-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: update README #155
docs: update README #155
Conversation
README.md
Outdated
|
||
The operator tries to be useful out of the box by creating a working default deployment based on the cluster's configuration. | ||
#### Ingress Operator enables Routes and Kubernetes Ingress on OpenShift. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This heading seems superfluous and looks kind of strange (it renders in bold-face, so it looks like an emphatic statement rather than a heading).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Intention is to have a one-sentence tagline/"what is this thing"... recommendations?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated... better?
cc @rjhowe — would love your feedback on whether this is starting to look more useful. Note it references in-flight API changes/docs: openshift/api#219 |
README.md
Outdated
#### HostNetwork | ||
|
||
The [HostNetwork]() strategy uses host networking to publish the ingress | ||
controller on node ports where the ingress controller is deployed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reader could interpret "on node ports" to mean "using a nodeport service". How about "directly on the node host where the ingress controller is deployed"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree... although we might be able to hold off on this strategy entirely for 4.0, need to discuss tomorrow.
README.md
Outdated
|
||
![Image of Private](docs/images/endpoint-publishing-private.png) | ||
|
||
## Troubleshoot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Troubleshooting"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed throughout
README.md
Outdated
$ oc describe --namespace=openshift-ingress-operator ingresscontroller/<name> | ||
``` | ||
|
||
## Contribute |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Contributing"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
|
||
```shell | ||
$ oc describe --namespace=openshift-ingress-operator ingresscontroller/<name> | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about logs for the ingress controller (i.e., router)?
$ oc logs --namespace=openshift-ingress deployments/router-<name>
(Are we going to rename "router" to "ingress-controller"?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Waffled on this one... is exposing a potentially volatile naming convention problematic? Is there some other way we could direct users to the logs via the ingresscontroller? Random ideas:
- Implement
oc logs
for aningresscontroller
to abstract discovery of the deployment - Report the deployment name on status
- Document a stable selector for the deployment to pass to
oc logs --selector
|
||
## How to help | ||
To provide this functionality, Ingress Operator deploys and manages the | ||
[OpenShift router](https://github.com/openshift/router) — a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"a"→"an"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The name of the operator repo is "cluster-ingress-operator". The title of the doc is "OpenShift Ingress Operator". ClusterIngress
has now transitioned to IngressController
. OpenShift includes CR's for cluster
/ingresses.config.openshift.io
and supports the Kubernetes Ingress
resource. I can see how a user would get confused. Should the name of the repo and readme title be more closely align to IngressController
? For example, repo name "ingress-controller-operator" and title "OpenShift Ingress Controller Operator"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changing the name of the repository is a more onerous endeavor and goes beyond the scope of this PR IMO. Otherwise, the naming makes sense to me: the ingress operator manages the ingress controller, which works with the ingress (sort of) and (really) route resources.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ingress Controller Operator vs. Ingress Operator sounds like a good list discussion.
Changing the labels, annotations, and resource names would have a few considerations, mostly self-contained to this project, although we have to be careful about resource names (which I believe are currently being used as an informal contract in some cases and which could potentially be replaced by stable label selectors).
Changing the repo name would have enough ripple effects to warrant its own design document (this isn't meant to be snarky — just a statement of fact for consideration).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The readme update is coming along nicely. I have a few questions/comments inline.
README.md
Outdated
|
||
The operator tries to be useful out of the box by creating a working default deployment based on the cluster's configuration. | ||
#### Ingress Operator enables Routes and Kubernetes Ingress on OpenShift. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
README.md
Outdated
## Manage | ||
|
||
Ingress Operator provides the OpenShift [ingresscontroller API](). Create and | ||
edit `ingresscontroller.operator.openshift.io` resources to manage ingress |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ingress Operator provides the OpenShift ingresscontroller API
Can you help me better understand this? I thought the api type was moving to openshift/api and the operator is performing a list & watch on ingresscontroller
(formerly clusteringress
)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, it would be clearer to say, "Ingress Operator implements the OpenShift ingresscontroller API."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated, PTAL
controllers. | ||
|
||
Interact with ingress controllers using the `oc` command. Every ingress | ||
controller lives in the `openshift-ingress-operator` namespace. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Every ingress controller lives in the
openshift-ingress-operator
namespace.
should we say, by default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For now, we do not handle a ingresscontroller
it if it is not in openshift-ingress-operator
, so I think this statement is fine for now... although there is some ambiguity between the ingresscontroller
resource and the ingress controller (née router) itself.
README.md
Outdated
|
||
#### Private | ||
|
||
The [Private]() strategy does not publish the ingress controller. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What would be a use case for private? I've never heard of an ingress controller not being exposed outside a cluster.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On some clusters, the administrator wants to run an ingress controller that serves only to pods inside the cluster.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or as a way to manage it yourself through some unmanaged solution (e.g. wrap it with a NodePort)
|
||
The [Private]() strategy does not publish the ingress controller. | ||
|
||
![Image of Private](docs/images/endpoint-publishing-private.png) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not see any service in docs/images/endpoint-publishing-private.png
. I thought a service of type ClusterIP
is still created for internal traffic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is the "internal" service, which we create irrespective of the endpoint publishing strategy; might be worth adding to the diagrams.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do admins care about the internal service? Is the internal service useful for anything but communications between the ingress controller and other OpenShift components (e.g. prometheus)? Would the internal service be a candidate for a separate internal architecture design?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The internal service is the only predictable endpoint by which pods can connect to a private ingresscontroller, without additional configuration on the part of the cluster administrator.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What pods?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any pods on the cluster, infrastructure or end-user, that need to connect to any routes that are served by the private ingresscontroller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may be that we want to recommend a different approach (other than using the internal service that the operator creates) for this use-case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it fair to characterize the internal service as an implementation detail at this time?
README.md
Outdated
To scale an ingress controller: | ||
|
||
```shell | ||
$ oc scale --replicas=1 --namespace=openshift-ingress-operator ingresscontroller/<name> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Link to kubernetes/kubernetes#75210?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now we're showing two ways and making a note about oc scale
|
||
### Endpoint publishing | ||
|
||
The `.spec.endpointPublishingStrategy` field is used to publish the ingress |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure what "publish the ingress controller endpoints to other networks" means; is that referring to DNS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Basically lifted from our new public API docs; do you feel the API docs are similarly confusing? What would you propose here as an alternative, and would you suggest we upstream a change as well?
|
||
// Get all ingresscontrollers | ||
// if one already exists with same ci.spec.domain, set status, log event, etc. | ||
// and skip reconciliation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤦♂️
What do you think of reversing the order in which the publishing strategies are described, in order to have a progression from simplest to most complex? |
The current way is what I would characterize as "likely the default/most features first" to "things you only see if you customize last". Do you see the strategies as a progressive series of layered concepts? It's not clear to me that they're layered so much as just "different" |
I do at a conceptual level, although there are discrepancies in the implementation (host networking versus node ports) and presentation (showing multiple nodes versus leaving it implicit) that diminish this viewpoint. I don't feel strongly if you want to leave this as it is. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ironcladlou, Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Add more detail to the README.
Depends on openshift/api#219.
Will depend on the followup to openshift/api#219 which integrates with the new API.