From 1b31797738eb6f93bb9e5981199a59db168e49ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Thu, 31 Oct 2024 14:38:03 +0100 Subject: [PATCH 01/11] Revert to preferring IP addresses for Node listeners by default --- Cargo.lock | 6 +++--- Cargo.nix | 18 +++++++++--------- Cargo.toml | 1 + crate-hashes.json | 6 +++--- deploy/helm/listener-operator/crds/crds.yaml | 9 ++++++--- rust/operator-binary/src/csi_server/node.rs | 2 +- .../operator-binary/src/listener_controller.rs | 9 ++++----- 7 files changed, 27 insertions(+), 24 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e04c31ed..c102f631 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2360,7 +2360,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.80.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feature/smart-preferred-address-type#854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069" dependencies = [ "chrono", "clap", @@ -2398,7 +2398,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feature/smart-preferred-address-type#854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069" dependencies = [ "darling", "proc-macro2", @@ -2409,7 +2409,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feature/smart-preferred-address-type#854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069" dependencies = [ "kube", "semver", diff --git a/Cargo.nix b/Cargo.nix index 71da1a35..d8a08a8d 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -7454,9 +7454,9 @@ rec { edition = "2021"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069"; + sha256 = "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6"; }; libName = "stackable_operator"; authors = [ @@ -7612,9 +7612,9 @@ rec { edition = "2021"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069"; + sha256 = "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -7647,9 +7647,9 @@ rec { edition = "2021"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069"; + sha256 = "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6"; }; libName = "stackable_shared"; authors = [ diff --git a/Cargo.toml b/Cargo.toml index 9af3e1d3..29ce00e5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,3 +34,4 @@ tracing = "0.1.40" [patch."https://github.com/stackabletech/operator-rs.git"] # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } # stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "feature/smart-preferred-address-type" } diff --git a/crate-hashes.json b/crate-hashes.json index 562fb18b..7fa75a13 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,6 +1,6 @@ { - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-operator-derive@0.3.1": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-operator@0.80.0": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-shared@0.0.1": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", + "git+https://github.com/stackabletech//operator-rs.git?branch=feature%2Fsmart-preferred-address-type#stackable-operator-derive@0.3.1": "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6", + "git+https://github.com/stackabletech//operator-rs.git?branch=feature%2Fsmart-preferred-address-type#stackable-operator@0.80.0": "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6", + "git+https://github.com/stackabletech//operator-rs.git?branch=feature%2Fsmart-preferred-address-type#stackable-shared@0.0.1": "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" } \ No newline at end of file diff --git a/deploy/helm/listener-operator/crds/crds.yaml b/deploy/helm/listener-operator/crds/crds.yaml index 9cc9f087..fccfdeb8 100644 --- a/deploy/helm/listener-operator/crds/crds.yaml +++ b/deploy/helm/listener-operator/crds/crds.yaml @@ -25,14 +25,17 @@ spec: description: Defines a policy for how [Listeners](https://docs.stackable.tech/home/nightly/listener-operator/listener) should be exposed. Read the [ListenerClass documentation](https://docs.stackable.tech/home/nightly/listener-operator/listenerclass) for more information. properties: preferredAddressType: - default: Hostname + default: HostnameConservative description: |- - Whether addresses should prefer using the IP address (`IP`) or the hostname (`Hostname`). + Whether addresses should prefer using the IP address (`IP`) or the hostname (`Hostname`). Can also be set to `HostnameConservative`, which will use `IP` for `NodePort` service types, but `Hostname` for everything else. - The other type will be used if the preferred type is not available. By default `Hostname` is used. + The other type will be used if the preferred type is not available. + + Defaults to `HostnameConservative`. enum: - Hostname - IP + - HostnameConservative type: string serviceAnnotations: additionalProperties: diff --git a/rust/operator-binary/src/csi_server/node.rs b/rust/operator-binary/src/csi_server/node.rs index d7c407d5..fe85dd56 100644 --- a/rust/operator-binary/src/csi_server/node.rs +++ b/rust/operator-binary/src/csi_server/node.rs @@ -464,7 +464,7 @@ async fn local_listener_addresses_for_pod( })?; Ok(node_primary_addresses(&node) - .pick(listener_class.spec.preferred_address_type) + .pick(listener_class.spec.resolve_preferred_address_type()) .map(|(address, address_type)| ListenerIngress { // nodes: Some(vec![node_name.to_string()]), address: address.to_string(), diff --git a/rust/operator-binary/src/listener_controller.rs b/rust/operator-binary/src/listener_controller.rs index bc434a15..257925c1 100644 --- a/rust/operator-binary/src/listener_controller.rs +++ b/rust/operator-binary/src/listener_controller.rs @@ -364,6 +364,7 @@ pub async fn reconcile( .add(&ctx.client, svc) .await .context(ApplyServiceSnafu { svc: svc_ref })?; + let preferred_address_type = listener_class.spec.resolve_preferred_address_type(); let nodes: Vec; let kubernetes_service_fqdn: String; @@ -384,9 +385,7 @@ pub async fn reconcile( .await?; addresses = nodes .iter() - .flat_map(|node| { - node_primary_addresses(node).pick(listener_class.spec.preferred_address_type) - }) + .flat_map(|node| node_primary_addresses(node).pick(preferred_address_type)) .collect::>(); ports = svc .spec @@ -408,7 +407,7 @@ pub async fn reconcile( ip: ingress.ip.as_deref(), hostname: ingress.hostname.as_deref(), } - .pick(listener_class.spec.preferred_address_type) + .pick(preferred_address_type) }) .collect(); ports = svc @@ -422,7 +421,7 @@ pub async fn reconcile( } ServiceType::ClusterIP => { let cluster_domain = &cluster_info.cluster_domain; - addresses = match listener_class.spec.preferred_address_type { + addresses = match preferred_address_type { AddressType::Ip => svc .spec .iter() From 0844ba587fd0c0baec443be9048be56632260c4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Thu, 31 Oct 2024 14:57:32 +0100 Subject: [PATCH 02/11] Changelog --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc3b5aad..ffb06666 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,14 +6,14 @@ All notable changes to this project will be documented in this file. ### Added -- `Listener.status.addresses` can now be configured to prefer either IP addresses or DNS hostnames ([#233]). +- `Listener.status.addresses` can now be configured to prefer either IP addresses or DNS hostnames ([#233], [#244]). - The operator can now run on Kubernetes clusters using a non-default cluster domain. Use the env var `KUBERNETES_CLUSTER_DOMAIN` or the operator Helm chart property `kubernetesClusterDomain` to set a non-default cluster domain ([#237]). ### Changed - `Listener.status.addresses` for NodePort listeners now includes replicas that are currently unavailable ([#231]). -- `Listener.status.addresses` now defaults to DNS hostnames for all service types (previously NodePort and ClusterIP would prefer IP addresses, [#233]). +- BREAKING: `Listener.status.addresses` now defaults to DNS hostnames for ClusterIP services, rather than IP addresses ([#233], [#244]). - Stale Listener subobjects will now be deleted ([#232]). - Tagged Listener Services with the SDP labels ([#232]). @@ -30,6 +30,7 @@ All notable changes to this project will be documented in this file. [#234]: https://github.com/stackabletech/listener-operator/pull/234 [#237]: https://github.com/stackabletech/listener-operator/pull/237 [#238]: https://github.com/stackabletech/listener-operator/pull/238 +[#244]: https://github.com/stackabletech/listener-operator/pull/244 ## [24.7.0] - 2024-07-24 From e1ff5b1bf3e97c60ffbd960d833a05ad69e6137d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Thu, 31 Oct 2024 15:36:52 +0100 Subject: [PATCH 03/11] Docs --- docs/modules/listener-operator/pages/listenerclass.adoc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/modules/listener-operator/pages/listenerclass.adoc b/docs/modules/listener-operator/pages/listenerclass.adoc index 8bf85ff4..95433a78 100644 --- a/docs/modules/listener-operator/pages/listenerclass.adoc +++ b/docs/modules/listener-operator/pages/listenerclass.adoc @@ -66,7 +66,7 @@ Additionally, many cloud providers charge for load-balanced traffic. [#addresstype] == Address types -The Stackable Listener Operator supports both IP addresses and DNS hostnames. The preferred address type for a given ListenerClass can be configured using the `ListenerClass.spec.preferredAddressType` field. If no `preferredAddressType` is specified then it defaults to xref:#addresstype-hostname[]. +The Stackable Listener Operator supports both IP addresses and DNS hostnames. The preferred address type for a given ListenerClass can be configured using the `ListenerClass.spec.preferredAddressType` field. If no `preferredAddressType` is specified then it defaults to xref:#addresstype-hostname-conservative[]. NOTE: If the preferred address type is not supported for a given environment then another type will be used. @@ -81,6 +81,11 @@ but does not require any special client configuration (beyond what the xref:#ser The DNS hostname of a resource. Clients must be able to resolve these addresses in order to connect, which may require special DNS configuration. +[#addresstype-hostname-conservative] +=== HostnameConservative + +A pseudo-addresstype that is equivalent to xref:#addresstype-ip[] for xref:#servicetype-nodeport[] services, and xref:#addresstype-hostname[] for all others. This means that we default to hostnames where "safe", but don't assume that nodes are resolvable by external clients. + == Default ListenerClasses The Stackable Data Platform assumes the existence of a few predefined ListenerClasses, and will use them by default as appropriate: From 6a882e4b820f87929da078bd47c18ec5b5867121 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 6 Nov 2024 11:58:04 +0100 Subject: [PATCH 04/11] Use op-rs release. Also fix tests --- Cargo.lock | 8 +-- Cargo.nix | 20 ++++---- Cargo.toml | 3 +- crate-hashes.json | 6 +-- .../05-create-listenerclass.yaml | 5 ++ ...class.yaml.j2 => 05_listenerclass.yaml.j2} | 2 +- .../kuttl/smoke-nodeport/10-assert.yaml.j2 | 6 +++ .../10-create-nginx-statefulset.yaml | 50 ++----------------- .../smoke-nodeport/10_nginx-statefulset.yaml | 47 +++++++++++++++++ tests/test-definition.yaml | 1 + 10 files changed, 82 insertions(+), 66 deletions(-) create mode 100644 tests/templates/kuttl/smoke-nodeport/05-create-listenerclass.yaml rename tests/templates/kuttl/smoke-nodeport/{05-create-listenerclass.yaml.j2 => 05_listenerclass.yaml.j2} (75%) create mode 100644 tests/templates/kuttl/smoke-nodeport/10_nginx-statefulset.yaml diff --git a/Cargo.lock b/Cargo.lock index c102f631..a5536994 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2359,8 +2359,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.80.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feature/smart-preferred-address-type#854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069" +version = "0.81.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.81.0#4a8d37794d9cb692da722170c6abbe0f78a0e8f8" dependencies = [ "chrono", "clap", @@ -2398,7 +2398,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feature/smart-preferred-address-type#854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.81.0#4a8d37794d9cb692da722170c6abbe0f78a0e8f8" dependencies = [ "darling", "proc-macro2", @@ -2409,7 +2409,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feature/smart-preferred-address-type#854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.81.0#4a8d37794d9cb692da722170c6abbe0f78a0e8f8" dependencies = [ "kube", "semver", diff --git a/Cargo.nix b/Cargo.nix index d8a08a8d..88ed2b74 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -7450,13 +7450,13 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.80.0"; + version = "0.81.0"; edition = "2021"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069"; - sha256 = "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "4a8d37794d9cb692da722170c6abbe0f78a0e8f8"; + sha256 = "085gyw19qryz4c2f8g3bsg1r6ksmpr1i14hqzis759wksj3qimdf"; }; libName = "stackable_operator"; authors = [ @@ -7612,9 +7612,9 @@ rec { edition = "2021"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069"; - sha256 = "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "4a8d37794d9cb692da722170c6abbe0f78a0e8f8"; + sha256 = "085gyw19qryz4c2f8g3bsg1r6ksmpr1i14hqzis759wksj3qimdf"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -7647,9 +7647,9 @@ rec { edition = "2021"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "854d8ab1098d04fe8a2a5a1ad0fa8cb0c2b83069"; - sha256 = "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "4a8d37794d9cb692da722170c6abbe0f78a0e8f8"; + sha256 = "085gyw19qryz4c2f8g3bsg1r6ksmpr1i14hqzis759wksj3qimdf"; }; libName = "stackable_shared"; authors = [ diff --git a/Cargo.toml b/Cargo.toml index 29ce00e5..b82cbe9d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,7 +21,7 @@ prost = "0.13" prost-types = "0.13" serde = "1.0" snafu = "0.8" -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.80.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.81.0" } strum = { version = "0.26", features = ["derive"] } socket2 = { version = "0.5", features = ["all"] } tokio = { version = "1.40", features = ["full"] } @@ -34,4 +34,3 @@ tracing = "0.1.40" [patch."https://github.com/stackabletech/operator-rs.git"] # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } # stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } -stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "feature/smart-preferred-address-type" } diff --git a/crate-hashes.json b/crate-hashes.json index 7fa75a13..737ac1ec 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,6 +1,6 @@ { - "git+https://github.com/stackabletech//operator-rs.git?branch=feature%2Fsmart-preferred-address-type#stackable-operator-derive@0.3.1": "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6", - "git+https://github.com/stackabletech//operator-rs.git?branch=feature%2Fsmart-preferred-address-type#stackable-operator@0.80.0": "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6", - "git+https://github.com/stackabletech//operator-rs.git?branch=feature%2Fsmart-preferred-address-type#stackable-shared@0.0.1": "03a6k3g7d02l1zl3jz0b8xmaks1akmf2dy2jm7yhi8vppr1g79s6", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.81.0#stackable-operator-derive@0.3.1": "085gyw19qryz4c2f8g3bsg1r6ksmpr1i14hqzis759wksj3qimdf", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.81.0#stackable-operator@0.81.0": "085gyw19qryz4c2f8g3bsg1r6ksmpr1i14hqzis759wksj3qimdf", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.81.0#stackable-shared@0.0.1": "085gyw19qryz4c2f8g3bsg1r6ksmpr1i14hqzis759wksj3qimdf", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" } \ No newline at end of file diff --git a/tests/templates/kuttl/smoke-nodeport/05-create-listenerclass.yaml b/tests/templates/kuttl/smoke-nodeport/05-create-listenerclass.yaml new file mode 100644 index 00000000..48c97ba5 --- /dev/null +++ b/tests/templates/kuttl/smoke-nodeport/05-create-listenerclass.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 05_listenerclass.