Skip to content

Fix rule status updates #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ajaysundark wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix rule status updates #49

ajaysundark wants to merge 2 commits into from

Conversation

@ajaysundark
Copy link
Contributor

@ajaysundark ajaysundark commented Dec 22, 2025

Fixes #43

// Initial:
$ kind create cluster --config config/testing/kind/kind-3node-config.yaml

// build and deploy controller (running in contorl-plane node)

$ kubectl get pods -n nrr-system -o wide
NAME                                      READY   STATUS    RESTARTS   AGE     IP           NODE                     NOMINATED NODE   READINESS GATES
nrr-controller-manager-66f7649cb7-6h896   1/1     Running   0          4m41s   10.244.0.5   nrr-test-control-plane   <none>           <none>

// current state 3 x nodes:
//    - cp has running nrr controller
//    - test-worker2 is intentionally tainted for NetworkReady
//    - test-worker is not tainted (mimicking some node misconfiguration - dryrun should capture this)

$ kubectl get nodes -o custom-columns="NAME:.metadata.name,TAINT:.spec.taints"
NAME                     TAINT
nrr-test-control-plane   [map[effect:NoSchedule key:node-role.kubernetes.io/control-plane]]
nrr-test-worker          [map[effect:NoExecute key:node-restriction.kubernetes.io/reserved-for value:platform]]
nrr-test-worker2         [map[effect:NoSchedule key:readiness.k8s.io/NetworkReady value:pending]]

// rule created in dry-run shows any node which is not control-plane to have either CalicoReady condition or  NetworkReady taint

$ kubectl apply -f ./examples/network-readiness-dryrun-rule.yaml 
nodereadinessrule.readiness.node.x-k8s.io/network-readiness-rule created

$ kubectl get nrr network-readiness-rule -ojson | jq .spec
{
  "conditions": [
    {
      "requiredStatus": "True",
      "type": "network.k8s.io/CalicoReady"
    }
  ],
  "dryRun": true,
  "enforcementMode": "continuous",
  "nodeSelector": {
    "matchExpressions": [
      {
        "key": "node-role.kubernetes.io/control-plane",
        "operator": "DoesNotExist"
      }
    ]
  },
  "taint": {
    "effect": "NoSchedule",
    "key": "readiness.k8s.io/NetworkReady",
    "value": "pending"
  }
}

// dryrun results:
// - affected nodes = 2 (testworker and testworker2)
// - riskyOperations = 2 (testworker and testworker2 do not report any value for this expected condition)
// taintsToAdd = 1 ( testworker didnt carry initial taint; creating this rule will create this taint on this node as controller will enforce this expected state)
// - summary: will taint 1 node, 2 nodes have missing conditions (summarizes the expected result of this rule creation action)

$ kubectl get nrr network-readiness-rule -ojson | jq .status
{
  "dryRunResults": {
    "affectedNodes": 2,
    "riskyOperations": 2,
    "summary": "would add 1 taints, 2 nodes have missing conditions",
    "taintsToAdd": 1,
    "taintsToRemove": 0
  }
}

// install CNI with hack/test-workloads/apply-calico.sh
// wait for installation

 kubectl get nodes -o custom-columns="NAME:.metadata.name, CONDITION:.status.conditions[?(@.type=='network.k8s.io/CalicoReady')].status"
NAME                      CONDITION
nrr-test-control-plane   True
nrr-test-worker          True
nrr-test-worker2         True

$ kubectl apply -f ./examples/network-readiness-rule.yaml
nodereadinessrule.readiness.node.x-k8s.io/network-readiness-rule configured

$ kubectl get nrr network-readiness-rule -ojson | jq .status
{
  "appliedNodes": [
    "nrr-test-worker",
    "nrr-test-worker2"
  ],
  "nodeEvaluations": [
    {
      "conditionResults": [
        {
          "currentStatus": "True",
          "missing": false,
          "requiredStatus": "True",
          "satisfied": true,
          "type": "network.k8s.io/CalicoReady"
        }
      ],
      "lastEvaluationTime": "2025-12-22T09:42:10Z",
      "nodeName": "nrr-test-worker",
      "taintStatus": "Absent"
    },
    {
      "conditionResults": [
        {
          "currentStatus": "True",
          "missing": false,
          "requiredStatus": "True",
          "satisfied": true,
          "type": "network.k8s.io/CalicoReady"
        }
      ],
      "lastEvaluationTime": "2025-12-22T09:42:10Z",
      "nodeName": "nrr-test-worker2",
      "taintStatus": "Absent"
    }
  ],
  "observedGeneration": 2
}
  1. observedGeneration and appliedNodes are correctly reflected
  2. dryrun results are removed

@netlify
Copy link

netlify bot commented Dec 22, 2025
edited
Loading

Deploy Preview for node-readiness-controller canceled.

Name Link
🔨 Latest commit 959aa0b
🔍 Latest deploy log https://app.netlify.com/projects/node-readiness-controller/deploys/694912bfc9f91d0008cc592c

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 22, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Dec 22, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ajaysundark

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 22, 2025
@ajaysundark
Copy link
Contributor Author

ajaysundark commented Dec 22, 2025

/cc @Karthik-K-N

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Dec 22, 2025
@ajaysundark ajaysundark mentioned this pull request Dec 24, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dchen1107 dchen1107 Awaiting requested review from dchen1107

@mrunalp mrunalp Awaiting requested review from mrunalp

@Karthik-K-N Karthik-K-N Awaiting requested review from Karthik-K-N

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix status update inconsistency

2 participants

@ajaysundark @k8s-ci-robot