Add fields to the GCPManagedControlPlane types #936
Conversation
k8s-ci-robot
added
the
release-note
k8s-ci-robot
added
the
kind/api-change
|
@aniruddha2000: GitHub didn't allow me to request PR reviews from the following users: akshay196. Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: aniruddha2000 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
size/L
aniruddha2000
force-pushed
the
ani/add-gcpmanagedcontrolplane-additional-type
branch
from
497c7f0 to
e19a9b6
Compare
- Description - Cluster Network - PrivateCluster - UseIPAliases - AuthorizedNetwork - Pod - Service - Cluster Security - WorkloadIdentityConfig - AuthenticatorGroupConfig - EnableLagacyAuthorization - IssueClientCertificate - AddonsConfig - LoggingConfig - MonitoringConfig Signed-off-by: Aniruddha Basak <[email protected]>
aniruddha2000
force-pushed
the
ani/add-gcpmanagedcontrolplane-additional-type
branch
from
e19a9b6 to
08bc033
Compare
k8s-ci-robot
added
size/XL
There was a problem hiding this comment.
@aniruddha2000 Few minor comments.
Do we need to rename ClusterNetwork.Pod to a more reasonable name? Because it is quite ambiguous to the upstream k8s Pod.
ClusterNetwork.Pod and ClusterNetwork.Service names are inspired by Cluster.ClusterNetwork section in Cluster-API. However we can rename it to something like PodConfig and ServiceConfig as it encapsulates pod and service networking configuration.
CidrBlock map[string]string `json:"cidrBlock,omitempty" must not be greater than 10. What should be the kubebuilder validation?
See if +kubebuilder:validation:MaxProperties is useful here? (ref: https://book.kubebuilder.io/reference/markers/crd-validation.html)
Otherwise we may add webhook validation.
|
@akshay196: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Regarding apidiff CI check, The struct is comparable if all fields are comparable (go spec). So converting fields like @richardcase Any idea how to resolve this? |
|
So we don't merge too early, without the controller changes (which will be done in another PR): /hold |
k8s-ci-robot
added
the
do-not-merge/hold
|
As this is for GKE and it's experimental, we can ignore apidiff changes: /override pull-cluster-api-provider-gcp-apidiff |
|
@richardcase: Overrode contexts on behalf of richardcase: pull-cluster-api-provider-gcp-apidiff In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| type PrivateCluster struct { | ||
| // Enabled defines weather a cluster is private or not. If disabled cluster network is public. | ||
| // +optional | ||
| Enabled bool `json:"enabled,omitempty"` |
There was a problem hiding this comment.
Should we split this into nodes and endpoint?
If a user declares privateCluster (which is optional) in their yaml then we can assume they want a private network, so we could add a validation to the webhook to check that one of private nodes or private endpoint is true.
We could also add a validating webhook, that is
There was a problem hiding this comment.
Good Idea!
Just to clarify, are you talking about
// ControlPlaneCidrBlock is the IP range in CIDR notation to use for the hosted master network. This range must not
// overlap with any other ranges in use within the cluster's network. Honored when enabled is true.
// +optional
ControlPlaneCidrBlock string `json:"controlPlaneCidrBlock,omitempty"`
// ControlPlaneGlobalAccess is whenever master is accessible globally or not. Honored when enabled is true.
// +optional
ControlPlaneGlobalAccess bool `json:"controlPlaneGlobalAccess,omitempty"`these two fields in the Node and last two ControlPlanePrivateEndpoint & DisableDefaultSNAT in the Network, if I am not wrong.
There was a problem hiding this comment.
@richardcase Sorry I don't quite understand what you mean by splitting into nodes and endpoint. Can you please explain further or give an example?
The private cluster has 4 properties shown in picture out of which ContolPlaneCidrBlock is mandatory. I clubbed them into private cluster group.
There was a problem hiding this comment.
