-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update gatewayapi to v1.0.0 #286
Update gatewayapi to v1.0.0 #286
Conversation
e02b939
to
471ea5e
Compare
Codecov Report
@@ Coverage Diff @@
## main #286 +/- ##
==========================================
- Coverage 65.60% 64.47% -1.13%
==========================================
Files 35 35
Lines 3806 3806
==========================================
- Hits 2497 2454 -43
- Misses 1127 1157 +30
- Partials 182 195 +13
Flags with carried forward coverage won't be shown. Click here to find out more.
|
2dffb5d
to
7243ec3
Compare
@@ -18,16 +18,19 @@ type AuthSchemeSpec struct { | |||
// Authentication configs. | |||
// At least one config MUST evaluate to a valid identity object for the auth request to be successful. | |||
// +optional | |||
// +kubebuilder:validation:MaxProperties=14 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are going with the hard limits for now. We hope soon to be able to remove or substantially increase these limits of maximum number of configs per AP/RLP, by redefining those GWAPI types (HTTPRouteMatch and related) into our code base without the CEL validation rules. After all, Kuadrant API does not need to re-impose validation on those fields if they have been validated once applied in the target GWAPI resources.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, can you briefly explain what is this about? I read from the link
This would work fine until v0.7, but since validation rules based on [Common Expression Language (CEL)](https://github.com/google/cel-go) have been added to the HTTPRoute (https://github.com/kubernetes-sigs/gateway-api/pull/2253), the estimated cost limit exceeds the thresholds, and we have been struggling with having to set some hard constraints on the number of policy rules a user can declare.
What do you mean by the estimated cost limit exceeds the thresholds
? The client upon creating an object is giving timeouts because k8s API server takes too long to validate the resource?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ping @guicassolato
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can try to provide some info here @eguzki.
When you submit a CRD to the kube apiserver it makes an estimate of how costly the CEL validation rules are, so that when a CR of this type is submitted to the cluster it can evaluate it. There is a cost limit for this validation, and so if the estimated cost exceeds the limit the CRD is rejected, as the kube apiserver determines it would be too costly for it to perform validations on CR's that are created of this type.
The client upon creating an object is giving timeouts because k8s API server takes too long to validate the resource?
To avoid this case it rejects the CRD early based on the estimation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the explanation.
And those numbers MaxProperties=14
are magic numbers or they have a reasoning behind them? What are those number depending on?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- The size of our Route Selector
Matches
was set to be size 8 to mirror the use in GWAPIMatches
- https://github.com/kubernetes-sigs/gateway-api/blob/main/apis/v1/httproute_types.go#L192-L194 - The size of the
RouteSelectors
were then set as N-1 of the use in GWAPIRules
- https://github.com/kubernetes-sigs/gateway-api/blob/main/apis/v1/httproute_types.go#L119-L121 - The size of 14 for all of the other types that use our
RouteSelectors
is the maximum size we can set them to before we exceed the cost limit without reducing the other two limits.
65e04d4
to
f5e192a
Compare
I think this needs a little more thorough testing but the integration tests all pass so happy to get a review on it |
964cf24
to
9a37aca
Compare
9a37aca
to
7ec03c3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've tried this with Go v1.20 (version stated in the go
directive in the go.mod
file) but it failed. It looks like we're gonna have to bump Go to 1.21:
❯ go mod tidy -go=1.20
go: sigs.k8s.io/[email protected] requires [email protected], but 1.20 is requested
Weird, It did not happen to me and I expecifically checked that. I will try again |
Certainly sigs.k8s.io/[email protected] requires [email protected] https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/go.mod#L3 However, it does not fail when I compile locally with go1.20.7 🤷 kuadrant-operator2 on pr/286 via 🐹 v1.20.7 vim-go ❯ go clean -modcache
kuadrant-operator2 on pr/286 via 🐹 v1.20.7 vim-go took 3s ❯ rm -rf bin
kuadrant-operator2 on pr/286 via 🐹 v1.20.7 vim-go ❯ go version
go version go1.20.7 linux/amd64
kuadrant-operator2 on pr/286 via 🐹 v1.20.7 vim-go ❯ go mod tidy -go=1.20
go: downloading k8s.io/apimachinery v0.28.3
go: downloading sigs.k8s.io/gateway-api v1.0.0
go: downloading sigs.k8s.io/controller-runtime v0.16.3
go: downloading k8s.io/api v0.28.3
