docs: update README #155
docs: update README #155
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
approved
README.md
Outdated
|
|
||
| The operator tries to be useful out of the box by creating a working default deployment based on the cluster's configuration. | ||
| #### Ingress Operator enables Routes and Kubernetes Ingress on OpenShift. |
There was a problem hiding this comment.
This heading seems superfluous and looks kind of strange (it renders in bold-face, so it looks like an emphatic statement rather than a heading).
There was a problem hiding this comment.
Intention is to have a one-sentence tagline/"what is this thing"... recommendations?
There was a problem hiding this comment.
Updated... better?
|
cc @rjhowe — would love your feedback on whether this is starting to look more useful. Note it references in-flight API changes/docs: openshift/api#219 |
README.md
Outdated
| #### HostNetwork | ||
|
|
||
| The [HostNetwork]() strategy uses host networking to publish the ingress | ||
| controller on node ports where the ingress controller is deployed. |
There was a problem hiding this comment.
The reader could interpret "on node ports" to mean "using a nodeport service". How about "directly on the node host where the ingress controller is deployed"?
There was a problem hiding this comment.
Agree... although we might be able to hold off on this strategy entirely for 4.0, need to discuss tomorrow.
README.md
Outdated
|
|
||
|  | ||
|
|
||
| ## Troubleshoot |
There was a problem hiding this comment.
Fixed throughout
README.md
Outdated
| $ oc describe --namespace=openshift-ingress-operator ingresscontroller/<name> | ||
| ``` | ||
|
|
||
| ## Contribute |
|
|
||
| ```shell | ||
| $ oc describe --namespace=openshift-ingress-operator ingresscontroller/<name> | ||
| ``` |
There was a problem hiding this comment.
How about logs for the ingress controller (i.e., router)?
$ oc logs --namespace=openshift-ingress deployments/router-<name>(Are we going to rename "router" to "ingress-controller"?)
There was a problem hiding this comment.
Waffled on this one... is exposing a potentially volatile naming convention problematic? Is there some other way we could direct users to the logs via the ingresscontroller? Random ideas:
- Implement
oc logsfor aningresscontrollerto abstract discovery of the deployment - Report the deployment name on status
- Document a stable selector for the deployment to pass to
oc logs --selector
|
|
||
| ## How to help | ||
| To provide this functionality, Ingress Operator deploys and manages the | ||
| [OpenShift router](https://github.com/openshift/router) — a |
There was a problem hiding this comment.
The name of the operator repo is "cluster-ingress-operator". The title of the doc is "OpenShift Ingress Operator". ClusterIngress has now transitioned to IngressController. OpenShift includes CR's for cluster/ingresses.config.openshift.io and supports the Kubernetes Ingress resource. I can see how a user would get confused. Should the name of the repo and readme title be more closely align to IngressController? For example, repo name "ingress-controller-operator" and title "OpenShift Ingress Controller Operator"?
There was a problem hiding this comment.
Changing the name of the repository is a more onerous endeavor and goes beyond the scope of this PR IMO. Otherwise, the naming makes sense to me: the ingress operator manages the ingress controller, which works with the ingress (sort of) and (really) route resources.
There was a problem hiding this comment.
Ingress Controller Operator vs. Ingress Operator sounds like a good list discussion.
Changing the labels, annotations, and resource names would have a few considerations, mostly self-contained to this project, although we have to be careful about resource names (which I believe are currently being used as an informal contract in some cases and which could potentially be replaced by stable label selectors).
Changing the repo name would have enough ripple effects to warrant its own design document (this isn't meant to be snarky — just a statement of fact for consideration).
README.md
Outdated
|
|
||
| The operator tries to be useful out of the box by creating a working default deployment based on the cluster's configuration. | ||
| #### Ingress Operator enables Routes and Kubernetes Ingress on OpenShift. |
README.md
Outdated
| ## Manage | ||
|
|
||
| Ingress Operator provides the OpenShift [ingresscontroller API](). Create and | ||
| edit `ingresscontroller.operator.openshift.io` resources to manage ingress |
There was a problem hiding this comment.
