separate route tables for node and control-plane #816
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
area/provider/azure
|
/hold for validation of the requirement |
k8s-ci-robot
added
the
do-not-merge/hold
nader-ziada
force-pushed
the
2routetables
branch
from
75150c1 to
a18300d
Compare
nader-ziada
force-pushed
the
2routetables
branch
from
a18300d to
58ffc3c
Compare
k8s-ci-robot
added
size/XL
k8s-ci-robot
added
the
needs-rebase
nader-ziada
force-pushed
the
2routetables
branch
from
58ffc3c to
bdd733b
Compare
k8s-ci-robot
removed
the
needs-rebase
|
@CecileRobertMichon @jsturtevant do we still think we need this feature? |
I think so? it's more correct this way at least, even if we're not leveraging the route tables yet. |
|
agreed, it is closer to the the way the public API is designed. The other alternative is to modify the API to only allow a single route table. @aramase Do you know of scenarios where control plane would have a different route table than the worker nodes? |
|
ok in that case ready for review |
k8s-ci-robot
removed
the
do-not-merge/hold
I don't see a scenario where we would need a different route table for control plane and worker nodes. I haven't had a chance to look at the PR completely, but when the control plane/worker node is bootstrapped is the |
|
@aramase azure.json uses the node route table as "routeTableName" see https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/master/controllers/helpers.go#L228 BTW we should change that to get the actual |
nader-ziada
force-pushed
the
2routetables
branch
from
bdd733b to
1d972ee
Compare
we only create one azure.json secret for machines, so control plane and worker machines will get the same, right? |
nader-ziada
force-pushed
the
2routetables
branch
from
1d972ee to
af85738
Compare
we do create one per MD/Machine so technically they could have different ones (although right now the controller sets the same thing regardless of machine role). We are going to have to differ between the two as part of #921 anyways. What I'm not 100% sure about is why would you ever want you azure.json routeTable value to be the control plane route table? |
nader-ziada
force-pushed
the
2routetables
branch
from
af85738 to
59b0149
Compare
|
/test pull-cluster-api-provider-azure-e2e |
nader-ziada
force-pushed
the
2routetables
branch
from
59b0149 to
4929028
Compare
|
rebased with ipv6 |
|
ready for review @CecileRobertMichon @devigned |
api/v1alpha3/azurecluster_default.go
Outdated
| @@ -89,7 +89,7 @@ func (c *AzureCluster) setSubnetDefaults() { | |||
| cpSubnet.SecurityGroup.Name = generateControlPlaneSecurityGroupName(c.ObjectMeta.Name) | |||
| } | |||
| if cpSubnet.RouteTable.Name == "" { | |||
| cpSubnet.RouteTable.Name = generateRouteTableName(c.ObjectMeta.Name) | |||
| cpSubnet.RouteTable.Name = generateControlPlaneRouteTableName(c.ObjectMeta.Name) | |||
There was a problem hiding this comment.
I think we should consider not creating a control plane route table by default and only creating it if the user specifies one since the default use case doesn't require one
There was a problem hiding this comment.
so still use node route table unless the user specifies their own name of control plane route table?
There was a problem hiding this comment.
yes, the route table is attached to the subnet and the cloud provider cares about the NodeSubnet so it should only care about the NodeRouteTable. This behavior is just more correct because it doesn't ignore the Spec for route table on the control plane subnet and allows more advanced users to customize their cluster. But the default should stay the same, ie. Node subnet has a route table, control plane subnet doesn't, and the azure.json file has the node route table as routeTableName on all nodes.
nader-ziada
force-pushed
the
2routetables
branch
from
4929028 to
9c836ea
Compare
nader-ziada
force-pushed
the
2routetables
branch
from
9c836ea to
5e08e50
Compare
|
@nader-ziada: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@CecileRobertMichon @devigned ready for another review. Thanks |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: devigned The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #718
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
Release note: