Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kube-proxy react on Node PodCIDR changes #113252

Merged
merged 3 commits into from Oct 25, 2022
Merged

kube-proxy react on Node PodCIDR changes #113252

merged 3 commits into from Oct 25, 2022

Conversation

code-elinka
Copy link

@code-elinka code-elinka commented Oct 21, 2022
edited

Cherry pick of #113247 on release-1.24.

#113247: service update event should be triggered when appProtocol

For details on the cherry pick process, see the cherry pick requests page.

kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed

@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Oct 21, 2022
@k8s-ci-robot k8s-ci-robot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 21, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @code-elinka. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

@code-elinka: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-priority Indicates a PR lacks a `priority/foo` label and requires one. label Oct 21, 2022
@code-elinka
Copy link
Author

/assign @aojea
/cc @bowei
/sig network
/kind bug

@k8s-ci-robot k8s-ci-robot added sig/network Categorizes an issue or PR as relevant to SIG Network. kind/bug Categorizes issue or PR as related to a bug. labels Oct 21, 2022
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Oct 21, 2022
@k8s-ci-robot k8s-ci-robot added the sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. label Oct 21, 2022
@aojea
Copy link
Member

aojea commented Oct 21, 2022

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 21, 2022
@aojea
Copy link
Member

aojea commented Oct 21, 2022
edited

this commit should not be here service update event should be triggered when appProtocol in port is …

ddc62aa3682d931b0a6473c034541f32d583c112

/hold

@code-elinka code-elinka force-pushed the automated-cherry-pick-of-#113247-upstream-release-1.24 branch from 8072582 to 9dc65ac Compare October 21, 2022 12:59
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 21, 2022
@k8s-ci-robot k8s-ci-robot added area/kubelet sig/node Categorizes an issue or PR as relevant to SIG Node. labels Oct 21, 2022
@code-elinka code-elinka force-pushed the automated-cherry-pick-of-#113247-upstream-release-1.24 branch from 9dc65ac to 24f1e91 Compare October 21, 2022 13:00
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Oct 21, 2022
@aojea @code-elinka
kube-proxy: gate topology correctly
dd6b3ba
@aojea @code-elinka
kube-proxy handle node PodCIDR changs
8436402 
Kube/proxy, in NodeCIDR local detector mode, uses the node.Spec.PodCIDRs
field to build the Services iptables rules.

The Node object depends on the kubelet, but if kube-proxy runs as a
static pods or as a standalone binary, it is not possible to guarantee
that the values obtained at bootsrap are valid, causing traffic outages.

Kube-proxy has to react on node changes to avoid this problems, it
simply restarts if detect that the node PodCIDRs have changed.

In case that the Node has been deleted, kube-proxy will only log an
error and keep working, since it may break graceful shutdowns of the
node.
@aojea @code-elinka
kube-proxy wait for cluster cidr skip delete events
50c6f14
@code-elinka code-elinka force-pushed the automated-cherry-pick-of-#113247-upstream-release-1.24 branch from 24f1e91 to 50c6f14 Compare October 21, 2022 13:02
@code-elinka
Copy link
Author

this commit should not be here service update event should be triggered when appProtocol in port is …

ddc62aa

/hold

Done, I dropped unrelated changes.

@code-elinka code-elinka mentioned this pull request Oct 21, 2022
Merged
@aojea
Copy link
Member

aojea commented Oct 21, 2022

/retitle kube-proxy react on Node PodCIDR changes

@k8s-ci-robot k8s-ci-robot changed the title Automated cherry pick of #113247: service update event should be triggered when appProtocol kube-proxy react on Node PodCIDR changes Oct 21, 2022
@aojea
Copy link
Member

aojea commented Oct 25, 2022

/lgtm
/approve
ping @kubernetes/release-managers

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 25, 2022
xmudrii
xmudrii approved these changes Oct 25, 2022
View reviewed changes
Copy link
Member

@xmudrii xmudrii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea, code-elinka, xmudrii

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@xmudrii xmudrii added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 25, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Oct 25, 2022
k8s-ci-robot added a commit that referenced this pull request Oct 25, 2022
@k8s-ci-robot
Merge pull request #113258 from code-elinka/automated-cherry-pick-of-…
efe0af9 
…#113252-upstream-release-1.23

Automated cherry pick of #113252: kube-proxy: gate topology correctly
@xmudrii
Copy link
Member

xmudrii commented Oct 25, 2022

/retest

@k8s-ci-robot k8s-ci-robot merged commit 310b6ff into kubernetes:release-1.24 Oct 25, 2022
@sftim
Copy link
Contributor

sftim commented Nov 7, 2022

My suggestion for the changelog text:

`kube-proxy` will now restart if it detects changes to the `.spec.podCIDRs` field of its node

What do we mean by “restart”? Do we mean “exit”, and then the restart is implicit?

@aojea
Copy link
Member

aojea commented Nov 7, 2022

What do we mean by “restart”? Do we mean “exit”, and then the restart is implicit?

yeah, it will really exit, the restart is the implicit, :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xmudrii xmudrii xmudrii approved these changes

@bowei bowei Awaiting requested review from bowei

@andrewsykim andrewsykim Awaiting requested review from andrewsykim

@khenidak khenidak Awaiting requested review from khenidak

Assignees

@aojea aojea

@xmudrii xmudrii

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/cloudprovider area/kubelet cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.24
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@code-elinka @k8s-ci-robot @aojea @xmudrii @sftim