Add support for specifying probe protocol / probe port via annotation per service port #2452
Conversation
k8s-ci-robot
added
release-note
✅ Deploy Preview for kubernetes-sigs-cloud-provide-azure canceled.
|
k8s-ci-robot
added
the
cncf-cla: yes
|
Welcome @rainest! |
|
Hi @rainest. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
@rainest Thanks for your PR! Could you please merge the commit into one commit? |
|
/retest |
|
@MartinForReal I can once it's complete, yes. Did you have comments on the de-duplication/naming question and any further work needed there? Or is the change introduced in 7f80566 all of what you were looking for? |
|
Yes! That's what I'm looking for. |
rainest
force-pushed
the
feature/azure-load-balancer-per-port-protocol
branch
from
642ce75
to
47ae16b
Compare
|
Alright, sounds good, squashed and rebased onto the current tip of master here. |
|
/retest |
|
LGTM. |
|
please rebase the branch in order to fix error reported by ci pipeline. |
rainest
force-pushed
the
feature/azure-load-balancer-per-port-protocol
branch
from
47ae16b
to
3e3fece
Compare
|
FYI I'll be out away from internet access through the 25th, so if this needs further changes I'll address them then. |
rainest
force-pushed
the
feature/azure-load-balancer-per-port-protocol
branch
from
3e3fece
to
b38659a
Compare
|
@MartinForReal checking in on this, are there any further changes it would need? |
MartinForReal
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: MartinForReal, rainest The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
/retest |
rainest
force-pushed
the
feature/azure-load-balancer-per-port-protocol
branch
from
b38659a
to
939c39c
Compare
k8s-ci-robot
removed
the
lgtm
|
Unsure what would have broken the one test for Is there information elsewhere in the test logs that would show this particular Service's state and/or cloud provider logs related to assigning it an IP? I'm unfortunately not too familiar with test suite output, but it looks like it might only be logs from the test client. |
Add support for overriding health check probe protocol and port per probe port. Document the port and protocol probe override annotations. Signed-off-by: Vito Sabella <vsabella@msn.com> De-duplicate load balancer health probes by collecting them in an index keyed by their functional characteristics (protocol, port, interval, count, and path). Two probes with the same functional characteristics will generate the same key, and only one of the two will ultimately be added. Signed-off-by: Travis Raines <571832+rainest@users.noreply.github.com> Co-authored-by: Travis Raines <571832+rainest@users.noreply.github.com>
MartinForReal
force-pushed
the
feature/azure-load-balancer-per-port-protocol
branch
from
939c39c
to
ad38bed
Compare
|
/retest |
/test pull-cloud-provider-azure-e2e-ccm-capz |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
/test pull-cloud-provider-azure-e2e-ccm-capz |
|
@MartinForReal thanks for the help with the tests. Do you know roughly when changes here propagate out to being available in Azure for users? I didn't find any scheduled update lifecycle in the SIG FAQ, but it looks like new minor provider releases go out roughly every 6mo and are incorporated into Azure shortly after from reviewing the previous releases. |
|
/cherrypick release-1.25 |
|
/cherrypick release-1.24 |
|
/cherrypick release-1.23 |
|
/cherrypick release-1.1 |
|
@MartinForReal: #2452 failed to apply on top of branch "release-1.25": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@MartinForReal: #2452 failed to apply on top of branch "release-1.24": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@MartinForReal: #2452 failed to apply on top of branch "release-1.23": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@MartinForReal: #2452 failed to apply on top of branch "release-1.1": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This pr should be cherrypicked to all of release branches and then will be shipped into next cloud provider release(1 week) and it will take another 2 weeks before it is deployed to all of the regions. |
What type of PR is this?
/kind feature
What this PR does / why we need it:
This adds
service.beta.kubernetes.io/port_<num>_health-probe_protocolandservice.beta.kubernetes.io/port_<num>_health-probe_portannotations for LoadBalancer Services. These allow overriding the health check port or protocol for a given port. This is useful for ports that cannot respond affirmatively to the health checks and expose health information elsewhere.Which issue(s) this PR fixes:
Fixes #1505
Special notes for your reviewer:
This continues #1508 and attempts to address the open issue with it. I rebased onto upstream master and added commits to de-duplicate checks and correct an apparent error in the original docs (
/is the default check path, not/healthz).I'm not quite sure I understand the duplication concern raised in #1508 (review), and it looks like the line indicated is maybe outdated. As I read it, we pass the rule name (for internal and external LBs) to the check generator, which then just uses that string as-is for the probe name.
That name's generator will return something like
SERVICE_UID-??-tcp-443(the service, subnet, appProtocol, and port--not sure about the second's appearance, but it's optional anyway). That doesn't seem like it can conflict because there will only be one probe per LB rule name, and the the probes are named for the rule they check, not the port they check.For example, if we have a Service with HTTP appProtocol ports on 8443 and 8009, and want to override the former to use an HTTP check on 8009 instead, the resulting probes would be:
ABC-123-http-8443(an HTTP check on port 8009)ABC-123-http-8009(an HTTP check on port 8009)Based on the discussion after, my additional change looks at the generated probes and only keeps those with unique properties, so that the above would only generate one probe. Naming is still a bit iffy, since you'll still get a probe named after only one of the rules, even though it's pulling double-duty. What name scheme would be desirable (changing it requires updating a bunch of tests, so I wanted to confirm before writing it)? I was thinking either
ABC-123-http-8009-8443(it indicates all ports it checks) orABC-123-http-8009-10-5-/, indicating all of the probe properties. The latter doesn't work great, however, since it needs to account for HTTP paths, which could get quite unwieldy. It could indicate the port and protocol only, but that would result in name conflicts.Does this PR introduce a user-facing change?