Abort Kubernetes Ingress update if Kubernetes API call fails

[regner]

Currently if a Kubernetes API call fails we potentially remove a working service from Traefik. This changes it so if a Kubernetes API call fails we abort out of the ingress update and use the current working config. Github issue: #1240

Tests are currently failing but wanted to get the PR up for a few reasons:

1. Confirm this is how we want to solve this issue (abort the whole ingress update if a single API call fails)
2. That there isn't a better way to do the tests
3. I would like the tests to catch a specific error, but don't know what error to expect being raised from the API call

Fixes #1240

[timoreimann]

1. IMHO that's the right approach. See my comment though on making an error/missing distinction when we get the endpoints.
2. Generally the test approach is fine. I made a few suggestions though on how to improve the test implementation.
3. Does my code comment answer this question?

[timoreimann]

I suggest we convert the test into a table-driven one using sub-tests. Among several benefits, this should improve readability and reduce the amount of test code needed.

[timoreimann]

This can be t.Error in my view.

[timoreimann]

Conventionally, if an error occurs in a function returning multiple values, the non-error parameters are set to their default values. Thus, I'd use false for the boolean return value.

Slightly related/unrelated: I don't know why we return true in line 1624 when we seemingly can't find the service.

[timoreimann]

Also false here.

[timoreimann]

Do we need this annotation for the tests at hand?

I'm always in favor of keeping test fixtures as minimized as possible.

[regner]

Going to move it to a separate test specifically for checking the !exists cases.

[timoreimann]

Needed?

[regner]

See above.

[timoreimann]

I don't see a test for this case. I suppose it's already covered by a pre-existing test?

[regner]

You mean the does not exist part? No that was on my todo list, it is actually why the ingress part of the new test has sample data. Was thinking of moving it to a separate test though.

[timoreimann]

Separate test sounds good. 👍

[regner]

Added tests for this and the !exists endpoints

[timoreimann]

Any particular reason we not splitting up the two cases here as well?

[regner]

A bad rebase is why actually. Specifically wrote some test code for it. Will fix,

[timoreimann]

You can get rid of this variable by changing the type of api{Service,Endpoints}Error to error and returning the error if it's non-nil in the stubbed getter methods.

[timoreimann]

Instead of just checking for the error being nil, what I think we can do here is pass a custom error variable to the mock (e.g., errors.New("failed")) and check against this very error. It shouldn't matter what error value we inject since our code doesn't depend on any specific error -- we just want to verify that we return the error to the caller that the (mocked) API gives us.
Similar for the endpoint case.

I hope this addresses your third question.

[regner]

That should work great. Will make the change.

[regner]

Tests SHOULD be passing now. Still need to move the tests over to using the table driven test method, need to add tests for the !exists code paths, and am not sure how we want to handle when things don't exist. For example when a service doesn't exist do we still add the frontend? The two cases of this right now are when services or endpoints don't exist. Both cases can easily be someone putting a typo in the service name or port name.

[timoreimann]

AFAICS, the only alternative we have to skipping frontends with missing services/endpoints is to revert the entire configuration (i.e., apply the error case resolution). IMHO, we shouldn't do that since such misses are usually due to a user mistake (as you said) and would consequently "punish" all other frontends that did everything correct.
There's also the case where a service or endpoint isn't available because the k8s reconciliation loops haven't completed yet. That's another situation where skipping and hoping for the next watch API event to trigger a benevolent update seems like the better option to me.

I believe the focus of this PR should be to fix #1240, which is to protect against the Kube API temporarily being unavailable. By handling that case gracefully (through reverting to the previous configuration) and maintaining the "missing" behavior as-is, I think we have satisfied the goal at hand. Potential improvements to the missing case, especially if the direction isn't super clear, can be handled by follow-up issues/PRs.

Just my 2 cents. :)

[regner]

Was reviewing this PR this morning and noticed that the condition in my new test to check for failure was actually wrong and would be passing even if it shouldn't.

Fixed that and added test data back in. Without the test data the loadIngress logic doesn't get far enough along to trigger the errors we want to test for. So added the test data back in.

Very sorry about that! The logic in loadIngress was fine and I didn't have to make any changes there. It was just the tests not actually doing anything useful.

[timoreimann]

One more comment.

Also, anxiously waiting for that table-driven version. :-)

[timoreimann]

We can simplify the assertion by comparing error values:

if err != client.apiServiceError {
  ...
}

Once you turn the test into a table-driven one, define and inject an error variable var apiErr = errors.New("error") and compare against that in each test case.

[timoreimann]

Same pattern as above.

[emilevauge]

Minor comment, but I would use something more random than failed here.

[emilevauge]

Thanks a lot @regner :)
Could you squash your commits?
Apart from minor comments, LGTM.

[regner]

Commits all squashed and that final test case added.

@timoreimann be aware, as this isn't obvious with the squash, that I renamed the test from TestServiceErrors to TestKubeAPIErrors as it isn't just related to services but endpoints as well.

I also changed apiErr := errors.New("failed") to apiErr := errors.New("failed kube api call") as per the comment from @emilevauge.

Other then that I only added the TestMissingResources test case and nothing else should have changed.

[timoreimann]

Found one tiny test coding bug and filed two suggestions. :-)

[timoreimann]

You need to capture the loop variable by an assignment tc := tc since we run the tests in parallel (as documented). Otherwise, chances are we will be testing a single case only.

[timoreimann]

Suggestion: Could we change the host name to something like "host_with_missing_service" or place an according comment to indicate that the purpose of this Ingress resource test-wise is to not be found because of that reason?

It takes a bit of back of forth scrolling to understand the purpose of the individual objects this test is setting up. I think purposeful names / comments could alleviate that.

[timoreimann]

Similarly, something that indicates this Ingress' Service's Endpoints are missing?

[timoreimann]

The new TestMissingResources test is still failing according to CI.

Tests are failing

[regner]

My most recent commit where I add a blank Servers attribute the "missing_service" expected output is required to pass the diff. @timoreimann helped me figure this out, but essentially without it we end up comparing a nil to a blank Servers definition.

-          (string) (len=15) "missing_service": (*types.Backend)(0xc4201b0450)({
-           Servers: (map[string]types.Server) <nil>,
+          (string) (len=15) "missing_service": (*types.Backend)(0xc4201b0270)({
+           Servers: (map[string]types.Server) {
+           },

One of the unfortunate parts of that is the normal logging we do for the failed comparison doesn't show this difference. The above output was retrieved when @timoreimann made the following change:

if !reflect.DeepEqual(actual, expected) {
    t.Fatalf("expected %+v, got %+v", string(expectedJSON), string(actualJSON))
    t.Fatalf("expected\n%v\ngot\n\n%v", spew.Sdump(expected), spew.Sdump(actual))
}

Something to keep in mind in the future.

[timoreimann]

LGTM -- we did it, @regner. :-)

Major thanks for bearing with me for so long and helping to discover a few issues with the existing tests. This should prove valuable in improving the correcting the tests in the future, which is vital for our code base to stay healthy.

Again: Great job! 🎉

[timoreimann]

@regner I pushed a small commit that includes a link to #1307.

The tests went green before, so I think that we can squash and merge as soon as we have @emilevauge's approval. 🎉

[regner]

Good call on adding the link

[emilevauge]

LGTM!
Thanks a lot @regner & @timoreimann :)