Ingress Operator provides the OpenShift ingresscontroller API
Can you help me better understand this? I thought the api type was moving to openshift/api and the operator is performing a list & watch on ingresscontroller (formerly clusteringress)?
There was a problem hiding this comment.
Agreed, it would be clearer to say, "Ingress Operator implements the OpenShift ingresscontroller API."
| controllers. | ||
|
|
||
| Interact with ingress controllers using the `oc` command. Every ingress | ||
| controller lives in the `openshift-ingress-operator` namespace. |
There was a problem hiding this comment.
Every ingress controller lives in the
openshift-ingress-operatornamespace.
should we say, by default?
There was a problem hiding this comment.
For now, we do not handle a ingresscontroller it if it is not in openshift-ingress-operator, so I think this statement is fine for now... although there is some ambiguity between the ingresscontroller resource and the ingress controller (née router) itself.
README.md
Outdated
|
|
||
| #### Private | ||
|
|
||
| The [Private]() strategy does not publish the ingress controller. |
There was a problem hiding this comment.
What would be a use case for private? I've never heard of an ingress controller not being exposed outside a cluster.
There was a problem hiding this comment.
On some clusters, the administrator wants to run an ingress controller that serves only to pods inside the cluster.
There was a problem hiding this comment.
Or as a way to manage it yourself through some unmanaged solution (e.g. wrap it with a NodePort)
|
|
||
| The [Private]() strategy does not publish the ingress controller. | ||
|
|
||
|  |
There was a problem hiding this comment.
I do not see any service in docs/images/endpoint-publishing-private.png. I thought a service of type ClusterIP is still created for internal traffic?
There was a problem hiding this comment.
There is the "internal" service, which we create irrespective of the endpoint publishing strategy; might be worth adding to the diagrams.
There was a problem hiding this comment.
Do admins care about the internal service? Is the internal service useful for anything but communications between the ingress controller and other OpenShift components (e.g. prometheus)? Would the internal service be a candidate for a separate internal architecture design?
There was a problem hiding this comment.
The internal service is the only predictable endpoint by which pods can connect to a private ingresscontroller, without additional configuration on the part of the cluster administrator.
There was a problem hiding this comment.
Any pods on the cluster, infrastructure or end-user, that need to connect to any routes that are served by the private ingresscontroller.
There was a problem hiding this comment.
It may be that we want to recommend a different approach (other than using the internal service that the operator creates) for this use-case.
There was a problem hiding this comment.
Is it fair to characterize the internal service as an implementation detail at this time?
README.md
Outdated
| To scale an ingress controller: | ||
|
|
||
| ```shell | ||
| $ oc scale --replicas=1 --namespace=openshift-ingress-operator ingresscontroller/<name> |
There was a problem hiding this comment.
Link to kubernetes/kubernetes#75210?
There was a problem hiding this comment.
Now we're showing two ways and making a note about oc scale
|
|
||
| ### Endpoint publishing | ||
|
|
||
| The `.spec.endpointPublishingStrategy` field is used to publish the ingress |
There was a problem hiding this comment.
I'm not sure what "publish the ingress controller endpoints to other networks" means; is that referring to DNS?
There was a problem hiding this comment.
Basically lifted from our new public API docs; do you feel the API docs are similarly confusing? What would you propose here as an alternative, and would you suggest we upstream a change as well?
|
|
||
| // Get all ingresscontrollers | ||
| // if one already exists with same ci.spec.domain, set status, log event, etc. | ||
| // and skip reconciliation |
|
What do you think of reversing the order in which the publishing strategies are described, in order to have a progression from simplest to most complex? |
The current way is what I would characterize as "likely the default/most features first" to "things you only see if you customize last". Do you see the strategies as a progressive series of layered concepts? It's not clear to me that they're layered so much as just "different" |
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
I do at a conceptual level, although there are discrepancies in the implementation (host networking versus node ports) and presentation (showing multiple nodes versus leaving it implicit) that diminish this viewpoint. I don't feel strongly if you want to leave this as it is. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ironcladlou, Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Add more detail to the README.
Depends on openshift/api#219.
Will depend on the followup to openshift/api#219 which integrates with the new API.