internal: Allow status on HTTPRoutes to be set

[stevesloka]

• Update the status package to process GatewayAPI HTTPRoutes.
• Update the dag.GatewayAPIProcessor to set status.

Fixes #3436

Signed-off-by: Steve Sloka [email protected]

[codecov]

Codecov Report

Merging #3456 (5e8ab4c) into main (74ac550) will decrease coverage by 0.17%.
The diff coverage is 56.19%.

❗ Current head 5e8ab4c differs from pull request most recent head 5ad0395. Consider uploading reports for the commit 5ad0395 to get more accurate results

@@            Coverage Diff             @@
##             main    #3456      +/-   ##
==========================================
- Coverage   75.45%   75.28%   -0.18%     
==========================================
  Files          98       99       +1     
  Lines        6740     6818      +78     
==========================================
+ Hits         5086     5133      +47     
- Misses       1534     1569      +35     
+ Partials      120      116       -4     

Impacted Files	Coverage Δ
internal/k8s/status.go	10.25% <ø> (ø)
internal/status/httproutestatus.go	34.54% <34.54%> (ø)
internal/status/cache.go	70.58% <46.66%> (-18.31%)	⬇️
internal/status/proxystatus.go	82.45% <86.66%> (+1.50%)	⬆️
internal/dag/builder.go	100.00% <100.00%> (ø)
internal/dag/gatewayapi_processor.go	82.72% <100.00%> (+17.04%)	⬆️
internal/k8s/kind.go	52.38% <100.00%> (+2.38%)	⬆️
internal/k8s/log.go	63.04% <0.00%> (-6.53%)	⬇️

[skriss]

has a conflict to resolve now.

[stevesloka]

All rebased @skriss, there are probably more spots to set status now that more features have been added in the last 2 weeks. I can look to add them, but won't change the overall code base.

[skriss]

👍 I'll try to get through this this afternoon, sorry for the delay

[stevesloka]

sorry for the delay

No worries! 🌮

[sunjayBhatia]

Overall looks good and straightforward to me! Just some comments on some specifics but generally LGTM

[sunjayBhatia]

Maybe worth calling out somewhere that we are adding additional conditions with details about why a Route is invalid, I forget if the original design doc mentioned this specifically? Or if it was assumed the reason/description on the "Admitted" reason would have all this info?

[sunjayBhatia]

Another point for not using status as message passing is that it could be relatively unwieldy it seems, maybe keying off of reasons is good enough, but if you need more detail than that you would want some structured description (JSON probably?)

[skriss]

Echoing @sunjayBhatia's q on the conditions, "Admitted" is the only type that Gateway API documents, so should we only use that? I'm not sure, I guess it depends on who is consuming the info.

[youngnick]

So, it's okay for implementations to add their own Conditions, but they should roll up into the Admitted condition. I think that Steve has handled that here in another way, but I think it would be best to be clear about what we're doing, and make sure that the status gets rolled up into the Admitted condition at the end (we can use the commit function to do that).

I think that ConditionFor is not a good name for this one, as it's really doing an AddCondition to the proxy update.

[stevesloka]

If we only use Admitted then we can only set a single status on the resource? I was under the impression that since it's a set, we'd want to list out all the issues with a route and not just a single.

[sunjayBhatia]

Do we want to pull the reasons into constants as well or since these are temporary we're ok with leaving them as is?

[sunjayBhatia]

Same logic as the conditions I guess, constraining what could be passed in with a type

[youngnick]

In general, I agree that we should make a set of defined Reasons for any condition we're using. As you say, because this is temporary though, we can probably not worry for now. Depends on how we update ConditionFor.

[sunjayBhatia]

This reason seems like it would be good to have as a constant?

[skriss]

overall looks good, handful of comments

[skriss]

Echoing @sunjayBhatia's q on the conditions, "Admitted" is the only type that Gateway API documents, so should we only use that? I'm not sure, I guess it depends on who is consuming the info.

[skriss]

Ah, I see now that you're setting the Admitted condition here.

[youngnick]

Yeah, this is the rollup I was talking about. I think it's definitely worth some comments/explanations that this is what we are doing, as it's hard to see the flow as it stands. I also think that we need to try to use the upstream Reasons wherever we can, as if we don't we will diverge from the standards. We can, of course, push updates to the upstream reasons if we need to.

[skriss]

this was slightly confusing because these aren't actually condition types; they correspond to the different states ("True" or "False" for the Admitted condition type). Thinking about suggestions here.

