1. 20 May, 2021 1 commit
  2. 11 May, 2021 1 commit
    • Clayton Coleman's avatar
      test/e2e: TestHTTPHeaderBufferSize must wait for old pod to delete · 3a15611f
      Clayton Coleman authored
      The addition of minReadySeconds slows the rate at which config changes
      rollout - the old logic in the test made an update to the IC and assumed
      the new pod being ready == high likelihood the new pod and router config
      was live, but instead the old pod was actually just as likely to get
      the request.
      
      Wait until the old pod is gone before continuing.
      3a15611f
  3. 06 May, 2021 2 commits
    • Clayton Coleman's avatar
      Ingress rollouts should specify minReadySeconds · d8af5ea7
      Clayton Coleman authored
      Ingress components may run directly behind load balancers and thus
      need to delay deployment rollout long enough for the load balancers
      to see the new process. Without minReadySeconds, the upgrade process
      will immediately delete the old pod as soon as the new pod is ready,
      which means that the LB may briefly see no pods, which then triggers
      on some LB the behavior of including all hosts (generally if all
      hosts are unhealthy the LB will allow requests to go to any host
      as opposed to failing closed).
      
      In the future we may wish to allow minReadySeconds to be customized
      by customers since not all load balancers will take less than 30s
      to converge. However, 30s is a reasonable start.
      d8af5ea7
    • OpenShift Merge Robot's avatar
      Merge pull request #577 from Miciah/BZ1900819-specify-topology-spread-constraints · f98fde81
      OpenShift Merge Robot authored
      Bug 1900819: Specify topology spread constraints
      f98fde81
  4. 05 May, 2021 1 commit
  5. 04 May, 2021 3 commits
    • Miciah Masters's avatar
      Specify topology spread constraints · 52ed327c
      Miciah Masters authored
      Specify topology spread constraints on router deployments to encourage the
      scheduler to spread router pod replicas across availability zones.
      
      Add a to-do to replace the hard anti-affinity rule with soft anti-affinity
      once the descheduler has support for enforcing soft anti-affinity rules.
      
      This commit fixes bug 1900819.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1900819
      
      * pkg/operator/controller/ingress/deployment.go (desiredRouterDeployment):
      Rename needDeploymentHash to configureAffinity as we now always need to
      compute the deployment hash but do not always specify an affinity policy.
      Specify spec.template.spec.topologySpreadConstraints.  Specify max skew 1,
      unsatisfiable-constraint action "ScheduleAnyway", topology key
      "topology.kubernetes.io/zone", and a label selector on the deployment hash
      label so as to specify a preference for spreading replicas of the same
      generation out but not prevent scheduling replicas of different generations
      on the same node or scheduling more replicas than there are availability
      zones.  Add to-do for changing to soft anti-affinity.
      (hashableDeployment): Hash spec.template.spec.topologySpreadConstraints.
      (cmpMatchExpressions, zeroOutDeploymentHash): New functions, factored out
      of hashableDeployment.
      * pkg/operator/controller/ingress/deployment_test.go (checkDeploymentHash):
      New function, factored out of TestDesiredRouterDeployment.
      (TestDesiredRouterDeployment): Use checkDeploymentHash.  Expect the
      deployment hash label always to be set.
      (TestDeploymentConfigChanged): Add test cases for
      spec.template.spec.topologySpreadConstraints.
      52ed327c
    • Stephen Greene's avatar
      ingress: Add basic namespace update unit test · ca13a4a9
      Stephen Greene authored
      pkg/operator/controller/ingress/namespace_test.go:
      Add a trivial function to test `routerNamespaceChanged`
      with a couple of relevant test cases.
      ca13a4a9
    • Stephen Greene's avatar
      ingress: Reconcile openshift-ingress namespace on upgrade · ea085e72
      Stephen Greene authored
      Commits `263c2aaf` and `35052567` added new annotations and labels to the
      openshift-ingress namespace, which is managed by the ingress-operator.
      
      This commit adds logic to reconcile the openshift-ingress namespace
      resource during cluster upgrades. To prevent overwriting changes made to
      the namespace resource by other controllers (or cluster-admins), the
      namespace reconciliation logic added in this commit explicitly syncs
      namespace labels and annotations that the operator sets.
      
      pkg/operator/controller/ingress/namespace.go:
      
      Refactor `ensureRouterNamespace` so that it handles creating and updating
      the openshift-ingress namespace resource (and nothing else).
      
      Add new functions: `currentRouterNamespace`, `updateRouterNamespace`, &
      `routerNamespaceChanged`.
      
      Move existing Service Account and Cluster Role Binding creation logic
      into new functions, `ensureRouterServiceAccount`, and
      `ensureRouterClusterRoleBinding`.
      
      pkg/operator/controller/ingress/controller.go:
      
      Update `ensureRouterNamespace` calling site. Add new calling sites
      for `ensureRouterServiceAccount` and `ensureRouterClusterRoleBinding`.
      
      This commit resolves Bug 1954330.
      ea085e72
  6. 29 Apr, 2021 1 commit
  7. 28 Apr, 2021 1 commit
  8. 26 Apr, 2021 2 commits
    • Stephen Greene's avatar
      Bindata: Update generated CRD · c63c7695
      Stephen Greene authored
      manifests/00-custom-resource-definition.yaml:
      
      Run `make update` to update the Ingress Controller CRD.
      
      pkg/manifests/bindata.go:
      
      Commit bindata changes from `make update`.
      
