cli: Rename kpr Protocols status field #14977
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
pkg/client/client.go
Outdated
| protocols := "" | ||
| if hs := sr.KubeProxyReplacement.Features.HostReachableServices; hs.Enabled { | ||
| socketLB = "Enabled" | ||
| protocols = strings.Join(hs.Protocols, ", ") | ||
| } |
There was a problem hiding this comment.
But if you have kpr disabled, then Protocols: would not be shown as indicator, no?
There was a problem hiding this comment.
Yep, but it's not clear without reading the code / docs.
There was a problem hiding this comment.
But if status says 'strict', then it's indicator that it has to be enabled. If it says 'disabled', then it has to be disabled as well. So only in case of partial this questions comes up, and there we show the protocols. Maybe this is just a matter of documentation? What does the user make out of 'Socket LB'? If it's just for us debugging isn't the code as-is or sysdump sufficient?
There was a problem hiding this comment.
Should we just combine this with the "Protocols:" line with a clearer format like "Socket LB Protocols: "? Personally I was confused whether socket LB was enabled or not while debugging an issue, which is why I filed #14927. It doesn't make sense to me that you'd list a bunch of the feature aspects of the kube-proxy replacement explicitly but then for socket-lb you have to infer whether it's enabled or not based on this other line called "Protocols".
There was a problem hiding this comment.
I think the Protocols: TCP, UDP line needs rework perhaps. For example we might still handle TCP, UDP when KPR is disabled and Cilium only xlated ClusterIP. So there should be some sort of indicator what is handled where. E.g. if we have partial and for sock LB we only have TCP xlation enabled, then cilium status --verbose should probably tell which is handled where. Maybe this somehow begs for an output like ...
Protocols:
- North-South: TCP, UDP
- East-West: TCP, UDP
- Syscall: TCP
- NAT: UDP
... not sure if this can be made nicer / less complicated though.
There was a problem hiding this comment.
The N-S and E-W terminology is not used in the k8s context, so it might confuse users. For now I'd just do as @joestringer suggested above.
There was a problem hiding this comment.
Is that true? Some other components like traefik have been discussing east-west and north-south in k8s context:
https://traefik.io/blog/beyond-kubernetes-bringing-microservices-together-with-service-mesh/
Also, I think that anyone trying to interpret this status section probably needs the kube-proxy replacement docs anyway so we can always write a very short sentence explaining north/south and east/west.
🤷♂️ I'm OK with either approach.
There was a problem hiding this comment.
Is that true?
Yeah, the source of truth doesn't have any single mention of N-S or E-W.
brb
added
the
release-note/misc
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
|
test-me-please |
brb
force-pushed
the
pr/brb/kpr-cli-status
branch
from
ac42681
to
82cd5f7
Compare
brb
force-pushed
the
pr/brb/kpr-cli-status
branch
from
82cd5f7
to
1393127
Compare
|
@joestringer @borkmann I've renamed the field |
This commit renames the "Protocols" field to Socket LB Protocols" to
better reflect the fact that the field indicates which protocols are
handled by the host reachable svc (aka socket-lb).
The example output:
$ cilium status --verbose
[..]
KubeProxyReplacement Details:
Status: Strict
Socket LB Protocols: TCP, UDP
Devices: wlp3s0 192.168.178.29 (Direct Routing)
Mode: SNAT
Backend Selection: Random
Session Affinity: Enabled
XDP Acceleration: Disabled
Services:
- ClusterIP: Enabled
- NodePort: Enabled (Range: 30000-32767)
- LoadBalancer: Enabled
- externalIPs: Enabled
- HostPort: Enabled
Also, I'm using socket-lb instead of host-reachable svc, as in v1.10
we are planning to rename the feature (it's used not only for reaching
services from a host nents).
Reported-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Martynas Pumputis <m@lambda.lt>
|
test-me-please |
maintainer-s-little-helper
bot
added
the
ready-to-merge
|
KubeProxyReplacement Details: root@bpf1:/home/cilium# cat /tmp/cilium/config-map/bpf-lb-sock The above two feature is the same of different? |
|
|
The same. |
This commit renames the "Protocols" field to Socket LB Protocols" to better reflect the fact that the field indicates which protocols are handled by the host reachable svc (aka socket-lb).
The example output:
Also, I'm using socket-lb instead of host-reachable svc, as in v1.10 we are planning to rename the feature (it's used not only for reaching services from a host nents).