Convert cluster.openshift.io/Network in to the NetworkConfig CRD; update Network status #47
Conversation
squeed
added
the
do-not-merge/hold
openshift-ci-robot
added
do-not-merge/work-in-progress
openshift-ci-robot
added
the
approved
|
Pending openshift/api#141 merge |
|
But an admin can directly modify the CRD as well, right? (In fact, they have to, to configure some options). What happens if they modify the CRD to contradict the cluster config? |
|
@danwinship yeah, I was thinking about that. I can see two possibilities. Either we say "hey, don't do that!", or we remove those fields from the CRD. Removing overlapping fields from the CRD seems like the right way to me. I don't expect us to be adding much more in the way of fields to the Cluster object (except maybe Isolation). I'll update the PR (and simplify most of the controller loop) to do this. We'll have to keep the duplicate fields for now, and roll it out in stages. FWIW, part of this PR makes it possible to get networking up with just the cluster Network object (by defaulting to NetworkPolicy mode for openshift-sdn. |
openshift-ci-robot
added
size/XXL
|
Okay, updated this. Now, if there are any fields that were improperly updated in the "downstream" object, revert those changes when we reconcile. |
squeed
removed
do-not-merge/hold
squeed
changed the title
|
Odd, operator logs seem fine. |
|
Hit another AWS quota issue: /retest |
|
Flake city. |
|
/retest |
|
All green. @danwinship, would you mind reviewing? |
| size, _ := cidr.Mask.Size() | ||
| // The comparison is inverted; smaller number is larger block | ||
| if cnet.HostPrefix < uint32(size) { | ||
| return errors.Errorf("hostPrefix %d is larger than its cidr %s", |
There was a problem hiding this comment.
To match origin's validation, this should be <= not <. Also it checks that HostSubnetLength >= 2 aka HostPrefix <= 30
There was a problem hiding this comment.
By my reading, it seems to allow a HostPrefix that is the same size as the CIDR? I'm looking here
There was a problem hiding this comment.
huh... somehow i looked at that same code and got the wrong answer.
| // If there are changes to the "downstream" networkconfig, commit it back | ||
| // to the apiserver | ||
| log.Println("WARNING: NetworkConfig.networkoperator.openshift.io has fields being overwritten by Network.cluster.openshift.io configuration") | ||
| cfg.TypeMeta = metav1.TypeMeta{APIVersion: "networkoperator.openshift.io/v1", Kind: "NetworkConfig"} |
There was a problem hiding this comment.
Good question. There's some kind of bug with the shared cache that is unsetting the Kind, but only on the second run of the reconcile loop.
Sometimes the straightest path is through the mud :-/
There was a problem hiding this comment.
maybe this is one of those things where you're mutating an object you got from a cache rather than DeepCopying it and mutating the copy?
There was a problem hiding this comment.
Probably not that, but something similar. The client always copies in to a receiving object, and all the types should be registered with the schema. Just confusing.
|
@danwinship Thanks for the excellent review. suggestions incorporated, PTAL. |
|
There are a few README changes needed, but I'd rather make them as part of a follow-up PR, since CI is all green and PRs exclusively with doc changes skip CI. |
README.md
Outdated
| @@ -30,9 +59,14 @@ spec: | |||
| ## Configuring IP address pools | |||
| Users must supply at least two address pools - one for pods, and one for services. These are the ClusterNetworks and ServiceNetwork parameter. Some network plugins, such as OpenShiftSDN, support multiple ClusterNetworks. All address blocks must be non-overlapping. You should select address pools large enough to fit your anticipated workload. | |||
|
|
|||
| For future expansion, multiple `serviceNetwork` entries are allowed by the configuration but not actually supported by any network plugins. Supplying multiple addresses is invalid. | |||
|
|
|||
| Each `clusterNetwork` entry has an additional required parameter, `hostPrefix`, that specifies the address size to assign to assign to each individual node. For example | |||
There was a problem hiding this comment.
Yes, the example is missing, bah.
There was a problem hiding this comment.
so either add the example or remove "For example"
README.md
Outdated
|
|
||
| Each `clusterNetwork` entry has an additional required parameter, `hostPrefix`, that specifies the address size to assign to assign to each individual node. For example | ||
|
|
||
| IP address pulls are always read from the Cluster configuration and propagated "downwards" in to the Operator configuration. Any changes to the Operator configuration will be ignored. |
|
@danwinship can I get a LGTM? |
| #### Configuration objects | ||
| *Cluster config* | ||
| - *Type Name*: `Network.config.openshift.io` | ||
| - *Instance Name*: `cluster` |
There was a problem hiding this comment.
