diff --git a/operator/v1/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index a404d61c85e..cbe58074aeb 100644 --- a/operator/v1/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -26,18 +26,6 @@ spec: - properties: address: format: ipv6 - tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 subresources: scale: labelSelectorPath: .status.selector diff --git a/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index 8ebe48b6de6..bb5dd58f7b0 100644 --- a/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -678,6 +678,138 @@ tests: tuningOptions: httpKeepAliveTimeout: 0.001ms expectedError: "IngressController.operator.openshift.io \"default\" is invalid: spec.tuningOptions.httpKeepAliveTimeout: Invalid value: \"string\": httpKeepAliveTimeout must be greater than or equal to 1 millisecond" + - name: Should be able to create an IngressController with maxConnections set to -1 + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: -1 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + closedClientConnectionPolicy: Continue + tuningOptions: + maxConnections: -1 + - name: Should be able to create an IngressController with maxConnections at minimum range + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 2000 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + closedClientConnectionPolicy: Continue + tuningOptions: + maxConnections: 2000 + - name: Should be able to create an IngressController with maxConnections at maximum range + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 2000000 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + closedClientConnectionPolicy: Continue + tuningOptions: + maxConnections: 2000000 + - name: Should be able to create an IngressController with maxConnections in mid range + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 50000 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + closedClientConnectionPolicy: Continue + tuningOptions: + maxConnections: 50000 + - name: Should not be able to create an IngressController with maxConnections below minimum range + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 500 + expectedError: "maxConnections must be 0, -1, or between 2000 and 2000000" + - name: Should not be able to create an IngressController with maxConnections above maximum range + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 3000000 + expectedError: "maxConnections must be 0, -1, or between 2000 and 2000000" + - name: Should not be able to create an IngressController with maxConnections of 1 + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 1 + expectedError: "maxConnections must be 0, -1, or between 2000 and 2000000" + - name: Should not be able to create an IngressController with maxConnections of 1999 + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 1999 + expectedError: "maxConnections must be 0, -1, or between 2000 and 2000000" - name: Should be able to create an IngressController with valid domain initial: | apiVersion: operator.openshift.io/v1 @@ -830,3 +962,96 @@ tests: closedClientConnectionPolicy: Continue domain: "*.foo.com" replicas: 3 + - name: Should be able to update invalid maxConnections to a valid value + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/tuningOptions/properties/maxConnections/x-kubernetes-validations + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 500 + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 50000 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + closedClientConnectionPolicy: Continue + tuningOptions: + maxConnections: 50000 + - name: Should not be able to update invalid maxConnections to another invalid value + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/tuningOptions/properties/maxConnections/x-kubernetes-validations + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 500 + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 999 + expectedError: "maxConnections must be 0, -1, or between 2000 and 2000000" + - name: Should be able to update other fields while retaining invalid maxConnections due to ratcheting + initialCRDPatches: + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/tuningOptions/properties/maxConnections/x-kubernetes-validations + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 500 + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + tuningOptions: + maxConnections: 500 + replicas: 3 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: ic-maxconn-test + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + closedClientConnectionPolicy: Continue + tuningOptions: + maxConnections: 500 + replicas: 3 diff --git a/operator/v1/types_ingress.go b/operator/v1/types_ingress.go index 0c5cf919e15..376bfacde47 100644 --- a/operator/v1/types_ingress.go +++ b/operator/v1/types_ingress.go @@ -2034,6 +2034,7 @@ type IngressControllerTuningOptions struct { // processes in router containers with the following metric: // 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. // + // +kubebuilder:validation:XValidation:rule="self == 0 || self == -1 || (self >= 2000 && self <= 2000000)",message="maxConnections must be 0, -1, or between 2000 and 2000000" // +optional MaxConnections int32 `json:"maxConnections,omitempty"` diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml index bc5f0147d9a..4d9fdc87e1c 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml @@ -2180,17 +2180,6 @@ spec: type: string type: object tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 description: |- tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their @@ -2403,6 +2392,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml index 914cfb48e04..9b56181b87d 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml @@ -2140,17 +2140,6 @@ spec: type: string type: object tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 description: |- tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their @@ -2332,6 +2321,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml index 25e3ed651a8..73803b077f0 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml @@ -2180,17 +2180,6 @@ spec: type: string type: object tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 description: |- tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their @@ -2403,6 +2392,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml index ec1366e6c60..87f8c992fe8 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml @@ -2140,17 +2140,6 @@ spec: type: string type: object tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 description: |- tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their @@ -2332,6 +2321,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml index 8b8156f5375..10d2a93cc95 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml @@ -2180,17 +2180,6 @@ spec: type: string type: object tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 description: |- tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their @@ -2403,6 +2392,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index fcfa0be56cc..3cff3edfda0 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -2314,6 +2314,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml index fafa086c7df..5917d73f48b 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml @@ -2345,6 +2345,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml index 073048e5ee4..a94d24f8b10 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml @@ -2354,6 +2354,9 @@ spec: 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer + x-kubernetes-validations: + - message: maxConnections must be 0, -1, or between 2000 and 2000000 + rule: self == 0 || self == -1 || (self >= 2000 && self <= 2000000) reloadInterval: description: |- reloadInterval defines the minimum interval at which the router is allowed to reload