Skip to content

chore(controller): allow re attach to update and some error #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
duanhongyi merged 5 commits into from
Mar 27, 2025
Merged

chore(controller): allow re attach to update and some error #181

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7eacb0f
fix(timeouts): timeouts set error
jianxiaoguo Mar 26, 2025
e24acc3
fix(tls): tls force enable error
jianxiaoguo Mar 26, 2025
8100738
chore(certs): allow re attach to update
jianxiaoguo Mar 26, 2025
94854bd
chore(controller): https_enforced when has domains
jianxiaoguo Mar 26, 2025
f883546
chore(controller): pod pending has not containerStatuses
jianxiaoguo Mar 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions rootfs/api/models/certificate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
from django.contrib.auth import get_user_model
from rest_framework.exceptions import ValidationError
from api.utils import validate_label
from api.exceptions import AlreadyExists, ServiceUnavailable
from api.exceptions import ServiceUnavailable
from scheduler import KubeException
from .base import AuditedModel
from .domain import Domain
Expand Down Expand Up @@ -192,8 +192,6 @@ def delete(self, *args, **kwargs):
def attach(self, *args, **kwargs):
# add the certificate to the domain
domain = get_object_or_404(Domain, domain=kwargs['domain'])
if domain.certificate is not None:
raise AlreadyExists("Domain already has a certificate attached to it")
# create in kubernetes
self.attach_in_kubernetes(domain)
domain.certificate = self
Expand Down
15 changes: 15 additions & 0 deletions rootfs/api/models/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,3 +265,18 @@ def _update_limits(self, previous_config, replace_ptypes=[]):
"the %s has already been used and cannot be deleted" % ptype)
self._merge_data('limits', data, new_data)
setattr(self, 'limits', data)

def _update_termination_grace_period(self, previous_config, replace_ptypes=[]):
data = {
k: v for k, v in getattr(previous_config, 'termination_grace_period', {}).copy().items() # noqa
if k not in replace_ptypes
}
new_data = getattr(self, 'termination_grace_period', {}).copy()
# check procfile
for ptype, value in new_data.items():
if value is None:
if ptype in self.app.ptypes:
raise UnprocessableEntity(
"the %s has already been used and cannot be deleted" % ptype)
self._merge_data('termination_grace_period', data, new_data)
setattr(self, 'termination_grace_period', data)
5 changes: 3 additions & 2 deletions rootfs/api/models/gateway.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ def cleaned_rules(self):
@property
def tls_force_hostnames(self):
tls = self.app.tls_set.latest()
q = Q(ptype__int=[s.ptype for s in self.services])
q = Q(ptype__in=[s.ptype for s in self.services])
if not tls.certs_auto_enabled:
q &= Q(certificate__isnull=False)
domains = self.app.domain_set.filter(q)
Expand Down Expand Up @@ -260,7 +260,8 @@ def refresh_to_k8s(self):
if self.routable:
parent_refs, http_parent_refs = self._get_all_parent_refs()
tls = self.app.tls_set.latest()
if tls.https_enforced and self.kind == "HTTPRoute":
# requestRedirect only when has tls or certs
if tls.https_enforced and self.kind == "HTTPRoute" and self.tls_force_hostnames:
self._https_enforced_to_k8s(http_parent_refs)
elif self.kind == "HTTPRoute":
parent_refs.extend(http_parent_refs)
Expand Down
8 changes: 4 additions & 4 deletions rootfs/api/tests/test_certificate_use_case_4.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,8 +168,8 @@ def test_certificate_attach_overwrite(self):
'{}/{}/domain/'.format(self.url, 'bar-com'),
{'domain': 'foo.com'}
)
# Should be a 409 Conflict since it already existed
self.assertEqual(response.status_code, 409)
# allow re attach to update
self.assertEqual(response.status_code, 201)

# Assert that domain and cert are still the original
response = self.client.get(
Expand All @@ -180,7 +180,7 @@ def test_certificate_attach_overwrite(self):
expected = {
'name': 'foo-com',
'common_name': 'foo.com',
'domains': ['foo.com']
'domains': []
}
for key, value in list(expected.items()):
self.assertEqual(
Expand All @@ -197,7 +197,7 @@ def test_certificate_attach_overwrite(self):
expected = {
'name': 'bar-com',
'common_name': 'bar.com',
'domains': []
'domains': ['foo.com']
}
for key, value in list(expected.items()):
self.assertEqual(
Expand Down
8 changes: 4 additions & 4 deletions rootfs/scheduler/resources/pod.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,7 +413,7 @@ def readiness_status(self, pod):
"""Check if the pod container have passed the readiness probes"""
name = '{}-{}'.format(pod['metadata']['labels']['app'], pod['metadata']['labels']['type'])
# find the right container in case there are many on the pod
container = self.find_container(name, pod['status']['containerStatuses'])
container = self.find_container(name, pod['status'].get('containerStatuses', []))
if container is None:
# Seems like the most sensible default
return 'Unknown'
Expand Down Expand Up @@ -466,7 +466,7 @@ def pending_status(self, pod):

name = '{}-{}'.format(pod['metadata']['labels']['app'], pod['metadata']['labels']['type'])
# find the right container in case there are many on the pod
container = self.pod.find_container(name, pod['status']['containerStatuses'])
container = self.find_container(name, pod['status'].get('containerStatuses', []))
if container is None:
# Return Pending if nothing else can be found
return 'Pending', ''
Expand Down Expand Up @@ -596,7 +596,7 @@ def _handle_pending_pods(self, namespace, labels):
phase = pod['status']['phase']
name = '{}-{}'.format(pod['metadata']['labels']['app'],
pod['metadata']['labels']['type'])
container = self.find_container(name, pod['status']['containerStatuses'])
container = self.find_container(name, pod['status'].get('containerStatuses', []))
# phase is Running, but state is waiting in CrashLoopBackOff
if phase not in ['Pending', 'ContainerCreating'] and \
(phase == 'Running' and 'waiting' not in container['state'].keys()):
Expand Down Expand Up @@ -748,7 +748,7 @@ def _handle_not_ready_pods(self, namespace, labels):

name = '{}-{}'.format(pod['metadata']['labels']['app'], pod['metadata']['labels']['type']) # noqa
# find the right container in case there are many on the pod
container = self.find_container(name, pod['status']['containerStatuses'])
container = self.find_container(name, pod['status'].get('containerStatuses', []))
if container is None or container['ready'] == 'true':
continue

Expand Down