-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Variety of fixes in response to feedback on #780 #796
Variety of fixes in response to feedback on #780 #796
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: robscott The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
47516aa
to
cadb97c
Compare
// Implementations should add the `gateway-exists-finalizer.gateway.networking.k8s.io` | ||
// finalizer on the associated GatewayClass whenever Gateway(s) is running. | ||
// This ensures that a GatewayClass associated with a Gateway(s) is not | ||
// deleted while in use. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved to GatewayClass spec
fe98e8b
to
26f3a97
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two small suggestions, but aside from that, LGTM.
apis/v1alpha2/gateway_types.go
Outdated
// ignored otherwise. | ||
// TLS is the TLS configuration for the Listener. This field is required if | ||
// the Protocol field is "HTTPS" or "TLS". It MUST be ignored when the | ||
// Protocol field is "HTTP", "TCP", or "UDP". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer we error out. Such silent acceptance result in confusion during debugging.
We can add a check in the validation webhook for this purpose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feels like this is a good case for a Condition of some sort, but I'm not sure which one.
// only one rule may ultimately receive the request. Matching precedence | ||
// MUST be determined in order of the following criteria: | ||
// Although a client request may match multiple route rules, only one rule | ||
// may ultimately receive the request. Matching precedence MUST be |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MUST rather than MAY.
// may ultimately receive the request. Matching precedence MUST be | |
// WILL ultimately receive the request. Matching precedence MUST be |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think one of the things we're struggling with here is what the intended audience is. I think we may need to start differentiating implementation guidance (words like MUST
) with what users should expect (words like will
). Maybe implementation guidance belongs somewhere other than spec?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've struggled with that distinction and I brought it before as well.
I think most of the documentation is geared towards implementation guidance and we should stick to that. The larger audience will require much more context and the implementation authors can take care of that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was talking with @bowei about this recently, maybe there are some guidelines we can be applying when we're writing our godocs here?
26f3a97
to
5e943f9
Compare
I think I've only really got one thing that needs addressing here, but there are a few followup things, especially around Conditions and status (which is probably due for a recheck and overhaul). I don't think we should block at least the RC on status though, and I feel like a status review is possibly bigger than we should bite off bevore v1alpha2. |
apis/v1alpha2/gatewayclass_types.go
Outdated
@@ -47,12 +60,19 @@ type GatewayClass struct { | |||
Status GatewayClassStatus `json:"status,omitempty"` | |||
} | |||
|
|||
const ( | |||
// GatewayClassFinalizerGatewaysExist MUST be added as a finalizer to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
literally "must" is already "commanded or requested", strong.
dont think the uppercase is really needed since the importance is delivered by the verb.
// GatewayClassFinalizerGatewaysExist MUST be added as a finalizer to the | |
// GatewayClassFinalizerGatewaysExist must be added as a finalizer to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not really sure how to distinguish between MUST
and must
for our godocs, but I think historically we've been using all caps to emphasize/match RFC terminology.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// GatewayClassFinalizerGatewaysExist MUST be added as a finalizer to the | ||
// GatewayClass whenever there are provisioned Gateways using a | ||
// GatewayClass. | ||
GatewayClassFinalizerGatewaysExist = "gateway-exists-finalizer.gateway.networking.k8s.io" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After reading your comments,
GatewayClassFinalizerGatewaysExist = "gateway-exists-finalizer.gateway.networking.k8s.io" | |
ProvisionedGatewayClassFinalizer = "provisioned-gateway-finalizer.gateway.networking.k8s.io" |
is more aligned to what you mean ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably could have a better name, but in this case I'm not actually changing the name, just moving it from gateway_types to gatewayclass_types. The idea is for it to indicate that at least one Gateway is using the GatewayClass and therefore the GatewayClass should not be deleted.
// | ||
// * A Listener with `test.example.com` as the hostname matches HTTPRoutes | ||
// that have either not specified any hostnames, or have specified at | ||
// least one of `test.example.com` or `*.example.com`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// least one of `test.example.com` or `*.example.com`. | |
// least one of `test.example.com` or `*.example.com` or `*`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is actually something that came out of API review, I can't remember which of the reviewers suggested it, but the recommendation was to remove "" as a possible value. An empty or unspecified value here would continue to be interpreted at "", but there was no point in differentiating between empty and "*" since they were interpreted the same way. Let me add that to the PR description.
// ignored. For example, if a Listener specified `*.example.com`, and the | ||
// HTTPRoute specified `test.example.com` and `test.example.net`, | ||
// `test.example.net` must not be considered for a match. | ||
// |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean as following ?
// If both the Listener and HTTPRoute have specified hostnames, only exact match
// will be considered.
// For example, if a Listener specified test.example.com
, and the
// HTTPRoute specified test.example.com
and test.example.net
,
// test.example.net
is not be considered for a match.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is trying to describe how wildcard hostname matching should work with hostnames specified on HTTPRoutes. I don't think removing the wildcard from the example would help here, but I may be misunderstanding what you're suggesting.
// must get a 503 instead. | ||
// sent. | ||
|
||
// If unspecified or invalid (refers to a non-existent resource or a Service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there any k8s Service (Service with no endpoints) that does not have endpoints ?
maybe "resource" is more accurate here ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think what we're trying to communicate here is a Service that does not have any endpoints, likely because there are no Pods running that have been selected by that service.
// status for this route should be updated with a condition that describes | ||
// the error more specifically. | ||
// "match" behavior. For example, resource "mytcproutematcher" in group | ||
// "networking.example.net". If the referent cannot be found, the rule MUST |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// "networking.example.net". If the referent cannot be found, the rule MUST | |
// "networking.example.net". If the referent cannot be found, the rule must |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's probably room for a broader discussion around the usability of these all caps RFC terms, but so far the guidance from other reviewers has been to move more into this capitalization style. We can add to the agenda for next community meeting and/or create an issue to discuss if that's helpful. I don't have a very strong opinion here other than trying to be consistent with what we've done elsewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is definitely a thing we've copied from RFCs, where the increased emphasis is very purposeful - it's a guide for people implementing the spec that allows the reader to easily find the things they MUST do when reading what is often a long and dry specification. That's why I'm supportive of the all-caps.
apis/v1alpha2/gateway_types.go
Outdated
// ignored otherwise. | ||
// TLS is the TLS configuration for the Listener. This field is required if | ||
// the Protocol field is "HTTPS" or "TLS". It MUST be ignored when the | ||
// Protocol field is "HTTP", "TCP", or "UDP". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should ignore be actually be illegal? enforced by validation webhook?
Same with hostname for tcproute?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with that interpretation. For now I've just stated that this is invalid, but also created #827 to track this.
5e943f9
to
f89c716
Compare
Thanks to everyone for the great feedback on this one! I think I've responded to everything now, PTAL. Once we get this in, we should be able to move forward with v1alpha2-rc1. |
f89c716
to
24e1570
Compare
Looks like a deploy/netlify flake? /retest |
24e1570
to
0fbc16b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
I think that @ccfishk raises some fair questions to discuss, particularly about the use of all-caps for MUST, MAY etc, but I also think that's a larger discussion that would be better suited for its own issue/PR.
Signed-off-by: Nick Young <ynick@vmware.com>
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
There's been a lot of great feedback in #780, this makes some of the easier fixes.
Does this PR introduce a user-facing change?: