new CR: podnetworkconnectivitychecks.controlplane.operator.openshift.io/v1alpha1 #639
Conversation
openshift-ci-robot
added
do-not-merge/hold
sanchezl
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
sanchezl
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
| @@ -23,6 +23,7 @@ network/v1 \ | |||
| oauth/v1 \ | |||
| openshiftcontrolplane/v1 \ | |||
| operator/v1 \ | |||
| operatorcontrolplane/v1alpha1 \ | |||
There was a problem hiding this comment.
what is the rational of this group name?
There was a problem hiding this comment.
There was a problem hiding this comment.
operator.openshift.io as suggested by @deads2k is fine. Who says this will only be used in control plane operator?
| @@ -0,0 +1,163 @@ | |||
| apiVersion: apiextensions.k8s.io/v1beta1 | |||
There was a problem hiding this comment.
I did try it initially, but the crd codegen seemed to ignore it and insisted on creating the v1beta1 version instead. I can look into it later (plus i would like to clean up those scripts anyway)
There was a problem hiding this comment.
@damemi this should work, shouldn't it?
There was a problem hiding this comment.
which codegen are you using, controller-gen? Our CRD gen doesn't touch this setting that I'm aware of (just the openapi spec) so I'm wondering what tool could be causing this
There was a problem hiding this comment.
controller-gen has a crdVersions flag, which defaults to v1beta1: https://github.com/kubernetes-sigs/controller-tools/blob/master/pkg/crd/gen.go#L63-L71
There was a problem hiding this comment.
@sttts, @damemi
The version of controller-gen we are using (github.com/openshift/kubernetes-sigs-controller-tools v0.2.1-37-ga3cca5d) seems to be hard coded to use v1beta1 when generating CRDs.
https://github.com/openshift/kubernetes-sigs-controller-tools/blob/a3cca5d66f230ea5ca3554aef7e130750b841825/pkg/crd/spec.go#L25
| // be resolved. Specify an IP address for host to bypass DNS name lookup. | ||
| // +kubebuilder:validation:Required | ||
| // +required | ||
| TargetEndpoint string `json:"targetEndpoint"` |
There was a problem hiding this comment.
set the format, compare kubebuilder:validation:Format and https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apis/apiextensions/v1/types_jsonschema.go#L33
There was a problem hiding this comment.
I didn't see an appropriate format (e.g. host:port), so I will use a pattern instead:
// +kubebuilder:validation:Pattern=^\S+:\d*$
(one or more non-whitespace + ':' + port number )
There was a problem hiding this comment.
am not fluent in regexes enough: \S includes numbers and other chars allowed in hosts?
There was a problem hiding this comment.
\S is non-whitespace. So the regex means anything-non-whitespace, colon, digits.
There was a problem hiding this comment.
@sttts The regex isn't perfect, I started to write a more thorough one, but didn't see the point if it wasn't going to be perfect as it would have to handle hostnames, ipv4, ipv6 (which has :, and %, and brackets, etc..) simultaneously.
| // SourcePod names the pod from which the condition will be checked | ||
| // +kubebuilder:validation:Required | ||
| // +required | ||
| SourcePod string `json:"sourcePod"` |
There was a problem hiding this comment.
I believe you have to put ^$ around
| // SourcePod names the pod from which the condition will be checked | ||
| // +kubebuilder:validation:Required | ||
| // +required | ||
| SourcePod string `json:"sourcePod"` |
There was a problem hiding this comment.
This is really just documentation, isn't it? It won't magically add another tester sidecar. Would document that here.
There was a problem hiding this comment.
- The sidecar is added by the operator.
- The
PodNetworkConnectivityCheckresources also created by operator: one per pod, per endpoint. - The sidecar uses this field to find the endpoints it needs to test, and updates the status with results.
There was a problem hiding this comment.
This is really just documentation, isn't it? It won't magically add another tester sidecar. Would document that here.
the container looks up it's own pod name to figure out what to try to contact
There was a problem hiding this comment.
oh, ok. So in theory one could change that. Just a new object won't have any effect without a sidecar being deployed for a matching pod.
| type PodNetworkConnectivityCheckStatus struct { | ||
| // Successes contains logs successful check actions | ||
| // +optional | ||
| Successes []LogEntry `json:"successes"` |
There was a problem hiding this comment.
the last n? who defines
n?
the binary itself. let's say 10 in that binary to start. We do similar sorts of things for our operator revisions.
| // LogEntry records events | ||
| type LogEntry struct { | ||
| // Start time of check action. | ||
| Start metav1.Time `json:"time,omitempty"` |
There was a problem hiding this comment.
Same as https://github.com/openshift/api/pull/639/files#r420168738, nullable
|
|
||
| // Latency records how long the action mentioned in the entry took. | ||
| // +optional | ||
| Latency metav1.Duration `json:"latency"` |
There was a problem hiding this comment.
this must be nullable because Duration has a custom marshaller.
|
|
||
| // End of outage detected | ||
| // +kubebuilder:validation:Required | ||
| // +optional |
There was a problem hiding this comment.
optional or required?
optional, not every outage has ended.
| DNSResolve LogEntryReason = "DNSResolve" | ||
| DNSError LogEntryReason = "DNSError" | ||
| TCPConnect LogEntryReason = "TCPConnect" | ||
| TCPConnectError LogEntryReason = "TCPConnectError" |
There was a problem hiding this comment.
Error is not always timeout, for example no route to host.
There was a problem hiding this comment.
I think I wanted to say that I miss a timeout value.
sanchezl
force-pushed
the
point-to-point
branch
4 times, most recently
from
4eaed47
to
3214cbb
Compare
|
|
||
| // Status contains the observed status of the connectivity check | ||
| // +optional | ||
| Status PodNetworkConnectivityCheckStatus `json:"status,omitempty"` |
There was a problem hiding this comment.
omitempty has no effect on non-pointers.
sanchezl
force-pushed
the
point-to-point
branch
3 times, most recently
from
ba05d83
to
7f5b916
Compare
sanchezl
force-pushed
the
point-to-point
branch
2 times, most recently
from
4841bc9
to
c4f5eb1
Compare
|
/approve |
openshift-ci-robot
added
lgtm
|
|
||
| // +kubebuilder:validation:Optional | ||
| // +groupName=controlplane.operator.openshift.io | ||
| package v1alpha1 |
There was a problem hiding this comment.
fix the PR description to alpha.
sanchezl
changed the title
sanchezl
changed the title
sanchezl
changed the title
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
| // Success indicates if the log entry indicates a success or failure. | ||
| // +kubebuilder:validation:Required | ||
| // +required | ||
| Success bool `json:"success"` |
There was a problem hiding this comment.
followup: string. nothing is a bool.
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, sanchezl, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Define CRD in support of openshift/enhancements#289.