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/smoke-nodeport/05-create-listenerclass.yaml.j2 b/tests/templates/kuttl/smoke-nodeport/05_listenerclass.yaml.j2 similarity index 75% rename from tests/templates/kuttl/smoke-nodeport/05-create-listenerclass.yaml.j2 rename to tests/templates/kuttl/smoke-nodeport/05_listenerclass.yaml.j2 index d62b0701..981c6751 100644 --- a/tests/templates/kuttl/smoke-nodeport/05-create-listenerclass.yaml.j2 +++ b/tests/templates/kuttl/smoke-nodeport/05_listenerclass.yaml.j2 @@ -2,7 +2,7 @@ apiVersion: listeners.stackable.tech/v1alpha1 kind: ListenerClass metadata: - name: listener-operator-test-smoke-nodeport + name: listener-operator-test-smoke-nodeport-$NAMESPACE spec: serviceType: NodePort preferredAddressType: {{ test_scenario['values']['addressType'] }} diff --git a/tests/templates/kuttl/smoke-nodeport/10-assert.yaml.j2 b/tests/templates/kuttl/smoke-nodeport/10-assert.yaml.j2 index d0c2ca2c..c34f48cf 100644 --- a/tests/templates/kuttl/smoke-nodeport/10-assert.yaml.j2 +++ b/tests/templates/kuttl/smoke-nodeport/10-assert.yaml.j2 @@ -13,4 +13,10 @@ metadata: name: listener-nginx-long-name-approaching-k8s-limits-0 status: ingressAddresses: +# FIXME: This test seems to assume that Nodes always have a hostname *and* a IP address (which should be the case on +# e.g. kind)! We probably need to relax this assertion at a later point of time +{% if test_scenario['values']['addressType'] == 'HostnameConservative' %} + - addressType: IP +{% else %} - addressType: {{ test_scenario['values']['addressType'] }} +{% endif %} diff --git a/tests/templates/kuttl/smoke-nodeport/10-create-nginx-statefulset.yaml b/tests/templates/kuttl/smoke-nodeport/10-create-nginx-statefulset.yaml index 060bf356..f65693bf 100644 --- a/tests/templates/kuttl/smoke-nodeport/10-create-nginx-statefulset.yaml +++ b/tests/templates/kuttl/smoke-nodeport/10-create-nginx-statefulset.yaml @@ -1,47 +1,5 @@ --- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - # Intentionally long name to trigger #110 - name: nginx-long-name-approaching-k8s-limits -spec: - serviceName: nginx - selector: - matchLabels: - app: nginx - replicas: 2 - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginxinc/nginx-unprivileged:1.25.2 - ports: - - name: http - containerPort: 8080 - volumeMounts: - - name: listener - mountPath: /listener - - name: metadata - mountPath: /usr/share/nginx/html/ - volumes: - - name: metadata - downwardAPI: - items: - - path: pod-name - fieldRef: - fieldPath: metadata.name - volumeClaimTemplates: - - metadata: - name: listener - annotations: - listeners.stackable.tech/listener-class: listener-operator-test-smoke-nodeport - spec: - accessModes: - - ReadWriteMany - storageClassName: listeners.stackable.tech - resources: - requests: - storage: 1 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: envsubst '$NAMESPACE' < 10_nginx-statefulset.yaml | kubectl apply -n $NAMESPACE -f - diff --git a/tests/templates/kuttl/smoke-nodeport/10_nginx-statefulset.yaml b/tests/templates/kuttl/smoke-nodeport/10_nginx-statefulset.yaml new file mode 100644 index 00000000..2f2bb8af --- /dev/null +++ b/tests/templates/kuttl/smoke-nodeport/10_nginx-statefulset.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + # Intentionally long name to trigger #110 + name: nginx-long-name-approaching-k8s-limits +spec: + serviceName: nginx + selector: + matchLabels: + app: nginx + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginxinc/nginx-unprivileged:1.25.2 + ports: + - name: http + containerPort: 8080 + volumeMounts: + - name: listener + mountPath: /listener + - name: metadata + mountPath: /usr/share/nginx/html/ + volumes: + - name: metadata + downwardAPI: + items: + - path: pod-name + fieldRef: + fieldPath: metadata.name + volumeClaimTemplates: + - metadata: + name: listener + annotations: + listeners.stackable.tech/listener-class: listener-operator-test-smoke-nodeport-$NAMESPACE + spec: + accessModes: + - ReadWriteMany + storageClassName: listeners.stackable.tech + resources: + requests: + storage: 1 diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 90acd866..0422050e 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -7,6 +7,7 @@ dimensions: values: - IP - Hostname + - HostnameConservative tests: - name: smoke-nodeport dimensions: From 83465201875ed7ede8b390320e86c45f2c52f325 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 6 Nov 2024 11:59:33 +0100 Subject: [PATCH 05/11] docs: Add newline --- docs/modules/listener-operator/pages/listenerclass.