Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce APIs to support multiple ClusterCIDRs #111123

Closed
wants to merge 3 commits into from
Closed

Introduce APIs to support multiple ClusterCIDRs #111123

wants to merge 3 commits into from

Conversation

sarveshr7
Copy link
Contributor

@sarveshr7 sarveshr7 commented Jul 13, 2022
edited

What type of PR is this?

/kind feature
/kind api-change

What this PR does / why we need it:

This PR implements APIs from kubernetes/enhancements#2593

API Changes:

  • Introduces networking.k8s.io/v1alpha1 API group
  • Introduces ClusterCIDR type in networking.k8s.io/v1alpha1 API group

Which issue(s) this PR fixes:

NONE

Special notes for your reviewer:

#108290 was already approved and merged in 1.24 , however was reverted by #109436 as it was merged post the 1.24 release cut deadline. Rebasing the old PR and planning to get it in for 1.25

Does this PR introduce a user-facing change?

Introduce a v1alpha1 networking API for ClusterCIDR

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]:  https://github.com/kubernetes/enhancements/pull/2593

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jul 13, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @sarveshr7. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jul 13, 2022
@sarveshr7
Copy link
Contributor Author

/cc @aojea @thockin @rahulkjoshi

@k8s-ci-robot k8s-ci-robot requested a review from aojea July 13, 2022 23:11
@k8s-ci-robot
Copy link
Contributor

@sarveshr7: GitHub didn't allow me to request PR reviews from the following users: rahulkjoshi.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @aojea @thockin @rahulkjoshi

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added area/kubectl area/test sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jul 13, 2022
@k8s-triage-robot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@leilajal
Copy link
Contributor

/cc @apelisse @Jefftree
/triage accepted

aojea
aojea reviewed Jul 29, 2022
View reviewed changes
pkg/apis/core/v1/helper/helpers.go Outdated
Comment on lines 376 to 431
func NodeSelectorRequirementsAsLabelRequirements(nsr v1.NodeSelectorRequirement) (*labels.Requirement, error) {
var op selection.Operator
switch nsr.Operator {
case v1.NodeSelectorOpIn:
op = selection.In
case v1.NodeSelectorOpNotIn:
op = selection.NotIn
case v1.NodeSelectorOpExists:
op = selection.Exists
case v1.NodeSelectorOpDoesNotExist:
op = selection.DoesNotExist
case v1.NodeSelectorOpGt:
op = selection.GreaterThan
case v1.NodeSelectorOpLt:
op = selection.LessThan
default:
return nil, fmt.Errorf("%q is not a valid node selector operator", nsr.Operator)
}
return labels.NewRequirement(nsr.Key, op, nsr.Values)
}

// NodeSelectorAsSelector converts the NodeSelector api type into a struct that
// implements labels.Selector
// Note: This function should be kept in sync with the selector methods in
// pkg/labels/selector.go
func NodeSelectorAsSelector(ns *v1.NodeSelector) (labels.Selector, error) {
if ns == nil {
return labels.Nothing(), nil
}
if len(ns.NodeSelectorTerms) == 0 {
return labels.Everything(), nil
}
var requirements []labels.Requirement

for _, nsTerm := range ns.NodeSelectorTerms {
for _, expr := range nsTerm.MatchExpressions {
req, err := NodeSelectorRequirementsAsLabelRequirements(expr)
if err != nil {
return nil, err
}
requirements = append(requirements, *req)
}

for _, field := range nsTerm.MatchFields {
req, err := NodeSelectorRequirementsAsLabelRequirements(field)
if err != nil {
return nil, err
}
requirements = append(requirements, *req)
}
}

selector := labels.NewSelector()
selector = selector.Add(requirements...)
return selector, nil
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is not equivalent to ?