go: downloading github.com/elliotchance/orderedmap/v2 v2.2.0
go: downloading k8s.io/client-go v0.28.3
go: downloading github.com/go-logr/logr v1.2.4
go: downloading github.com/kuadrant/authorino-operator v0.9.0
go: downloading github.com/kuadrant/limitador-operator v0.4.0
go: downloading golang.org/x/exp v0.0.0-20231006140011-7918f672742d
go: downloading golang.org/x/sync v0.4.0
go: downloading github.com/kuadrant/authorino v0.15.0
go: downloading github.com/google/go-cmp v0.6.0
go: downloading google.golang.org/protobuf v1.31.0
go: downloading istio.io/api v0.0.0-20230712174848-a2b2de508c88
go: downloading github.com/onsi/ginkgo/v2 v2.11.0
go: downloading istio.io/client-go v1.17.4-0.20230712175648-f1263a806483
go: downloading istio.io/istio v0.0.0-20230719200611-681b4f65a752
go: downloading k8s.io/utils v0.0.0-20230726121419-3b25d923346b
go: downloading github.com/google/uuid v1.3.1
go: downloading github.com/onsi/gomega v1.27.10
go: downloading k8s.io/apiextensions-apiserver v0.28.3
go: downloading gotest.tools v2.2.0+incompatible
go: downloading go.uber.org/zap v1.26.0
go: downloading k8s.io/klog/v2 v2.100.1
go: downloading github.com/evanphx/json-patch/v5 v5.7.0
go: downloading github.com/evanphx/json-patch v5.7.0+incompatible
go: downloading github.com/gogo/protobuf v1.3.2
go: downloading sigs.k8s.io/yaml v1.4.0
go: downloading github.com/google/gofuzz v1.2.0
go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.3.0
go: downloading github.com/go-logr/zapr v1.2.4
go: downloading github.com/prometheus/client_golang v1.17.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading gomodules.xyz/jsonpatch/v2 v2.4.0
go: downloading sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
go: downloading k8s.io/component-base v0.28.3
go: downloading k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
go: downloading go.uber.org/multierr v1.11.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading github.com/pkg/errors v0.9.1
go: downloading golang.org/x/net v0.17.0
go: downloading golang.org/x/sys v0.13.0
go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
go: downloading golang.org/x/time v0.3.0
go: downloading github.com/fsnotify/fsnotify v1.7.0
go: downloading github.com/imdario/mergo v0.3.16
go: downloading golang.org/x/term v0.13.0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading github.com/google/gnostic-models v0.6.8
go: downloading github.com/golang/protobuf v1.5.3
go: downloading github.com/prometheus/client_model v0.5.0
go: downloading github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
go: downloading golang.org/x/tools v0.14.0
go: downloading golang.org/x/oauth2 v0.13.0
go: downloading github.com/json-iterator/go v1.1.12
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/prometheus/common v0.45.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.2.0
go: downloading github.com/prometheus/procfs v0.12.0
go: downloading github.com/tidwall/gjson v1.14.0
go: downloading github.com/google/pprof v0.0.0-20221212185716-aee1124e3a93
go: downloading golang.org/x/text v0.13.0
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.2
go: downloading google.golang.org/appengine v1.6.8
go: downloading github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0
go: downloading google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc
go: downloading github.com/tidwall/pretty v1.2.0
go: downloading github.com/tidwall/match v1.1.1
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading github.com/go-openapi/swag v0.22.4
go: downloading github.com/go-openapi/jsonreference v0.20.2
go: downloading github.com/emicklei/go-restful/v3 v3.11.0
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading github.com/go-openapi/jsonpointer v0.20.0
go: downloading github.com/josharian/intern v1.0.0
go: downloading github.com/stretchr/testify v1.8.4
go: downloading go.uber.org/goleak v1.2.1
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading golang.org/x/mod v0.13.0
go: downloading github.com/kr/pretty v0.3.1
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading github.com/rogpeppe/go-internal v1.10.0
go: downloading github.com/kr/text v0.2.0
go: downloading istio.io/pkg v0.0.0-20230523222708-7056be172a30
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading helm.sh/helm/v3 v3.11.1
go: downloading github.com/hashicorp/go-version v1.6.0
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/envoyproxy/go-control-plane v0.11.1-0.20230202164348-98e9e8eacc1a
go: downloading github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195
go: downloading github.com/google/cel-go v0.16.1
go: downloading github.com/lestrrat-go/jwx v1.2.25
go: downloading github.com/moby/spdystream v0.2.0
go: downloading google.golang.org/grpc v1.55.0
go: downloading go.uber.org/atomic v1.10.0
go: downloading sigs.k8s.io/mcs-api v0.1.0
go: downloading k8s.io/cli-runtime v0.26.0