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/modules/listener-operator/pages/listenerclass.adoc b/docs/modules/listener-operator/pages/listenerclass.adoc index 95433a78..b6d00c21 100644 --- a/docs/modules/listener-operator/pages/listenerclass.adoc +++ b/docs/modules/listener-operator/pages/listenerclass.adoc @@ -84,7 +84,8 @@ The DNS hostname of a resource. Clients must be able to resolve these addresses [#addresstype-hostname-conservative] === HostnameConservative -A pseudo-addresstype that is equivalent to xref:#addresstype-ip[] for xref:#servicetype-nodeport[] services, and xref:#addresstype-hostname[] for all others. This means that we default to hostnames where "safe", but don't assume that nodes are resolvable by external clients. +A pseudo-addresstype that is equivalent to xref:#addresstype-ip[] for xref:#servicetype-nodeport[] services, and xref:#addresstype-hostname[] for all others. +This means that we default to hostnames where "safe", but don't assume that nodes are resolvable by external clients. == Default ListenerClasses From c3b19662488abbac514241294dcb6138d99da20d Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Thu, 7 Nov 2024 09:11:07 +0100 Subject: [PATCH 06/11] added permissions for finalizers --- deploy/helm/listener-operator/templates/roles.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/deploy/helm/listener-operator/templates/roles.yaml b/deploy/helm/listener-operator/templates/roles.yaml index bdcc116c..edd1a8d5 100644 --- a/deploy/helm/listener-operator/templates/roles.yaml +++ b/deploy/helm/listener-operator/templates/roles.yaml @@ -76,9 +76,14 @@ rules: - "" resources: - nodes + - persistentvolumes + - persistentvolumes/finalizers - persistentvolumeclaims - endpoints verbs: + - create + - update + - patch - get - list - watch @@ -118,6 +123,7 @@ rules: resources: - listeners - listeners/status + - listeners/finalizers - podlisteners verbs: - patch From 75b4f325501928d878fe627c46990bff663ab540 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Thu, 7 Nov 2024 09:36:09 +0100 Subject: [PATCH 07/11] missing permission --- deploy/helm/listener-operator/templates/roles.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/helm/listener-operator/templates/roles.yaml b/deploy/helm/listener-operator/templates/roles.yaml index edd1a8d5..22b2a0b0 100644 --- a/deploy/helm/listener-operator/templates/roles.yaml +++ b/deploy/helm/listener-operator/templates/roles.yaml @@ -129,6 +129,7 @@ rules: - patch - create - delete + - update {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }} - apiGroups: - security.openshift.io From b848ba60605b5120f74e2f89c645df71f33af3aa Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Thu, 7 Nov 2024 12:08:38 +0100 Subject: [PATCH 08/11] omit Hostname test case from openshift tests --- ...aml => 20-validate-all-ingresses-are-reachable.yaml.j2} | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) rename tests/templates/kuttl/smoke-nodeport/{20-validate-all-ingresses-are-reachable.yaml => 20-validate-all-ingresses-are-reachable.yaml.j2} (82%) diff --git a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 similarity index 82% rename from tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml rename to tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 index 50a0ff87..652be918 100644 --- a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml +++ b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 @@ -48,6 +48,8 @@ spec: containers: - name: query-ingresses image: docker.stackable.tech/stackable/testing-tools:0.2.0-stackable0.0.0-dev +# NOTE: Hostname resolution does not work on our OKD clusters, so the command