sync restrictedCIDRs with install-config #74
Conversation
openshift-ci-robot
added
the
size/M
pkg/operator/observe_config.go
Outdated
| @@ -4,6 +4,7 @@ import ( | |||
| "bytes" | |||
| "encoding/json" | |||
| "fmt" | |||
| "gopkg.in/yaml.v2" | |||
There was a problem hiding this comment.
imports go
- core library
- not core, not kube, not openshift
- kube
- openshift.
There was a problem hiding this comment.
- I've notice use of
gopkg.in/yaml.v2andgithub.com/ghodss/yamlin theopenshift/*repositories. Any guidance on when to pick one over another?
pkg/operator/observe_config.go
Outdated
| @@ -25,6 +26,7 @@ import ( | |||
|
|
|||
| operatorconfigclientv1alpha1 "github.com/openshift/cluster-kube-apiserver-operator/pkg/generated/clientset/versioned/typed/kubeapiserver/v1alpha1" | |||
| operatorconfiginformerv1alpha1 "github.com/openshift/cluster-kube-apiserver-operator/pkg/generated/informers/externalversions/kubeapiserver/v1alpha1" | |||
| installer "github.com/openshift/installer/pkg/types" | |||
There was a problem hiding this comment.
no. You may not import this package into the project.
pkg/operator/observe_config.go
Outdated
| return fmt.Errorf("error retieving cluster config: %s", err) | ||
| } | ||
|
|
||
| // get install-config from cluster config |
There was a problem hiding this comment.
seriously? Delete useless comment.
pkg/operator/observe_config.go
Outdated
| @@ -86,6 +88,45 @@ func (c ConfigObserver) sync() error { | |||
| unstructured.SetNestedStringSlice(observedConfig, etcdURLs, "storageConfig", "urls") | |||
| } | |||
|
|
|||
| // observe configuration from cluster-config-v1 | |||
There was a problem hiding this comment.
make this comment useful. You're collecting some CIDR from the clusterconfig.
| } | ||
|
|
||
| // set observed values | ||
| // admissionPluginConfig: |
There was a problem hiding this comment.
Not that I know of... but who knows what people have configured.
|
notice how |
|
/retest |
sanchezl
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
sanchezl
force-pushed
the
sync_restricted_cidrs
branch
3 times, most recently
from
1c51f55
to
df19478
Compare
pkg/operator/observe_config.go
Outdated
| // podCIDR: 10.2.0.0/16 | ||
| // serviceCIDR: 10.3.0.0/16 | ||
| restrictedCIDRs := []string{} | ||
| if networking, ok := installConfig["networking"].(map[string]string); ok { |
There was a problem hiding this comment.
I would expect this to always panic. Please add a test.
There was a problem hiding this comment.
I would expect this to always panic. Please add a test.
err, always fail. Is it really particular?
pkg/operator/observe_config.go
Outdated
| // serviceCIDR: 10.3.0.0/16 | ||
| restrictedCIDRs := []string{} | ||
| if networking, ok := installConfig["networking"].(map[string]string); ok { | ||
| if cidr, ok := networking["podCIDR"]; ok && cidr != "" { |
There was a problem hiding this comment.
ok is unnecessary to check here, right?
pkg/operator/observe_config.go
Outdated
| // - 10.3.0.0/16 # ServiceCIDR | ||
| // - 10.2.0.0/16 # ClusterCIDR | ||
| // TODO should I just skip this if no CIDRs are found? | ||
| unstructured.SetNestedStringSlice(observedConfig, restrictedCIDRs, |
There was a problem hiding this comment.
only do this if you have more than zero restricted CIDRs
|
Think of a way to factor this that makes sense for to extend assuming we observe about 10 values. Don't spend more than an hour..... And let me know if you're stuck on the wiring bit. |
|
FYI, I will need to refactor the configuration object to support multiple ClusterCIDRs. |
@squeed when that happens, please give us a heads up. |
sanchezl
force-pushed
the
sync_restricted_cidrs
branch
2 times, most recently
from
36db284
to
90ffa2a
Compare
openshift-ci-robot
added
size/L
pkg/operator/observe_config.go
Outdated
| if observedConfig, err = c.observeEtcdEndpoints(observedConfig); err != nil { | ||
| return err | ||
| } | ||
|
|
pkg/operator/observe_config.go
Outdated
| observedConfig := map[string]interface{}{} | ||
| var err error | ||
|
|
||
| if observedConfig, err = c.observeEtcdEndpoints(observedConfig); err != nil { |
There was a problem hiding this comment.
we don't do this. If you are assigning to a value that escapes the block, you don't do it in the block.
pkg/operator/observe_config_test.go
Outdated
| t.Fatal("expected 2 entries in restrictedCIDRs") | ||
| } | ||
| for _, cidr := range []string{podCIDR, serviceCIDR} { | ||
| if func() int { |
pkg/operator/starter.go
Outdated
| operatorConfigClient.KubeapiserverV1alpha1(), | ||
| kubeClient.AppsV1(), | ||
| kubeClient.CoreV1(), | ||
| kubeClient.RbacV1(), | ||
| ) | ||
|
|
||
| kubeInformersEtcdNamespaced := informers.NewFilteredSharedInformerFactory(kubeClient, 10*time.Minute, etcdNamespaceName, nil) | ||
| kubeInformersForKubeSystemNamespace := informers.NewSharedInformerFactoryWithOptions(kubeClient, 10*time.Minute, informers.WithNamespace("kube-system")) |
There was a problem hiding this comment.
construct all in the same spot (line 35ish) please
sanchezl
force-pushed
the
sync_restricted_cidrs
branch
4 times, most recently
from
430b6e9
to
acc7d7d
Compare
pkg/operator/observe_config_test.go
Outdated
| t.Fatal(err) | ||
| } | ||
| if restrictedCIDRs[0] != podCIDR { | ||
| t.Fail() |
There was a problem hiding this comment.
print me out hte actual value in the last two conditions.
sanchezl
force-pushed
the
sync_restricted_cidrs
branch
from
acc7d7d
to
210fa55
Compare
pkg/operator/observe_config_test.go
Outdated
| Namespace: "kube-system", | ||
| }, | ||
| Data: map[string]string{ | ||
| "install-config": fmt.Sprintf("networking:\n podCIDR: %s\n serviceCIDR: %s\n", podCIDR, serviceCIDR), |
There was a problem hiding this comment.
just saw this was missed. Just use plus signs
pkg/operator/observe_config_test.go
Outdated
| ) | ||
|
|
||
| func TestObserveClusterConfig(t *testing.T) { | ||
|
|
There was a problem hiding this comment.
and while you're updating, you need to kill your whitespace bunny that keeps putting these here.
sanchezl
force-pushed
the
sync_restricted_cidrs
branch
2 times, most recently
from
3fcdcfc
to
7df2a0c
Compare
|
/lgtm |
|
/lgtm Prow had issues. |
openshift-ci-robot
added
lgtm
|
@sanchezl we need the same during the bootstrapping phase via the render command. Can you find out whether we have access to the cluster config already at that stage? This code is executed at that point: https://github.com/openshift/installer/blob/master/pkg/asset/ignition/bootstrap/content/bootkube.go#L31 It's a text/template. So maybe we have the cluster config in one form or another around to be plugged in, or even as file on the bootstrap node. |
|
rebase requried |
sanchezl
force-pushed
the
sync_restricted_cidrs
branch
from
7df2a0c
to
4fc7a1b
Compare
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, sanchezl, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Enables the cluster-kube-apiserver-operator to receive notifications of changes to the
cluster-config-v1ConfigMap in thekube-systemnamespace, from which some CIDRs are extracted, i.e:Adds the discovered CIDRs to the
restrictedCIDRsarray to the cluster kube apiserver's config. e.g.:Resolves #50