OPNET-351: Extend infra CR to store VIPs and MachineNetwork #1593
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@mkowalski: This pull request references OPNET-351 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1 similar comment
|
@mkowalski: This pull request references OPNET-351 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Hello @mkowalski! Some important instructions when contributing to openshift/api: |
openshift-ci
bot
added
the
size/L
mkowalski
force-pushed
the
OPNET-351
branch
2 times, most recently
from
58a18cd
to
8f95a94
Compare
|
/cc @cybertron /cc @MaysaMacedo /cc @rvanderp3 |
openshift-ci
bot
requested review from
cybertron,
MaysaMacedo and
rvanderp3
mkowalski
force-pushed
the
OPNET-351
branch
from
8f95a94
to
9ba1ad7
Compare
|
/retest Prow is choking |
mkowalski
force-pushed
the
OPNET-351
branch
2 times, most recently
from
2b0d5c4
to
bbf3a91
Compare
openshift-ci
bot
added
size/XL
mkowalski
force-pushed
the
OPNET-351
branch
3 times, most recently
from
58b2953
to
657f306
Compare
| maxItems: 2 | ||
| type: array | ||
| x-kubernetes-list-type: set | ||
| machineNetworks: |
There was a problem hiding this comment.
Is machineNetworks required once apiServerInternalIPs and ingressIPs are set? If yes, should that be documented/verified?
There was a problem hiding this comment.
No it is not because we need to support upgraded clusters. As the only source of this information is install-config.yaml to which Cluster Network Operator has no access, it can be only o/installer who sets this field during installation time.
So for newly installed 4.15 clusters we will populate this field and for clusters that originated in 4.14 or older this field will remain empty.
Also I know about at least one platform which users do not know the concept of Machine Network even though they use API/Ingress VIPs. I do not know how it started, but at some point someone started setting a catch-all CIDR as machine network for them so for a while we had clusters with something like 0.0.0.0/0 as machine network. This never failed because no component in OCP really used this subnet, but it's to give you the idea of how people misuse or ignore this parameter.
|
Hey folks, can we get approve+lgtm on this unless there are more changes requested? That would unblock the works in o/installer and CNO |
|
/lgtm |
mkowalski
force-pushed
the
OPNET-351
branch
2 times, most recently
from
3a8e0d3
to
18e6f05
Compare
|
/retest-required |
|
/test e2e-aws-ovn Not my failure |
|
/test e2e-aws-ovn Failure of unrelated test |
| @@ -1176,6 +1291,11 @@ type VSpherePlatformStatus struct { | |||
| // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade | |||
| // +optional | |||
| LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"` | |||
|
|
|||
| // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. | |||
There was a problem hiding this comment.
How many networks are supported? We should add a limit to the length of this list and explain that limit in the godoc
Can we add a comment inline that explains that the values in the list should be either of ipv4 or ipv6 CIDR notation
There was a problem hiding this comment.
There is no limit on machine networks supported today. There are no rules as for the order of IP stacks in the list of machine networks today. This one field already in install-config.yaml is a bit of wild west, mainly for the reason that it's not used anywhere for real
We have a comment explaining notation added to the Spec. In Status I am not doing this because it's read only and no one should modify it
There was a problem hiding this comment.
Ok. so while I appreciate it's currently wild west, what do you think users are actually using? Do you think we could justify limiting this to 32 networks? This new API will only affect new clusters anyway right?
There was a problem hiding this comment.
I am okay with limiting to 32 right now but we need to be aware there may be incoming request to increase this. Let me explain the use case...
We have this thingy called "remote worker nodes". While in the most basic setup it means you have masters in 1st subnet and workers in 2nd (separate) subnet, I can easily imagine a customer deploying cluster with 100 workers where each of them lives in its own subnet. I believe it's only a matter of time, but again, today limit of 32 should be okay and in the worst case we receive a bugzilla to increase it.
This new API will only affect new clusters anyway right?
Yes, this is correct. The new MachineNetwork fields will remain empty for already existing clusters (even those that are upgraded to 4.15) because we don't have today any means to backfill it
There was a problem hiding this comment.
I'm gonna wager we won't get that request any time soon, but you may tell me you told me so if we do. It would be relaxing the API validation so is a compatible change given that we control the consumers of the field.
There was a problem hiding this comment.
Yep, it will be a very easy change to do shall we ever need it
config/v1/types_infrastructure.go
Outdated
| // machineNetworks are IP networks used to connect all the OpenShift cluster | ||
| // nodes. Each network is provided in the CIDR format, e.g. "192.0.2.0/24". |
There was a problem hiding this comment.
You should explain that this supports ipv6 as well.
Is there a length limit that we can put on this list please?
There was a problem hiding this comment.
Changed a comment to
// machineNetworks are IP networks used to connect all the OpenShift cluster
// nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,
// for example "10.0.0.0/8" or "fd00::/8".
We can not add length limit for the reasons explained above (i.e. the same field in install-config.yaml has no limits and in general in OCP we allow as many machine networks as you want)
mkowalski
force-pushed
the
OPNET-351
branch
2 times, most recently
from
6cdc2e1
to
76bd105
Compare
In order to enable work around mutable VIPs we are extending the Infrastructure CR to hold VIPs in the spec and not only in the status. In order to be able to perform proper validations (which currently only happen in o/installer as VIPs are immutable) we are storing machine networks alongside. Implements: OPNET-351 Contributes-to: OPNET-80 Contributes-to: OPNET-340
openshift-ci
bot
added
size/XXL
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoelSpeed, MaysaMacedo, mkowalski The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@mkowalski: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build ose-cluster-config-api-container-v4.15.0-202311202349.p0.gf872698.assembly.stream for distgit ose-cluster-config-api. |
This commit bumps openshift/api dependency in order to be able to use work done in openshift/api#1593. We want to be able to use new fields in the Infrastructure CR that have been added by the PR mentioned above.
This commit bumps openshift/api dependency in order to be able to use work done in openshift/api#1593. It bumps openshift/client-go in order to be able to interact with new fields implemented in the PR mentioned above.
This commit bumps openshift/api dependency in order to be able to use work done in openshift/api#1593. It bumps openshift/client-go in order to be able to interact with new fields implemented in the PR mentioned above.
This commit bumps openshift/api dependency in order to be able to use work done in openshift/api#1593. It bumps openshift/client-go in order to be able to interact with new fields implemented in the PR mentioned above.
This commit bumps openshift/api dependency in order to be able to use work done in openshift/api#1593. It bumps openshift/client-go in order to be able to interact with new fields implemented in the PR mentioned above.
In openshift/api#1593 OpenShift API got new fields related to the network configuration. PR bumps openshift/client-go in order to be able to interact with new fields implemented in the PR mentioned above.
|
/revert |
In order to enable work around mutable VIPs we are extending the Infrastructure CR to hold VIPs in the spec and not only in the status.
In order to be able to perform proper validations (which currently only happen in o/installer as VIPs are immutable) we are storing machine networks alongside.
Implements: OPNET-351
Contributes-to: OPNET-80
Contributes-to: OPNET-340