Add Ingress GA details #1025
Add Ingress GA details #1025
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
| ``` | ||
|
|
||
| If `Healthcheck` is nil, then the implementation default healthcheck will be | ||
| configured, healthchecking the root `/` path. If `Healthcheck` is specfied, |
There was a problem hiding this comment.
Alternative default behaviour would be to not configure any healthchecking and rely on service controller to keep the list of endpoints up-to-date based on Readiness probe and consider all the endpoints healthy.
There was a problem hiding this comment.
some APIs require a healthcheck be defined :(
There was a problem hiding this comment.
I agree with @ElvinEfendi .
We'd better push the service team to remove the mandatory healthCheck requirement.
e.g. For aws ALB, the healthCheck from AWS is mandatory, and i have been pushing the internal team to remove such requirement.
| // populated to match the Resource. If both ServiceName and Resource are | ||
| // specified, then they must reference the same Service object. | ||
| // +optional | ||
| Resource v1.TypedLocalObjectReference |
There was a problem hiding this comment.
Can we use the same approach in HTTPIngressPath to allow a custom configuration? This would allow exposing features available in the particular implementation removing the ambiguity of annotations.
There was a problem hiding this comment.
Do you really want a CRD for path strings?
Also, that doesn't help with the round-trip requirement -- we have to be able to go from v1beta1 -> v1 -> v1beta1 and not lose information
There was a problem hiding this comment.
Do you really want a CRD for path strings?
No, I want to remove annotations to configure "things" in the path.
we have to be able to go from v1beta1 -> v1 -> v1beta1 and not lose information
Good point.
| | `(abc)` | grouping | | ||
|
|
||
| Maintaining a regular expression subset is likely not worth the complexity and | ||
| is likely impossible across the [many implementations][regex-survey]. |
There was a problem hiding this comment.
Just for reference kubernetes/ingress-nginx#555
|
@bowei what about referencing secrets from a different namespace? |
Cross-namespace object references are a non-goal (not just for ingress, but broadly). Future enhancements like named certificates (satisfied by controller-specific methods, such as resolving secrets in an ingress-controller-defined namespace) could address that usability issue. |
Can we put that in the spec? |
| > If `Host` is a wildcard, then request matches the rule if the http host header | ||
| > is to equal to the suffix (removing the first label) of the wildcard rule. | ||
| > E.g. wildcard "*.foo.com" matches "bar.foo.com" because they share an equal | ||
| > suffix "foo.com". |
There was a problem hiding this comment.
Also make clear that wildcards a re whole-word replacements and must be the first segment.
|
|
||
| type IngressBackendHealthcheck struct { | ||
| // HTTP defines healthchecks using the HTTP protocol. | ||
| HTTP *IngressBackendHTTPHealthcheck |
There was a problem hiding this comment.
Do we need this indirection? We're already inside the HTTP block, and I don't think we'll realistically support anything but HTTP
| // Class references an IngressClass resource in kube-system. This is used | ||
| // by the cluster Ingress controllers to determine which controller operates | ||
| // on this resource. | ||
| Class string |
There was a problem hiding this comment.
As with all other *Class, we now need to define default behavior if not specified.
We could do like Storage and add an admission controller which sets this to the name of the class that carries a label.
We could ignore it and let the controllers fight it out (e.g. on GCP we could hard-configure gce-ingress as the default via flags, and users could not change that)
There was a problem hiding this comment.
Hi, I think it's better to change Class to IngressClassName
Which aligns with
| } | ||
|
|
||
| type IngressClassSpec struct { | ||
| // This is currently empty. |
There was a problem hiding this comment.
Will have to carry the identifier for the controller which implements the class. E.g. Controller string -- and document it as namespaced just like storage provisioners.
There was a problem hiding this comment.
maybe just provisioner string? so we can get consistent naming with StorageClass.
From my pov, 'provisioner' and 'controller' have the same meaning in this context.
Also, is it possible to include Parameters map[string]string as well, so we can have controller specific settings expressed as fields.
One use case could be explicit denote the sharing LB among Ingresses.
e.g. users can provision separate IngressClass for different LB like:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: alb-lb-a
provisioner: kubernetes.io/aws-alb
parameters:
lbName: lb-a
all ingresses(across namespace) using this IngressClass with be backed by a single LB called lb-a.
| Add a field to the `IngressBackend` struct with an object reference: | ||
|
|
||
| ```golang | ||
| type IngressBackend struct { |
There was a problem hiding this comment.
I think we'll want to restructure this as something like:
// +union
type IngressBackend struct {
// +union-discriminator
Type string
Service IngressBackendService
External v1.TypedObjectReference
}
type IngressBackendService struct {
ServiceName string
ServicePort intstr.IntOrString
}
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bowei, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
bowei
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
bowei
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
This already merged -- do you want to open a followup PR?
…On Wed, May 1, 2019 at 10:39 AM Bowei Du ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In keps/sig-network/20190125-ingress-api-group.md
<#1025 (comment)>
:
> +> is to equal to the suffix (removing the first label) of the wildcard rule.
+> E.g. wildcard "*.foo.com" matches "bar.foo.com" because they share an equal
+> suffix "foo.com".
+
+### Healthchecks
+
+The current spec does not have any provisions to customize appropriate
+healtchecks for referenced backends. Many users already have a healthcheck
+URLthat is lightweight and different from the HTTP root (e.g. `/`).
+
+One option that has been explored is to infer the healthcheck URL from the
+Readiness probes on the Pods of the Service. This method has proven to be quite
+unstable: Every Pod in a Service can have a different Readiness probe definition
+and it's not clear which one should be used. Furthermore, the behavior is quite
+implicit and creates action-at-a-distance relationship between the Ingress and
+Pod resources.
updated text
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#1025 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABKWAVDUH7U3P3KMZ4BBFI3PTHIVHANCNFSM4HJPDYDA>
.
|
|
Comment feedback is being integrated into https://github.com/bowei/enhancements/blob/ingress-ga/keps/sig-network/20190125-ingress-api-group.md If you notice your comment has been resolved, check the link above. |
|
Yes -- opening a new PR once I sweep through this set of comments. |
| ```golang | ||
| type IngressSpec struct { | ||
| ... | ||
| // Class references an IngressClass resource in kube-system. This is used |
There was a problem hiding this comment.
I think this IngressClass should be a cluster scope resource instead of namespaced resource in kube-system
There was a problem hiding this comment.
Agree, it should be like storage class
Fleshes out some details regarding the issues we wish to tackle in the 1.15+ releases.
Implementation and details are WIP.
This is an initial pass.
@thockin @liggitt @aledbf