Change kube hairpin configuration settings and defaults #2417
Conversation
juanluisvaladas
force-pushed
the
change-kube-hairpin
branch
from
58a9707
to
78b4567
Compare
| @@ -70,6 +71,27 @@ func (k *KubeRouter) Init(_ context.Context) error { return nil } | |||
| // Stop no-op as nothing running | |||
| func (k *KubeRouter) Stop() error { return nil } | |||
|
|
|||
| func getHairpinConfig(cfg *kubeRouterConfig, krc *v1beta1.KubeRouter) { | |||
There was a problem hiding this comment.
Maybe a better name this applyHairpinConfig, since this is not idempotently getting something, but updating the cfg in place.
|
There was an edge case about the CNI config - if it was already generated, then activating hairpin mode in k0s won't update the CNI config. k0s/pkg/component/controller/kuberouter.go Line 232 in 78b4567 |
juanluisvaladas
force-pushed
the
change-kube-hairpin
branch
from
e0a62d5
to
d005baf
Compare
|
Having one field accepting multiple types breaks dynamic configuration because of kubernetes-sigs/controller-tools#735 I'm currently waiting for controller-manager people to give me the OK to start implementing this so in the meantime I'll put this on hold. If the proposed change wouldn't be accepted then we'll have to consider a strategy different than using the same field to accept multiple types. |
|
@jnummelin @twz123 I don't think I can achieve this even by patching the CRD manually. The CRDs with I've tried to workaround this in many ways but I don't think it's actually possible. The only option that I see here would be adding I see the following options: |
|
I would vote for option 2 (new field with a different name). This is what this PR initially aimed at, and it's a fair compromise compared to the alternatives. Introducing a new API version for this seems like a quite heavy thing to do. Maybe it's better to accumulate some changes over time and then issue a new API version that contains more improvements than just this one. Allowing unknown fields OTOH seems to me like removing a safety net for very little gain. I didn't know that IntOrString was such a custom thing. Otherwise I wouldn't have brought it up as an example 🙈. |
juanluisvaladas
changed the title
juanluisvaladas
force-pushed
the
change-kube-hairpin
branch
3 times, most recently
from
de5eeae
to
d0756a2
Compare
And there is a big advantage that it's already implemented, I just had to go through the reflog :) and patch some little thing. |
juanluisvaladas
changed the title
| // Activate Hairpin Mode (allow a Pod behind a Service to communicate to its own ClusterIP:Port) | ||
| HairpinMode bool `json:"hairpinMode"` | ||
| // Admits three values: "enabled" enables it globaly, "allowed" allows but services must be annotated explictly and "disabled" | ||
| Hairpin Hairpin `json:"hairpin"` |
There was a problem hiding this comment.
Worth mentioning the default value here as well.
| Hairpin Hairpin `json:"hairpin"` | |
| // Defaults to "Enabled". | |
| // +kubebuilder:default=Enabled | |
| Hairpin Hairpin `json:"hairpin"` |
There was a problem hiding this comment.
The kubebuilder default hint is still missing. But that's a purely cosmetic thing...
juanluisvaladas
force-pushed
the
change-kube-hairpin
branch
from
d0756a2
to
e7f4ffb
Compare
|
@twz123 I addressed everything and I also changed the table in docs/configuration.md. Apparently I didn´t find the latest version if the reflog and there were a couple things missing even if the code was working as expected. I went file by file and I believe everything is good now. |
| // Activate Hairpin Mode (allow a Pod behind a Service to communicate to its own ClusterIP:Port) | ||
| HairpinMode bool `json:"hairpinMode"` | ||
| // Admits three values: "enabled" enables it globaly, "allowed" allows but services must be annotated explictly and "disabled" | ||
| Hairpin Hairpin `json:"hairpin"` |
There was a problem hiding this comment.
The kubebuilder default hint is still missing. But that's a purely cosmetic thing...
We agreed that the most logical decision was to enable hairpin by default. The old configuration doesn't reflect our real needs, for this reason we decided to deprecate the old configuration and add a new configuration. This commit handles all these details. Fixes k0sproject#1953 Co-authored-by: Tom Wieczorek <twz123@users.noreply.github.com> Signed-off-by: Juan Luis de Sousa-Valadas Castaño <jvaladas@mirantis.com>
juanluisvaladas
force-pushed
the
change-kube-hairpin
branch
from
e7f4ffb
to
9800423
Compare
|
Oh sorry I missed that one. That's added now. |
Description
Enable hairpin for kube-router by default
We agreed that the most logical decision was to enable hairpin by default. The old configuration doesn't reflect our real needs, for this reason we decided to deprecate the old configuration and add a new configuration. This commit handles all these details.
Also I spotted a bug related to reconciling, since I noticed it in one of the files which I spotted and it's just a one liner I slipped the commit in this PR.
Fixes #1953
Type of change
How Has This Been Tested?
Checklist: