Remove the 'ingress-ready' node selector and blocking master node scheduling from kind manifests

[reegnz]

The node selector doesn't exist on any other deployment manifest type.
It becomes confusing when someone tries to deploy the nginx-ingress on
a kind cluster and then it won't work out of the box.
This change makes it much easier to use ingress-nginx with kind.

If someone still wants to use a node taint, they're free to apply the
nodeSelector to the deployments with kustomize.

What this PR does / why we need it:

It makes it easier to use ingress-nginx with kind clusters. If someone still wants to use
nodeselectors they're free to do so with kustomize, but a regular kind user
should not be expected to label their nodes unless that's their use-case.

Also this change increases consistency across deployment targets, because this node-selector only exists for kind clusters, without good reason.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation only

Which issue/s this PR fixes

How Has This Been Tested?

I have deployed the manifests to kind.

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I've read the CONTRIBUTION guide
• I have added tests to cover my changes.
• All new and existing tests passed.

[k8s-ci-robot]

@reegnz: This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

Welcome @reegnz!

It looks like this is your first PR to kubernetes/ingress-nginx 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/ingress-nginx has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @reegnz. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: reegnz
To complete the pull request process, please assign strongjz after the PR has been reviewed.
You can assign the PR to them by writing /assign @strongjz in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[reegnz]

The functionality was originally introduced in #5408 and did not exist anywhere beforehand. It only exists for kind clusters, so it should make sense to make the config more consistent with other deployment targets.

[reegnz]

I also removed the NoSchedule for master nodes, as most people tend to run kind in single-node mode.

[strongjz]

@reegnz can you look into fixing this in the generate-deploy-scripts.sh where these files are generated. This fix will only last for one release till we regenerate those static files with that script.

Thanks,
James

[longwuyuan]

@reegnz , I can run kind and then install ingress-nginx controller with helm or manifest. I can also run make dev-env and I see ingress-nginx installed at the end. So, installation does work out of the box. Hence please show commands and outputs with time, so that someone can copy/paste to reproduce this problem of "not working out of the box" . Also it will really help if you explain clearly what you mean when y. o say it does not work out of the box.

Secondly the changes you are trying to make are not requested by anybody else. If it is your own use-case problem, then it is better to custom install or maintain a fork.

@strongjz @rikatz @tao12345666333 I think we should not accept this change. And definitely not change the generate-deploy to make such a opinionated change like scheduling/taints/labels.

[reegnz]

@strongjz sure thing, I'll have a look. just did a grep and did the change, not super familiar with the generation yet, but I'll sort it out.

@longwuyuan The use-case I'm looking for is being able to run the an ingress like this (so the most basic, simplest form of using nginx-ingress with kind):

kind create cluster
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/kind/deploy.yaml

If I do that today, this is what I'm getting:

❯ kubectl get pods -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-drxxb        0/1     Completed   0          37s
ingress-nginx-admission-patch-96hs4         0/1     Completed   1          37s
ingress-nginx-controller-56d4b5df54-xlmhx   0/1     Pending     0          37s

And it's pending till the end of time because there won't be a node to schedule for.

The change is so that it's easier to bootstrap a kind cluster with nginx-ingress.

Secondly the changes you are trying to make are not requested by anybody else. If it is your own use-case problem, then it is better to custom install or maintain a fork.

@longwuyuan Well, that felt hostile... way to make someone wanting to contribute to improve thins to feel like crap. Lucky for me that didn't last long.
A feature's worth isn't in it's popularity in my opinion.
I'm still gonna try and upstream this, to improve the simplicity of the deployment to kind! :)

[reegnz]

@strongjz I looked into hack/generate-deploy-scripts.sh. It's using hack/manifest-templates/provider/kind/values.yaml which I changed. No other change is necessary.
Ran hack/generate-deploy-scripts.sh and it produced the exact same output that's in this commit. I double-checked, because that didn't seem credible, so I performed the change on main to hack/manifest-templates/provider/kind/values.yaml and it generated the same changes I have here in this PR.

So there's your generate change, it's in hack/manifest-templates/provider/kind/values.yaml :)

[longwuyuan]

Ah, very sorry for coming across as that. Not intended. Can you confirm that the same problem happens if you use the config used by `make dev-env`. Thanks, ; Long Wu Yuan

…

On 01-Apr-2022, at 8:59 PM, Zoltán Reegn ***@***.***> wrote: @strongjz <https://github.com/strongjz> sure thing, I'll have a look. just did a grep and did the change, not super familiar with the generation yet, but I'll sort it out. @longwuyuan <https://github.com/longwuyuan> The use-case I'm looking for is being able to run the an ingress like this: kind create cluster kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/kind/deploy.yaml If I do that today, this is what I'm getting: ❯ kubectl get pods -n ingress-nginx NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-drxxb 0/1 Completed 0 37s ingress-nginx-admission-patch-96hs4 0/1 Completed 1 37s ingress-nginx-controller-56d4b5df54-xlmhx 0/1 Pending 0 37s And it's pending till the end of time because there won't be a node to schedule for. The change is so that it's easier to bootstrap a kind cluster with nginx-ingress. Secondly the changes you are trying to make are not requested by anybody else. If it is your own use-case problem, then it is better to custom install or maintain a fork. @longwuyuan <https://github.com/longwuyuan> Well, that felt hostile... way to make someone wanting to contribute to improve thins to feel like crap. Lucky for me that didn't last long. A feature's worth isn't in it's popularity in my opinion. I'm still gonna try and upstream this, to improve the simplicity of the deployment to kind! :) — Reply to this email directly, view it on GitHub <#8406 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABGZVWTIJ5XTEP7B3G62VC3VC4I6HANCNFSM5SFVRB6A>. You are receiving this because you were mentioned.