[skriss]

WDYT about having this function also take a status as an arg, so instead of having the "AdmittedValid" and "AdmittedInvalid" psuedo-condition types, you can just explicitly pass "Admitted", "True" or "Admitted", "False" from the call sites?

[youngnick]

Yes, the pattern I used for DetailedCondition doesn't work here. That pattern was that you call ConditionFor to get a DetailedCondition, that has AddError and AddWarning methods on it. In this case, the upstream Condition has none of that, so a better pattern would probably be to just have an AddCondition or UpsertCondition method that would upsert a Condition to the object, taking type, status, reason, and message, and then using the holding HTTPRouteUpdate's Generation to calculate the ObservedGeneration for you.

So, my suggestion for this signature is this:

Suggested change

	func (pu *HTTPRouteUpdate) ConditionFor(cond ConditionType, reason string, message string) metav1.Condition {
	func (pu *HTTPRouteUpdate) AddCondition(cond ConditionType, status bool, reason string, message string) metav1.Condition {

Obviously, this would mean changes at the calling site as well.

I'm sorry that I led us down the wrong path with DetailedCondition.

[youngnick]

This is looking pretty good, although I have two broad things I think need fixing:

• It's vital that we get the ObservedGeneration behavior right.
• If we're going to generate extra Conditions per GatewayRef, we have to document what they are going to be, and provide a type with constants for the type and reason fields, and document what they're for when we use them, just like the upstream gateway-apis code does.

I think that having extra conditions is great, as long as we make sure we're doing the Condition contract as expected by the upstream code.

[youngnick]

Yes, the pattern I used for DetailedCondition doesn't work here. That pattern was that you call ConditionFor to get a DetailedCondition, that has AddError and AddWarning methods on it. In this case, the upstream Condition has none of that, so a better pattern would probably be to just have an AddCondition or UpsertCondition method that would upsert a Condition to the object, taking type, status, reason, and message, and then using the holding HTTPRouteUpdate's Generation to calculate the ObservedGeneration for you.

So, my suggestion for this signature is this:

Suggested change

	func (pu *HTTPRouteUpdate) ConditionFor(cond ConditionType, reason string, message string) metav1.Condition {
	func (pu *HTTPRouteUpdate) AddCondition(cond ConditionType, status bool, reason string, message string) metav1.Condition {

Obviously, this would mean changes at the calling site as well.

I'm sorry that I led us down the wrong path with DetailedCondition.

[youngnick]

Because of how the Condition contract requires us to update the ObservedGeneration each time we update the Condition, the HTTPRouteUpdate has to include a Generation field, like the ProxyUpdate does. This should be populated from the object when the update is created with the HTTPRouteAccessor() call, and then copied into the ObservedGeneration of the condition when the condition is generated with ConditionFor.

I'll add some other comments to cover this.

[youngnick]

newDC.ObservedGeneration should be updated around here as well.

[youngnick]

The test is also going to need to test the ObservedGeneration bits, I think.

[youngnick]

So, it's okay for implementations to add their own Conditions, but they should roll up into the Admitted condition. I think that Steve has handled that here in another way, but I think it would be best to be clear about what we're doing, and make sure that the status gets rolled up into the Admitted condition at the end (we can use the commit function to do that).

I think that ConditionFor is not a good name for this one, as it's really doing an AddCondition to the proxy update.

[youngnick]

In general, I agree that we should make a set of defined Reasons for any condition we're using. As you say, because this is temporary though, we can probably not worry for now. Depends on how we update ConditionFor.

[youngnick]

Yeah, this is the rollup I was talking about. I think it's definitely worth some comments/explanations that this is what we are doing, as it's hard to see the flow as it stands. I also think that we need to try to use the upstream Reasons wherever we can, as if we don't we will diverge from the standards. We can, of course, push updates to the upstream reasons if we need to.

[stevesloka]

I think I've addressed everyone's comments, can you all take a look again? Thanks!

[skriss]

OK, I took a look at the HTTPProxy equivalent here, and I think there are a couple things:

• at the top of the loop, we should always set cond.ObservedGeneration = routeUpdate.Generation and cond.LastTransitionTime = routeUpdate.LastTransitionTime
• the inner loop should be looking for an existing Condition on the HTTPRoute that's got the same Type, but a newer observed generation. If we find one, that means cond is stale, so we should keep the existing one instead. If we don't find a newer existing one, then we should use cond.

