Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daemon: Add KubeProxyReplacement to cilium status cmd #10059

Merged
merged 3 commits into from Feb 6, 2020
Merged

daemon: Add KubeProxyReplacement to cilium status cmd #10059

merged 3 commits into from Feb 6, 2020

Conversation

brb
Copy link
Member

@brb brb commented Feb 5, 2020
edited by tgraf

This PR adds kube-proxy replacement configuration to the cilium status cmd. E.g.:

$ cilium status
KVStore:                Ok   Disabled
Kubernetes:             Ok   1.17 (v1.17.2) [linux/amd64]
Kubernetes APIs:        ["CustomResourceDefinition", "cilium/v2::CiliumClusterwideNetworkPolicy", "cilium/v2::CiliumEndpoint", "cilium/v2::CiliumNetworkPolicy", "cilium/v2::CiliumNode", "core/v1::Endpoint", "core/v1::Namespace", "core/v1::Pods", "core/v1::Service", "networking.k8s.io/v1::NetworkPolicy"]
KubeProxyReplacement:   Strict   [NodePort, ExternalIPs, HostReachableServicesTCP, HostReachableServicesUDP]
Cilium:                 Ok   OK
NodeMonitor:            Disabled
Cilium health daemon:   Ok
IPAM:                   IPv4: 4/65535 allocated from 10.1.0.0/16,
Controller Status:      17/17 healthy
Proxy Status:           OK, ip 10.1.28.236, port-range 10000-20000
Cluster health:       0/1 reachable   (2020-02-05T14:02:54+01:00)
  Name                IP              Reachable   Endpoints reachable
    ceuse (localhost)   10.5.57.1       true        false

Reviewable per commit.

This change is Reviewable

@brb brb added pending-review area/daemon Impacts operation of the Cilium daemon. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. labels Feb 5, 2020
@brb brb requested review from borkmann and a team February 5, 2020 13:19
@brb brb requested a review from a team as a code owner February 5, 2020 13:19
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.8.0 Feb 5, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.7.0-rc4 Feb 5, 2020
@brb
Copy link
Member Author

brb commented Feb 5, 2020

test-me-please

borkmann
borkmann approved these changes Feb 5, 2020
View reviewed changes
Copy link
Member

@borkmann borkmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@aanm aanm added this to the 1.7 milestone Feb 5, 2020
@coveralls
Copy link

coveralls commented Feb 5, 2020
edited

Coverage Status

Coverage decreased (-0.03%) to 44.654% when pulling fea00f7 on pr/brb/kubeproxy-free-status into 161fcd4 on master.

@brb brb force-pushed the pr/brb/kubeproxy-free-status branch from 456a4ad to 206d045 Compare February 5, 2020 14:14
@brb
Copy link
Member Author

brb commented Feb 5, 2020

test-me-please

@brb brb force-pushed the pr/brb/kubeproxy-free-status branch from 206d045 to fea00f7 Compare February 5, 2020 15:23
@brb
api: Add KubeProxyReplacement field to StatusResponse
6f1165a 
It's going to be used when reporting kube-proxy replacement state in
"cilium status" output.

Signed-off-by: Martynas Pumputis <m@lambda.lt>
@brb
daemon, cli: Add KubeProxyReplacement to cilium status
989718f 
This commit adds kube-proxy-replacement configuration to "cilium status"
cmd output, so that users could better detect which kube-proxy replacement
features are enabled.

The example of such output:

    $ cilium status
    KVStore:                Ok   Disabled
    Kubernetes:             Ok   1.17 (v1.17.2) [linux/amd64]
    Kubernetes APIs:        ["CustomResourceDefinition", "cilium/v2::CiliumClusterwideNetworkPolicy", "cilium/v2::CiliumEndpoint", "cilium/v2::CiliumNetworkPolicy", "cilium/v2::CiliumNode", "core/v1::Endpoint", "core/v1::Namespace", "core/v1::Pods", "core/v1::Service", "networking.k8s.io/v1::NetworkPolicy"]
    KubeProxyReplacement:   Strict   [NodePort, ExternalIPs, HostReachableServicesTCP, HostReachableServicesUDP]
    Cilium:                 Ok   OK
    NodeMonitor:            Disabled
    Cilium health daemon:   Ok
    IPAM:                   IPv4: 4/65535 allocated from 10.1.0.0/16,
    Controller Status:      17/17 healthy
    Proxy Status:           OK, ip 10.1.28.236, port-range 10000-20000
    Cluster health:       0/1 reachable   (2020-02-05T14:02:54+01:00)
      Name                IP              Reachable   Endpoints reachable
        ceuse (localhost)   10.5.57.1       true        false

