Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auto egress IP fixes #16659

Merged
merged 3 commits into from
Oct 4, 2017
Merged

auto egress IP fixes #16659

merged 3 commits into from
Oct 4, 2017

Conversation

danwinship
Copy link
Contributor

Some fixes to the auto egress IP code

@danwinship danwinship added component/networking kind/bug Categorizes issue or PR as related to a bug. sig/networking labels Oct 3, 2017
@openshift-ci-robot openshift-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 3, 2017
@danwinship
Copy link
Contributor Author

From @pravisankar 's too-late comments on #16561:

omitempty?

fixed

Do we expect egress IP to work for IPV6 as well? If not, may be we should add ipv4 check here and in netnamespace.EgressIPs validation.

No... but we aren't requiring IPv4 in most of the other places we only support IPv4 either. I'll file a bug about that.

We already know the nodeIP (map key), don't need to duplicate in the map value
nodesByNodeIP map[string]*sets.String ?

I guess technically it would work to have one map from node IP to (just) egress IP, and a second map from egress IP to (just) node IP, but I prefer it with the struct, which makes it more obviously parallel to the namespace maps, where we do need the structs

Since this method will not return an error may be this method can have no return value.

Yeah... I was going to fix that, but then I didn't. It seems like it could return an error potentially in the future...

If assignedIP is already set, then drop the traffic for this namespace?

Because of previous checks, it's guaranteed that it's either unset, or already this IP.

When namespace is deleted, where are we deleting vnid from namespacesByVNID map?

Fixed

Failed link may not have desired IP address, we could log an error and continue

Fixed

We should not call this for single-tenant/subnet plugin as it depends on NetNamespaces. I think, we should move this to node.policy.StartEgressIP?

Fixed

@danwinship
Copy link
Contributor Author

Do we expect egress IP to work for IPV6 as well? If not, may be we should add ipv4 check here and in netnamespace.EgressIPs validation.

No... but we aren't requiring IPv4 in most of the other places we only support IPv4 either. I'll file a bug about that.

#16660

@danwinship
Copy link
Contributor Author

@eparis need an approval from you for "API changes" (I just belatedly marked the new EgressIP fields +optional.)

@smarterclayton
Copy link
Contributor

Is there an egress extended test?

@danwinship
Copy link
Contributor Author

No, but there are some unit tests.

I guess it would be possible to test in the extended tests, given that pod-to-(public)-node-IP traffic is considered external, so we could run a server in a hostNetwork=true pod on one node and host an egress IP on another...

pravisankar
pravisankar approved these changes Oct 3, 2017
View reviewed changes
Copy link

@pravisankar pravisankar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@smarterclayton
Copy link
Contributor

smarterclayton commented Oct 3, 2017 via email

@eparis
Copy link
Member

eparis commented Oct 4, 2017

/retest
/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 4, 2017
@openshift-merge-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, eparis

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 4, 2017
@openshift-merge-robot
Copy link
Contributor

/test all [submit-queue is verifying that this PR is safe to merge]

@openshift-merge-robot
Copy link
Contributor

Automatic merge from submit-queue (batch tested with PRs 16625, 16659).

@openshift-merge-robot openshift-merge-robot merged commit 450acc5 into openshift:master Oct 4, 2017
@openshift-ci-robot
Copy link

@danwinship: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
ci/openshift-jenkins/extended_conformance_install_update e08e9eb link /test extended_conformance_install_update

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@danwinship danwinship deleted the auto-egress-ip-fixes branch October 19, 2017 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pravisankar pravisankar pravisankar approved these changes

Assignees

@pravisankar pravisankar

@eparis eparis

Labels
api-approved approved Indicates a PR has been approved by an approver from all required OWNERS files. component/networking kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. needs-api-review sig/networking size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@danwinship @smarterclayton @eparis @openshift-merge-robot @openshift-ci-robot @pravisankar