diff --git a/Cargo.lock b/Cargo.lock index 8c665c68e..ba5ebdc4b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1480,8 +1480,7 @@ dependencies = [ [[package]] name = "kube" version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48e7bb0b6a46502cc20e4575b6ff401af45cfea150b34ba272a3410b78aa014e" +source = "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#26543e85dc7daaf82d8f7dbd902b26775798879e" dependencies = [ "k8s-openapi", "kube-client", @@ -1493,8 +1492,7 @@ dependencies = [ [[package]] name = "kube-client" version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4987d57a184d2b5294fdad3d7fc7f278899469d21a4da39a8f6ca16426567a36" +source = "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#26543e85dc7daaf82d8f7dbd902b26775798879e" dependencies = [ "base64", "bytes", @@ -1529,8 +1527,7 @@ dependencies = [ [[package]] name = "kube-core" version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "914bbb770e7bb721a06e3538c0edd2babed46447d128f7c21caa68747060ee73" +source = "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#26543e85dc7daaf82d8f7dbd902b26775798879e" dependencies = [ "chrono", "derive_more", @@ -1548,8 +1545,7 @@ dependencies = [ [[package]] name = "kube-derive" version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03dee8252be137772a6ab3508b81cd797dee62ee771112a2453bc85cbbe150d2" +source = "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#26543e85dc7daaf82d8f7dbd902b26775798879e" dependencies = [ "darling", "proc-macro2", @@ -1562,8 +1558,7 @@ dependencies = [ [[package]] name = "kube-runtime" version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aea4de4b562c5cc89ab10300bb63474ae1fa57ff5a19275f2e26401a323e3fd" +source = "git+https://github.com/stackabletech/kube-rs?branch=2.0.1-fix-schema-hoisting#26543e85dc7daaf82d8f7dbd902b26775798879e" dependencies = [ "ahash", "async-broadcast", diff --git a/Cargo.toml b/Cargo.toml index bceb6c9b0..1f191b8db 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -37,7 +37,8 @@ json-patch = "4.0.0" k8s-openapi = { version = "0.26.0", default-features = false, features = ["schemars", "v1_34"] } # We use rustls instead of openssl for easier portability, e.g. so that we can build stackablectl without the need to vendor (build from source) openssl # We use ring instead of aws-lc-rs, as this currently fails to build in "make run-dev" -kube = { version = "2.0.0", default-features = false, features = ["client", "jsonpatch", "runtime", "derive", "rustls-tls", "ring"] } +# We pin the kube version, as we use a patch for 2.0.1 below +kube = { version = "=2.0.1", default-features = false, features = ["client", "jsonpatch", "runtime", "derive", "rustls-tls", "ring"] } opentelemetry = "0.31.0" opentelemetry_sdk = { version = "0.31.0", features = ["rt-tokio"] } opentelemetry-appender-tracing = "0.31.0" @@ -93,3 +94,6 @@ rsa.opt-level = 3 [profile.dev.package] insta.opt-level = 3 similar.opt-level = 3 + +[patch.crates-io] +kube = { git = "https://github.com/stackabletech/kube-rs", branch = "2.0.1-fix-schema-hoisting" } diff --git a/crates/stackable-operator/CHANGELOG.md b/crates/stackable-operator/CHANGELOG.md index 6f700ee07..c89d6b6a8 100644 --- a/crates/stackable-operator/CHANGELOG.md +++ b/crates/stackable-operator/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Fixed + +- BREAKING: Default ListenerClass `.spec.externalTrafficPolicy` to `null` so that LoadBalancers work everywhere ([#1107]). + +[#1107]: https://github.com/stackabletech/operator-rs/pull/1107 + ## [0.100.1] - 2025-10-23 ### Changed diff --git a/crates/stackable-operator/crds/AuthenticationClass.yaml b/crates/stackable-operator/crds/AuthenticationClass.yaml index 8d2c5de7c..a4cb0dfb9 100644 --- a/crates/stackable-operator/crds/AuthenticationClass.yaml +++ b/crates/stackable-operator/crds/AuthenticationClass.yaml @@ -246,7 +246,6 @@ spec: intended to be used (via the `.well-known` discovery). enum: - Keycloak - - null nullable: true type: string rootPath: diff --git a/crates/stackable-operator/crds/DummyCluster.yaml b/crates/stackable-operator/crds/DummyCluster.yaml index 401b7b6c8..80ae1c35c 100644 --- a/crates/stackable-operator/crds/DummyCluster.yaml +++ b/crates/stackable-operator/crds/DummyCluster.yaml @@ -129,12 +129,11 @@ spec: - ERROR - FATAL - NONE - - null nullable: true type: string type: object custom: - description: Custom log configuration provided in a ConfigMap + description: Log configuration provided in a ConfigMap properties: configMap: description: ConfigMap containing the log configuration files @@ -157,7 +156,6 @@ spec: - ERROR - FATAL - NONE - - null nullable: true type: string type: object @@ -177,7 +175,6 @@ spec: - ERROR - FATAL - NONE - - null nullable: true type: string type: object @@ -419,12 +416,11 @@ spec: - ERROR - FATAL - NONE - - null nullable: true type: string type: object custom: - description: Custom log configuration provided in a ConfigMap + description: Log configuration provided in a ConfigMap properties: configMap: description: ConfigMap containing the log configuration files @@ -447,7 +443,6 @@ spec: - ERROR - FATAL - NONE - - null nullable: true type: string type: object @@ -467,7 +462,6 @@ spec: - ERROR - FATAL - NONE - - null nullable: true type: string type: object diff --git a/crates/stackable-operator/crds/ListenerClass.yaml b/crates/stackable-operator/crds/ListenerClass.yaml index e3625da67..0e87e2b65 100644 --- a/crates/stackable-operator/crds/ListenerClass.yaml +++ b/crates/stackable-operator/crds/ListenerClass.yaml @@ -77,16 +77,17 @@ spec: description: Annotations that should be added to the Service object. type: object serviceExternalTrafficPolicy: - default: Local description: |- - `externalTrafficPolicy` that should be set on the created [`Service`] objects. + Service Internal Traffic Policy enables internal traffic restrictions to only route internal + traffic to endpoints within the node the traffic originated from. The "internal" traffic + here refers to traffic originated from Pods in the current cluster. This can help to reduce + costs and improve performance. See [Kubernetes docs][k8s-docs]. - The default is `Local` (in contrast to `Cluster`), as we aim to direct traffic to a node running the workload - and we should keep testing that as the primary configuration. Cluster is a fallback option for providers that - break Local mode (IONOS so far). + [k8s-docs]: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ enum: - Cluster - Local + nullable: true type: string serviceType: description: The method used to access the services. diff --git a/crates/stackable-operator/src/crd/listener/class/mod.rs b/crates/stackable-operator/src/crd/listener/class/mod.rs index fb80787c8..dd4e9e550 100644 --- a/crates/stackable-operator/src/crd/listener/class/mod.rs +++ b/crates/stackable-operator/src/crd/listener/class/mod.rs @@ -50,13 +50,26 @@ pub mod versioned { #[serde(default)] pub service_annotations: BTreeMap, - /// `externalTrafficPolicy` that should be set on the created [`Service`] objects. + /// `externalTrafficPolicy` that should be set on the created Service objects. /// - /// The default is `Local` (in contrast to `Cluster`), as we aim to direct traffic to a node running the workload - /// and we should keep testing that as the primary configuration. Cluster is a fallback option for providers that - /// break Local mode (IONOS so far). - #[serde(default = "ListenerClassSpec::default_service_external_traffic_policy")] - pub service_external_traffic_policy: core_v1alpha1::KubernetesTrafficPolicy, + /// It is a Kubernetes feature that controls how external traffic is routed to a Kubernetes + /// Service. + /// + /// * `Cluster`: Kubernetes default. Traffic is routed to any node in the Kubernetes cluster that + /// has a pod running the service. + /// * `Local`: Traffic is only routed to pods running on the same node as the Service. + /// + /// The `Local` mode has better performance as it avoids a network hop, but requires a more + /// sophisticated LoadBalancer, that respects what Pods run on which nodes and routes traffic only + /// to these nodes accordingly. Some cloud providers or bare metal installations do not implement + /// some of the required features. + // + // Please note that Option is used here instead of a different default traffic policy. This will be + // deserialized as `None` and will thus forward the selection of the traffic policy to Kubernetes + // (which currently defaults to `Cluster`). This should be the most sensible option in most cases. + // There is the possibility Kubernetes will automatically choose `Local` if support for it on the + // LoadBalancer has been detected. + pub service_external_traffic_policy: Option, /// Whether addresses should prefer using the IP address (`IP`) or the hostname (`Hostname`). /// Can also be set to `HostnameConservative`, which will use `IP` for `NodePort` service types, but `Hostname` for everything else. diff --git a/crates/stackable-operator/src/crd/listener/class/v1alpha1_impl.rs b/crates/stackable-operator/src/crd/listener/class/v1alpha1_impl.rs index 1913994d2..548f7823b 100644 --- a/crates/stackable-operator/src/crd/listener/class/v1alpha1_impl.rs +++ b/crates/stackable-operator/src/crd/listener/class/v1alpha1_impl.rs @@ -1,13 +1,9 @@ use crate::crd::listener::{ class::v1alpha1::ListenerClassSpec, - core::v1alpha1::{AddressType, KubernetesTrafficPolicy, PreferredAddressType}, + core::v1alpha1::{AddressType, PreferredAddressType}, }; impl ListenerClassSpec { - pub(super) const fn default_service_external_traffic_policy() -> KubernetesTrafficPolicy { - KubernetesTrafficPolicy::Local - } - pub(super) const fn default_preferred_address_type() -> PreferredAddressType { PreferredAddressType::HostnameConservative } diff --git a/crates/stackable-operator/src/crd/listener/core/mod.rs b/crates/stackable-operator/src/crd/listener/core/mod.rs index 394aae48d..545b19afd 100644 --- a/crates/stackable-operator/src/crd/listener/core/mod.rs +++ b/crates/stackable-operator/src/crd/listener/core/mod.rs @@ -45,6 +45,8 @@ pub mod versioned { /// Preserves the client source IP and avoid a second hop for LoadBalancer and NodePort type /// Services, but makes clients responsible for spreading the load. + /// + /// Does not work on all Kubernetes installations. Local, }