-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add data plane provisioner to support conformance tests #634
Comments
Stepping back and thinking about this as if it was a feature proposal (not a bandage to run conformance): I think a new deployment for every Gateway object is excessive and a waste of precious K8s cluster resources. Proposed with the constraints given, I think it helps us meet the need to align with conformance test assumptions and gives us a way to probe on this resource consumption issue I raise. |
this is a valid concern. However, the current state of the Gateway spec through the conformance tests wants to see separate data planes per Gateway. However, using a single data plane for multiple Gateways will be supported when explicit support for merging is accepted -- kubernetes-sigs/gateway-api#1863 |
This commit: - Changes the cmd package to support multiple commands in gateway binary. - Adds the root command, which simply prints help. - Adds control-plane command, which starts the control plane -- the previously available functionally of the gateway binary. - Adds provisioner command, currently not implemented. Needed by nginxinc#634
This commit: - Changes the cmd package to support multiple commands in gateway binary. - Adds the root command, which simply prints help. - Adds static-mode command, which starts NGINX Kubernetes Gateway in static mode -- the previously available functionally of the gateway binary. - Adds provisioner-mode command, currently not implemented. Needed by #634
This commit adds two features for the static mode: - Support configuring a single Gateway resource to watch. - Support not reporting the GatewayClass status, so that it doesn't conflict with the status updates done by the provisioner. Needed by nginxinc#634
This commit adds two features for the static mode: - Support configuring a single Gateway resource to watch. - Support not reporting the GatewayClass status, so that it doesn't conflict with the status updates done by the provisioner. Needed by #634
Problem: Support provisioning NGINX data plane per Gateway, as expected by the Gateway API conformance tests. See nginxinc#634 for more info Solution: - Implement provisioner command which which provisions a Deployment of NKG (static mode) for each Gateway of the provisioner GatewayClass. - Add provisioner manifests and docs Fixes nginxinc#634 Additionally, introduce PrepareTimeForFakeClient helper function, which fixes an error that appeared on GitHub Action pipeline, not locally (see below). (To reproduce it locally, run `make TZ=123 unit-tests` and ensure you compare Conditions in the status as in Expect(clusterGc.Status.Conditions).To(Equal(expectedConditions)) ) The timezone of the time in a resource field returned by the fake client was different from the one set in the field when updating the resource. The commit adds PrepareTimeForFakeClient() which ensures that the time is prepared correctly so that the timezone is the same. The problem is only present when comparing status Conditions using gomega like Expect(clusterGc.Status.Conditions).To(Equal(expectedConditions)) but not present if comparing using cmp like Expect(helpers.Diff(expectedGc, latestGc)).To(BeEmpty()). [FAILED] Expected <*time.Location | 0x30d0b00>: { name: "Local", zone: [ {name: "UTC", offset: 0, isDST: false}, ], tx: [ { when: -9223372036854775808, index: 0, isstd: false, isutc: false, }, ], extend: "UTC0", cacheStart: -9223372036854775808, cacheEnd: 9223372036854775807, cacheZone: {name: "UTC", offset: 0, isDST: false}, } to equal <*time.Location | 0x309f240>: {name: "UTC", zone: nil, tx: nil, extend: "", cacheStart: 0, cacheEnd: 0, cacheZone: nil}
Problem: Support provisioning NGINX data plane per Gateway, as expected by the Gateway API conformance tests. See #634 for more info Solution: - Implement provisioner command which which provisions a Deployment of NKG (static mode) for each Gateway of the provisioner GatewayClass. - Add provisioner manifests and docs Fixes #634 Additionally, introduce PrepareTimeForFakeClient helper function, which fixes an error that appeared on GitHub Action pipeline, not locally (see below). (To reproduce it locally, run `make TZ=123 unit-tests` from a commit before this one and ensure you compare Conditions in the status as in Expect(clusterGc.Status.Conditions).To(Equal(expectedConditions)) ) The timezone of the time in a resource field returned by the fake client was different from the one set in the field when updating the resource. The commit adds PrepareTimeForFakeClient() which ensures that the time is prepared correctly so that the timezone is the same. The problem is only present when comparing status Conditions using gomega like Expect(clusterGc.Status.Conditions).To(Equal(expectedConditions)) but not present if comparing using cmp like Expect(helpers.Diff(expectedGc, latestGc)).To(BeEmpty()). [FAILED] Expected <*time.Location | 0x30d0b00>: { name: "Local", zone: [ {name: "UTC", offset: 0, isDST: false}, ], tx: [ { when: -9223372036854775808, index: 0, isstd: false, isutc: false, }, ], extend: "UTC0", cacheStart: -9223372036854775808, cacheEnd: 9223372036854775807, cacheZone: {name: "UTC", offset: 0, isDST: false}, } to equal <*time.Location | 0x309f240>: {name: "UTC", zone: nil, tx: nil, extend: "", cacheStart: 0, cacheEnd: 0, cacheZone: nil}
Parent issue -- #305
Implementation PRs (the issue requires multiple PRs)
Overview
This issue introduces a new component -- the provisioner -- to unblock us from not running the conformance tests (short-term) and to take care of data plane management for our users (long term).
Background
The Gateway API prescribes that Gateway implementations support more than one Gateway resources: for every deployed Gateway resources, the implementation must process it and configure the data plane accordingly. This is what implicitly assumed in the Gateway API conformance tests.
Our implementation doesn't support multiple Gateways, which makes it a blocker for running conformance tests.
We have considered a few approaches to unblock the conformance tests:
High-Level Requirements
We introduce a new component -- the provisioner, which will take care of provisioning NKG deployments for Gateways of the configured GatewayClass. It will be a Kubernetes controller that watches for changes in Gateway resources that belong to its GatewayClass and ensures that for each Gateway, a corresponding NKG deployment is running in the cluster. The provisioner will own the GatewayClass resource -- it will report its status.
At the same, NKG gets extended so that:
Detailed Requirements
Important note -- the existing way of handling multiple Gateways is preserved and remains the recommended one. The provisioner is introduced only to unblock us from not running the conformance test and is not recommended for production use (for now).
We introduce the provisioner in the same binary as NKG, so that we don't need to build a separate container. As a result, the binary will have two modes (commands):
Provisioner
NKG
Out of Scope
For now, we will not address many concerns that will be require for production use of the provisioner:
Note: However, while the scope is reduced, we will not compromise on the software quality, including design, implementation and testing.
Note: We will leave the option to re-evaluate if supporting multiple Gateways via the provisioner is an optimal approach and will remove it if we found a better one.
Acceptance Criteria
The text was updated successfully, but these errors were encountered: