Add --create-nat gke-deployer flag
#307
Conversation
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @Qqkyu. Thanks for your PR. I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/L
|
cc: @BenTheElder @aojea |
|
Unknown CLA label state. Rechecking for CLA labels. Send feedback to sig-contributor-experience at kubernetes/community. /check-cla |
k8s-ci-robot
added
the
cncf-cla: yes
kubetest2-gke/deployer/down.go
Outdated
| if errNat != nil { | ||
| return errNat | ||
| } | ||
| if err := d.DeleteSubnets(d.retryCount); err != nil { | ||
| return err | ||
| if errNetwork != nil { | ||
| return errNetwork | ||
| } | ||
| if errSubnets != nil { | ||
| return errSubnets | ||
| } |
There was a problem hiding this comment.
you can now aggregate in the std library
errs := errors.Join(errNat, errNetwork, errSubnets)
if errs != nil {
return errs
}
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
| } | ||
| region := regionFromLocation(d.Regions, d.Zones, d.retryCount) | ||
| nat := d.getNatName() | ||
| hostProject := d.Projects[0] |
There was a problem hiding this comment.
is it always in the first project?
There was a problem hiding this comment.
This is a common assumption throughout the codebase, for example in firewall.go ensureFirewallRulesForMultiProjects:
func (d *Deployer) ensureFirewallRulesForMultiProjects() error {
hostProject := d.Projects[0]
...But also in multiple places in network.go
kubetest2-gke/deployer/down.go
Outdated
| errNat := d.CleanupNat() | ||
| errNetwork := d.TeardownNetwork() | ||
| errSubnets := d.DeleteSubnets(d.retryCount) |
There was a problem hiding this comment.
keep the check on the error to just logging the error as above, that is useful
k8s-ci-robot
added
needs-rebase
|
better to have a clean rebase without the merge commit, there are some comments also , then it lgtm |
kubetest2-gke/deployer/down.go
Outdated
| if err := d.CleanupNat(); err != nil { | ||
| klog.Errorf("Error cleaning-up nat: %v", err) | ||
| } | ||
|
|
||
| if err := d.TeardownNetwork(); err != nil { | ||
| return err | ||
| klog.Errorf("Error tearing-down network: %v", err) | ||
| } | ||
|
|
||
| if err := d.DeleteSubnets(d.retryCount); err != nil { | ||
| return err | ||
| klog.Errorf("Error deleting subnets: %v", err) | ||
| } | ||
|
|
||
| return d.DeleteNetwork() |
There was a problem hiding this comment.
don't we need to aggregate the errors and return the final error?
I suggested to log but does not affect if we swallow the error?
There was a problem hiding this comment.
Yeah, I misinterpreted previous comment. Changed it so that we log and aggregate errors now. Does this work?
| if d.Network == "default" { | ||
| return fmt.Errorf("NAT router should be set manually for the default network") |
There was a problem hiding this comment.
So my understanding is that using custom networks for test environments is best practice as it provides isolation and control over resources, like nat and firewalls (reason why in EnsureFirewallRules we've got the same check). Cleaning up test-specific resources on the default network could become difficult/messy
There was a problem hiding this comment.
the EnsureFirewallRules has
// Do not modify the firewall rules for the default network
if d.Network == "default" {
return nil
}
so, it is better to fail on validation of the flags that at runtime, specially for these options.
Do we have more clear the use case for enabling the nat creation or are we just trying to map 1 to 1 options?
|
/retest |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Qqkyu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/lgtm |
|
@Qqkyu: you cannot LGTM your own PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@aojea any other comments/suggestions? If not, can you give an lgtm here and we can merge this? |
k8s-ci-robot
added
the
needs-rebase
Qqkyu
force-pushed
the
gke-deployer-add-create-nat-flag
branch
from
c4847c0 to
2ee9260
Compare
k8s-ci-robot
removed
the
needs-rebase
4 participants
Added logic similar to the kubetest(1)
--gke-create-natflag (crucial for tests running in private clusters).