archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cmd/k8s-operator: don't require generation for Available condition (#16497)

Browse Source 
The observed generation was set to always 0 in #16429, but this had the
knock-on effect of other controllers considering ProxyGroups never ready
because the observed generation is never up to date in
proxyGroupCondition. Make sure the ProxyGroupAvailable function does not
requires the observed generation to be up to date, and add testing
coverage to catch regressions.

Updates #16327

Change-Id: I42f50ad47dd81cc2d3c3ce2cd7b252160bb58e40

Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
pull/16506/head
Tom Proctor 5 months ago committed by GitHub
parent 4dfed6b146
commit 27fa2ad868
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File

30
cmd/k8s-operator/proxygroup_test.go
Unescape Escape View File

@ -28,6 +28,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/client/fake"
"tailscale.com/client/tailscale" "tailscale.com/client/tailscale"
"tailscale.com/ipn" "tailscale.com/ipn"
kube "tailscale.com/k8s-operator"
tsoperator "tailscale.com/k8s-operator" tsoperator "tailscale.com/k8s-operator"
tsapi "tailscale.com/k8s-operator/apis/v1alpha1" tsapi "tailscale.com/k8s-operator/apis/v1alpha1"
"tailscale.com/kube/kubetypes" "tailscale.com/kube/kubetypes"
@ -815,6 +816,7 @@ func TestProxyGroup(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "test", Name: "test",
Finalizers: []string{"tailscale.com/finalizer"}, Finalizers: []string{"tailscale.com/finalizer"},
Generation: 1,
}, },
Spec: tsapi.ProxyGroupSpec{ Spec: tsapi.ProxyGroupSpec{
Type: tsapi.ProxyGroupTypeEgress, Type: tsapi.ProxyGroupTypeEgress,
@ -856,9 +858,12 @@ func TestProxyGroup(t *testing.T) {
expectReconciled(t, reconciler, "", pg.Name) expectReconciled(t, reconciler, "", pg.Name)
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionFalse, reasonProxyGroupCreating, "0/2 ProxyGroup pods running", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionFalse, reasonProxyGroupCreating, "0/2 ProxyGroup pods running", 0, cl, zl.Sugar())
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "the ProxyGroup's ProxyClass \"default-pc\" is not yet in a ready state, waiting...", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "the ProxyGroup's ProxyClass \"default-pc\" is not yet in a ready state, waiting...", 1, cl, zl.Sugar())
expectEqual(t, fc, pg) expectEqual(t, fc, pg)
expectProxyGroupResources(t, fc, pg, false, pc) expectProxyGroupResources(t, fc, pg, false, pc)
if kube.ProxyGroupAvailable(pg) {
t.Fatal("expected ProxyGroup to not be available")
}
}) })
t.Run("observe_ProxyGroupCreating_status_reason", func(t *testing.T) { t.Run("observe_ProxyGroupCreating_status_reason", func(t *testing.T) {
@ -874,13 +879,19 @@ func TestProxyGroup(t *testing.T) {
if err := fc.Status().Update(t.Context(), pc); err != nil { if err := fc.Status().Update(t.Context(), pc); err != nil {
t.Fatal(err) t.Fatal(err)
} }
pg.ObjectMeta.Generation = 2
mustUpdate(t, fc, "", pg.Name, func(p *tsapi.ProxyGroup) {
p.ObjectMeta.Generation = pg.ObjectMeta.Generation
})
expectReconciled(t, reconciler, "", pg.Name) expectReconciled(t, reconciler, "", pg.Name)
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "0/2 ProxyGroup pods running", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "0/2 ProxyGroup pods running", 2, cl, zl.Sugar())
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionFalse, reasonProxyGroupCreating, "0/2 ProxyGroup pods running", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionFalse, reasonProxyGroupCreating, "0/2 ProxyGroup pods running", 0, cl, zl.Sugar())
expectEqual(t, fc, pg) expectEqual(t, fc, pg)
expectProxyGroupResources(t, fc, pg, true, pc) expectProxyGroupResources(t, fc, pg, true, pc)
if kube.ProxyGroupAvailable(pg) {
t.Fatal("expected ProxyGroup to not be available")
}
if expected := 1; reconciler.egressProxyGroups.Len() != expected { if expected := 1; reconciler.egressProxyGroups.Len() != expected {
t.Fatalf("expected %d egress ProxyGroups, got %d", expected, reconciler.egressProxyGroups.Len()) t.Fatalf("expected %d egress ProxyGroups, got %d", expected, reconciler.egressProxyGroups.Len())
} }
@ -902,6 +913,10 @@ func TestProxyGroup(t *testing.T) {
t.Run("simulate_successful_device_auth", func(t *testing.T) { t.Run("simulate_successful_device_auth", func(t *testing.T) {
addNodeIDToStateSecrets(t, fc, pg) addNodeIDToStateSecrets(t, fc, pg)
pg.ObjectMeta.Generation = 3
mustUpdate(t, fc, "", pg.Name, func(p *tsapi.ProxyGroup) {
p.ObjectMeta.Generation = pg.ObjectMeta.Generation
})
expectReconciled(t, reconciler, "", pg.Name) expectReconciled(t, reconciler, "", pg.Name)
pg.Status.Devices = []tsapi.TailnetDevice{ pg.Status.Devices = []tsapi.TailnetDevice{
@ -914,10 +929,13 @@ func TestProxyGroup(t *testing.T) {
TailnetIPs: []string{"1.2.3.4", "::1"}, TailnetIPs: []string{"1.2.3.4", "::1"},
}, },
} }
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionTrue, reasonProxyGroupReady, reasonProxyGroupReady, 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionTrue, reasonProxyGroupReady, reasonProxyGroupReady, 3, cl, zl.Sugar())
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionTrue, reasonProxyGroupAvailable, "2/2 ProxyGroup pods running", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionTrue, reasonProxyGroupAvailable, "2/2 ProxyGroup pods running", 0, cl, zl.Sugar())
expectEqual(t, fc, pg) expectEqual(t, fc, pg)
expectProxyGroupResources(t, fc, pg, true, pc) expectProxyGroupResources(t, fc, pg, true, pc)
if !kube.ProxyGroupAvailable(pg) {
t.Fatal("expected ProxyGroup to be available")
}
}) })
t.Run("scale_up_to_3", func(t *testing.T) { t.Run("scale_up_to_3", func(t *testing.T) {
@ -926,14 +944,14 @@ func TestProxyGroup(t *testing.T) {
p.Spec = pg.Spec p.Spec = pg.Spec
}) })
expectReconciled(t, reconciler, "", pg.Name) expectReconciled(t, reconciler, "", pg.Name)
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "2/3 ProxyGroup pods running", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionFalse, reasonProxyGroupCreating, "2/3 ProxyGroup pods running", 3, cl, zl.Sugar())
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionTrue, reasonProxyGroupCreating, "2/3 ProxyGroup pods running", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionTrue, reasonProxyGroupCreating, "2/3 ProxyGroup pods running", 0, cl, zl.Sugar())
expectEqual(t, fc, pg) expectEqual(t, fc, pg)
expectProxyGroupResources(t, fc, pg, true, pc) expectProxyGroupResources(t, fc, pg, true, pc)
addNodeIDToStateSecrets(t, fc, pg) addNodeIDToStateSecrets(t, fc, pg)
expectReconciled(t, reconciler, "", pg.Name) expectReconciled(t, reconciler, "", pg.Name)
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionTrue, reasonProxyGroupReady, reasonProxyGroupReady, 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupReady, metav1.ConditionTrue, reasonProxyGroupReady, reasonProxyGroupReady, 3, cl, zl.Sugar())
tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionTrue, reasonProxyGroupAvailable, "3/3 ProxyGroup pods running", 0, cl, zl.Sugar()) tsoperator.SetProxyGroupCondition(pg, tsapi.ProxyGroupAvailable, metav1.ConditionTrue, reasonProxyGroupAvailable, "3/3 ProxyGroup pods running", 0, cl, zl.Sugar())
pg.Status.Devices = append(pg.Status.Devices, tsapi.TailnetDevice{ pg.Status.Devices = append(pg.Status.Devices, tsapi.TailnetDevice{
Hostname: "hostname-nodeid-2", Hostname: "hostname-nodeid-2",

13
k8s-operator/conditions.go
Unescape Escape View File

@ -137,22 +137,23 @@ func ProxyClassIsReady(pc *tsapi.ProxyClass) bool {
} }
func ProxyGroupIsReady(pg *tsapi.ProxyGroup) bool { func ProxyGroupIsReady(pg *tsapi.ProxyGroup) bool {
return proxyGroupCondition(pg, tsapi.ProxyGroupReady) cond := proxyGroupCondition(pg, tsapi.ProxyGroupReady)
return cond != nil && cond.Status == metav1.ConditionTrue && cond.ObservedGeneration == pg.Generation
} }
func ProxyGroupAvailable(pg *tsapi.ProxyGroup) bool { func ProxyGroupAvailable(pg *tsapi.ProxyGroup) bool {
return proxyGroupCondition(pg, tsapi.ProxyGroupAvailable) cond := proxyGroupCondition(pg, tsapi.ProxyGroupAvailable)
return cond != nil && cond.Status == metav1.ConditionTrue
} }
func proxyGroupCondition(pg *tsapi.ProxyGroup, condType tsapi.ConditionType) bool { func proxyGroupCondition(pg *tsapi.ProxyGroup, condType tsapi.ConditionType) *metav1.Condition {
idx := xslices.IndexFunc(pg.Status.Conditions, func(cond metav1.Condition) bool { idx := xslices.IndexFunc(pg.Status.Conditions, func(cond metav1.Condition) bool {
return cond.Type == string(condType) return cond.Type == string(condType)
}) })
if idx == -1 { if idx == -1 {
return false return nil
} }
cond := pg.Status.Conditions[idx] return &pg.Status.Conditions[idx]
return cond.Status == metav1.ConditionTrue && cond.ObservedGeneration == pg.Generation
} }
func DNSCfgIsReady(cfg *tsapi.DNSConfig) bool { func DNSCfgIsReady(cfg *tsapi.DNSConfig) bool {

Write Preview
Loading…
Cancel
Save