Add centralized field ownership tracker for shared resources#4523
Draft
caseydavenport wants to merge 1 commit intotigera:masterfrom
Draft
Add centralized field ownership tracker for shared resources#4523caseydavenport wants to merge 1 commit intotigera:masterfrom
caseydavenport wants to merge 1 commit intotigera:masterfrom
Conversation
Replaces the ad-hoc per-field annotation patterns on FelixConfiguration with a centralized fieldowner.Tracker that uses a single per-controller annotation storing a JSON map of field name to last-written value. Three conflict policies are supported: - ConflictError: reject out-of-band modifications (BPFEnabled, NFTablesMode) - ConflictDefer: release ownership if user modifies the field (HealthPort, VXLANVNI, VXLANPort, RouteTableRange, BPFHostConntrackBypass, DNSTrustedServers) - ConflictOverride: always apply the operator's value (not yet used) The BPF field is migrated as proof of concept, with MigrateAnnotation() providing backward compat for the old per-field annotation. The remaining installation controller fields (NFTablesMode, all nil-check defaults) are also migrated in this commit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The operator manages several FelixConfiguration fields using three inconsistent patterns: annotation-based tracking (BPF), nil-check defaulting (HealthPort, VXLANVNI, etc.), and unconditional writes (NFTablesMode). This replaces all three with a centralized
fieldowner.Trackerinpkg/controller/utils/fieldowner/.Each controller gets a per-controller annotation (
operator.tigera.io/managed-fields-<controller>) storing a JSON map of field name → last-written value. On each reconcile the tracker compares the stored value to the current spec value to detect out-of-band modifications, regardless of how the change was made.Three conflict policies per field:
BPFEnabled,NFTablesMode)HealthPort,VXLANVNI,VXLANPort,RouteTableRange,BPFHostConntrackBypass,DNSTrustedServers)The BPF field includes
MigrateAnnotation()for backward compat with the oldoperator.tigera.io/bpfEnabledannotation. Remaining controllers (Istio, applicationlayer, gatewayapi, egressgateway) will be migrated in follow-up PRs.Related design doc: https://github.com/tigera/designs/pull/14