Skip to content

NE-2512: operator/ingress: Add configurationManagement option #2757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Miciah wants to merge 1 commit into
base: master
Choose a base branch
from
Open

NE-2512: operator/ingress: Add configurationManagement option #2757

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions openapi/generated_openapi/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

197 changes: 197 additions & 0 deletions ...ngresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: IngressController
crdName: ingresscontrollers.operator.openshift.io
featureGates:
- IngressControllerDynamicConfigurationManager
tests:
onCreate:
- name: Should be able to enable the Dynamic Configuration Manager
initial: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
tuningOptions:
configurationManagement: Dynamic
expected: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
tuningOptions:
configurationManagement: Dynamic
- name: Should be able to disable the Dynamic Configuration Manager
initial: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
tuningOptions:
configurationManagement: ForkAndReload
expected: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
tuningOptions:
configurationManagement: ForkAndReload
- name: Should not be able to specify a garbage value for DCM
initial: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
tuningOptions:
configurationManagement: garbage
expectedError: 'Unsupported value: "garbage": supported values: "Dynamic", "ForkAndReload"'
onUpdate:
- name: Should be able to enable DCM when currently no preference is specified
initial: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
updated: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
tuningOptions:
configurationManagement: Dynamic
expected: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
tuningOptions:
configurationManagement: Dynamic
- name: Should be able to turn DCM off when it is enabled
initial: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
tuningOptions:
configurationManagement: Dynamic
updated: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
expected: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
- name: Should be able to set no preference when DCM is enabled
initial: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
tuningOptions:
configurationManagement: Dynamic
updated: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
expected: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
- name: Should be able to set no preference when DCM is disabled
initial: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
tuningOptions:
configurationManagement: ForkAndReload
updated: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
expected: |
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
httpEmptyRequestsPolicy: Respond
idleConnectionTerminationPolicy: Immediate
closedClientConnectionPolicy: Continue
43 changes: 43 additions & 0 deletions operator/v1/types_ingress.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2068,8 +2068,51 @@ type IngressControllerTuningOptions struct {
// +kubebuilder:validation:Type:=string
// +optional
ReloadInterval metav1.Duration `json:"reloadInterval,omitempty"`

// configurationManagement specifies how OpenShift router should update
// the HAProxy configuration. The following values are valid for this
// field:
//
// * "ForkAndReload".
Copy link
Contributor

@candita candita Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: ForkAndReload assumes the user knows implementation details. How about Legacy, or ReloadTriggered ?

Copy link
Contributor Author

@Miciah Miciah Mar 21, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ForkAndReload assumes the user knows implementation details.

Well, that's why it's under TuningOptions. * grin *. There are two reasons why someone would set configurationManagement: ForkAndReload:

  • The user knows the implementation details well enough to make an informed decision.
  • The user doesn't know the implementation details or what these options mean, but does know that setting configurationManagement: Dynamic broke something, and so setting the other option (whatever it is called) is the best bet to unbreak things.

How about Legacy, or ReloadTriggered ?

Originally I had dynamicConfigManager: Enabled | Disabled, and Joel suggested configurationManagement: Dynamic | ForkAndReload to make it more explicit. Using configurationManagement: Dynamic | Legacy seems like a step backwards, and ReloadTriggered seems to me to be more opaque than ForkAndReload. Maybe @JoelSpeed could offer an outside perspective on whether "Legacy" or "ReloadTriggered" is clearer than "ForkAndReload".

// * "Dynamic".
//
// Omitting this field means that the user has no opinion and the
// platform may choose a reasonable default. This default is subject to
// change over time. The current default is "ForkAndReload".
//
// "ForkAndReload" means that OpenShift router should rewrite the
// HAProxy configuration file and instruct HAProxy to fork and reload.
// This is OpenShift router's traditional approach.
//
// "Dynamic" means that OpenShift router may use HAProxy's control
// socket for some configuration updates and fall back to fork and
// reload for other configuration updates. This is a newer approach,
// which may be less mature than ForkAndReload. This setting can
// improve load-balancing fairness and metrics accuracy and reduce CPU
// and memory usage if HAProxy has frequent configuration updates for
// route and endpoints updates.
//
// Note: The "Dynamic" option is currently experimental and should not
// be enabled on production clusters.
Comment on lines +2095 to +2096
Copy link
Contributor

@candita candita Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't really use the "experimental" key word. Tech Preview (or Dev Preview?) is more in line with what we usually call this.

Suggested change
// Note: The "Dynamic" option is currently experimental and should not
// be enabled on production clusters.
// Note: The "Dynamic" option is currently a Tech Preview feature and should not
// be enabled on production clusters.

Copy link
Contributor Author

@Miciah Miciah Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we used the "Tech Preview" wording now, what would we change it to when promoting the field to GA? The word "experimental" seems apt, and I figure we will remove the entire note when we make "Dynamic" the default setting.

//
// +openshift:enable:FeatureGate=IngressControllerDynamicConfigurationManager
// +optional
ConfigurationManagement IngressControllerConfigurationManagement `json:"configurationManagement,omitempty"`
Copy link
Contributor

@candita candita Mar 19, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you explore adding configuration management as a first-class ingress spec field instead of a field of tuning options? My reasoning: I would expect that we need to add further DCM configuration in the future, and this "tuning option" is the only one that isn't just number-based simple configuration.

Copy link
Contributor Author

@Miciah Miciah Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't anticipate adding DCM-specific options. In fact, I have been very insistent that DCM should be an internal implementation detail with absolutely no customer-facing configuration. We are only adding the tuning option so that customers have an escape option if some critical issue is discovered after we enable it by default. That said, should the need to add DCM tuning options arise, we could change ConfigurationManagement into an inline union with ConfigurationManagement as the union discriminator. @JoelSpeed, is that a reasonable contingency plan?

}

// IngressControllerConfigurationManagement specifies whether always to use
// fork-and-reload to update the HAProxy configuration or whether to use
// HAProxy's control socket for some configuration updates.
//
// +enum
// +kubebuilder:validation:Enum=Dynamic;ForkAndReload
type IngressControllerConfigurationManagement string

const (
IngressControllerConfigurationManagementDynamic IngressControllerConfigurationManagement = "Dynamic"
IngressControllerConfigurationManagementForkAndReload IngressControllerConfigurationManagement = "ForkAndReload"
)

// HTTPEmptyRequestsPolicy indicates how HTTP connections for which no request
// is received should be handled.
// +kubebuilder:validation:Enum=Respond;Ignore
Expand Down
Loading