for testing the Hostname is omitted on Openshift. It would be better to omit this entire test value for Openshift but this is not (yet) possible in beku. +{% if test_scenario['values']['openshift'] == 'true' and test_scenario['values']['addressType'] != "Hostname" %} command: - bash - -euo @@ -59,7 +61,7 @@ spec: ADDR=$(kubectl get listener/listener-$pod \ -o jsonpath='http://{.status.ingressAddresses[0].address}:{.status.ingressAddresses[0].ports.http}/pod-name'); echo Requesting $ADDR should return $pod; - curl -s $ADDR | grep $pod; + echo curl -s $ADDR | grep $pod; done echo Testing access via PodListeners @@ -68,8 +70,9 @@ spec: ADDR=$(kubectl get podlisteners/pod-$POD_UID \ -o jsonpath='http://{.spec.listeners.listener.ingressAddresses[0].address}:{.spec.listeners.listener.ingressAddresses[0].ports.http}/pod-name'); echo Requesting $ADDR should return $pod; - curl -s $ADDR | grep $pod; + echo curl -s $ADDR | grep $pod; done +{% endif %} resources: limits: cpu: 500m From 2ff1307fa3332cf77dff8cc6f78d3d832742b67b Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Thu, 7 Nov 2024 12:09:42 +0100 Subject: [PATCH 09/11] fixed test --- .../20-validate-all-ingresses-are-reachable.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 index 652be918..8d2ccfda 100644 --- a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 +++ b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2 @@ -61,7 +61,7 @@ spec: ADDR=$(kubectl get listener/listener-$pod \ -o jsonpath='http://{.status.ingressAddresses[0].address}:{.status.ingressAddresses[0].ports.http}/pod-name'); echo Requesting $ADDR should return $pod; - echo curl -s $ADDR | grep $pod; + curl -s $ADDR | grep $pod; done echo Testing access via PodListeners @@ -70,7 +70,7 @@ spec: ADDR=$(kubectl get podlisteners/pod-$POD_UID \ -o jsonpath='http://{.spec.listeners.listener.ingressAddresses[0].address}:{.spec.listeners.listener.ingressAddresses[0].ports.http}/pod-name'); echo Requesting $ADDR should return $pod; - echo curl -s $ADDR | grep $pod; + curl -s $ADDR | grep $pod; done {% endif %} resources: From 7b3be9818e43a749e49cadce8b97c8519acd1ecf Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Thu, 7 Nov 2024 12:25:38 +0100 Subject: [PATCH 10/11] changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffb06666..a48ab27b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ All notable changes to this project will be documented in this file. - Listener controller now listens for ListenerClass updates ([#231]). - Propagate `ListenerClass.spec.serviceAnnotations` to the created Services ([#234]). - Failing to parse one `Listener`/`ListenerClass` should no longer cause the whole operator to stop functioning ([#238]). +- Added necessary RBAC permissions for running on Openshift ([#246]). [#231]: https://github.com/stackabletech/listener-operator/pull/231 [#232]: https://github.com/stackabletech/listener-operator/pull/232 @@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file. [#237]: https://github.com/stackabletech/listener-operator/pull/237 [#238]: https://github.com/stackabletech/listener-operator/pull/238 [#244]: https://github.com/stackabletech/listener-operator/pull/244 +[#246]: https://github.com/stackabletech/listener-operator/pull/246 ## [24.7.0] - 2024-07-24 From 60ace557728d7f9c673691dafe8054256942fa8e Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 8 Nov 2024 09:43:39 +0100 Subject: [PATCH 11/11] removed unecessary permissions on PVs --- deploy/helm/listener-operator/templates/roles.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/deploy/helm/listener-operator/templates/roles.yaml b/deploy/helm/listener-operator/templates/roles.yaml index 22b2a0b0..2eda982d 100644 --- a/deploy/helm/listener-operator/templates/roles.yaml +++ b/deploy/helm/listener-operator/templates/roles.yaml @@ -76,14 +76,9 @@ rules: - "" resources: - nodes - - persistentvolumes - - persistentvolumes/finalizers - persistentvolumeclaims - endpoints verbs: - - create - - update - - patch - get - list - watch