clustermesh: Add EndpointSlice support for API server #20697
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently, clustermesh-apiserver doesn't support synchronizing EndpointSlice to kvstore. This happens because clustermesh-apiserver always set DaemonConfig.K8sEnableEndpointSlice option to false while calling DaemonConfig.Populate(). As a result, clustermesh-apiserver always fallbacks to the Endpoints. The problem of this is we cannot support dual-stack global service since Endpoints only contains the backends for primary IP address family (Service.spec.ipFamilies[0]). Thus, clustermesh-apiserver only synchronizes backends with single IP address family. Also, when cilium-agents are running with EndpoitSlice and clustermesh-apiservers are running with Endpoints, it will make a state that global services only contain local endpoints for secondary IP address family which is unexpected from users' perspective. To fix that, we expose a new command line configuration knob --enable-k8s-endpointslice=<bool> for clustermesh-apiserver and populate its value from cilium-config ConfigMap. So that cilium-agent and clustermesh-apiserver always use the same endpoint type. Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
YutaroHayakawa
added
kind/bug
aanm
approved these changes
Jul 28, 2022
|
/test Job 'Cilium-PR-K8s-1.23-kernel-4.19' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment Job 'Cilium-PR-K8s-1.16-kernel-4.9' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment |
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.10
in 1.10.14
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.10
in 1.11.8
tklauser
added
the
backport-done/1.11
maintainer-s-little-helper
bot
moved this from Backport pending to v1.10
to Backport done to v1.11
in 1.11.8
maintainer-s-little-helper
bot
moved this from Backport pending to v1.10
to Backport done to v1.10
in 1.10.14
tklauser
added
backport-done/1.12
This was referenced Aug 11, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please see the commit message for details. I think we need to backport this to 1.10 and 1.11 because it meets the backport criteria "Major bugfixes relevant to the correct operation of Cilium" because, without this change, global service only contains local endpoints for secondary IP family when users configure dual-stack service and their k8s support EndpointSlice which is an incorrect behavior I think.