-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sync restrictedCIDRs with install-config #74
sync restrictedCIDRs with install-config #74
Conversation
pkg/operator/observe_config.go
Outdated
@@ -4,6 +4,7 @@ import ( | |||
"bytes" | |||
"encoding/json" | |||
"fmt" | |||
"gopkg.in/yaml.v2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
imports go
- core library
- not core, not kube, not openshift
- kube
- openshift.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I've notice use of
gopkg.in/yaml.v2
andgithub.com/ghodss/yaml
in theopenshift/*
repositories. Any guidance on when to pick one over another?
pkg/operator/observe_config.go
Outdated
@@ -25,6 +26,7 @@ import ( | |||
|
|||
operatorconfigclientv1alpha1 "github.com/openshift/cluster-kube-apiserver-operator/pkg/generated/clientset/versioned/typed/kubeapiserver/v1alpha1" | |||
operatorconfiginformerv1alpha1 "github.com/openshift/cluster-kube-apiserver-operator/pkg/generated/informers/externalversions/kubeapiserver/v1alpha1" | |||
installer "github.com/openshift/installer/pkg/types" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no. You may not import this package into the project.
pkg/operator/observe_config.go
Outdated
return fmt.Errorf("error retieving cluster config: %s", err) | ||
} | ||
|
||
// get install-config from cluster config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seriously? Delete useless comment.
pkg/operator/observe_config.go
Outdated
@@ -86,6 +88,45 @@ func (c ConfigObserver) sync() error { | |||
unstructured.SetNestedStringSlice(observedConfig, etcdURLs, "storageConfig", "urls") | |||
} | |||
|
|||
// observe configuration from cluster-config-v1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
make this comment useful. You're collecting some CIDR from the clusterconfig.
} | ||
|
||
// set observed values | ||
// admissionPluginConfig: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not that I know of... but who knows what people have configured.
notice how |
/retest |
1c51f55
to
df19478
Compare
pkg/operator/observe_config.go
Outdated
// podCIDR: 10.2.0.0/16 | ||
// serviceCIDR: 10.3.0.0/16 | ||
restrictedCIDRs := []string{} | ||
if networking, ok := installConfig["networking"].(map[string]string); ok { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would expect this to always panic. Please add a test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would expect this to always panic. Please add a test.
err, always fail. Is it really particular?
pkg/operator/observe_config.go
Outdated
// serviceCIDR: 10.3.0.0/16 | ||
restrictedCIDRs := []string{} | ||
if networking, ok := installConfig["networking"].(map[string]string); ok { | ||
if cidr, ok := networking["podCIDR"]; ok && cidr != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok is unnecessary to check here, right?
pkg/operator/observe_config.go
Outdated
// - 10.3.0.0/16 # ServiceCIDR | ||
// - 10.2.0.0/16 # ClusterCIDR | ||
// TODO should I just skip this if no CIDRs are found? | ||
unstructured.SetNestedStringSlice(observedConfig, restrictedCIDRs, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only do this if you have more than zero restricted CIDRs
Think of a way to factor this that makes sense for to extend assuming we observe about 10 values. Don't spend more than an hour..... And let me know if you're stuck on the wiring bit. |
FYI, I will need to refactor the configuration object to support multiple ClusterCIDRs. |
@squeed when that happens, please give us a heads up. |
36db284
to
90ffa2a
Compare
pkg/operator/observe_config.go
Outdated
if observedConfig, err = c.observeEtcdEndpoints(observedConfig); err != nil { | ||
return err | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no newline
pkg/operator/observe_config.go
Outdated
observedConfig := map[string]interface{}{} | ||
var err error | ||
|
||
if observedConfig, err = c.observeEtcdEndpoints(observedConfig); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't do this. If you are assigning to a value that escapes the block, you don't do it in the block.
pkg/operator/observe_config_test.go
Outdated
t.Fatal("expected 2 entries in restrictedCIDRs") | ||
} | ||
for _, cidr := range []string{podCIDR, serviceCIDR} { | ||
if func() int { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no
pkg/operator/starter.go
Outdated
operatorConfigClient.KubeapiserverV1alpha1(), | ||
kubeClient.AppsV1(), | ||
kubeClient.CoreV1(), | ||
kubeClient.RbacV1(), | ||
) | ||
|
||
kubeInformersEtcdNamespaced := informers.NewFilteredSharedInformerFactory(kubeClient, 10*time.Minute, etcdNamespaceName, nil) | ||
kubeInformersForKubeSystemNamespace := informers.NewSharedInformerFactoryWithOptions(kubeClient, 10*time.Minute, informers.WithNamespace("kube-system")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
construct all in the same spot (line 35ish) please
430b6e9
to
acc7d7d
Compare
pkg/operator/observe_config_test.go
Outdated
t.Fatal(err) | ||
} | ||
if restrictedCIDRs[0] != podCIDR { | ||
t.Fail() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
print me out hte actual value in the last two conditions.
acc7d7d
to
210fa55
Compare
pkg/operator/observe_config_test.go
Outdated
Namespace: "kube-system", | ||
}, | ||
Data: map[string]string{ | ||
"install-config": fmt.Sprintf("networking:\n podCIDR: %s\n serviceCIDR: %s\n", podCIDR, serviceCIDR), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just saw this was missed. Just use plus signs
pkg/operator/observe_config_test.go
Outdated
) | ||
|
||
func TestObserveClusterConfig(t *testing.T) { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and while you're updating, you need to kill your whitespace bunny that keeps putting these here.
3fcdcfc
to
7df2a0c
Compare
/lgtm |
/lgtm Prow had issues. |
@sanchezl we need the same during the bootstrapping phase via the render command. Can you find out whether we have access to the cluster config already at that stage? This code is executed at that point: https://github.com/openshift/installer/blob/master/pkg/asset/ignition/bootstrap/content/bootkube.go#L31 It's a text/template. So maybe we have the cluster config in one form or another around to be plugged in, or even as file on the bootstrap node. |
rebase requried |
7df2a0c
to
4fc7a1b
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, sanchezl, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Enables the cluster-kube-apiserver-operator to receive notifications of changes to the
cluster-config-v1
ConfigMap in thekube-system
namespace, from which some CIDRs are extracted, i.e:Adds the discovered CIDRs to the
restrictedCIDRs
array to the cluster kube apiserver's config. e.g.:Resolves #50