allowedRoutes":{"namespaces":{"from":"All"}},"hostname":"nginx.example.com","name":"https","port":443,"protocol":"TLS","tls":{"mode":"Passthrough"}}]}}
  creationTimestamp: "2023-03-27T18:53:38Z"
  generation: 1
  name: mygateway
  namespace: default
  resourceVersion: "2638"
  uid: 7bed5789-bb15-4931-8c54-c0318ffbdb73
spec:
  gatewayClassName: istio
  listeners:
  - allowedRoutes:
      namespaces:
        from: All
    hostname: nginx.example.com
    name: https
    port: 443
    protocol: TLS
    tls:
      mode: Passthrough
status:
  conditions:
  - lastTransitionTime: "2023-03-27T18:53:38Z"
    message: 'Assigned to service(s) mygateway-istio.default.svc.cluster.local:443,
      but failed to assign to all requested addresses: address pending for hostname
      "mygateway-istio.default.svc.cluster.local"'
    observedGeneration: 1
    reason: NoResources
    status: "False"
    type: Accepted
  - lastTransitionTime: "2023-03-27T18:53:38Z"
    message: Resource programmed
    observedGeneration: 1
    reason: Programmed
    status: "True"
    type: Programmed
...

build-tools:/work$ kubectl get svc
NAME              TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                         AGE
kubernetes        ClusterIP      10.96.0.1      <none>        443/TCP                         19m
my-nginx          ClusterIP      10.96.45.85    <none>        443/TCP                         2m32s
mygateway-istio   LoadBalancer   10.96.68.111   <pending>     15021:31564/TCP,443:31096/TCP   2m28s

@danehans danehans requested a review from a team as a code owner March 27, 2023 20:32
danehans
danehans commented Mar 27, 2023
View reviewed changes
content/en/docs/ops/ambient/getting-started/index.md Outdated
@@ -241,22 +241,22 @@ waypoint default/bookinfo-productpage applied
View the `productpage` waypoint proxy status; you should see the details of the gateway
resource with `Ready` status:

{{< text bash >}}
{{< text syntax=bash snip_id=none >}}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No longer needed since test is now using Test is now using _wait_for_gateway.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the primary purpose of doc tests (with side benefit of testing Istio) is to test that the documented instructions work as documented, a general best practice is to call snips wherever we can. The util functions are intended for docs that don't include explicit instructions, e.g., docs that just say before-you-begin install bookinfo, or something like that.

frankbu
frankbu reviewed Mar 27, 2023
View reviewed changes
content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/index.md Outdated
Wait for the Gateway to be accepted:

{{< text syntax=bash snip_id=none >}}
$ kubectl wait --for=condition=accepted gtw mygateway
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The correct semantics of gateway accepted vs programmed vs ready is still not agreed in the upstream gateway-api project, so I think we should wait for resolution before updating any docs.
kubernetes-sigs/gateway-api#1877

Copy link
Contributor Author

@danehans danehans Mar 27, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@frankbu PTAL at #12955 (comment). The way that Gateway status is currently implemented, Programmed=True can be surfaced when an address is unassigned. This is causing tests that set INGRESS_HOST to fail. As you mention, kubernetes-sigs/gateway-api#1877 is attempting to resolve ambiguity in the conditions. Maybe the best path forward is to check for the presence of both status conditions until this is resolved?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@danehans The problem is that there are 14 other docs that are broken by the current implementation. Fixing the implementation (to at least align with the best guess of where the spec is going) seems like a better approach than hacking all the docs temporarily. (Btw, the fact that the current impl has accepted not true until the address is assigned is an obvious bug since according to the spec accepted just means the config is syntactically valid.)

@danehans danehans requested a review from a team as a code owner March 27, 2023 21:04
@istio-testing istio-testing added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 27, 2023
@danehans danehans force-pushed the waypoint_status_fix branch 2 times, most recently from f53a2ad to 924c591 Compare March 27, 2023 23:39
@Xunzhuo
Copy link
Member

Xunzhuo commented Mar 28, 2023

/retest

@danehans danehans force-pushed the waypoint_status_fix branch 2 times, most recently from a86880d to 66fb20e Compare March 28, 2023 14:00
@ericvn
Copy link
Contributor

ericvn commented Mar 28, 2023

Noting also that @howardjohn mentioned in Slack that the underlying change may be reverted so we may need to revert some of our changes as well. Biggest unknown is when and that drives when we can actually update the version of Istio we are testing against.

@danehans danehans force-pushed the waypoint_status_fix branch 2 times, most recently from a89a244 to f18a5c9 Compare March 28, 2023 15:55
@istio-testing istio-testing added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 28, 2023
@danehans
Copy link
Contributor Author

xref: istio/istio#44139 to remove wait conditions for Gateway status.

@istio-testing istio-testing added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 28, 2023
danehans
danehans commented Mar 28, 2023
View reviewed changes
content/en/docs/ops/ambient/getting-started/snips.sh
@@ -119,18 +119,6 @@ snip_l7_authorization_policy_3() {
kubectl get gtw bookinfo-productpage -o yaml
}

! read -r -d '' snip_l7_authorization_policy_4 <<\ENDSNIP
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: This snip is not currently being used by the test.

@ericvn ericvn mentioned this pull request Mar 28, 2023
Merged
@danehans
Updates status condition checking
14881d7 
Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
@danehans
Bumps istio dep
236afca 
Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
danehans
danehans commented Mar 28, 2023
View reviewed changes
content/en/docs/ops/ambient/getting-started/index.md
@@ -247,16 +247,16 @@ $ kubectl get gtw bookinfo-productpage -o yaml

Verify that the waypoint proxy status is ready:

{{< text plaintext >}}
{{< text syntax=plaintext snip_id=none >}}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: This snip is not currently being used by the test.

@danehans
Generated changes from gen-check
3bfd59e 
Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
@danehans danehans requested review from frankbu and Xunzhuo and removed request for frankbu March 29, 2023 02:37
Xunzhuo
Xunzhuo approved these changes Mar 29, 2023
View reviewed changes
Copy link
Member

@Xunzhuo Xunzhuo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ericvn ericvn mentioned this pull request Mar 29, 2023
Closed
@frankbu
Copy link
Collaborator

frankbu commented Mar 29, 2023

/test doc.test.profile_none

@istio-testing istio-testing merged commit 0544065 into istio:master Mar 29, 2023
12 checks passed
@danehans danehans deleted the waypoint_status_fix branch March 29, 2023 13:59
justedennnnn pushed a commit to justedennnnn/istio.io that referenced this pull request Jun 29, 2023
@danehans @justedennnnn
Updates Gateway Status Checking (istio#12955)
f2848dc 
* Updates Gateway Status Check for Ambient Guide

Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>

* Updates status condition checking

Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>

* Bumps istio dep

Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>

* Generated changes from gen-check

Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>

---------

Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frankbu frankbu frankbu approved these changes

@ericvn ericvn ericvn approved these changes

@Xunzhuo Xunzhuo Xunzhuo approved these changes

Assignees
No one assigned
Labels
area/ambient kind/docs ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@danehans @istio-testing @ericvn @Xunzhuo @frankbu @istio-policy-bot