externalize ipfailover command#20962
Conversation
openshift-ci-robot
added
the
size/XL
juanvallejo
force-pushed
the
jvallejo/externalize-ipfailover
branch
2 times, most recently
from
c472321 to
915c3bb
Compare
| NetworkInterface: ipfailover.DefaultInterface, | ||
| VRRPIDOffset: 0, | ||
| Replicas: 1, | ||
| type IPFailoverConfigCmdOptions struct { |
There was a problem hiding this comment.
IPFailoverConfigOptions - we don't use Cmd anywhere, we should not introduce it here. Honestly, since the commands name is ipfailover the struct name should be just IPFailoverOptions.
There was a problem hiding this comment.
+1 on IPFailoverOptions
| options.Action.BindForOutput(cmd.Flags()) | ||
| cmd.Flags().String("output-version", "", "The preferred API versions of the output objects") | ||
|
|
||
| cmd.Flags().StringVar(&o.ConfigOptions.Type, "type", ipfailover.DefaultType, "The type of IP failover configurator to use.") |
There was a problem hiding this comment.
This default should be set in New... method, not here.
|
|
||
| cmd.Flags().BoolVar(&o.ConfigOptions.Create, "create", o.ConfigOptions.Create, "If true, create the configuration if it does not exist.") | ||
|
|
||
| cmd.Flags().StringVar(&o.ConfigOptions.VirtualIPs, "virtual-ips", "", "A set of virtual IP ranges and/or addresses that the routers bind and serve on and provide IP failover capability for.") |
There was a problem hiding this comment.
Ditto here and in the next few lines wrt to defaults.
| cmd.Flags().StringVar(&o.ConfigOptions.IptablesChain, "iptables-chain", ipfailover.DefaultIptablesChain, "Add a rule to this iptables chain to accept 224.0.0.28 multicast packets if no rule exists. When iptables-chain is empty do not change iptables.") | ||
| cmd.Flags().StringVarP(&o.ConfigOptions.NetworkInterface, "interface", "i", "", "Network interface bound by VRRP to use for the set of virtual IP ranges/addresses specified.") | ||
|
|
||
| cmd.Flags().IntVarP(&o.ConfigOptions.WatchPort, "watch-port", "w", ipfailover.DefaultWatchPort, "Port to monitor or watch for resource availability.") |
|
|
||
| configList := []runtime.Object{ | ||
| &kapi.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: options.ServiceAccount}}, | ||
| configList := []runtime.RawExtension{ |
There was a problem hiding this comment.
Instead of dealing with corev1.List, wouldn't it be simpler to work with []runtime.Object?
| continue | ||
| } | ||
|
|
||
| _, err = o.DynamicClient.Resource(mapping.Resource).Namespace(namespace).Create(unstructuredObj) |
There was a problem hiding this comment.
Please use short if, where possible, this is a perfect candidate. Btw. if you don't know that yet @pweil- calls me short-if 👮♂️
|
|
||
| func NewIPFailoverConfigOptions() *IPFailoverConfigOptions { | ||
| return &IPFailoverConfigOptions{ | ||
|
|
| } | ||
|
|
||
| configList := &kapi.List{Items: []runtime.Object{dc}} | ||
| configList := &corev1.List{ |
There was a problem hiding this comment.
Yeah, working with []runtime.Object might simplify these.
| func validateServiceAccount(client securityv1typedclient.SecurityV1Interface, serviceAccount string) error { | ||
| sccList, err := client.SecurityContextConstraints().List(metav1.ListOptions{}) | ||
| if err != nil { | ||
| if !errors.IsUnauthorized(err) { |
There was a problem hiding this comment.
if err != nil && errors.IsUnathorized(err) {
...???
There was a problem hiding this comment.
Heh, will fix this up. I pretty much just copy + pasted it exactly as it was before this PR (it used to live in the ipfailover.go file)
|
|
||
| # test ipfailover | ||
| os::cmd::expect_failure_and_text 'oc adm ipfailover --dry-run' 'you must specify at least one virtual IP address' | ||
| os::cmd::expect_failure_and_text 'oc adm ipfailover --dry-run' 'service account "ipfailover" does not have sufficient privileges' |
There was a problem hiding this comment.
That's a concerning change
There was a problem hiding this comment.
Ah, the reason for this change was because before, we called the Generate method on the ipfailover plugin before validating the service account.
After this update, we validate the service account before we call the Generate method on the ipfailover plugin. The validation for the service account, now happens in the command's Validate method, which is called before the Run method. The Generate method is called inside of the Run method now.
There was a problem hiding this comment.
No behavior changes here, as service account validation used to fail before this update with the same error, until a security context was created for it.
There was a problem hiding this comment.
Thanks for detailed explanation.
juanvallejo
force-pushed
the
jvallejo/externalize-ipfailover
branch
from
915c3bb to
d59f50a
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: juanvallejo, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
4 participants
Updates the ipfailover command, as well as the keepalived plugin to use external versions.
cc @soltysh