New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new CR: podnetworkconnectivitychecks.controlplane.operator.openshift.io/v1alpha1 #639
new CR: podnetworkconnectivitychecks.controlplane.operator.openshift.io/v1alpha1 #639
Conversation
@@ -23,6 +23,7 @@ network/v1 \ | |||
oauth/v1 \ | |||
openshiftcontrolplane/v1 \ | |||
operator/v1 \ | |||
operatorcontrolplane/v1alpha1 \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the rational of this group name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
operator.openshift.io as suggested by @deads2k is fine. Who says this will only be used in control plane operator?
@@ -0,0 +1,163 @@ | |||
apiVersion: apiextensions.k8s.io/v1beta1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't we support v1 now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did try it initially, but the crd codegen seemed to ignore it and insisted on creating the v1beta1 version instead. I can look into it later (plus i would like to clean up those scripts anyway)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@damemi this should work, shouldn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
which codegen are you using, controller-gen
? Our CRD gen doesn't touch this setting that I'm aware of (just the openapi spec) so I'm wondering what tool could be causing this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
controller-gen has a crdVersions
flag, which defaults to v1beta1: https://github.com/kubernetes-sigs/controller-tools/blob/master/pkg/crd/gen.go#L63-L71
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sttts, @damemi
The version of controller-gen we are using (github.com/openshift/kubernetes-sigs-controller-tools v0.2.1-37-ga3cca5d
) seems to be hard coded to use v1beta1 when generating CRDs.
https://github.com/openshift/kubernetes-sigs-controller-tools/blob/a3cca5d66f230ea5ca3554aef7e130750b841825/pkg/crd/spec.go#L25
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// be resolved. Specify an IP address for host to bypass DNS name lookup. | ||
// +kubebuilder:validation:Required | ||
// +required | ||
TargetEndpoint string `json:"targetEndpoint"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
set the format, compare kubebuilder:validation:Format
and https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apis/apiextensions/v1/types_jsonschema.go#L33
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't see an appropriate format (e.g. host:port), so I will use a pattern instead:
// +kubebuilder:validation:Pattern=^\S+:\d*$
(one or more non-whitespace + ':' + port number )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks fine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
am not fluent in regexes enough: \S
includes numbers and other chars allowed in hosts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
\S
is non-whitespace. So the regex means anything-non-whitespace, colon, digits.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sttts The regex isn't perfect, I started to write a more thorough one, but didn't see the point if it wasn't going to be perfect as it would have to handle hostnames, ipv4, ipv6 (which has :, and %, and brackets, etc..) simultaneously.
// SourcePod names the pod from which the condition will be checked | ||
// +kubebuilder:validation:Required | ||
// +required | ||
SourcePod string `json:"sourcePod"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
set the allowed values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a Pattern.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe you have to put ^$
around
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
still open
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
// SourcePod names the pod from which the condition will be checked | ||
// +kubebuilder:validation:Required | ||
// +required | ||
SourcePod string `json:"sourcePod"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really just documentation, isn't it? It won't magically add another tester sidecar. Would document that here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- The sidecar is added by the operator.
- The
PodNetworkConnectivityCheck
resources also created by operator: one per pod, per endpoint. - The sidecar uses this field to find the endpoints it needs to test, and updates the status with results.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really just documentation, isn't it? It won't magically add another tester sidecar. Would document that here.
the container looks up it's own pod name to figure out what to try to contact
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh, ok. So in theory one could change that. Just a new object won't have any effect without a sidecar being deployed for a matching pod.
type PodNetworkConnectivityCheckStatus struct { | ||
// Successes contains logs successful check actions | ||
// +optional | ||
Successes []LogEntry `json:"successes"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the last n? who defines n
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the last n? who defines
n
?
the binary itself. let's say 10 in that binary to start. We do similar sorts of things for our operator revisions.
// LogEntry records events | ||
type LogEntry struct { | ||
// Start time of check action. | ||
Start metav1.Time `json:"time,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this not required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as https://github.com/openshift/api/pull/639/files#r420168738, nullable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
|
||
// Latency records how long the action mentioned in the entry took. | ||
// +optional | ||
Latency metav1.Duration `json:"latency"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this must be nullable because Duration
has a custom marshaller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
|
||
// End of outage detected | ||
// +kubebuilder:validation:Required | ||
// +optional |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
optional or required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
optional or required?
optional, not every outage has ended.
DNSResolve LogEntryReason = "DNSResolve" | ||
DNSError LogEntryReason = "DNSError" | ||
TCPConnect LogEntryReason = "TCPConnect" | ||
TCPConnectError LogEntryReason = "TCPConnectError" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Error is not always timeout, for example no route to host.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I wanted to say that I miss a timeout value.
4eaed47
to
3214cbb
Compare
|
||
// Status contains the observed status of the connectivity check | ||
// +optional | ||
Status PodNetworkConnectivityCheckStatus `json:"status,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
omitempty has no effect on non-pointers.
ba05d83
to
7f5b916
Compare
4841bc9
to
c4f5eb1
Compare
/approve |
|
||
// +kubebuilder:validation:Optional | ||
// +groupName=controlplane.operator.openshift.io | ||
package v1alpha1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fix the PR description to alpha.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this fixed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sttts done
/retest |
/retest Please review the full test history for this PR and help us cut down flakes. |
// Success indicates if the log entry indicates a success or failure. | ||
// +kubebuilder:validation:Required | ||
// +required | ||
Success bool `json:"success"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
followup: string. nothing is a bool.
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, sanchezl, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Define CRD in support of openshift/enhancements#289.