So I think this should look more like (I wrote this in GitHub so it's definitely not 100% right):

for _, cond := range routeUpdate.Conditions {
        // set the Condition's observed generation based on 
        // the generation of the HTTPRoute we looked at.
        cond.ObservedGeneration = routeUpdate.Generation
        cond.LastTransitionTime = routeUpdate.TransitionTime

		// is there a newer Condition on the HTTPRoute matching
		// this condition's type? If so, our observation is stale,
		// so don't write it, keep the newer one instead.
		var newerConditionExists bool
		for _, existingCond := routeUpdate.ExistingConditions {
			if existingCond.Type != cond.Type {
				continue
			}
			
			if existingCond.ObservedGeneration > cond.ObservedGeneration {
				conditionsToWrite = append(conditionsToWrite, existingCond)
				newerConditionExists = true
				break
			}
		}

		// if we didn't find a newer version of the Condition on the
		// HTTPRoute, then write the one we computed.
		if !newerConditionExists {
			conditionsToWrite = append(conditionsToWrite, cond)
		}
	}

[youngnick]

That's what I was looking for in my earlier comment, thanks for making it clearer @skriss!

[youngnick]

This mostly LGTM, I think that Steve's suggestion is great.

[youngnick]

That's what I was looking for in my earlier comment, thanks for making it clearer @skriss!

[youngnick]

This method really should do some checking by cond to see if there's an existing one, since conditions are supposed to be a List that's keyed of the Type. Not a blocker on this one, maybe a TODO though?

[stevesloka]

Ohh you can't have multiple conditions of the same type? What if you had two different missing services in a ForwardTo? Or on two different paths in the same HTTPRoute?

[youngnick]

You'll have to concatenate the details into the Message, but yeah, the Conditions is a ListTypeMap, meaning it's a map that's implemented as a list.

[skriss]

I wonder what happens if you do add multiple instances of the same Type, since the current code can definitely do that.

[stevesloka]

Right now you get multiple conditions since I thought you wouldn't want to concat but you'd want to have the details.

But like it seems with this API, my thought of how it should work is completely opposite. I'll have to come up with some concat thing to fix this since I guess I'm not following the spec in the current impl.

[stevesloka]

Here's an example of that: https://github.com/projectcontour/contour/pull/3456/files#diff-72b53646a46f97f3db8eabaf70aa271e571f0a3e51c73a1ba593abd85d53bfebR2761-R2776

[skriss]

Is this OK to merge as-is for 1.14? The current code can definitely potentially add multiple conditions of the same type, and i'm not sure what the Kube behavior is in that scenario - does it accept all of them? IMHO, given Gateway support is all alpha/WIP, I think we're probably OK as long as it doesn't cause Contour to crash or anything like that.

[skriss]

added #3534 to track this

[youngnick]

LGTM

[sunjayBhatia]

We'll have to be careful around the order of merging this PR and #3478

[sunjayBhatia]

Worth adding more testing around conditions not being updated if the existing conditions are more recent than the attempted update?

[skriss]

I think we definitely should, though personally I'd be OK merging this PR as-is and adding more testing in subsequent PRs, since this area is still WIP and this is all alpha anyway.

[sunjayBhatia]

#3533

[skriss]

mostly LGTM, couple comments on true vs. false conditions

[skriss]

I wonder what happens if you do add multiple instances of the same Type, since the current code can definitely do that.

[skriss]

I think this is probably OK to merge now, had a couple comments/questions on open threads though.

[skriss]

Is this OK to merge as-is for 1.14? The current code can definitely potentially add multiple conditions of the same type, and i'm not sure what the Kube behavior is in that scenario - does it accept all of them? IMHO, given Gateway support is all alpha/WIP, I think we're probably OK as long as it doesn't cause Contour to crash or anything like that.

[skriss]

I think we definitely should, though personally I'd be OK merging this PR as-is and adding more testing in subsequent PRs, since this area is still WIP and this is all alpha anyway.

[stevesloka]

Is this OK to merge as-is for 1.14?

I think it's fine to merge and gives us a set of status information which is helpful. I agree that there's lots of room for improvement. =)

[sunjayBhatia]

Is this OK to merge as-is for 1.14?

I think it's fine to merge and gives us a set of status information which is helpful. I agree that there's lots of room for improvement. =)

Could you add issues and/or TODOs for the bits that have open questions/discussion threads so we don't lose them?