      This commit resolves Bug 1950270, in which
      `oc explain ingresscontroller.spec.nodePlacement --api-version=operator.openshift.io/v1`
      displays an outdated default node selector for Ingress Controller deployments.
      c63c7695
    • Stephen Greene's avatar
      go.mod: Update openshift/api & go version · 03af9b83
      Stephen Greene authored
      go.*:
      
      Update openshift/api to commit
      `c22782737ea0a882ed8d4e2c9bd3b974ee3bfca0` to pull in
      https://github.com/openshift/api/pull/886.
      Update go.mod go version to go 1.16 and run `go mod tidy`.
      Move from kube deps `v0.21.0-rc.0` to `v0.21.0` since kubernetes
      1.21 has been officially released.
      
      vendor:
      
      Run `go mod vendor`.
      03af9b83
  9. 24 Apr, 2021 1 commit
  10. 23 Apr, 2021 4 commits
    • Miciah Masters's avatar
      TestDefaultIngressClass: Omit namespace in logs · 1ef19654
      Miciah Masters authored
      * test/e2e/operator_test.go (TestDefaultIngressClass): Omit the
      ingressclass's namespace in log messages.  The namespace is always empty
      because ingressclass is cluster-scoped.
      1ef19654
    • Miciah Masters's avatar
      ingressclass: Add unit tests · 17f36541
      Miciah Masters authored
      * pkg/operator/controller/ingressclass/ingressclass_test.go: New file.
      (TestDesiredIngressClass): New test.  Verify that desiredIngressClass
      behaves as expected.
      (TestIngressClassChanged): New test.  Verify that ingressClassChanged
      behaves as expected.
      17f36541
    • Miciah Masters's avatar
      ingressclass: Capitalize names consistently · a539e5fa
      Miciah Masters authored
      * pkg/operator/controller/ingressclass/ingressclass.go
      (ensureIngressClass, desiredIngressClass, currentIngressClass)
      (updateIngressClass): Capitalize "ingressclasses" as "ingressClasses" and
      "ingresscontrollerName" as "ingressControllerName".
      (ingressclassChanged): Rename...
      (ingressClassChanged): ...to this.
      a539e5fa
    • Miciah Masters's avatar
      ingressclass: Handle ingresscontroller deletion · b625c7ca
      Miciah Masters authored
      If the ingresscontroller corresponding to an ingressclass does not
      exist (for example, because the ingresscontroller was deleted), delete the
      ingressclass.
      
      This commit fixes bug 1950978.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1950978
      
      * manifests/00-cluster-role.yaml: Allow the operator to delete
      ingressclasses.
      * pkg/manifests/bindata.go: Regenerate.
      * pkg/operator/controller/ingressclass/controller.go (Reconcile): Pass the
      ingresscontroller's namespaced name to ensureIngressClass.
      * pkg/operator/controller/ingressclass/ingressclass.go
      (ensureIngressClass): Change ingresscontroller name parameter type from
      string to namespaced-name.  Check if the ingresscontroller exists and is
      not marked for deletion, and pass a corresponding Boolean value to
      desiredIngressClass.
      (desiredIngressClass): Return false, nil if the ingresscontroller does not
      exist.
      * test/e2e/operator_test.go (TestCustomIngressClass): New test.  Verify
      that the ingressclass controller creates an ingressclass for a custom
      ingresscontroller and deletes the ingressclass when the ingresscontroller
      is deleted.
      b625c7ca
  11. 22 Apr, 2021 1 commit
  12. 21 Apr, 2021 2 commits
  13. 20 Apr, 2021 4 commits
  14. 19 Apr, 2021 1 commit
  15. 17 Apr, 2021 2 commits
  16. 16 Apr, 2021 4 commits
  17. 15 Apr, 2021 1 commit
  18. 14 Apr, 2021 1 commit
  19. 13 Apr, 2021 1 commit
  20. 12 Apr, 2021 1 commit
    • Stephen Greene's avatar
      test/e2e: Make `TestRouteAdmissionPolicy` deterministic. · cdaf25e9
      Stephen Greene authored
      This commit adds a few small e2e test improvements in support of Bug
      1948626.
      
      test/e2e/operator_test.go:
      
      Helper functions:
      Increase the polling timeouts in `waitForRouterIngressConditions` and
      `waitForClusterOperatorConditions` from 10 seconds to 1 minute.
      1 minute is not much longer than 10 seconds, and presumably a longer
      timeout for these polling functions could result in less test flakes.
      It's worth taking the additional 50 seconds if it saves us from any
      future `/retest` comments.
      
      `TestRouteAdmissionPolicy`:
      Use specific names for `route1` and `route2`, as to avoid the common
      `route` name, which makes debugging this e2e test much easier.
      Sleep for 2 (two) seconds after creating route1. This is to ensure that
      route1 and route2 _do not_ wind up having the same creation timestamp.
      If route1 and route2 have a common timestamp, we cannot determine
      whether route1 or route2 will be rejected.
      cdaf25e9
  21. 10 Apr, 2021 3 commits
  22. 09 Apr, 2021 2 commits