New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2079517: Use externalTrafficPolicy: Cluster with OVN #713
Bug 2079517: Use externalTrafficPolicy: Cluster with OVN #713
Conversation
@Miciah: This pull request references Bugzilla bug 2060542, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
// externalTrafficPolicy: Local is unsupported by OVN in | ||
// OpenShift 4.9 and earlier; see | ||
// <https://bugzilla.redhat.com/show_bug.cgi?id=2060542>. | ||
if networkType == "OVN-Kubernetes" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
its OVNKubernetes
, we should probably hardcode tha value as a constant to avoid the typo?
reference: https://github.com/openshift/api/blob/fb6f933bb8d5ce8454a8777c0c4782c193ef5674/operator/v1/types_network.go#L536
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I didn't think to check for named constants because the Spec.NetworkType
field of the Network
type in config/v1/types_network.go
is a string type. I wonder whether the field could be changed to use the NetworkType
type; I suppose if the same values are allowed, it may be all right to change the type, although it would require changes in any Go code using the Go type definitions.
@@ -524,8 +530,8 @@ func loadBalancerServiceTagsModified(current, expected *corev1.Service) (bool, * | |||
// return value is nil. Otherwise, if something or someone else has modified | |||
// the service, then the return value is a non-nil error indicating that the | |||
// modification must be reverted before upgrading is allowed. | |||
func loadBalancerServiceIsUpgradeable(ic *operatorv1.IngressController, deploymentRef metav1.OwnerReference, current *corev1.Service, platform *configv1.PlatformStatus) error { | |||
want, desired, err := desiredLoadBalancerService(ic, deploymentRef, platform) | |||
func loadBalancerServiceIsUpgradeable(ic *operatorv1.IngressController, deploymentRef metav1.OwnerReference, current *corev1.Service, platform *configv1.PlatformStatus, networkConfig *configv1.Network) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@danwinship or @squeed : I have always been confused as to when to use the operv1 versus configv1 api for things. Could you please configm if using configv1 ^ is ok here? Seems like for config we support sdn and ovn: https://github.com/openshift/api/blob/d5252bac47154049f80d49eff7fec5bb642be9af/config/v1/types_network.go#L44 and for operator we support the other ones like kuryr etc..sorry for the dumb question, I probably should be knowing these things by now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is confusing that operator/v1/types_network.go
defines these named constants, but config/v1/types_network.go
just uses a string type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tssurya good question! In this case, it doesn't really matter, because configv1 NetworkType is inferred from configv1. Since configv1 is guaranteed to be set from cluster creation, it is slightly better to use. But it really, really, really doesn't matter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is confusing that
operator/v1/types_network.go
defines these named constants [but configv1 doesn't]
That's because you can run a cluster with a third-party network operator - so we need to support arbitrary network types in configv1. But operv1 defines what the openshift cluster network operator supports.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because configv1 NetworkType is inferred from configv1.
you meant from operv1?
(later)... I see you meant configv1 that users set! got it :)
Since configv1 is guaranteed to be set from cluster creation, it is slightly better to use. But it really, really, really doesn't matter.
ack thanks casey! makes sense. @Miciah so I think we are good here.
thanks @Miciah for the quick fix, appreciate it! |
a777e70
to
fddf13c
Compare
Bootstrap failures. |
// OpenShift 4.9 and earlier; see | ||
// <https://bugzilla.redhat.com/show_bug.cgi?id=2060542>. | ||
if networkType == string(operatorv1.NetworkTypeOVNKubernetes) { | ||
service.Spec.ExternalTrafficPolicy = "Cluster" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: we could use the https://github.com/kubernetes/kubernetes/blob/e6c093d87ea4cbb530a7b2ae91e54c0842d8308a/pkg/apis/core/types.go#L3672 constant from upstream
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. Thanks!
