CFE-374: binding options #43576
Closed
CFE-374: binding options #43576
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci
bot
added
do-not-merge/work-in-progress
✅ Deploy Preview for osdocs ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
sherine-k
reviewed
Mar 28, 2022
rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
Outdated
Show resolved
Hide resolved
rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
Outdated
Show resolved
Hide resolved
rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
Outdated
Show resolved
Hide resolved
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
Contributor
Author
|
@sherine-k ptal |
arjunrn
reviewed
Mar 29, 2022
rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
Outdated
Show resolved
Hide resolved
sherine-k
reviewed
Mar 29, 2022
rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
Outdated
Show resolved
Hide resolved
|
Great work @Amrita42 . this is looking quite good now |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
alebedev87
reviewed
Apr 1, 2022
rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
Outdated
Show resolved
Hide resolved
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
nalhadef
reviewed
Apr 7, 2022
Contributor
nalhadef
left a comment
nalhadef
left a comment
There was a problem hiding this comment.
There are different presentations of IngressController (ingress controller, Ingress Controller) all over these files. If possible, be consistent.
| ---- | ||
| ==== | ||
| For most platforms, the `endpointPublishingStrategy` value can be updated. On GCP, you can configure the following `endpointPublishingStrategy` fields: |
Contributor
There was a problem hiding this comment.
Spell out first use of GCP.
| https://kubernetes.io/docs/concepts/services-networking/ingress-controllers | ||
| IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources. | ||
| When an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out. | ||
| https://kubernetes.io/docs/concepts/services-networking/ingress-controllers |
Contributor
There was a problem hiding this comment.
In the preview, the line spacing is not happy.
It could use a bit of human text and maybe a lead-in (See XYZ for information about...) to give the link some context.
| tls.crt: certificate file contents tls.key: key file contents | ||
| If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store. | ||
| If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. | ||
| | defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used. |
Contributor
There was a problem hiding this comment.
Should "ingress controller" have initial caps?
Contributor
Author
There was a problem hiding this comment.
Both first letters should be capitalized as per the Glossary https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/term_glossary.adoc#ingress-controller. I had raised a PR to such effect #44002 (comment). Once I do a rebase on this PR , the changes should ideally reflect.
| If a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing. | ||
| | defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used. | ||
| The secret must contain the following keys and data: | ||
| tls.crt: certificate file contents tls.key: key file contents |
Contributor
There was a problem hiding this comment.
Make these two items a list.
| | defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used. | ||
| The secret must contain the following keys and data: | ||
| tls.crt: certificate file contents tls.key: key file contents | ||
| If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store. |
Contributor
There was a problem hiding this comment.
Same question about "ingress controller."
Comment on lines
+1628
to
+1630
| Valid values are: * "Global": Specifying an internal load balancer with Global client access allows clients from any region within the VPC to communicate with the load balancer. | ||
| https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access | ||
| * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. |
Contributor
There was a problem hiding this comment.
- Use blank lines.
- Should VPC be spelled out?
- Tick the values, removing the quotation marks.
| PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. | ||
| The following values are valid for this field: | ||
| * The empty string. * "TCP". * "PROXY". | ||
| | protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol. |
Contributor
There was a problem hiding this comment.
- Tick "protocol."
- IngressController
Comment on lines
+1654
to
+1656
| PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. | ||
| The following values are valid for this field: | ||
| * The empty string. * "TCP". * "PROXY". |
Contributor
There was a problem hiding this comment.
- IngressController
- Use blank lines
| | `ciphers` | ||
| | `array (string)` | ||
| | ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): | ||
| | ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): |
Contributor
There was a problem hiding this comment.
- Tick "ciphers"
- Should "DES-CBC3-SHA" be ticked
| | `string` | ||
| | minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): | ||
| minTLSVersion: TLSv1.1 | ||
| | minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): |
Contributor
There was a problem hiding this comment.
- Tick "minTLSVersion"
- Add comma after 1.2
bobfuru
reviewed
Apr 7, 2022
Contributor
bobfuru
left a comment
bobfuru
left a comment
There was a problem hiding this comment.
I'm really confused. We don't normally hardcode any of our auto-generated API docs. Before I review the rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc file, I'd like @jboxman to weigh in on whether this PR should proceed in this way. Shouldn't the enhancement request be brought to the Engineering team?
bobfuru
added
the
do-not-merge/hold
Contributor
|
Adding the hold label. These changes have to happen in the upstream Operator repo here: |
Contributor
Author
|
@sherine-k @quarterpin based on the recent updates in CFE-10 . I have created a new PR that does not touch the rest_api file. |
Contributor
Author
|
Closing this PR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Applies only to 4.11
Jira
Preview
second preview
Two previews to indicate the two plaecholders.
Was CFE-10
@sherine-k please review @quarterpin ptal