You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For the purpose of strict namespace isolation of the operators, the peering objects must be cluster- or namespace-scoped (previously: always cluster-scoped).
For this, split the old cluster-wide KopfPeering resource into the new ClusterKopfPeering & namespaced KopfPeering, and use one of them depending on the --namespace option.
The testing of peering is performed manually — it works. More tests will be added when the whole peering subsystem will be covered with tests (as part of #13).
See also: #37 for the namespace isolation of the listing/watching API calls.
TODO:
Manually test how do the operators react to changes in the kind: KopfPeering when re-created from the cluster to the namespaced scope — in different running modes (with/without --peering, with/without --namespace). Ensure that the operators actually behave as before and as expected.
Fallback to the old CRD KopfPeering if that CRD is cluster-scoped (but not if namespaced).
Document the upgrade scenario to code first, CRDs second, never vice versa.
So far, as tested with Minikube, the behaviour is this:
Baseline: Old code, old peerings (KopfPeering is cluster-scoped, ClusterKopfPeering does not exist):
No CLI options: Auto-detection mode, cluster-wide peering was used.
--namespace=default: Uses the cluster-wide peering.
--peering=default: Uses the cluster-wide peering.
--namespace=default --peering=default: Uses the cluster-wide peering.
Mainline: New code, old peerings (KopfPeering is cluster-scoped, ClusterKopfPeering does not exist):
No CLI options: Auto-switches to standalone mode with a warning (mismatches❗️).
--namespace=default: Uses the cluster-wide peering (as expected ✅ ).
--peering=default: Fails with "The peering was not found (mismatches❗️).
--namespace=default --peering=default: Uses the cluster-wide peering (as expected ✅ ).
Edgecase: Old code, new peerings (KopfPeering is namespaced, ClusterKopfPeering is cluster-scoped).
Fails with "Namespace parameter required" (mismatches❗️).
Both cases of (new code + old peerings) fail because they try to use the ClusterKopfPeering CRD, which does not exist there — due to if namespace is None condition. They work fine if the CRD is the old one, KopfPeering.
All cases of (old code + new peerings) fail since they use the now-namespaced CRD (KopfPeering) with a cluster-scoped method (get_cluster_custom_object()).
This is not solvable, since it can only be done with a new version which supports the fallback to ClusterKopfPeering — and if one needs to upgrade, why not to upgrade to the new code with both old & new peerings supported; i.e. the transitional releases make no sense.
Rebased on master, and added the fallback scenario for the legacy mode (cluster-scoped KopfPeering). As tested manually, the new code works as expected both in the legacy mode (of the cluster) and in the new mode (as documented).
For the purpose of strict namespace isolation of the operators, the peering objects must be cluster- or namespace-scoped (previously: always cluster-scoped).
For this, split the old cluster-wide
KopfPeeringresource into the newClusterKopfPeering& namespacedKopfPeering, and use one of them depending on the--namespaceoption.The testing of peering is performed manually — it works. More tests will be added when the whole peering subsystem will be covered with tests (as part of #13).
Docs preview:
See also: #37 for the namespace isolation of the listing/watching API calls.
TODO:
kind: KopfPeeringwhen re-created from the cluster to the namespaced scope — in different running modes (with/without--peering, with/without--namespace). Ensure that the operators actually behave as before and as expected.KopfPeeringif that CRD is cluster-scoped (but not if namespaced).So far, as tested with Minikube, the behaviour is this:
--namespace=default: Uses the cluster-wide peering.--peering=default: Uses the cluster-wide peering.--namespace=default --peering=default: Uses the cluster-wide peering.--namespace=default: Uses the cluster-wide peering (as expected ✅ ).--peering=default: Fails with "The peering was not found (mismatches❗️).--namespace=default --peering=default: Uses the cluster-wide peering (as expected ✅ ).Both cases of (new code + old peerings) fail because they try to use the
ClusterKopfPeeringCRD, which does not exist there — due toif namespace is Nonecondition. They work fine if the CRD is the old one,KopfPeering.All cases of (old code + new peerings) fail since they use the now-namespaced CRD (KopfPeering) with a cluster-scoped method (
get_cluster_custom_object()).This is not solvable, since it can only be done with a new version which supports the fallback to
ClusterKopfPeering— and if one needs to upgrade, why not to upgrade to the new code with both old & new peerings supported; i.e. the transitional releases make no sense.Rebased on master, and added the fallback scenario for the legacy mode (cluster-scoped KopfPeering). As tested manually, the new code works as expected both in the legacy mode (of the cluster) and in the new mode (as documented).
samurang87 aweller It can be reviewed and merged to master now.
The text was updated successfully, but these errors were encountered: