Skip to content

Allow ports on host to be specified for HostNetwork Ingresses #1097

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 31, 2022
Merged

Allow ports on host to be specified for HostNetwork Ingresses #1097

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,28 @@ spec:
description: hostNetwork holds parameters for the HostNetwork
endpoint publishing strategy. Present only if type is HostNetwork.
properties:
httpPort:
default: 80
description: httpPort is the port on the host which should
be used to listen for HTTP requests. This field should be
set when port 80 is already in use. The value should not
coincide with the NodePort range of the cluster. When not
specified the value defaults to 80.
format: int32
maximum: 65535
minimum: 1
type: integer
httpsPort:
default: 443
description: httpsPort is the port on the host which should
be used to listen for HTTPS requests. This field should
be set when port 443 is already in use. The value should
not coincide with the NodePort range of the cluster. When
not specified the value defaults to 443.
format: int32
maximum: 65535
minimum: 1
type: integer
protocol:
description: "protocol specifies whether the IngressController
expects incoming connections to use plain TCP or whether
Expand All @@ -167,6 +189,29 @@ spec:
- TCP
- PROXY
type: string
statsPort:
default: 1936
description: statsPort is the port on the host where the stats
from the router are published. The value should not coincide
with the NodePort range of the cluster. If an external load
balancer is configured to forward connections to this IngressController,
the load balancer should use this port for health checks.
The load balancer can send HTTP probes on this port on a
given node, with the path /healthz/ready to determine if
the ingress controller is ready to receive traffic on the
node. For proper operation the load balancer must not forward
traffic to a node until the health check reports ready.
The load balancer should also stop forwarding requests within
a maximum of 45 seconds after /healthz/ready starts reporting
not-ready. Probing every 5 to 10 seconds, with a 5-second
timeout and with a threshold of two successful or failed
requests to become healthy or unhealthy respectively, are
well-tested values. When not specified the value defaults
to 1936.
format: int32
maximum: 65535
minimum: 1
type: integer
type: object
loadBalancer:
description: loadBalancer holds parameters for the load balancer.
Expand Down Expand Up @@ -1251,6 +1296,28 @@ spec:
description: hostNetwork holds parameters for the HostNetwork
endpoint publishing strategy. Present only if type is HostNetwork.
properties:
httpPort:
default: 80
description: httpPort is the port on the host which should
be used to listen for HTTP requests. This field should be
set when port 80 is already in use. The value should not
coincide with the NodePort range of the cluster. When not
specified the value defaults to 80.
format: int32
maximum: 65535
minimum: 1
type: integer
httpsPort:
default: 443
description: httpsPort is the port on the host which should
be used to listen for HTTPS requests. This field should
be set when port 443 is already in use. The value should
not coincide with the NodePort range of the cluster. When
not specified the value defaults to 443.
format: int32
maximum: 65535
minimum: 1
type: integer
protocol:
description: "protocol specifies whether the IngressController
expects incoming connections to use plain TCP or whether
Expand All @@ -1274,6 +1341,29 @@ spec:
- TCP
- PROXY
type: string
statsPort:
default: 1936
description: statsPort is the port on the host where the stats
from the router are published. The value should not coincide
with the NodePort range of the cluster. If an external load
balancer is configured to forward connections to this IngressController,
the load balancer should use this port for health checks.
The load balancer can send HTTP probes on this port on a
given node, with the path /healthz/ready to determine if
the ingress controller is ready to receive traffic on the
node. For proper operation the load balancer must not forward
traffic to a node until the health check reports ready.
The load balancer should also stop forwarding requests within
a maximum of 45 seconds after /healthz/ready starts reporting
not-ready. Probing every 5 to 10 seconds, with a 5-second
timeout and with a threshold of two successful or failed
requests to become healthy or unhealthy respectively, are
well-tested values. When not specified the value defaults
to 1936.
format: int32
maximum: 65535
minimum: 1
type: integer
type: object
loadBalancer:
description: loadBalancer holds parameters for the load balancer.
Expand Down
40 changes: 40 additions & 0 deletions operator/v1/types_ingress.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,46 @@ type HostNetworkStrategy struct {
// +kubebuilder:validation:Optional
// +optional
Protocol IngressControllerProtocol `json:"protocol,omitempty"`

// httpPort is the port on the host which should be used to listen for
// HTTP requests. This field should be set when port 80 is already in use.
Copy link
Contributor

@Miciah Miciah Mar 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For each new field, please add a sentence describing the default value. The default value that is specified by the kubebuilder tag doesn't show in generated Swagger or the OpenAPI schema.

// The value should not coincide with the NodePort range of the cluster.
// When not specified the value defaults to 80.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Maximum=65535
// +kubebuilder:validation:Minimum=1
// +kubebuilder:default=80
HTTPPort int32 `json:"httpPort"`
Copy link
Contributor

@deads2k deads2k Mar 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRD changes can be observed on a delay. What does the operator do when this field is zero-value, not 80, because the kube-apiserver has not observed the default.

Copy link
Contributor Author

@arjunrn arjunrn Mar 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will have the same defaults also in the operator so if a 0 is observed it is defaulted there as well.

https://github.com/openshift/cluster-ingress-operator/pull/694/files#L392-L404


// httpsPort is the port on the host which should be used to listen for
// HTTPS requests. This field should be set when port 443 is already in use.
// The value should not coincide with the NodePort range of the cluster.
// When not specified the value defaults to 443.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Maximum=65535
// +kubebuilder:validation:Minimum=1
// +kubebuilder:default=443
HTTPSPort int32 `json:"httpsPort"`

// statsPort is the port on the host where the stats from the router are
// published. The value should not coincide with the NodePort range of the
// cluster. If an external load balancer is configured to forward connections
// to this IngressController, the load balancer should use this port for
// health checks. The load balancer can send HTTP probes on this port on a
// given node, with the path /healthz/ready to determine if the ingress
// controller is ready to receive traffic on the node. For proper operation
// the load balancer must not forward traffic to a node until the health
// check reports ready. The load balancer should also stop forwarding requests
// within a maximum of 45 seconds after /healthz/ready starts reporting
// not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with
// a threshold of two successful or failed requests to become healthy or
// unhealthy respectively, are well-tested values. When not specified the
// value defaults to 1936.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Maximum=65535
Copy link
Contributor

@deads2k deads2k Mar 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we know where the nodeport range starts in openshift clusters?

Copy link
Contributor Author

@arjunrn arjunrn Mar 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears to be configurable. The default is 30000-32767 but a user could configure it to start at a lower port number than 30000. Also the user might want to use a port outside the nodeport range, both higher or lower.

Copy link
Contributor

@deads2k deads2k Mar 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

// +kubebuilder:validation:Minimum=1
// +kubebuilder:default=1936
StatsPort int32 `json:"statsPort"`
}

// PrivateStrategy holds parameters for the Private endpoint publishing
Expand Down
7 changes: 5 additions & 2 deletions operator/v1/zz_generated.swagger_doc_generated.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.