Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-17022: further reduce frequency of proxy config checks where necessary #630

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

OCPBUGS-17022: further reduce frequency of proxy config checks where necessary #630

wants to merge 5 commits into from

Conversation

liouk
Copy link
Member

@liouk liouk commented Aug 25, 2023
edited
Loading

This PR brings the following improvements:

  • increase the interval of the check of the OAuthRouteCheckController from 1 to 5 minutes
  • modify ProxyConfigChecker to ignore events caused by informer cache resyncs that don't yield changes in the respective config maps
  • filter only relevant ConfigMaps and Secrets to the OAuthRouteCheckController
  • if the connection parameters haven't changed, don't check an endpoint more frequently than the desired interval

@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Aug 25, 2023
@openshift-ci-robot
Copy link
Contributor

@liouk: This pull request references Jira Issue OCPBUGS-17022, which is invalid:

  • expected the bug to target the "4.14.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This PR brings the following improvements:

  • increase the interval of the check of the OAuthRouteCheckController from 1 to 5 minutes
  • modify ProxyConfigChecker to ignore events caused by informer cache resyncs that don't yield changes in the respective config maps

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 25, 2023
@openshift-ci openshift-ci bot requested review from deads2k and stlaz August 25, 2023 12:47
@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 31, 2023
@liouk
Copy link
Member Author

liouk commented Sep 12, 2023

/hold cancel
the automation should be capable of merging this when the critical-fixes-only gate is lifted

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 12, 2023
@openshift-ci-robot
Copy link
Contributor

@liouk: This pull request references Jira Issue OCPBUGS-17022, which is invalid:

  • expected the bug to target the "4.15.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

This PR brings the following improvements:

  • increase the interval of the check of the OAuthRouteCheckController from 1 to 5 minutes
  • modify ProxyConfigChecker to ignore events caused by informer cache resyncs that don't yield changes in the respective config maps
  • skip config checks triggered by configmap changes whenever an HTTP proxy has been configured in the httpsProxy field

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

@liouk: This pull request references Jira Issue OCPBUGS-17022, which is invalid:

  • expected the bug to target the "4.15.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

This PR brings the following improvements:

  • increase the interval of the check of the OAuthRouteCheckController from 1 to 5 minutes
  • modify ProxyConfigChecker to ignore events caused by informer cache resyncs that don't yield changes in the respective config maps
  • skip config checks triggered by CA configmap changes whenever an HTTP proxy has been configured in the httpsProxy field (OCPBUGS-17130)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@liouk liouk force-pushed the fix-proxy-checks branch 3 times, most recently from 5cdbfd5 to e3dfe2b Compare October 3, 2023 13:10
@openshift-merge-robot
Copy link
Contributor

@liouk: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/unit 5cdbfd5 link true /test unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@liouk liouk force-pushed the fix-proxy-checks branch 2 times, most recently from b56b962 to e7672ff Compare October 5, 2023 09:18
@liouk
Copy link
Member Author

liouk commented Oct 5, 2023

/retest-required

@liouk liouk force-pushed the fix-proxy-checks branch 2 times, most recently from 7942d3a to 99e7947 Compare October 5, 2023 14:14
@liouk liouk changed the title WIP: OCPBUGS-17022: further reduce frequency of proxy config checks where necessary OCPBUGS-17022: further reduce frequency of proxy config checks where necessary Oct 5, 2023
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 5, 2023
@openshift-ci-robot
Copy link
Contributor

@liouk: This pull request references Jira Issue OCPBUGS-17022, which is invalid:

  • expected the bug to target the "4.15.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This PR brings the following improvements:

  • increase the interval of the check of the OAuthRouteCheckController from 1 to 5 minutes
  • modify ProxyConfigChecker to ignore events caused by informer cache resyncs that don't yield changes in the respective config maps

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@liouk
Copy link
Member Author

liouk commented Oct 6, 2023

/jira refresh

@openshift-ci-robot
Copy link
Contributor

@liouk: This pull request references Jira Issue OCPBUGS-17022, which is invalid:

  • expected the bug to target the "4.15.0" version, but it targets "4.14.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@liouk
Copy link
Member Author

liouk commented Oct 6, 2023

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Oct 6, 2023
stlaz
stlaz reviewed Jan 12, 2024
View reviewed changes
pkg/controllers/proxyconfig/proxyconfig_controller.go Outdated
Comment on lines 255 to 257
if syncCtx == nil {
return
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove, panic instead

pkg/controllers/oauthendpoints/oauth_endpoints_controller.go Outdated
@@ -57,6 +57,19 @@ func NewOAuthRouteCheckController(
return getOAuthRouteTLSConfig(cmLister, secretLister, ingressLister, systemCABundle)
}

filterFunc := factory.NamesFilter(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

non-generic, self-explanatory name, please

pkg/libs/endpointaccessible/endpoint_accessible_controller.go Outdated
}
transport.TLSClientConfig = tlsConfig

// these are the fields that are set by our getTLSConfigFn funcs
tlsChanged = c.lastServerName != tlsConfig.ServerName || !tlsConfig.RootCAs.Equal(c.lastCA)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tlsConfig is a generic construct, is comparison of just these two attributes good enough?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are the only fields that are set by the oauth endpoints controller:

pkg/libs/endpointaccessible/endpoint_accessible_controller.go Outdated
return err
tlsChanged := false
var tlsConfig *tls.Config
if c.getTLSConfigFn != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we allow this to be nil?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was like this before -- I've removed the check now, it is now used as endpointListFn() is, without any nil check.

liouk added 4 commits January 25, 2024 12:03
@liouk
proxyconfig: use ConfigMap informers with custom event handlers
24c80ca 
that ignores updates that do not modify the actual object; this can
occur when an informer updates its cache, as the cache update will
trigger a sync even if there's no change in the object
@liouk
proxyconfig: improve error messages
ec0252d
@liouk
oauthendpoints: use separate resync intervals for each EndpointAccess…
d11d24e 
…ibleController
@liouk
oauthendpoints: filter only relevant informer resources to the OAuthR…
594a160 
…outeCheckController
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Jan 25, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 25, 2024

New changes are detected. LGTM label has been removed.

@liouk
endpointaccessible: check if endpoint parameters changed at every sync
91360bd 
If there are no changes in the endpoint parameters, skip the check.
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 25, 2024
edited
Loading

@liouk: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-agnostic-ipv6 91360bd link false /test e2e-agnostic-ipv6

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@liouk
Copy link
Member Author

liouk commented Jan 30, 2024

/retest-required

@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 9, 2024
@liouk
Copy link
Member Author

liouk commented May 13, 2024

/remove-lifecycle stale

@openshift-ci openshift-ci bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 13, 2024
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 11, 2024
@liouk
Copy link
Member Author

liouk commented Aug 13, 2024

/lifecycle frozen

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 13, 2024

@liouk: The lifecycle/frozen label cannot be applied to Pull Requests.

In response to this:

/lifecycle frozen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@liouk
Copy link
Member Author

liouk commented Aug 13, 2024

/remove-lifecycle stale

@openshift-ci openshift-ci bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 13, 2024
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 11, 2024
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 11, 2024
@liouk
Copy link
Member Author

liouk commented Nov 11, 2024

/lifecycle frozen

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 11, 2024

@liouk: The lifecycle/frozen label cannot be applied to Pull Requests.

In response to this:

/lifecycle frozen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@liouk
Copy link
Member Author

liouk commented Nov 11, 2024

/remove-lifecycle stale

@openshift-ci openshift-ci bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stlaz stlaz stlaz left review comments

@ibihim ibihim ibihim approved these changes

@deads2k deads2k Awaiting requested review from deads2k

@xingxingxia xingxingxia Awaiting requested review from xingxingxia

Assignees

@ibihim ibihim

Labels
jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@liouk @openshift-ci-robot @openshift-merge-robot @ibihim @openshift-bot @stlaz