CORS-4157: AWS, Azure: Add IPFamily to the PlatformStatus within Infra CR #2499
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@sadasu: This pull request references CORS-4157 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Hello @sadasu! Some important instructions when contributing to openshift/api: |
openshift-ci
bot
added
the
size/XXL
sadasu
force-pushed
the
aws-azure-gcp-dual-stack
branch
5 times, most recently
from
bffb15b to
29d9d89
Compare
config/v1/types_infrastructure.go
Outdated
|
|
||
| // IPFamilyType represents the IP protocol family that cloud platform resources should use. | ||
| // +kubebuilder:validation:Enum=IPv4;DualIPv6Primary;DualIPv4Primary | ||
| // +kubebuilder:validation:XValidation:rule="self in ['IPv4', 'DualIPv6Primary', 'DualIPv4Primary']",message="ipFamily must be one of: IPv4, DualIPv6Primary, DualIPv4Primary" |
There was a problem hiding this comment.
The enum should cover this, so I don't think we need this CEL too
config/v1/types_infrastructure.go
Outdated
| // IPv4 indicates that cloud platform resources should use IPv4 addressing only. | ||
| IPv4 IPFamilyType = "IPv4" | ||
|
|
||
| // DualIPv6Primary indicates that cloud platform resources should use dual-stack networking with IPv6 as primary. |
There was a problem hiding this comment.
Do we want to call this DualStackIPv6Primary? I figure we often call it DualStack in other places so omitting Stack here might be confusing?
There was a problem hiding this comment.
Changed to DualStackIPv*Primary
| // | ||
| // +default="IPv4" | ||
| // +kubebuilder:default="IPv4" | ||
| // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="ipFamily is immutable once set" |
There was a problem hiding this comment.
Can you try this instead? I think this will be more robust
| // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="ipFamily is immutable once set" | |
| // +kubebuilder:validation:XValidation:rule="!oldSelf.hasValue() || self == oldSelf",message="ipFamily is immutable once set",optionalOldSelf=true |
There was a problem hiding this comment.
When I tried this make verify complains with:
error running generator schemacheck on group config.openshift.io:
could not run schemacheck generator for group/version config.openshift.io/v1:
MustNotExceedCostBudget:
^.properties[status].properties[platformStatus].properties[azure].properties[ipFamily]: Invalid value: {"Rule":"!oldSelf.hasValue() || self == oldSelf","Message":"ipFamily is immutable once set","MessageExpression":"","Reason":null,"FieldPath":"","OptionalOldSelf":true}: compilation failed: ERROR: <input>:1:29: found no matching overload for '_==_' applied to '(string, optional_type(string))'
| !oldSelf.hasValue() || self == oldSelf
| ............................^
There was a problem hiding this comment.
Apologies, should be
| // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="ipFamily is immutable once set" | |
| // +kubebuilder:validation:XValidation:rule="!oldSelf.hasValue() || self == oldSelf.value()",message="ipFamily is immutable once set",optionalOldSelf=true |
|
|
||
| // AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. | ||
| // This only includes fields that can be modified in the cluster. | ||
| type AWSPlatformSpec struct { |
There was a problem hiding this comment.
Need a CEL rule here to prevent removing ipFamily if it exists
!has(oldSelf.ipFamily) || has(self.ipFamily)
There was a problem hiding this comment.
I tried it for Azure here, and found that make verify complained about this:
error running generator schemacheck on group config.openshift.io:
could not run schemacheck generator for group/version config.openshift.io/v1:
MustNotExceedCostBudget:
^.properties[status].properties[platformStatus].properties[azure]: Invalid value: {"Rule":"!has(oldSelf.ipFamily) \u0026\u0026 !has(self.ipFamily) || has(oldSelf.ipFamily) \u0026\u0026 has(self.ipFamliy)","Message":"ipFamily cannot be removed once set","MessageExpression":"","Reason":null,"FieldPath":"","OptionalOldSelf":null}: compilation failed: ERROR: <input>:1:78: undefined field 'ipFamliy'
| !has(oldSelf.ipFamily) && !has(self.ipFamily) || has(oldSelf.ipFamily) && has(self.ipFamliy)
| .............................................................................^
There was a problem hiding this comment.
You'll need to use a feature gate aware XValidation rule
sadasu
force-pushed
the
aws-azure-gcp-dual-stack
branch
from
29d9d89 to
2c87771
Compare
sadasu
force-pushed
the
aws-azure-gcp-dual-stack
branch
2 times, most recently
from
a7b5164 to
c0de8a0
Compare
sadasu
force-pushed
the
aws-azure-gcp-dual-stack
branch
from
c0de8a0 to
4ad5ded
Compare
- The new IPFamily can be set to IPv4, DualStackIPv6Primary or DualStackIPv4Primary. - This capability is currently behind feature gates that were added earlier. - ControllerConfig is also updated because it embeds the Infra object. - Added tests for this new field.
sadasu
force-pushed
the
aws-azure-gcp-dual-stack
branch
from
4ad5ded to
fca93af
Compare
|
/retest |
|
@sadasu: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/cc |
| // IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary | ||
| // protocol family. | ||
| // | ||
| // +default="IPv4" |
There was a problem hiding this comment.
Remind me why we default this to IPv4? VS leaving it empty on upgrade?
There was a problem hiding this comment.
The underlying assumption is that all existing running clusters are IPv4 based. If we leave the default as empty, after an upgrade, someone could actually set the value to DualStackIPv6Primary which is not supported. Setting it explicitly to IPv4 on an upgrade will protect us from this value being changed on upgraded clusters.
| aws: | ||
| region: us-east-1 | ||
| type: AWS | ||
| expectedStatusError: "status.platformStatus.aws.ipFamily: Invalid value: \"string\": ipFamily is immutable once set" |
There was a problem hiding this comment.
Oh nice, so is this the optionalOldSelf rule on the field itself triggering here? I guess it's the combination of that rule and the defaulting (which is a change of value)
|
/lgtm |
|
Scheduling tests matching the |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoelSpeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/verified by @sadasu |
openshift-ci-robot
added
the
verified
|
@sadasu: This PR has been marked as verified by In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-merge-bot
bot
merged commit 8691c30
into
openshift:master
4 participants
IPFamilyto AWS and Azure PlatformStatus to indicate the IPFamily configured by the user for that cluster install.