bgp,bugfix: parse ips when converting from slim_core to k8s service #18358
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
sayboras
added
the
release-note/bug
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
There was a problem hiding this comment.
While the change looks simple, there is a lot of wisdom behind, I am going through the discussion in github issue to understand more. Right now, I don't even understand why nodeport check is there in the first place 🤔
Will be great if other team member can help to review this instead.
|
@sayboras That is where I'm currently at as well. Doing a deep dive. It appears the linked issue can be "worked-around" by ensuring "NodePort" is enabled off the bat. I didn't suggest this yet because I need to confirm. Also as I mention in this thread: https://cilium.slack.com/archives/C2B917YHE/p1641328782392200?thread_ts=1641245029.380700&cid=C2B917YHE I believe a BPF backed NodePort should be completely orthogonal to the BGP Announce LB feature, as that feature just cares about getting external traffic to a load balancer, not whether that load balancer is backed by a BPF node port impl, or the vanilla K8s impl. So part of me feels like this PR will actually change into decoupling the NodePort requirement from the BGP Announce LB feature all together. CC @aanm may have some insight. |
ldelossa
force-pushed
the
ldelossa/announce-lb-fix
branch
from
49421f9
to
20957d6
Compare
| @@ -1517,14 +1517,6 @@ func initEnv(cmd *cobra.Command) { | |||
| } | |||
| } | |||
|
|
|||
| // This is necessary because the code inside pkg/k8s.NewService() for | |||
There was a problem hiding this comment.
This goes away, the BGP LB Announcement features are not coupled to the NodePort configuration.
|
Discussed this with @brb @aanm (separately) The reason we do not parse IPs when "EnableNodePort" is false is to save on CPU cycles. When the umbrella feature flag "EnableNodePort" is disabled, Cilium does not care about Service events triggered by LoadBalancer Status updates. However, when the BGP Announce LB feature is enabled, Cilium must care about these updates in order for the k8s Watcher infra to generate a new Service event. The decision was made to keep the original "EnableNodePort" flag to continue to budget CPU if we don't need to spend it, but if BGP announcement feature is on, parse out the loadBalancerIPs so feature works without being coupled to "EnableNodePort" feature flag. |
| @@ -128,7 +128,7 @@ func (s *MetalLBSpeaker) OnUpdateService(svc *slim_corev1.Service) error { | |||
| } | |||
|
|
|||
| l.Debug("adding event to queue") | |||
| s.queue.Add(epEvent{ | |||
| s.queue.Add(svcEvent{ | |||
There was a problem hiding this comment.
good citizen change, this is mislabeled but causes no functional difference in the code, other then logging the wrong event type.
|
/test |
ldelossa
force-pushed
the
ldelossa/announce-lb-fix
branch
from
20957d6
to
f48b09e
Compare
ldelossa
added
the
ready-to-merge
|
/test |
ldelossa
removed
the
ready-to-merge
|
Latest failures are due to vagrant infra: Rerunning tests. |
|
/test |
this fixes cilium#16967. previous to this commit, when converting from a slim_core Service to our k8s Service abstraction the parsed out loadBalancersIP were not converted to the appropriate map of net.IP objects. they were not converted because of a guard which only does this for when "NodePort" configuration is set to true. with the introduction of the BGP load balancer announcement feature, we also need to parse IPs coming from the ServiceStatus field in a slim_core Service. If this change is not made, both the old and new services look exactly the same to the k8sWatcher infrastructure and when the Service gets its load balancer IP the entire event is thrown away. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
ldelossa
force-pushed
the
ldelossa/announce-lb-fix
branch
from
f48b09e
to
ac5f66e
Compare
|
/test Job 'Cilium-PR-K8s-1.22-kernel-4.19' failed and has not been observed before, so may be related to your PR: Click to show.Test NameFailure OutputIf it is a flake, comment Job 'Cilium-PR-K8s-1.23-kernel-net-next' failed and has not been observed before, so may be related to your PR: Click to show.Test NameFailure OutputIf it is a flake, comment |
|
/test |
maintainer-s-little-helper
bot
added
the
ready-to-merge
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.10
in 1.11.1
joestringer
added
backport-done/1.11
maintainer-s-little-helper
bot
moved this from Backport pending to v1.10
to Backport done to v1.11
in 1.11.1
maintainer-s-little-helper
bot
moved this from Backport pending to v1.10
to Backport done to v1.11
in 1.11.1
|
@ldelossa FYI - This bug fix warranted a release note as it's user-facing. |
this fixes #16967.
previous to this commit, when converting from a slim_core Service to our
k8s Service abstraction the parsed out loadBalancersIP were not
converted to the appropriate map of net.IP objects.
they were not converted because of a guard which only does this for when
"NodePort" configuration is set to true.
with the introduction of the BGP load balancer announcement feature, we
also need to parse IPs coming from the ServiceStatus field in a
slim_core Service.
If this change is not made, both the old and new services look exactly
the same to the k8sWatcher infrastructure and when the Service gets its
load balancer IP the entire event is thrown away.
Signed-off-by: Louis DeLosSantos louis.delos@isovalent.com