-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bgp,bugfix: parse ips when converting from slim_core to k8s service #18358
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While the change looks simple, there is a lot of wisdom behind, I am going through the discussion in github issue to understand more. Right now, I don't even understand why nodeport check is there in the first place 🤔
Will be great if other team member can help to review this instead.
@sayboras That is where I'm currently at as well. Doing a deep dive. It appears the linked issue can be "worked-around" by ensuring "NodePort" is enabled off the bat. I didn't suggest this yet because I need to confirm. Also as I mention in this thread: https://cilium.slack.com/archives/C2B917YHE/p1641328782392200?thread_ts=1641245029.380700&cid=C2B917YHE I believe a BPF backed NodePort should be completely orthogonal to the BGP Announce LB feature, as that feature just cares about getting external traffic to a load balancer, not whether that load balancer is backed by a BPF node port impl, or the vanilla K8s impl. So part of me feels like this PR will actually change into decoupling the NodePort requirement from the BGP Announce LB feature all together. CC @aanm may have some insight. |
49421f9
to
20957d6
Compare
@@ -1517,14 +1517,6 @@ func initEnv(cmd *cobra.Command) { | |||
} | |||
} | |||
|
|||
// This is necessary because the code inside pkg/k8s.NewService() for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This goes away, the BGP LB Announcement features are not coupled to the NodePort configuration.
Discussed this with @brb @aanm (separately) The reason we do not parse IPs when "EnableNodePort" is false is to save on CPU cycles. When the umbrella feature flag "EnableNodePort" is disabled, Cilium does not care about Service events triggered by LoadBalancer Status updates. However, when the BGP Announce LB feature is enabled, Cilium must care about these updates in order for the k8s Watcher infra to generate a new Service event. The decision was made to keep the original "EnableNodePort" flag to continue to budget CPU if we don't need to spend it, but if BGP announcement feature is on, parse out the loadBalancerIPs so feature works without being coupled to "EnableNodePort" feature flag. |
@@ -128,7 +128,7 @@ func (s *MetalLBSpeaker) OnUpdateService(svc *slim_corev1.Service) error { | |||
} | |||
|
|||
l.Debug("adding event to queue") | |||
s.queue.Add(epEvent{ | |||
s.queue.Add(svcEvent{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good citizen change, this is mislabeled but causes no functional difference in the code, other then logging the wrong event type.
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, makes sense to me.
20957d6
to
f48b09e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM (just a non-blocking comment).
/test |
Latest failures are due to vagrant infra:
Rerunning tests. |
/test |
this fixes cilium#16967. previous to this commit, when converting from a slim_core Service to our k8s Service abstraction the parsed out loadBalancersIP were not converted to the appropriate map of net.IP objects. they were not converted because of a guard which only does this for when "NodePort" configuration is set to true. with the introduction of the BGP load balancer announcement feature, we also need to parse IPs coming from the ServiceStatus field in a slim_core Service. If this change is not made, both the old and new services look exactly the same to the k8sWatcher infrastructure and when the Service gets its load balancer IP the entire event is thrown away. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
f48b09e
to
ac5f66e
Compare
/test Job 'Cilium-PR-K8s-1.22-kernel-4.19' failed and has not been observed before, so may be related to your PR: Click to show.Test Name
Failure Output
If it is a flake, comment Job 'Cilium-PR-K8s-1.23-kernel-net-next' failed and has not been observed before, so may be related to your PR: Click to show.Test Name
Failure Output
If it is a flake, comment |
/test |
@ldelossa FYI - This bug fix warranted a release note as it's user-facing. |
this fixes #16967.
previous to this commit, when converting from a slim_core Service to our
k8s Service abstraction the parsed out loadBalancersIP were not
converted to the appropriate map of net.IP objects.
they were not converted because of a guard which only does this for when
"NodePort" configuration is set to true.
with the introduction of the BGP load balancer announcement feature, we
also need to parse IPs coming from the ServiceStatus field in a
slim_core Service.
If this change is not made, both the old and new services look exactly
the same to the k8sWatcher infrastructure and when the Service gets its
load balancer IP the entire event is thrown away.
Signed-off-by: Louis DeLosSantos louis.delos@isovalent.com