-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDN-4308: Update status merge for APBRoute and EgressFirewall. #2132
SDN-4308: Update status merge for APBRoute and EgressFirewall. #2132
Conversation
Update APBRoute IP validation. Signed-off-by: Nadia Pinaeva <[email protected]>
Skipping CI for Draft Pull Request. |
@npinaeva: This pull request references SDN-4308 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
/retest-required |
status: | ||
description: A concise indication of whether the AdminPolicyBasedRoute | ||
resource is applied with success | ||
type: string | ||
required: | ||
- lastTransitionTime | ||
- messages | ||
- status |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I talked with @npinaeva about this being a backward incompatible change. Need to confirm if we are ok with this.
@@ -138,6 +138,7 @@ rules: | |||
resources: | |||
- adminpolicybasedexternalroutes | |||
- egressfirewalls | |||
- egressfirewalls/status |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you need this and not adminpolicybasedexternalroutes/status
as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually need it, but it should've already been here, because node updates status already 😕
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice catch @jcaamano , it is a 4.14 bug :) just checked, 4.14 can't update status
W1130 14:58:55.081710 5185 master_controller.go:227] Failed to update AdminPolicyBasedExternalRoutes default status: failed to update AdminPolicyBasedExternalRoutes default status: adminpolicybasedexternalroutes.k8s.ovn.org "default" is forbidden: User "system:ovn-node:ci-ln-f2400f2-72292-sgnts-master-2" cannot update resource "adminpolicybasedexternalroutes/status" in API group "k8s.ovn.org" at the cluster scope
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
created a separate PR for that, since it is a different problem and should be backported to 4.14 #2139
- adminpolicybasedexternalroutes | ||
- adminpolicybasedexternalroutes/status | ||
- egressfirewalls | ||
- egressfirewalls/status |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess we are following the status quo here but we should really only need update perms on adminpolicybasedexternalroutes/status
and egressfirewalls/status
required: | ||
- messages |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So thinking about it a bit, I wouldn't add this as required. It is just a hassle.
@@ -713,14 +720,14 @@ spec: | |||
items: | |||
type: string | |||
type: array | |||
x-kubernetes-list-type: set | |||
status: | |||
description: A concise indication of whether the AdminPolicyBasedRoute | |||
resource is applied with success | |||
type: string | |||
required: | |||
- lastTransitionTime | |||
- messages |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that we are at making backward incompatible changes, shouldn't we just remove messages
and lastTransitionTime
from required. It just can't make sense of them being required.
egressfirewall. For ovnkube-controller: watch and patch APBRoute and egressfirewall. Make all .stauts fields optional (backward incompatible change for apbroute) Signed-off-by: Nadia Pinaeva <[email protected]>
a940867
to
b31c88d
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: npinaeva, trozet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/override ci/prow/e2e-metal-ipi-ovn-ipv6 |
@trozet: Overrode contexts on behalf of trozet: ci/prow/e2e-metal-ipi-ovn-ipv6 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
4f14d36
into
openshift:master
@npinaeva: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
[ART PR BUILD NOTIFIER] This PR has been included in build cluster-network-operator-container-v4.15.0-202312012309.p0.g4f14d36.assembly.stream for distgit cluster-network-operator. |
Update APBRoute IP validation.
Depends on ovn-org/ovn-kubernetes#3750