-
Notifications
You must be signed in to change notification settings - Fork 34
Adds Contour IngressClass Name Support #239
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to be really careful about this, because it can interact with the cluster default IngressClass in ways that can be surprising.
@@ -89,6 +89,17 @@ type ContourSpec struct { | |||
// +kubebuilder:validation:MaxLength=253 | |||
// +optional | |||
GatewayClassRef *string `json:"gatewayClassRef,omitempty"` | |||
|
|||
// IngressClassName is the name of the IngressClass used by Contour. If unset, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there needs to be a bit more subtlety here, sadly. The Contour controller currently defaults to assuming it's the default in the cluster, indicated by an unset or ""
value for the --ingress-class-name
argument/field.
I think the contract for this field needs to be:
- unset: default for cluster. The operator sets everything up so that Contour is the default (either no IngressClass created or create one and set it as the default, I can't remember which is preferred for IngressClass)
- set: the flag is set to the given value, and an IngressClass is created that fits that contract. It is not set as the cluster default.
The value can't default to contour
because that will imply the second behavior when it's passed to the controller, sadly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Contour controller currently defaults to assuming it's the default in the cluster, indicated by an unset or "" value for the --ingress-class-name argument/field.
@youngnick according to the contour ingressclass docs, "contour" is the default value of --ingress-class-name. Therefore, I'm having the operator provide the same default behavior, using api defaulting instead of the ingressClassName
field being a pointer. Are the contour ingressclass docs incorrect regarding "--ingress-class-name=contour" or am I misunderstanding the docs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If unset Contour processes ALL ingress objects without an ingress-class annotation or with an annotation matching ingress-class=contour
.
When you set the ingress-class explicitly, the Contour ONLY processes ingress objects that match that class.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So the default should be no ingress class, then is someone wants to configure one, they can.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So now that this is a point, we have a clear distinction between "unset" and "set", and we can replicate the Contour behavior? If so, looks good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@youngnick yes, the latest commit makes contour.spec.IngressClassName
optional to replicate Contour's default behavior: If unspecified, Contour processes all ingress objects without an ingress-class annotation or with an annotation matching ingress-class=contour. If specified, Contour processes ingress objects with an annotation matching the value of contour.spec.IngressClassName
. I've updated the description of the PR accordingly.
@@ -132,6 +134,10 @@ func DesiredDeployment(contour *operatorv1alpha1.Contour, image string) *appsv1. | |||
args = append(args, fmt.Sprintf("--envoy-service-https-port=%d", port.PortNumber)) | |||
} | |||
} | |||
// Pass the IngressClass name if it's not the default. | |||
if contour.Spec.IngressClassName != ContourIngressClassName { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I said earlier that it couldn't have a default, if we do it like this, we can have a contour
default, I suppose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I prefer being explicit with fields over using pointers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If someone explicitly sets the field in YAML to ""
it won't be overriden by the default in the kubebuilder validation setup right? Should we also check the value isn't ""
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sunjayBhatia a Contour with ingressClassName: ""
would fail api validation due to +kubebuilder:validation:MinLength=1
.
Example:
$ cat <<EOF | kubectl apply -f -
> apiVersion: operator.projectcontour.io/v1alpha1
> kind: Contour
> metadata:
> name: contour-sample
> spec:
> ingressClassName: ""
> networkPublishing:
> envoy:
> type: NodePortService
> EOF
The Contour "contour-sample" is invalid: spec.ingressClassName: Invalid value: "": spec.ingressClassName in body should be at least 1 chars long
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ha! good call
f0a180d
to
ca392be
Compare
@stevesloka commit |
Signed-off-by: Daneyon Hansen <daneyonhansen@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM assuming I'm right about how everything will flow?
@@ -89,6 +89,17 @@ type ContourSpec struct { | |||
// +kubebuilder:validation:MaxLength=253 | |||
// +optional | |||
GatewayClassRef *string `json:"gatewayClassRef,omitempty"` | |||
|
|||
// IngressClassName is the name of the IngressClass used by Contour. If unset, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So now that this is a point, we have a clear distinction between "unset" and "set", and we can replicate the Contour behavior? If so, looks good to me.
@youngnick thanks for the review. Yes, I describe the details in #239 (comment). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, looks like it follows the outline set up in the controller repo for the flag 👍🏽
// +kubebuilder:validation:MinLength=1 | ||
// +kubebuilder:validation:MaxLength=253 | ||
// +optional | ||
IngressClassName *string `json:"ingressClassName,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there any more "ingress-y" things vs gatewayapi things we'd want to split apart into structs? We've done this with the "policy" stuff in Contour to allow ways to grow values and put then in categories.
Just trying to think ahead before we get too far down the road.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 thats a good point
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stevesloka I can't think of anything from an Ingress standpoint. Doing a quick review of the Contour ConfigMap, I don't see anything Ingress-specific that may be exposed through the Contour API. I see Contour has a ingress-status-address
flag. Is this a commonly used flag?
As for Gateway API, Contour references a GatewayClass and vice versa. A GatewayClass is pretty minimal. Are there any other config knobs that you expect to expose from Contour to support the Gateway API?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 in general that adding some nesting to the spec here will probably be helpful long-term as we add more and more toggles. I guess we still have room to move things around given that the API is alpha right now, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
// +kubebuilder:validation:MinLength=1 | ||
// +kubebuilder:validation:MaxLength=253 | ||
// +optional | ||
IngressClassName *string `json:"ingressClassName,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 in general that adding some nesting to the spec here will probably be helpful long-term as we add more and more toggles. I guess we still have room to move things around given that the API is alpha right now, though.
Adds support for specifying Contour's IngressClass Name, i.e. the
--ingress-class-name
flag. If unspecified, Contour processes all ingress objects without an ingress-class annotation or with an annotation matching ingress-class=contour.Fixes: #228
Signed-off-by: Daneyon Hansen daneyonhansen@gmail.com