I'm talking about EnablePrivateNodes and EnablePrivateEndpoint on the API call: https://cloud.google.com/go/docs/reference/cloud.google.com/go/container/latest/apiv1/containerpb#cloud_google_com_go_container_apiv1_containerpb_PrivateClusterConfig
| } | ||
|
|
||
| // AuthorizedNetworkCidrBlock defines the CIDR block configuration. | ||
| type AuthorizedNetworkCidrBlock struct { |
There was a problem hiding this comment.
If someone is specifying a cidr block i'm guessing that at least one of Name or CidrBlock is required.
There was a problem hiding this comment.
Yes, adding a MinProperties make sense right?
+ // +kubebuilder:validation:MinProperties=1
// +kubebuilder:validation:MaxProperties=10
// +optional
CidrBlock map[string]string `json:"cidrBlock,omitempty"`There was a problem hiding this comment.
GKE allows enabling authorized network with no cidr blocks. The spec with enable and empty cidr block would just behave same as this.
|
|
||
| // CidrBlocks defines the CIDR block configuration. | ||
| // +optional | ||
| CidrBlocks AuthorizedNetworkCidrBlock `json:"cidrBlocks,omitempty"` |
There was a problem hiding this comment.
If we have an authorized network then i assume its required to specify cidr blocks?
There was a problem hiding this comment.
The CIDR block is independent in itself, there are multiple CIDR blocks in the same file that's why I prefixed it. Should I change it to CidrBlock?
| // (in CIDR notation) within a network range, a mask, or leave this field blank to use a default range. | ||
| // This setting is permanent. | ||
| // +optional | ||
| CidrBlock string `json:"cidrBlock,omitempty"` |
There was a problem hiding this comment.
How does this differ from the pod cidrblock on the CAPI Cluster?
There was a problem hiding this comment.
In the spreadsheet it is string and in the CAPI it is []string, does it count the diff? or using the CAPI one make more sense?
There was a problem hiding this comment.
Note that GKE allows defining only single pod address range.
There was a problem hiding this comment.
People may get confused if they can supply the pod cidr block on the CAPI Cluster and here.
I wonder if you just take the first if there are multiple and warn the user?
| } | ||
|
|
||
| // AddonsConfig defines the enabled Cluster Addons. | ||
| type AddonsConfig struct { |
There was a problem hiding this comment.
Do we need to consider the other options:
There was a problem hiding this comment.
Sorry, I don't understand this :(
There was a problem hiding this comment.
Sorry i pasted the wrong link, i should've pasted this: https://cloud.google.com/go/docs/reference/cloud.google.com/go/container/latest/apiv1/containerpb#cloud_google_com_go_container_apiv1_containerpb_AddonsConfig
Signed-off-by: Aniruddha Basak <[email protected]>
aniruddha2000
force-pushed
the
ani/add-gcpmanagedcontrolplane-additional-type
branch
from
08bc033 to
db54842
Compare
Signed-off-by: Aniruddha Basak <[email protected]>
Signed-off-by: Aniruddha Basak <[email protected]>
Signed-off-by: Aniruddha Basak <[email protected]>
Signed-off-by: Aniruddha Basak <[email protected]>
Signed-off-by: Aniruddha Basak <[email protected]>
|
@aniruddha2000: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
This is great work 👍 |
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Hey @aniruddha2000 Hope you're doing good. |
|
@akshay196 hello, yes I am doing good, can you take this over from now if you have the bandwidth? because I don't have many windows to focus on it right now :( |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
New PR: #1186 /close |
|
@akshay196: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What type of PR is this?
/kind api-change
What this PR does / why we need it:
This PR contains the necessary API changes for GCPManagedControlPlane types to support additional fields.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Part of #906
Special notes for your reviewer:
ClusterNetwork.Podto a more reasonable name? Because it is quite ambiguous to the upstream k8s Pod.CidrBlock map[string]string `json:"cidrBlock,omitempty"must not be greater than 10. What should be the kubebuilder validation?Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
Release note:
/cc @akshay196 @richardcase @cpanato