kubernetes/pkg/apis/core/helper/helpers.go

Lines 421 to 453 in 33b20f2

// NodeSelectorRequirementsAsSelector converts the []NodeSelectorRequirement core type into a struct that implements
// labels.Selector.
func NodeSelectorRequirementsAsSelector(nsm []core.NodeSelectorRequirement) (labels.Selector, error) {
if len(nsm) == 0 {
return labels.Nothing(), nil
}
selector := labels.NewSelector()
for _, expr := range nsm {
var op selection.Operator
switch expr.Operator {
case core.NodeSelectorOpIn:
op = selection.In
case core.NodeSelectorOpNotIn:
op = selection.NotIn
case core.NodeSelectorOpExists:
op = selection.Exists
case core.NodeSelectorOpDoesNotExist:
op = selection.DoesNotExist
case core.NodeSelectorOpGt:
op = selection.GreaterThan
case core.NodeSelectorOpLt:
op = selection.LessThan
default:
return nil, fmt.Errorf("%q is not a valid node selector operator", expr.Operator)
}
r, err := labels.NewRequirement(expr.Key, op, expr.Values)
if err != nil {
return nil, err
}
selector = selector.Add(*r)
}
return selector, nil
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NodeSelectorRequirementsAsSelector method is defined for core.NodeSelectorRequirement object however we need to use core.v1.NodeSelectorRequirement, also I wanted a method similar to LabelSelectorAsSelector which would take in the NodeSelector as input and return the selector as output, without iterating through the requirements everytime

Searched for the usage of NodeSelectorRequirementsAsSelector throughout the code, however it doesn't seem to be used anywhere

aojea
aojea reviewed Jul 29, 2022
View reviewed changes
pkg/apis/networking/types.go Outdated Show resolved Hide resolved
aojea
aojea reviewed Jul 29, 2022
View reviewed changes
pkg/apis/networking/types.go Outdated Show resolved Hide resolved
aojea
aojea reviewed Jul 29, 2022
View reviewed changes
pkg/apis/networking/validation/validation.go Outdated
Comment on lines 669 to 690
// ValidateClusterCIDRConfigUpdate tests if an update to a ClusterCIDRConfig is valid.
func ValidateClusterCIDRConfigUpdate(update, old *networking.ClusterCIDRConfig) field.ErrorList {
var allErrs field.ErrorList
allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...)
allErrs = append(allErrs, validateClusterCIDRConfigUpdateSpec(&update.Spec, &old.Spec, field.NewPath("spec"))...)
return allErrs
}

func validateClusterCIDRConfigUpdateSpec(update, old *networking.ClusterCIDRConfigSpec, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList

allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.NodeSelector, old.NodeSelector, fldPath.Child("nodeSelector"))...)
allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.PerNodeHostBits, old.PerNodeHostBits, fldPath.Child("perNodeHostBits"))...)
allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.IPv4CIDR, old.IPv4CIDR, fldPath.Child("ipv4CIDR"))...)
allErrs = append(allErrs, apivalidation.ValidateImmutableField(update.IPv6CIDR, old.IPv6CIDR, fldPath.Child("ipv6CIDR"))...)

return allErrs
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thockin if we don't allow Updates, do we need to add it to validation or is enough with denying it in the registry?

aojea
aojea reviewed Jul 29, 2022
View reviewed changes
staging/src/k8s.io/api/networking/v1alpha1/types.go Outdated
Comment on lines 42 to 45
// Status is the current state of the ClusterCIDRConfig.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
Status ClusterCIDRConfigStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thockin do we need status if we don't use it?

(I have the same question in the internal types)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed

@aojea
Copy link
Member

aojea commented Jul 29, 2022

We've talked offline, some of the outcome of the conversation between Tim, Sarvesh and I are

Could we drop "Config" ?
IPv4 vs IPv4CIDR

@sarveshr7 sarveshr7 force-pushed the ipam-controller branch 5 times, most recently from d00df7d to 3ec4f72 Compare August 1, 2022 18:42
@sarveshr7
Copy link
Contributor Author

/retest

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sarveshr7
Once this PR has been reviewed and has the lgtm label, please assign liggitt for approval by writing /assign @liggitt in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

thockin
thockin reviewed Aug 2, 2022
View reviewed changes
Copy link
Member

@thockin thockin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly minor things in the API PR. Will try to look at IMPL in the AM

staging/src/k8s.io/api/networking/v1alpha1/types.go Outdated Show resolved Hide resolved
staging/src/k8s.io/api/networking/v1alpha1/types.go Outdated Show resolved Hide resolved
staging/src/k8s.io/api/networking/v1alpha1/types.go Outdated Show resolved Hide resolved
staging/src/k8s.io/api/networking/v1alpha1/types.go Outdated Show resolved Hide resolved
staging/src/k8s.io/api/networking/v1alpha1/types.go Outdated Show resolved Hide resolved
pkg/apis/networking/validation/validation_test.go
expectErr: false,
},
{
name: "valid SingleStack IPv6 ClusterCIDR perNodeHostBits=100",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this testing something the above doesn't?

pkg/registry/networking/clustercidr/storage/storage_test.go
PerNodeHostBits: int32(8),
IPv4: "10.1.0.0/16",
IPv6: "fd00:1:1::/64",
NodeSelector: &api.NodeSelector{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as above, you can make this denser

pkg/registry/networking/clustercidr/storage/storage_test.go Outdated

test := genericregistrytest.New(t, storage.Store)
test = test.ClusterScope()
validCCC := validClusterCIDR()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about taking a variadic list of funcs, like:

func validClusterCIDR(tweaks ...func(*ClusterCIDR)) *networking.ClusterCIDR {
	cc := newClusterCIDR()
	for t := range tweaks {
		t(cc)
	}
	return cc
}

then:

	validCCC := validClusterCIDR()
	noCIDRCCC := validClusterCIDR(func(cc *ClusterCIDR) {
		cc.Spec.IPv4 = ""
		cc.Spec.IPv6 = ""
	})
	invalidCCCPerNodeHostBits := validClusterCIDR(func(cc *ClusterCIDR) {
		cc.Spec.PerNodeHostBits = 100
	})
	invalidCCCCIDR := validClusterCIDR(func(cc *ClusterCIDR) {
		cc.Spec.IPv6 = "10.1.0.0/16"
	})

Easier to read, IMO.

Also s/CCC/CC/g

plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go Outdated Show resolved Hide resolved
staging/src/k8s.io/kubectl/pkg/describe/describe.go Outdated Show resolved Hide resolved
@sarveshr7
Introduce networking/v1alpha1 api, ClusterCIDR type
2017a02 
Introduce networking/v1alpha1 api group.

Add `ClusterCIDR` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
@sarveshr7
Auto generate code for ClusterCIDR API
45d5c03
@sarveshr7
Add describer and printer for ClusterCIDR API
89ec54c
@sarveshr7
Copy link
Contributor Author

/test pull-kubernetes-e2e-ubuntu-gce-network-policies

@cici37
Copy link
Contributor

cici37 commented Aug 4, 2022

Hello 👋, 1.25 Release Lead here.

The exception request is approved and your updated deadline to make any changes to your PR is 3:30 AM PST Monday 8th August 2022. Thank you!

/milestone v1.25

@k8s-ci-robot k8s-ci-robot added this to the v1.25 milestone Aug 4, 2022
@thockin
Copy link
Member

thockin commented Aug 4, 2022

Let's focus the review on #109090 which includes these commits, so we can merge atomically or not at all. Fair?

@thockin thockin closed this Aug 4, 2022
@sarveshr7
Copy link
Contributor Author

Sounds good! Had separated the PRs to make the review easier, as the API review is done and the commits are present in #109090, we can merge atomically.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rahulkjoshi rahulkjoshi rahulkjoshi left review comments

@thockin thockin thockin left review comments

@aojea aojea aojea left review comments

@caesarxuchao caesarxuchao Awaiting requested review from caesarxuchao

@caseydavenport caseydavenport Awaiting requested review from caseydavenport

@apelisse apelisse Awaiting requested review from apelisse

@Jefftree Jefftree Awaiting requested review from Jefftree

Assignees
No one assigned
Labels
area/apiserver area/code-generation area/kubectl area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.25
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@sarveshr7 @k8s-ci-robot @k8s-triage-robot @leilajal @bowei @aojea @cici37 @thockin @rahulkjoshi