Added support for choosing bind address #52
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
| @@ -25,6 +25,13 @@ type CincinnatiSpec struct { | |||
| // GraphDataImage is a container image that contains the Cincinnati graph | |||
| // data. The data is copied to /var/lib/cincinnati/graph-data. | |||
| GraphDataImage string `json:"graphDataImage"` | |||
|
|
|||
| // IPv6 defines whether the services bind to "0.0.0.0" or to "::" | |||
| IPv6 bool `json:"ipv6,omitempty"` | |||
There was a problem hiding this comment.
Think twice about bool fields. Many ideas start as boolean but eventually trend towards a small set of mutually exclusive options. Plan for future expansions by describing the policy options explicitly as a string type alias (e.g. TerminationMessagePolicy).
My gut feeling is that adding the Address to the spec is sufficient. That way we can default to '0.0.0.0' or force it to be defined.
There was a problem hiding this comment.
The first implementation was done in that way, then I changed it based on Ryan's suggestions, anyway I'd say a boolean makes sense, a user won't likely know which address is going to get the pod when created, and between defining a property with the bind-address or just setting a boolean to decide if the services listen on IPv6 or IPv4 I'd rather go with the second option, but again, I'm open to suggestions.
There was a problem hiding this comment.
I don't understand.
a user won't likely know which address is going to get the pod when created
Then why would we bother taking the Address on the spec?
There was a problem hiding this comment.
I mean, if you add the Address to the spec so users can choose which address the services bind to, they will likely end using "0.0.0.0" or "::", the IP address that the SDN will assign to the pod is not something you can know beforehand easily. That's why I thought a boolean makes more sense.
There was a problem hiding this comment.
Binding to "::" works on IPv4 and IPv6 clusters. I reverted the changes from the API types.
pkg/controller/cincinnati/new.go
Outdated
| @@ -225,18 +225,24 @@ func (k *kubeResources) newPolicyEngineRoute(instance *cv1beta1.Cincinnati) *rou | |||
| } | |||
|
|
|||
| func (k *kubeResources) newEnvConfig(instance *cv1beta1.Cincinnati) *corev1.ConfigMap { | |||
| // If IPv6 boolean property is not configured in the Spec | |||
There was a problem hiding this comment.
I think the right thing to do, assuming we aren't going to write back these defualts to the api-server, is to put this logic in newKubeResources. However, I don't see handling of the scenario where someone defines the address to listen on.
There was a problem hiding this comment.
I added Address to the spec because the spec is used for rendering the template for one of the ConfigMaps, I didn't know if there is a better way to do that, but in this case, we only use that field for rendering the CM, I don't see any value on persisting its value in the api-server. Maybe there is a better solution?
There was a problem hiding this comment.
Binding to "::" works on IPv4 and IPv6 clusters. I reverted the changes from the API types.
|
Is there ever a circumstance where we wouldn't want it to bind to both if available? Seems like that would be a sensible default. Is there a way to make cincinnati itself do that? |
When you say both, do you mean IPv4 and IPv6? Dual stack is not supported yet, but in case you could have a pod with an IPv4 and an IPv6 address binding to one of the two will be enough for Cincinnati to work based on what I've seen. In this case the tricky thing will be knowing if the cluster has dual-stack support. |
|
Yes, I mean both ipv4 and ipv6. As an example, both nginx and httpd allow you to either specify just a port or It seems a shame to add options to the operator's API if there's no user story other than "As a user, I want cincinnati to listen on all addresses." If we need to do something short-term in the operator to make this work on ipv6 while waiting for cincinnati to support dual-stack, maybe we can come up with something that doesn't involve adding to the API. |
I agree. Cincy is the only thing that's listening in this address space, so it would just make sense to support everything without exposing it. I think we would need to change the default setting in both the operator and in Cincinnati. Setting the default to |
|
Hey, as Ryan suggested. Binding to "::" works for IPv6 and IPv4 environments. I just reverted the changes on the API Types and edited the configmaps created by the controller. |
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mvazquezc, rthallisey The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
I'm surprised that |
|
I was able to see it work on my local ipv4 env. This was where I got the idea from originally: nodejs/node#9390. You can disable the duel-stack listening by configuring Without knowing more about what admins do with |
stable-4.3: add 4.3.1
As of today, the operator will always use "0.0.0.0" as the binding address for the different services. When running on IPv6 environments that cause the services to fail since there are not IPv4 addresses available in the pod. With this change, the user will be able to choose which address is used when binding.
By default, if no value is provided for the
addressproperty in the spec, we will configure "0.0.0.0", otherwise, we will configure the address configured by the user.Let me know what you think about the implementation, if it looks good to you I'll update the docs accordingly.