fddf13c
to
15202ad
Compare
Failed to launch the cluster:
/test e2e-aws-operator |
15202ad
to
7b3de00
Compare
#711 merged, and I've rebased this PR; ignoring the changes from #711, the diff for this PR is exactly the same but for some line numbers (compare https://github.com/openshift/cluster-ingress-operator/commit/15202ad247d0dedaadec7c2564b60db9800f50ff.patch and https://github.com/openshift/cluster-ingress-operator/commit/7b3de002a1bf5373504d2b5dde2985cec012aecf.patch). |
/hold cancel |
OVN-Kubernetes in OpenShift 4.9 and earlier does not support externalTrafficPolicy: Local, and specifying it is reported to result in imbalanced traffic for some users. This commit checks the cluster network type and sets externalTrafficPolicy: Cluster on the LoadBalancer-type service that the operator creates for ingress if the network type is "OVN-Kubernetes". This commit fixes bug 2079517. https://bugzilla.redhat.com/show_bug.cgi?id=2079517 * pkg/operator/controller/ingress/controller.go (ensureIngressController): Pass the network config to ensureLoadBalancerService and syncIngressControllerStatus. * pkg/operator/controller/ingress/load_balancer_service.go (ensureLoadBalancerService, loadBalancerServiceIsUpgradeable): Add a parameter for the network config. Pass the network type from the network config to desiredLoadBalancerService. (desiredLoadBalancerService): Add a parameter for the network type. Set externalTrafficPolicy: Cluster if the network type is "OVN-Kubernetes". * pkg/operator/controller/ingress/load_balancer_service_test.go (TestDesiredLoadBalancerService): Add a test case for OVN-Kubernetes. * pkg/operator/controller/ingress/status.go (syncIngressControllerStatus): Add a parameter for the network config. Pass the config to computeIngressUpgradeableCondition. (computeIngressUpgradeableCondition): Add a parameter for the network config. Pass the network config to loadBalancerServiceIsUpgradeable. * pkg/operator/controller/ingress/status_test.go (TestComputeIngressUpgradeableCondition): Pass the network type to desiredLoadBalancerService and the network config to computeIngressUpgradeableCondition.
7b3de00
to
e4aeaf7
Compare
@Miciah: An error was encountered querying GitHub for users with public email (hongli@redhat.com) for bug 2079517 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
non-200 OK status code: 403 Forbidden body: "{\n \"documentation_url\": \"https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#secondary-rate-limits\",\n \"message\": \"You have exceeded a secondary rate limit. Please wait a few minutes before you try again.\"\n}\n"
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest-required |
Spec: configv1.NetworkSpec{ | ||
NetworkType: "OpenShiftSDN", | ||
}, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Normally we would add a new variable to the test case itself, and add a couple of test cases to test the variant values.
@Miciah was there any update for e2e tests for this? |
Error: Failed to download metadata for repo 'localdev-rhel-8-server-ose-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried /test e2e-gcp-serial |
|
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: candita, Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
verified with pre-merge test process, see https://bugzilla.redhat.com/show_bug.cgi?id=2079517#c1 |
/label cherry-pick-approved |
@Miciah: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@Miciah: All pull requests linked via external trackers have merged: Bugzilla bug 2079517 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
OVN-Kubernetes in OpenShift 4.9 and earlier does not support
externalTrafficPolicy: Local
, and specifying it is reported to result in imbalanced traffic for some users. This change checks the cluster network type and setsexternalTrafficPolicy: Cluster
on the LoadBalancer-type service that the operator creates for ingress if the network type is "OVN-Kubernetes".pkg/operator/controller/ingress/controller.go
(ensureIngressController
): Pass the network config toensureLoadBalancerService
andsyncIngressControllerStatus
.pkg/operator/controller/ingress/load_balancer_service.go
(ensureLoadBalancerService
,loadBalancerServiceIsUpgradeable
): Add a parameter for the network config. Pass the network type from the network config todesiredLoadBalancerService
.(
desiredLoadBalancerService
): Add a parameter for the network type. SetexternalTrafficPolicy: Cluster
if the network type is "OVN-Kubernetes".pkg/operator/controller/ingress/load_balancer_service_test.go
(TestDesiredLoadBalancerService
): Add a test case for OVN-Kubernetes.pkg/operator/controller/ingress/status.go
(syncIngressControllerStatus
): Add a parameter for the network config. Pass the config tocomputeIngressUpgradeableCondition
.(
computeIngressUpgradeableCondition
): Add a parameter for the network config. Pass the network config toloadBalancerServiceIsUpgradeable
.pkg/operator/controller/ingress/status_test.go
(TestComputeIngressUpgradeableCondition
): Pass the network type todesiredLoadBalancerService
and the network config tocomputeIngressUpgradeableCondition
.This PR includes commits from #711 because we want #711 to merge first, and it includes conflicting changes. The first two commits in this PR can be ignored by reviewers.
/hold
Surya, can you verify that this change is correct? In particular, I want to be sure we're checking the right API field for the right value and that the logic behind this PR is sound at a high level.
/assign @tssurya