Comments (9)
I gave this some more thought. If you want to rely on a Gateway being set, this would need to be specified on IPAM contract level, not for individual providers.
The fun part starts once you consider IPv6. (Disclaimer: I'm not too deep into IPv6, so feel free to validate)
Afaik there is a lot of new ways to configure IP addresses. There are better alternatives to DHCP, which makes the IPAM contract unnecessary in some scenarios. But there are also options to configure individual aspects of the network using "Router Advertising", which e.g. allows setting a static IPv6 on the host, but not providing a default gateway, which will be configured automatically using Router Advertising.
Considering that, I'd keep this field optional. Alternatively we could only make it required when using IPv4. I'll ask my networking colleagues about that as well, maybe there is a reason not to have it for IPv4 either.
Of course nobody thought of us poor software engineers who only want to understand the manageable complexity of IPv4 when coming up with those ideas. 😄
I'm not sure what a solution for different requirements of providers would be. Of course it should be documented and be properly reflected in resource status. We could also introduce a toggle that makes it required, which would help folks with a less-advanced networking setup.
from cluster-api-ipam-provider-in-cluster.
Thanks for bringing up these points. We agree that there is valid reason to keep it optional.
We do see that right now, the code will fail reconciliation if an invalid gateway is provided:
https://github.com/telekom/cluster-api-ipam-provider-in-cluster/blob/main/internal/poolutil/pool.go#L59
Perhaps for the time being, we permit an empty gateway, allow successful reconciliation, and defer making any decision about validation?
from cluster-api-ipam-provider-in-cluster.
I noticed that the capi-webhook validates gateway and it fails if gateway is empty. Probably have to update the capi-webhook to allow empty gateway to truly allow IPAddresses to get reconciled with empty gateways: https://github.com/kubernetes-sigs/cluster-api/blob/4f60841913fa99912771c3906ee81dd13d4e9633/exp/ipam/internal/webhooks/ipaddress.go#L126-L134
from cluster-api-ipam-provider-in-cluster.
You are right. Since it has an omitempty
json tag, I think we should change it to check if it's even set.
from cluster-api-ipam-provider-in-cluster.
Created a PR to update capi-webhook: kubernetes-sigs/cluster-api#8525.
from cluster-api-ipam-provider-in-cluster.
I had already created kubernetes-sigs/cluster-api#8506, not sure if it makes sense to differentiate between ipv4 and ipv6.
from cluster-api-ipam-provider-in-cluster.
Ah, I should of looked. We can close our PR in favor of yours. I can go either way in terms of allowing or disallowing gateway for ipv4.
from cluster-api-ipam-provider-in-cluster.
I have no strong opinions, and am open to any implementation.
If I were all alone making this choice, I'd require gateway on IPv4 Pools/Addresses, and I'd make gateways on IPv6 Pools/Addresses always optional, per our PR.
My rationale for making IPv4 required: The user would need to configure the Gateway on the cluster yaml if they don't provide it on the Pool. This separation of configuration seems a bit disjointed. If neither the pool nor the cluster yaml specified the Gateway, it becomes hard to detect the misconfiguration, and the user would likely not find out until the deploy failed.
from cluster-api-ipam-provider-in-cluster.
I think this issue has been solved by #118. Please feel free to reopen if that's not correct.
from cluster-api-ipam-provider-in-cluster.
Related Issues (20)
- Addressing downscaling pools with addresses in range HOT 6
- IPAddressClaim controller should detect cluster paused consistently HOT 1
- clusterctl move fails because of delete webhook
- Claims with cluster label should not be reconciled when cluster cannot be retrieved
- Adopt the CNCF CLA bot, merge bot and Kubernetes PR commands/bots.
- Controller shouldn't allocate IP addresses that are "reserved" for the subnet HOT 4
- Gateway should be validated to be within inferred subnet when pool is IPv4 HOT 4
- The provider configuration to add to clusterctl.yaml is wrong HOT 1
- :bug: GlobalInClusterIPPool does not guarantee the unique IP across multiple k8s namespaces HOT 1
- Misconfigured webhooks with the new api version HOT 3
- Claims that are stuck waiting for an address when a pool has no free addresses should be re-reconciled when addresses become available HOT 3
- Handle reserved Ips withing an IP range HOT 8
- clusterctl move fails due to IPAddresses Exists HOT 4
- clusterctl init fails if wrong version of cert-manager is already installed HOT 2
- in a "clusterctl move" the IPAM resources are not migrated to the new cluster HOT 3
- unknown field "spec.excludedAddresses" HOT 6
- ipam provider does not support capi v1.6.0 HOT 2
- Any plan to cut a v0.1.0 release? HOT 4
- Add support for IPAddressClaim spec.clusterName once CAPI 1.8 is released HOT 1
- Clusterctl move not moving globalinclusterippools
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cluster-api-ipam-provider-in-cluster.