go: downloading k8s.io/kubectl v0.26.0
go: downloading github.com/Masterminds/sprig/v3 v3.2.3
go: downloading github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
go: downloading github.com/peterbourgon/diskv v2.0.1+incompatible
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/google/btree v1.1.2
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading github.com/huandu/xstrings v1.4.0
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.3.1
go: downloading github.com/spf13/cast v1.5.0
go: downloading github.com/Masterminds/semver/v3 v3.2.0
go: downloading golang.org/x/crypto v0.14.0
go: downloading github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d
go: downloading github.com/lestrrat-go/backoff/v2 v2.0.8
go: downloading github.com/lestrrat-go/blackmagic v1.0.1
go: downloading github.com/lestrrat-go/httpcc v1.0.1
go: downloading github.com/lestrrat-go/iter v1.0.2
go: downloading github.com/lestrrat-go/option v1.0.1
go: downloading github.com/spf13/cobra v1.7.0
go: downloading github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
go: downloading github.com/google/gnostic v0.6.9
go: downloading sigs.k8s.io/kustomize/api v0.12.1
go: downloading sigs.k8s.io/kustomize/kyaml v0.13.9
go: downloading cloud.google.com/go/logging v1.7.0
go: downloading google.golang.org/api v0.126.0
go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1
go: downloading go.opencensus.io v0.24.0
go: downloading github.com/cyphar/filepath-securejoin v0.2.3
go: downloading github.com/xeipuuv/gojsonschema v1.2.0
go: downloading github.com/BurntSushi/toml v1.2.1
go: downloading github.com/gobwas/glob v0.2.3
go: downloading github.com/jonboulle/clockwork v0.3.0
go: downloading github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d
go: downloading github.com/envoyproxy/protoc-gen-validate v0.10.0
go: downloading go.opentelemetry.io/proto/otlp v0.19.0
go: downloading github.com/census-instrumentation/opencensus-proto v0.4.1
go: downloading github.com/goccy/go-json v0.10.0
go: downloading github.com/stoewer/go-strcase v1.2.1
go: downloading cloud.google.com/go v0.110.2
go: downloading github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df
go: downloading github.com/mitchellh/reflectwalk v1.0.2
go: downloading github.com/chai2010/gettext-go v1.0.2
go: downloading github.com/MakeNowJust/heredoc v1.0.0
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: downloading github.com/russross/blackfriday/v2 v2.1.0
go: downloading github.com/moby/term v0.0.0-20221205130635-1aeaba878587
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/fvbommel/sortorder v1.0.2
go: downloading github.com/fatih/camelcase v1.0.0
go: downloading github.com/antlr/antlr4/runtime/Go/antlr v1.4.10
go: downloading github.com/googleapis/gax-go/v2 v2.11.0
go: downloading cloud.google.com/go/compute/metadata v0.2.3
go: downloading cloud.google.com/go/longrunning v0.4.1
go: downloading cloud.google.com/go/iam v0.13.0
go: downloading github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
go: downloading github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
go: downloading cloud.google.com/go/compute v1.20.1
go: downloading github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
go: downloading github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
go: downloading github.com/go-errors/errors v1.4.2
go: downloading github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00
go: downloading github.com/xlab/treeprint v1.1.0
go: downloading go.starlark.net v0.0.0-20211013185944-b0039bd2cfe3
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.2.3
go: downloading github.com/google/s2a-go v0.1.4
|
It's because I have Go 1.21 installed, @eguzki.
To make it work in my system, quite a few tweaks are required. I have to install Go 1.20 on top of my 1.21 installation and then make sure all commands run on the older version:
I imagine that's because we do not use everything from GWAPI in our code base and therefore compilation did not activate any code that really requires it? Or because GWAPI states requiring 1.21, but does not have anything that is really 1.21-specific in the code. Anyway, when a dependency requires (states) 1.X, my understanding is that usually the right thing to do is to bump our own version as well. |
Totally agree. My comment was only about: why did it not fail?? what I am missing? Installing Go 1.21 right now in my workstation. |
From https://go.dev/doc/modules/gomod-ref
I assumed it was mandatory from the very beginning of go modules 🤦 |
Thanks for the comments @eguzki and @guicassolato - I wasn't aware of this change in go1.21 and had tested with go1.20 locally. I've bumped to 1.21 in the latest commit |
9be121c
to
05fe71a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's wait for @guicassolato approval. But LGTM
good work
Updating the gateway-api package and CRDs to v1.0.0.