Skip to content

Router publish strategy related changes for IBM Cloud platform #6199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Router publish strategy related changes for IBM Cloud platform #6199

wants to merge 1 commit into from
+16 −10

Conversation

libesz
Copy link

@libesz libesz commented May 28, 2025

When HCP contains router publish strategy for the
master services, IBM Cloud platform implementation will take care of the proper exposure of the
services, without using the actual cluster Router
(similar implementation to Azure). That is, CPO should not create any LoadBalancer or actual router deployment as part of reconciling the HCP.
The current change also makes the migration from NodePort services backward compatible, for existing clusters. That is, the NodePort services will remain as is
(they are not converted to regular ClusterIP services, resulting in permanently losing the reserved nodeports) allowing existing external clients (e.g. kubelet,
master proxy) to work as before, until they are also upgraded.

The expected behavior is to:

  • Do not manage any ingress component (LB Svc, Router)
  • Keep NodePort master services (if they are already existing)
  • (Re)configure node agents (e.g. connectivity) to use 443 as server port

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 28, 2025
@openshift-ci openshift-ci bot requested review from enxebre and rtheis May 28, 2025 11:48
@openshift-ci openshift-ci bot added the area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release label May 28, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 28, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: libesz
Once this PR has been reviewed and has the lgtm label, please assign muraee for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@libesz libesz mentioned this pull request May 28, 2025
Open
4 tasks
@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 28, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 28, 2025

Hi @libesz. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

rtheis
rtheis suggested changes May 28, 2025
View reviewed changes
Copy link
Contributor

@rtheis rtheis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase your PR and resolve the conflicts.

@libesz
Router publish strategy related changes for IBM Cloud platform
77eeb74 
When HCP contains router publish strategy for the
master services, IBM Cloud platform implementation
will take care of the proper exposure of the
services, without using the actual cluster Router
(similar implementation to Azure). That is, CPO should
not create any LoadBalancer or actual router deployment
as part of reconciling the HCP.
The current change also makes the migration from NodePort
services backward compatible, for existing clusters.
That is, the NodePort services will remain as is
(they are not converted to regular ClusterIP services,
resulting in permanently losing the reserved nodeports)
allowing existing external clients (e.g. kubelet,
master proxy) to work as before, until they are also
upgraded.

The expected behavior is to:
* Do not manage any ingress component (LB Svc, Router)
* Keep NodePort master services (if they are already existing)
* (Re)configure node agents (e.g. connectivity) to use 443 as server port
@libesz libesz force-pushed the ibmcloud-router-main branch from be62c17 to 77eeb74 Compare May 28, 2025 14:44
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 28, 2025
@rtheis
Copy link
Contributor

rtheis commented May 28, 2025

/ok-to-test

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 28, 2025
@cwbotbot
Copy link

cwbotbot commented May 29, 2025
edited
Loading

Test Results

e2e-aws

e2e-aks

@rtheis
Copy link
Contributor

rtheis commented May 29, 2025

/retest
/ok-to-test

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 29, 2025

@libesz: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

rtheis
rtheis reviewed May 29, 2025
View reviewed changes
control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
@@ -1275,7 +1275,7 @@ func (r *HostedControlPlaneReconciler) reconcileOAuthServerService(ctx context.C
p := oauth.NewOAuthServiceParams(hcp)
oauthServerService := manifests.OauthServerService(hcp.Namespace)
if _, err := createOrUpdate(ctx, r.Client, oauthServerService, func() error {
return oauth.ReconcileService(oauthServerService, p.OwnerRef, serviceStrategy)
return oauth.ReconcileService(oauthServerService, p.OwnerRef, serviceStrategy, hcp.Spec.Platform.Type)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should add unit testing if possible.

@rtheis
Copy link
Contributor

rtheis commented May 30, 2025

Please open a Jira and update this PR accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rtheis rtheis rtheis requested changes

@enxebre enxebre Awaiting requested review from enxebre

Assignees

@rtheis rtheis

Labels
area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@libesz @rtheis @cwbotbot @openshift-merge-robot