Dual stack vips #3269
Dual stack vips #3269
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-merge-robot
added
the
needs-rebase
cybertron
force-pushed
the
dual-stack-vips
branch
from
0f4944f
to
87a5141
Compare
openshift-merge-robot
removed
the
needs-rebase
|
The dependency in openshift/baremetal-runtimecfg#176 has merged. I believe this should be ready to go. /test e2e-metal-ipi |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
To resolve the unit test failures, you just need to remove the |
There are some feature gates that need to be removed in order for the KubeletConfiguration to be valid with the new api.
Shoot, I knew that and forgot to do it on this branch. Thanks for the reminder. |
|
/test e2e-metal-ipi |
The singular API and Ingress VIP fields are deprecated and cause verification failures. The same value can be found in the first entry in the plural VIPs version of the fields.
|
/retest-required |
|
/hold This also has a dependency on openshift/installer#5798, which is approved but waiting for ci passes. |
openshift-ci
bot
added
the
do-not-merge/hold
|
openshift/installer#5798 has been merged, so this should be good to go. |
|
/retest We're probably good here since metal-ipi passed and the openstack and vsphere failures look unrelated, but I'd really prefer to see them pass. |
|
/test e2e-metal-ipi-ovn-ipv6 |
|
LGTM, just nit comments. The CI breaking as there is dependency. |
|
I noticed a possible issue with the vsphere logic, so I modified that to handle either nil values or zero-length arrays. Hopefully that will get those jobs passing. /test e2e-metal-ipi-ovn-ipv6 |
|
/retest-required |
| @@ -26,7 +26,7 @@ contents: | | |||
| {{ .Images.baremetalRuntimeCfgImage }} \ | |||
| node-ip \ | |||
| set --retry-on-failure \ | |||
| {{ onPremPlatformAPIServerInternalIP . }}; \ | |||
| {{- range onPremPlatformAPIServerInternalIPs . }}{{.}} {{end}}; \ | |||
There was a problem hiding this comment.
@cybertron is it intended, to suppress the newline here?
There was a problem hiding this comment.
Clearly not, that's the error, and what is causing the IP to be prefix with the \ char from the previous line.
I suggest you also add quotes around the IP address:
| {{- range onPremPlatformAPIServerInternalIPs . }}{{.}} {{end}}; \ | |
| {{range onPremPlatformAPIServerInternalIPs . }}"{{.}}" {{end}}; \ |
There was a problem hiding this comment.
Huh, I wonder how that ever worked. I wonder if we just got lucky and the default kubelet behavior was working even though nodeip-configuration failed? In any case, I've removed that and pushed a new version. Let's see what ci says.
This isn't needed and breaks the formatting of the service.
pkg/operator/render.go
Outdated
| return cfg.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP, nil | ||
| if len(cfg.Infra.Status.PlatformStatus.VSphere.APIServerInternalIPs) > 0 { | ||
| return cfg.Infra.Status.PlatformStatus.VSphere.APIServerInternalIPs[0], | ||
| nil |
There was a problem hiding this comment.
Oops, didn't mean to do that. Fixed.
| @@ -26,7 +26,7 @@ contents: | | |||
| {{ .Images.baremetalRuntimeCfgImage }} \ | |||
| node-ip \ | |||
| set --retry-on-failure \ | |||
| {{ onPremPlatformAPIServerInternalIP . }}; \ | |||
| {{- range onPremPlatformAPIServerInternalIPs . }}{{.}} {{end}}; \ | |||
There was a problem hiding this comment.
Huh, I wonder how that ever worked. I wonder if we just got lucky and the default kubelet behavior was working even though nodeip-configuration failed? In any case, I've removed that and pushed a new version. Let's see what ci says.
|
e2e-metal-ipi-ovn-ipv6 test is passing with latest changes. latest commit only affects ipv6 changes, so I would say failing tests are unrelated. Adding my approval, feel free to add lgtm when it looks fine to on-prem team |
openshift-ci
bot
added
the
approved
|
I forgot to run vsphere-upi again, but since the latest change only affects IPI that should be okay. It looks like all of the metal scenarios are passing now, so I think we're good? /retest-required |
|
/test e2e-vsphere-upi |
|
/retest |
|
Inspecting the latest Meaning that we were missing edit: Indeed, the must gather confirms that /retest |
In the VIP sync logic in CNO I wasn't aware of the case, that VSphere UPI doesn't populate the VSphere field. I created a patch for CNO: openshift/cluster-network-operator#1558 |
Right, vSphere UPI doesn't use the static pods for API lb/keepalived and ingress keepalived. The expectation is the user creates an LB before install. |
Not a bug, by design. When developing vSphere IPI it was expected that UPI would stay as-is and not require the api or ingress vip. |
|
Retesting as openshift/cluster-network-operator#1558 has been merged |
|
/test e2e-vsphere-upi |
|
Vsphere UPI job passed @jcpowermac can this merge? |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cybertron, jcpowermac, sinnykumari The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required |
|
Infra failure: report and retesting |
|
@cybertron: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
The keepalived config template change for workers was missing from openshift#3269. This adds it.
Previously in dual stack clusters we only provided an IPv4 VIP because it was assumed that everything in the cluster would have access to either v4 or v6. This turns out to have been a bad assumption because some users are deploying single-stack IPv6 applications in dual stack clusters and these applications then have no access to API or Ingress services.
This PR is the MCO part of the implementation of dual stack VIPs. It switches the keepalived config to consume a list of VIPs from runtimecfg. It also implements sync logic for the PlatformStatus field of the Infrastructure object to migrate values from the deprecated VIP fields to the new plural VIP fields.
Depends on openshift/baremetal-runtimecfg#176
- What I did
- How to verify it
- Description for the changelog
Add support for dual stack VIPs in on-prem platforms