Adds Contour IngressClass Name Support #239
Conversation
danehans
requested review from
stevesloka,
skriss and
youngnick
and removed request for
a team
| @@ -89,6 +89,17 @@ type ContourSpec struct { | |||
| // +kubebuilder:validation:MaxLength=253 | |||
| // +optional | |||
| GatewayClassRef *string `json:"gatewayClassRef,omitempty"` | |||
|
|
|||
| // IngressClassName is the name of the IngressClass used by Contour. If unset, | |||
There was a problem hiding this comment.
I think there needs to be a bit more subtlety here, sadly. The Contour controller currently defaults to assuming it's the default in the cluster, indicated by an unset or "" value for the --ingress-class-name argument/field.
I think the contract for this field needs to be:
- unset: default for cluster. The operator sets everything up so that Contour is the default (either no IngressClass created or create one and set it as the default, I can't remember which is preferred for IngressClass)
- set: the flag is set to the given value, and an IngressClass is created that fits that contract. It is not set as the cluster default.
The value can't default to contour because that will imply the second behavior when it's passed to the controller, sadly.
There was a problem hiding this comment.
The Contour controller currently defaults to assuming it's the default in the cluster, indicated by an unset or "" value for the --ingress-class-name argument/field.
@youngnick according to the contour ingressclass docs, "contour" is the default value of --ingress-class-name. Therefore, I'm having the operator provide the same default behavior, using api defaulting instead of the ingressClassName field being a pointer. Are the contour ingressclass docs incorrect regarding "--ingress-class-name=contour" or am I misunderstanding the docs?
There was a problem hiding this comment.
If unset Contour processes ALL ingress objects without an ingress-class annotation or with an annotation matching ingress-class=contour.
When you set the ingress-class explicitly, the Contour ONLY processes ingress objects that match that class.
There was a problem hiding this comment.
So the default should be no ingress class, then is someone wants to configure one, they can.
There was a problem hiding this comment.
So now that this is a point, we have a clear distinction between "unset" and "set", and we can replicate the Contour behavior? If so, looks good to me.
There was a problem hiding this comment.
@youngnick yes, the latest commit makes contour.spec.IngressClassName optional to replicate Contour's default behavior: If unspecified, Contour processes all ingress objects without an ingress-class annotation or with an annotation matching ingress-class=contour. If specified, Contour processes ingress objects with an annotation matching the value of contour.spec.IngressClassName. I've updated the description of the PR accordingly.
| @@ -132,6 +134,10 @@ func DesiredDeployment(contour *operatorv1alpha1.Contour, image string) *appsv1. | |||
| args = append(args, fmt.Sprintf("--envoy-service-https-port=%d", port.PortNumber)) | |||
| } | |||
| } | |||
| // Pass the IngressClass name if it's not the default. | |||
| if contour.Spec.IngressClassName != ContourIngressClassName { | |||
There was a problem hiding this comment.
Ah, I said earlier that it couldn't have a default, if we do it like this, we can have a contour default, I suppose.
There was a problem hiding this comment.
Yeah, I prefer being explicit with fields over using pointers.
There was a problem hiding this comment.
If someone explicitly sets the field in YAML to "" it won't be overriden by the default in the kubebuilder validation setup right? Should we also check the value isn't "" here?
There was a problem hiding this comment.
@sunjayBhatia a Contour with ingressClassName: "" would fail api validation due to +kubebuilder:validation:MinLength=1.
Example:
$ cat <<EOF | kubectl apply -f -
> apiVersion: operator.projectcontour.io/v1alpha1
> kind: Contour
> metadata:
> name: contour-sample
> spec:
> ingressClassName: ""
> networkPublishing:
> envoy:
> type: NodePortService
> EOF
The Contour "contour-sample" is invalid: spec.ingressClassName: Invalid value: "": spec.ingressClassName in body should be at least 1 chars long
f0a180d
to
ca392be
Compare
|
@stevesloka commit |
Signed-off-by: Daneyon Hansen <daneyonhansen@gmail.com>
| @@ -89,6 +89,17 @@ type ContourSpec struct { | |||
| // +kubebuilder:validation:MaxLength=253 | |||
| // +optional | |||
| GatewayClassRef *string `json:"gatewayClassRef,omitempty"` | |||
|
|
|||
| // IngressClassName is the name of the IngressClass used by Contour. If unset, | |||
There was a problem hiding this comment.
So now that this is a point, we have a clear distinction between "unset" and "set", and we can replicate the Contour behavior? If so, looks good to me.
@youngnick thanks for the review. Yes, I describe the details in #239 (comment). |
| // +kubebuilder:validation:MinLength=1 | ||
| // +kubebuilder:validation:MaxLength=253 | ||
| // +optional | ||
| IngressClassName *string `json:"ingressClassName,omitempty"` |
There was a problem hiding this comment.
Are there any more "ingress-y" things vs gatewayapi things we'd want to split apart into structs? We've done this with the "policy" stuff in Contour to allow ways to grow values and put then in categories.
Just trying to think ahead before we get too far down the road.
There was a problem hiding this comment.
@stevesloka I can't think of anything from an Ingress standpoint. Doing a quick review of the Contour ConfigMap, I don't see anything Ingress-specific that may be exposed through the Contour API. I see Contour has a ingress-status-address flag. Is this a commonly used flag?
As for Gateway API, Contour references a GatewayClass and vice versa. A GatewayClass is pretty minimal. Are there any other config knobs that you expect to expose from Contour to support the Gateway API?
There was a problem hiding this comment.
👍 in general that adding some nesting to the spec here will probably be helpful long-term as we add more and more toggles. I guess we still have room to move things around given that the API is alpha right now, though.
| // +kubebuilder:validation:MinLength=1 | ||
| // +kubebuilder:validation:MaxLength=253 | ||
| // +optional | ||
| IngressClassName *string `json:"ingressClassName,omitempty"` |
There was a problem hiding this comment.
👍 in general that adding some nesting to the spec here will probably be helpful long-term as we add more and more toggles. I guess we still have room to move things around given that the API is alpha right now, though.
Adds support for specifying Contour's IngressClass Name, i.e. the
--ingress-class-nameflag. If unspecified, Contour processes all ingress objects without an ingress-class annotation or with an annotation matching ingress-class=contour.Fixes: #228
Signed-off-by: Daneyon Hansen daneyonhansen@gmail.com