[reegnz]

Yeah, written communication is difficult. :) No harm done in the end.

I think it works for make dev-env because it wraps kind, and uses a custom config:

ingress-nginx/build/dev-env.sh

Lines 70 to 88 in 2ae0fb8

	cat <<EOF | kind create cluster --name ${KIND_CLUSTER_NAME} --image "kindest/node:${K8S_VERSION}" --config=-
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	nodes:
	- role: control-plane
	kubeadmConfigPatches:
	- |
	kind: InitConfiguration
	nodeRegistration:
	kubeletExtraArgs:
	node-labels: "ingress-ready=true"
	authorization-mode: "AlwaysAllow"
	extraPortMappings:
	- containerPort: 80
	hostPort: 80
	protocol: TCP
	- containerPort: 443
	hostPort: 443
	protocol: TCP

Line 80 is where it configures a node-label for the node-selector.

The basic use-case for kind however is to get rolling with kind create cluster, without a custom config. And the current one requires to distinguish between nodes, which complicates end-users configs, especially if their dev use-case is not a complex multi-node problem.

Also I'm not trying to primarily fix nginx-ingress dev-env here, but the end-users use-case.

[longwuyuan]

Ok. Sorry. Will work on myself. Is this on MacOS or same thing happens on Linux as well ? When I launch kind like that, I use helm to manage metal+ingress-controller+kube-prometheus-stack+other-infra and so I avoid the `kubectl apply -f` of that manifest and also am able to manage all my infra software on K8s Kind, with helm. Would that work for you too ? Thanks, ; Long Wu Yuan

…

On 01-Apr-2022, at 9:13 PM, Zoltán Reegn ***@***.***> wrote: Yeah, written communication is difficult. :) No harm done in the end. I think it works for make dev-env because it wraps kind, and uses a custom config: https://github.com/kubernetes/ingress-nginx/blob/2ae0fb846bd86abfbb33d4c8a1add23bf7b48267/build/dev-env.sh#L70-L88 <https://github.com/kubernetes/ingress-nginx/blob/2ae0fb846bd86abfbb33d4c8a1add23bf7b48267/build/dev-env.sh#L70-L88> The basic use-case for kind however is to get rolling with kind create cluster, without a custom config. And the current one requires to distinguish between nodes, which complicates end-users configs, especially if their dev use-case is not a complex multi-node problem. — Reply to this email directly, view it on GitHub <#8406 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABGZVWT5ND6TGDPNG3BCZ3LVC4KQTANCNFSM5SFVRB6A>. You are receiving this because you were mentioned.

[reegnz]

I'm running that in an ubuntu VM, so I guess it shouldn't be macos specific? It's on an ubuntu vm.

I'm using lima-vm + metallb + nginx-ingress for my setup btw.
I deploy with argocd + kustomize. but same happens with the commands I've shown too.
I'd rather not involve helm as I've tried to avoid it so far. I'm more a kustomize fan.
I can render a helm chart and then use it with kustomize, but I'd rather the upstream project provide a kustomize base layer for me, which nginx-ingress does well.

[longwuyuan]

Ok thanks for that detailed info. Now it explains why you asked for change. I am personally unsure where and who it impacts when the project defaults are changed in this PR. We have discovered some changes caused problems later and the basis of those changes was not asked for by a large number of users. Hence my thought process. I still don’t see enough number of users asking for this change and I clearly see that same manifest being applicable to tons of users who are not using lima or colima. So personally, I am still not in support of this change at this point of time. Specially because it now involves changes to the generate-deploy script. But @strongjz and others are a better judge. Thanks, ; Long Wu Yuan

…

On 01-Apr-2022, at 9:24 PM, Zoltán Reegn ***@***.***> wrote: I'm running that in an ubuntu VM, so I guess it shouldn't be macos specific? It's on an ubuntu vm. I'm using lima-vm + metallb + nginx-ingress for my setup btw. I deploy with argocd + kustomize btw. but same happens with the commands I've shown too. I'd rather not involve helm as I've tried to avoid it so far. I'm more a kustomize fan. I can render a helm chart and then use it with kustomize, but I'd rather the upstream project provide a kustomize base layer for me, which nginx-ingress does well. — Reply to this email directly, view it on GitHub <#8406 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABGZVWVN3U5LYGMY637RUV3VC4L27ANCNFSM5SFVRB6A>. You are receiving this because you were mentioned.

[longwuyuan]

Also, just now got the thought that the middle way out is to add a content to the deploy documentation, under the kind installation part, and display the kind config file there and add a config file to the repo for installation on kind.

[strongjz]

This was fixed in the latest release, v1.1.3.

/close

[k8s-ci-robot]

@strongjz: Closed this PR.

In response to this:

This was fixed in the latest release, v1.1.3.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[longwuyuan]

Thanks, ; Long Wu Yuan

…

On 07-Apr-2022, at 2:48 AM, Kubernetes Prow Robot ***@***.***> wrote: Closed #8406 <#8406>. — Reply to this email directly, view it on GitHub <#8406 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABGZVWTXBQAWFIIPSXPIHWDVDX5UHANCNFSM5SFVRB6A>. You are receiving this because you were mentioned.

[reegnz]

@strongjz what exactly fixed this in the latest release? I don't see any change to the manifests, or the docs.

[reegnz]

Anyway, my workaround is to simply go with the cloud manifest, and use kustomize to do the bare minimum changes. Still easier than having to kustomize the kind manifest to patch out node selectors.
Would have been nice to simplify the manifest for the common use-case of kind (eg. when just running kind create cluster).