🌱 WithClusterScope: should not assign a default cluster name #1871
Conversation
|
/assign @stevekuznetsov @sttts |
There was a problem hiding this comment.
This is one of those super ancient decisions that I don't actually have any memory for why we did it. Hard to think through the implications.
@davidfestal thoughts?
|
IIRC it was to get "unaware" clients (e.g. kube internals) to succeed in their work (e.g. to create default RBAC resources) in some logical cluster. I'm in favor of proceeding to remove the defaulting and trying to fix any remaining clients that were relying on this default. |
|
/retest |
I think it was achieved by providing |
|
|
(and we've since learned that of course unaware clients doing "something" without being multi-cluster-aware just do nothing important whatsoever in the root logical cluster ... and no importance in supporting that) |
p0lyn0mial
force-pushed
the
with-cluster-scope-no-default-value
branch
from
f9f3c01 to
2f9b592
Compare
| @@ -272,7 +272,7 @@ func (h *homeWorkspaceHandler) ServeHTTP(rw http.ResponseWriter, req *http.Reque | |||
| logger := klog.FromContext(ctx) | |||
| lcluster, err := request.ValidClusterFrom(ctx) | |||
| if err != nil { | |||
| responsewriters.InternalError(rw, req, err) | |||
| h.apiHandler.ServeHTTP(rw, req) | |||
There was a problem hiding this comment.
it looks like the home-ws is first in the chain, capturing healthz/readyz as well.
p0lyn0mial
force-pushed
the
with-cluster-scope-no-default-value
branch
from
2f9b592 to
402f45f
Compare
|
I almost have it, a few unit tests require fixing. |
| @@ -584,6 +584,7 @@ func testWorkspacesVirtualWorkspaces(t *testing.T, standalone bool) { | |||
| // write kubeconfig to disk, next to kcp kubeconfig | |||
| kcpAdminConfig, _ := server.RawConfig() | |||
| var baseCluster = *kcpAdminConfig.Clusters["base"] // shallow copy | |||
| baseCluster.Server = fmt.Sprintf("%s/clusters/system:admin", baseCluster.Server) | |||
There was a problem hiding this comment.
alternatively, we could add something to a handler but having a cluster name here is much cleaner.
|
How is this going? Any blocker? |
ncdc
changed the title
I need to fix a few failing unit tests and this is ready to go. |
openshift-merge-robot
added
the
needs-rebase
p0lyn0mial
force-pushed
the
with-cluster-scope-no-default-value
branch
from
402f45f to
637e428
Compare
openshift-merge-robot
removed
the
needs-rebase
| lcluster, err := request.ValidClusterFrom(ctx) | ||
| if err != nil { | ||
| responsewriters.InternalError(rw, req, err) | ||
| lcluster := request.ClusterFrom(req.Context()) |
There was a problem hiding this comment.
I'll follow up with a PR that removes the usage of ValidClusterFrom from the authorizers.
I think that we should also refactor our fork and use only ValidClusterFrom on the storage layer.
|
okay |
| @@ -121,7 +120,7 @@ func WithClusterScope(apiHandler http.Handler) http.HandlerFunc { | |||
| // fallthrough | |||
| cluster.Name = logicalcluster.Wildcard | |||
| case clusterName.Empty(): | |||
| cluster.Name = genericcontrolplane.LocalAdminCluster | |||
There was a problem hiding this comment.
if we get rid of cluster.Wildcard, i don't even think we need the logic in here. instead:
if clusterName != logicalcluster.Wildcard {
// do regex check
}
cluster.Name = clusterNameThere was a problem hiding this comment.
Didn't know we were planning to get rid of cluster.Wildcard. I can do that in a follow-up.
Meanwhile, I removed the case when the clusterName was empty. We will make use of the default value.
There was a problem hiding this comment.
It has no value any more, since you can compare against logicalcluster.Wildcard 😄
There was a problem hiding this comment.
Yeah I think the same arguments used to not have a .Wildcard for shard name apply here
p0lyn0mial
force-pushed
the
with-cluster-scope-no-default-value
branch
from
637e428 to
5f9bfa5
Compare
clients should specify a cluster name before storing something in the db as that leads to more readable code. the server should not assing a default cluster name. at the moment requests without a cluster name are rejected by the storage layer.
p0lyn0mial
force-pushed
the
with-cluster-scope-no-default-value
branch
from
5f9bfa5 to
d1b7b8b
Compare
| @@ -121,7 +120,7 @@ func WithClusterScope(apiHandler http.Handler) http.HandlerFunc { | |||
| // fallthrough | |||
| cluster.Name = logicalcluster.Wildcard | |||
| case clusterName.Empty(): | |||
| cluster.Name = genericcontrolplane.LocalAdminCluster | |||
There was a problem hiding this comment.
It has no value any more, since you can compare against logicalcluster.Wildcard 😄
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ncdc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Summary
clients should specify a cluster name before storing something in the db as that leads to more readable code.
the server should not assign a default cluster name.
at the moment requests without a cluster name are rejected by the storage layer.
Things to consider:
reject a request without a name in the filter
will this break some external clients?
Related issue(s)
Fixes #