Signed-off-by: Martynas Pumputis <m@lambda.lt>
@brb
daemon: Disable kube-proxy replacement sub-features in flags
fea00f7 
This commit:
- Disables option.Config.EnableExternalIP if NodePort is disabled
- Disables option.EnableHostServices{TCP,UDP} if host-lb is disabled

Otherwise, "cilium status" when --kube-proxy-replacement=partial will
misleadingly report that ExternalIP and HostServices{TCP,UDP} are
enabled even if NodePort and host-lb is disabled.

Signed-off-by: Martynas Pumputis <m@lambda.lt>
@brb
Copy link
Member Author

brb commented Feb 5, 2020

test-me-please

@borkmann
Copy link
Member

borkmann commented Feb 5, 2020

provisioning error

@borkmann
Copy link
Member

borkmann commented Feb 5, 2020

test-me-please

@borkmann
Copy link
Member

borkmann commented Feb 6, 2020

Btw, one more thought. We should also dump the used node-port port-range and whether we use snat or dsr for node-port services. Can also be follow-up, but we should do this as well for 1.7.

@borkmann
Copy link
Member

borkmann commented Feb 6, 2020

Perhaps makes sense to slightly adapt the output for above case, for example:

$ cilium status
KVStore:                 Ok   Disabled
Kubernetes:              Ok   1.17 (v1.17.2) [linux/amd64]
Kubernetes APIs:         ["CustomResourceDefinition", "cilium/v2::CiliumClusterwideNetworkPolicy", "cilium/v2::CiliumEndpoint", "cilium/v2::CiliumNetworkPolicy", "cilium/v2::CiliumNode", "core/v1::Endpoint", "core/v1::Namespace", "core/v1::Pods", "core/v1::Service", "networking.k8s.io/v1::NetworkPolicy"]
KubeProxyReplacement:    Strict
- NodePort:              Enabled [SNAT, 30000-32767]
- ExternalIPs:           Enabled
- HostReachableServices: Enabled [TCP, UDP]
Cilium:                  Ok   OK
NodeMonitor:             Disabled
Cilium health daemon:    Ok
IPAM:                    IPv4: 4/65535 allocated from 10.1.0.0/16,
Controller Status:       17/17 healthy
Proxy Status:            OK, ip 10.1.28.236, port-range 10000-20000
Cluster health:          0/1 reachable   (2020-02-05T14:02:54+01:00)
  Name                IP              Reachable   Endpoints reachable
    ceuse (localhost)   10.5.57.1       true        false

@borkmann borkmann moved this from Done to In progress (1.7) in 1.9 kube-proxy removal & general dp optimization Feb 6, 2020
@brb
Copy link
Member Author

brb commented Feb 6, 2020

Perhaps makes sense to slightly adapt the output for above case, for example:

Makes sense, will do it as a follow-up.

@brb
Copy link
Member Author

brb commented Feb 6, 2020

test-me-please

@borkmann borkmann merged commit a54cbec into master Feb 6, 2020
1.8.0 automation moved this from In progress to Merged Feb 6, 2020
@borkmann borkmann deleted the pr/brb/kubeproxy-free-status branch February 6, 2020 17:13
@borkmann borkmann moved this from In progress (1.7) to Done in 1.9 kube-proxy removal & general dp optimization Feb 7, 2020
@borkmann borkmann mentioned this pull request Feb 7, 2020
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.7 in 1.7.0-rc4 Feb 7, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.7 in 1.7.0-rc4 Feb 7, 2020
@aanm aanm moved this from Backport pending to v1.7 to Backport done to v1.7 in 1.7.0-rc4 Feb 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@borkmann borkmann borkmann approved these changes

@aanm aanm aanm approved these changes

Assignees
No one assigned
Labels
area/daemon Impacts operation of the Cilium daemon. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.7.0-rc4
Backport done to v1.7
1.8.0
  
Merged
Milestone
1.7
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@brb @coveralls @borkmann @aanm