From 071e1ca33c2b8518ab3e19dccd4616cd7b4497e1 Mon Sep 17 00:00:00 2001 From: Omer Tuchfeld Date: Thu, 24 Mar 2022 15:35:32 +0100 Subject: [PATCH] MGMT-9797: Implementation for new Ingress API introduced in Single Node + Workers enhancement See the enhancement https://github.com/openshift/enhancements/blob/master/enhancements/single-node/single-node-openshift-with-workers.md for more information --- ...000_10_config-operator_01_ingress.crd.yaml | 7 +++++ config/v1/types_ingress.go | 29 +++++++++++++++++++ .../v1/zz_generated.swagger_doc_generated.go | 3 +- ...ess-operator_00-ingresscontroller.crd.yaml | 23 +++++++++++---- operator/v1/types_ingress.go | 26 +++++++++++++++-- .../v1/zz_generated.swagger_doc_generated.go | 4 +-- 6 files changed, 81 insertions(+), 11 deletions(-) diff --git a/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/config/v1/0000_10_config-operator_01_ingress.crd.yaml index e1ecba1cbdc..d4e3571b651 100644 --- a/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ b/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -268,6 +268,13 @@ spec: resource: description: resource of the referent. type: string + defaultPlacement: + description: "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes. \n This field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments. \n See the documentation for the IngressController replicas and nodePlacement fields for more information. \n When omitted, the default value is Workers" + type: string + default: Workers + enum: + - ControlPlane + - Workers served: true storage: true subresources: diff --git a/config/v1/types_ingress.go b/config/v1/types_ingress.go index 9ca88efd7f4..223b822f689 100644 --- a/config/v1/types_ingress.go +++ b/config/v1/types_ingress.go @@ -112,6 +112,24 @@ type IngressStatus struct { // hostnames and serving certificates can be customized by the cluster-admin. // +optional ComponentRoutes []ComponentRouteStatus `json:"componentRoutes,omitempty"` + + // defaultPlacement is set at installation time to control which + // nodes will host the ingress router pods by default. The options are + // control-plane nodes or worker nodes. + // + // This field works by dictating how the Cluster Ingress Operator will + // consider unset replicas and nodePlacement fields in IngressController + // resources when creating the corresponding Deployments. + // + // See the documentation for the IngressController replicas and nodePlacement + // fields for more information. + // + // When omitted, the default value is Workers + // + // +kubebuilder:validation:Enum:="ControlPlane";"Workers" + // +kubebuilder:default:="Workers" + // +optional + DefaultPlacement DefaultPlacement `json:"defaultPlacement"` } // ComponentRouteSpec allows for configuration of a route's hostname and serving certificate. @@ -222,3 +240,14 @@ type IngressList struct { Items []Ingress `json:"items"` } + +// DefaultPlacement defines the default placement of ingress router pods. +type DefaultPlacement string + +const ( + // "Workers" is for having router pods placed on worker nodes by default. + DefaultPlacementWorkers DefaultPlacement = "Workers" + + // "ControlPlane" is for having router pods placed on control-plane nodes by default. + DefaultPlacementControlPlane DefaultPlacement = "ControlPlane" +) diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index 66d385de515..2614586a421 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -1434,7 +1434,8 @@ func (IngressSpec) SwaggerDoc() map[string]string { } var map_IngressStatus = map[string]string{ - "componentRoutes": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "componentRoutes": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "defaultPlacement": "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes.\n\nThis field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments.\n\nSee the documentation for the IngressController replicas and nodePlacement fields for more information.\n\nWhen omitted, the default value is Workers", } func (IngressStatus) SwaggerDoc() map[string]string { diff --git a/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index d1fb2572024..f4b961ab074 100644 --- a/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -806,9 +806,14 @@ spec: properties: nodeSelector: description: "nodeSelector is the node selector applied to ingress - controller deployments. \n If unset, the default is: \n kubernetes.io/os: - linux node-role.kubernetes.io/worker: '' \n If set, the specified - selector is used and replaces the default." + controller deployments. \n If set, the specified selector is + used and replaces the default. \n If unset, the default depends + on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses + status. \n When defaultPlacement is Workers, the default is: + \n kubernetes.io/os: linux node-role.kubernetes.io/worker: + '' \n When defaultPlacement is ControlPlane, the default is: + \n kubernetes.io/os: linux node-role.kubernetes.io/master: + '' \n These defaults are subject to change." properties: matchExpressions: description: matchExpressions is a list of label selector @@ -896,8 +901,16 @@ spec: type: array type: object replicas: - description: replicas is the desired number of ingress controller - replicas. If unset, defaults to 2. + description: "replicas is the desired number of ingress controller + replicas. If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. \n + The value of replicas is set based on the value of a chosen field + in the Infrastructure CR. If defaultPlacement is set to ControlPlane, + the chosen field will be controlPlaneTopology. If it is set to Workers + the chosen field will be infrastructureTopology. Replicas will then + be set to 1 or 2 based whether the chosen field's value is SingleReplica + or HighlyAvailable, respectively. \n These defaults are subject + to change." format: int32 type: integer routeAdmission: diff --git a/operator/v1/types_ingress.go b/operator/v1/types_ingress.go index 5932fcd05e8..f61a715b32c 100644 --- a/operator/v1/types_ingress.go +++ b/operator/v1/types_ingress.go @@ -76,7 +76,17 @@ type IngressControllerSpec struct { HttpErrorCodePages configv1.ConfigMapNameReference `json:"httpErrorCodePages,omitempty"` // replicas is the desired number of ingress controller replicas. If unset, - // defaults to 2. + // the default depends on the value of the defaultPlacement field in the + // cluster config.openshift.io/v1/ingresses status. + // + // The value of replicas is set based on the value of a chosen field in the + // Infrastructure CR. If defaultPlacement is set to ControlPlane, the + // chosen field will be controlPlaneTopology. If it is set to Workers the + // chosen field will be infrastructureTopology. Replicas will then be set to 1 + // or 2 based whether the chosen field's value is SingleReplica or + // HighlyAvailable, respectively. + // + // These defaults are subject to change. // // +optional Replicas *int32 `json:"replicas,omitempty"` @@ -292,12 +302,22 @@ type NodePlacement struct { // nodeSelector is the node selector applied to ingress controller // deployments. // - // If unset, the default is: + // If set, the specified selector is used and replaces the default. + // + // If unset, the default depends on the value of the defaultPlacement + // field in the cluster config.openshift.io/v1/ingresses status. + // + // When defaultPlacement is Workers, the default is: // // kubernetes.io/os: linux // node-role.kubernetes.io/worker: '' // - // If set, the specified selector is used and replaces the default. + // When defaultPlacement is ControlPlane, the default is: + // + // kubernetes.io/os: linux + // node-role.kubernetes.io/master: '' + // + // These defaults are subject to change. // // +optional NodeSelector *metav1.LabelSelector `json:"nodeSelector,omitempty"` diff --git a/operator/v1/zz_generated.swagger_doc_generated.go b/operator/v1/zz_generated.swagger_doc_generated.go index 9c6f11c9eea..3540cea230d 100644 --- a/operator/v1/zz_generated.swagger_doc_generated.go +++ b/operator/v1/zz_generated.swagger_doc_generated.go @@ -696,7 +696,7 @@ var map_IngressControllerSpec = map[string]string{ "": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", "httpErrorCodePages": "httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format \"error-page-.http\", where is an HTTP error code. For example, \"error-page-503.http\" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.", - "replicas": "replicas is the desired number of ingress controller replicas. If unset, defaults to 2.", + "replicas": "replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively.\n\nThese defaults are subject to change.", "endpointPublishingStrategy": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", "defaultCertificate": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", "namespaceSelector": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", @@ -775,7 +775,7 @@ func (LoggingDestination) SwaggerDoc() map[string]string { var map_NodePlacement = map[string]string{ "": "NodePlacement describes node scheduling configuration for an ingress controller.", - "nodeSelector": "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf unset, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nIf set, the specified selector is used and replaces the default.", + "nodeSelector": "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.", "tolerations": "tolerations is a list of tolerations applied to ingress controller deployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", }