Skip to content

Commit

Permalink
add status message when attempting to attach to headless service (#12918
Browse files Browse the repository at this point in the history
)

If the `parent_ref` of an HTTPRoute resource is set to a headless service, the policy controller gives the HTTPRoute a status of NoMatchingParent:

```
  - conditions:
    - lastTransitionTime: "2024-07-30T22:52:24Z"
      message: ""
      reason: NoMatchingParent
      status: "False"
      type: Accepted
```

However, this can be misleading because the parent does exist, but is not a valid parent because it does not have a cluster IP.

We make this error easier to understand by adding a message to the status condition in this case:

```
    - lastTransitionTime: "2024-07-30T22:51:29Z"
      message: parent service must have a ClusterIP
      reason: NoMatchingParent
      status: "False"
      type: Accepted
```

Signed-off-by: Alex Leong <alex@buoyant.io>
  • Loading branch information
adleong authored Aug 2, 2024
1 parent 7bccd05 commit aa3e7d8
Showing 1 changed file with 26 additions and 17 deletions.
43 changes: 26 additions & 17 deletions policy-controller/k8s/status/src/index.rs
Original file line number Diff line number Diff line change
Expand Up @@ -397,24 +397,22 @@ impl Index {
}
routes::ParentReference::Service(service, port) => {
// service is a valid parent if it exists and it has a cluster_ip.
let condition = if self
.services
.get(service)
.map_or(false, |svc| svc.valid_parent_service())
{
// If this route is an HTTPRoute and there exists a GRPCRoute
// with the same parent, the HTTPRoute should not be accepted
// because it is less specific.
// https://gateway-api.sigs.k8s.io/geps/gep-1426/#route-types
if id.gkn.kind == k8s_gateway_api::HttpRoute::kind(&())
&& self.parent_has_grpcroute_children(parent_ref)
{
route_conflicted()
} else {
accepted()
let condition = match self.services.get(service) {
Some(svc) if svc.valid_parent_service() => {
// If this route is an HTTPRoute and there exists a GRPCRoute
// with the same parent, the HTTPRoute should not be accepted
// because it is less specific.
// https://gateway-api.sigs.k8s.io/geps/gep-1426/#route-types
if id.gkn.kind == k8s_gateway_api::HttpRoute::kind(&())
&& self.parent_has_grpcroute_children(parent_ref)
{
route_conflicted()
} else {
accepted()
}
}
} else {
no_matching_parent()
Some(_svc) => headless_parent(),
None => no_matching_parent(),
};

Some(k8s_gateway_api::RouteParentStatus {
Expand Down Expand Up @@ -861,6 +859,17 @@ fn no_matching_parent() -> k8s_core_api::Condition {
}
}

fn headless_parent() -> k8s_core_api::Condition {
k8s_core_api::Condition {
last_transition_time: k8s_core_api::Time(now()),
message: "parent service must have a ClusterIP".to_string(),
observed_generation: None,
reason: reasons::NO_MATCHING_PARENT.to_string(),
status: cond_statuses::STATUS_FALSE.to_string(),
type_: conditions::ACCEPTED.to_string(),
}
}

fn route_conflicted() -> k8s_core_api::Condition {
k8s_core_api::Condition {
last_transition_time: k8s_core_api::Time(now()),
Expand Down

0 comments on commit aa3e7d8

Please sign in to comment.