(I assume this name matches what other people are doing?)
There was a problem hiding this comment.
Yup. Once the installer switches from NetworkConfig to Network, we can align the names if we like.
README.md
Outdated
| *Cluster config* | ||
| - *Type Name*: `Network.config.openshift.io` | ||
| - *Instance Name*: `cluster` | ||
| - *View Command*: `oc get Network.openshift.io cluster -oyaml` |
There was a problem hiding this comment.
Network.config.openshift.io
README.md
Outdated
| networkType: OpenShiftSDN | ||
| ``` | ||
|
|
||
| *Operator Config* |
There was a problem hiding this comment.
(Clarify that the operator config in this example would have been auto-generated. Or alternatively, add a non-auto-generatable line to it and then explain that everything except that one line was auto-generated.)
README.md
Outdated
| The network operator has a complex configuration, but most parameters have a sensible default. | ||
| The network operator gets its configuration from two objects: the Cluster and the Operator configuration. Most users only need to create the Cluster configuration - the operator will generate its configuration automatically. If you need finer-grained configuration of your network, you will need to create both configurations. | ||
|
|
||
| Any changes to the Cluster configuration are propagated down in to the Operator configuration. |
There was a problem hiding this comment.
State explicitly that in case of conflicts, the operator config will be updated to match the cluster config
README.md
Outdated
| @@ -30,9 +59,14 @@ spec: | |||
| ## Configuring IP address pools | |||
| Users must supply at least two address pools - one for pods, and one for services. These are the ClusterNetworks and ServiceNetwork parameter. Some network plugins, such as OpenShiftSDN, support multiple ClusterNetworks. All address blocks must be non-overlapping. You should select address pools large enough to fit your anticipated workload. | |||
|
|
|||
| For future expansion, multiple `serviceNetwork` entries are allowed by the configuration but not actually supported by any network plugins. Supplying multiple addresses is invalid. | |||
|
|
|||
| Each `clusterNetwork` entry has an additional required parameter, `hostPrefix`, that specifies the address size to assign to assign to each individual node. For example | |||
There was a problem hiding this comment.
so either add the example or remove "For example"
README.md
Outdated
|
|
||
| Each `clusterNetwork` entry has an additional required parameter, `hostPrefix`, that specifies the address size to assign to assign to each individual node. For example | ||
|
|
||
| IP address pulls are always read from the Cluster configuration and propagated "downwards" in to the Operator configuration. Any changes to the Operator configuration will be ignored. |
README.md
Outdated
| metadata: | ||
| name: cluster | ||
| spec: | ||
| serviceNetwork: ["172.30.0.0/16"] |
There was a problem hiding this comment.
maybe use the expanded syntax for parallel-ness with clusterNetwork? (And to match how oc get will display it.)
serviceNetwork:
- "172.30.0.0/16"
clusterNetwork:
- cidr: "10.128.0.0/14"
hostPrefix: 23
There was a problem hiding this comment.
There, updated both to match oc get exactly (sans metadata).
| // In other words, it watches Network.config.openshift.io/v1/cluster and updates | ||
| // NetworkConfig.networkoperator.openshift.io/v1/default. | ||
| func (r *ReconcileClusterConfig) Reconcile(request reconcile.Request) (reconcile.Result, error) { | ||
| log.Printf("Reconciling Network %s/%s\n", request.Namespace, request.Name) |
There was a problem hiding this comment.
"Network" here is ambiguous. Either Network.config.openshift.io or cluster config.
Also, it's non-namespaced so don't print the namespace. (That may apply to ReconcileNetworkConfig too?)
There was a problem hiding this comment.
Good point; fixed (for both)
…twork status This adds a second controller that watches the cluster-level network configuration. If changes are made, it merges those in to (or creates) the CRD configuration. When the changes are applied, the "real" controller then updates the Network status object. In the event that the downstream NetworkConfig object has changes that would be overwritten by the upstream Network object, do the overwrite and update the NetworkConfig object back.
This can be removed if / when the installer does it.
|
@danwinship doc nits and log lines fixed, thanks. |
|
/retest |
|
/lgtm |
openshift-ci-robot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: danwinship, squeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
This adds a second controller that watches the cluster-level network configuration. If changes are made, it merges those in to (or creates) the CRD configuration.
When the changes are applied, the "real" controller then updates the Network status object.