Stabilization and move toward 1.0 #197
Conversation
- Introduced reconciled bool that flags whether the ALBIngress resource was synced successfully. Where successful is qualified by all AWS resource being provisioned or modified as expected. - The primary use of this bool is to ensure that UpdateIngressStatus only operates on ingresses that experienced successful reconciliation. Thus when projects like kubernetes-incubator/external-dns operate on the ingress resources, they aren't attempting to setup DNS for a broken ALBIngress. - Resolves #191
- Excludes all master nodes from node list returned by the lister. This prevents masters from being added as part of an ALB's targetgroup. - The mechanism to determine whether a node is a master is based on the presence of the label "node-role.kubernetes.io/master". The use of this label is based on the discussion at kubernetes/kubernetes#41835. - Resolves #92
|
Does this work include getting the chart on quay.io updated? |
|
@antoniobeyah it does now, thanks. |
|
Checking off ignore master nodes, as only workers are now being picked up. 1 worker 2 master cluster: targetgroups on ALB only contain worker: Again, masters are qualified by the |
- When a new ingress assembly fails, it could be an existing ingress resource that was previously reconciled. We use the Reconciled var to signify whether the ingress resource has been reconciled correctly. - This commit ensures that if the assembly fails we mark reconcile as false to signify the reconcile will fail (although in reality it's never attempted). - This will also ensure an ingress status update is not attempted. - Relates to #191
|
Status updates no longer occur when reconcile fails, but will continue once it succeeds again. Example in failure: Once issue is resolved in ingress resource: |
- DEBUG is a higher int than INFO thus the evaluation of whether DEBUG should print should be based on whether LOG_LEVEL is greater than INFO.
- Forcing an OnUpdate to occur ensures things like target groups and update and generally will be another check that desired and current are as expected in each ingress. - Resolves #204
|
Targetgroups (and other AWS checks) will now update on at least a 3 minute interval. We do this by ensure that if the OnUpdate callback hasn't fired in 180 seconds, it is called from the controller in a separate go routine. Logs are as follows. |
- Due to issue acquiring lock with multiple controller, we need to update the ingress library. With this upgrade comes a new interface method GetEndpoints(). Since we do not utilize a default endpoint, it just returns an empty Endpoint struct. - Resolves #203
|
@joshrosso Excellent work here. Two questions:
Things I would like to see as an MVP for 1.0 as these are essentially showstoppers from it being used:
Also, I ran into a bug where the controller did not detect changes to annotations and it required a controller restart in order to get it to correct. I haven't tested against these latest commits but will give that a shot and file an issue if it still remains. |
Definitely. I've pinged you in k8s slack. Let's discuss more granular when you have a moment.
Before 09/26 is ideal for me as I'll be on vacation after that :) All issues you've mentioned are reasonable, but I'd ask that you take on #90 and possible #198 if possible. |
|
Automated subnet detect for qualified subnets (based on tags) is now implemented in 4f00ac6. |
- When we assemble for AWS, we should mark the reconciled flag as true representing that the ingress resource was previously reconciled. If it fails in a future reconcile, the value will change to false. - Resolves: #220
- Previously, resources would be deleted from AWS but there was no guarantee the ALBIngress would be removed from the list of ALBIngresses. Eventually it would be removed when an AWS sync occured. - This commit checks after reconcile for any LoadBalancers that have the deleted flag set to true. When this is the case it's removed from the ALBIngress list.
|
I want to get the rest of the issue burn down list covered then merge into master cutting an |
Bugfix for #225: iterate over all instances in all reservations.
- Move the security group retry logic into one location. - Do proper error checking to ensure an SG modification should be retried. Currently this is the case when a DependencyViolation is returned.
- Previously we looked for the presence of a certificate ARN to determine whether the protocol should be set to HTTP or HTTPS. Now we look at the protocol set in the scheme annotation to determine which it should be. - Resolves #194
|
Bringing this PR into master now assuming tests pass. As noted at the top of the README, we'll cut an alpha slice and would all issues should note the version being used. |
joshrosso
changed the title
- Now look for the presence of the security-group annotation key to see whether it's present. Previously we were getting false negatives and the controller always believed it needed to manage the SGs. - Resolves: #232
Stabilization and move toward 1.0
This PR represents our move to 1.0 of the alb-ingress-controller. Specifically addressing clean up and stabilization.
Issue burn-down list
Ingress controller sets status even if alb creation doesn't succeed. #191