Skip to content
This repository has been archived by the owner on Jul 16, 2024. It is now read-only.

a self-awareness "interface" for NFT pod #13

Closed
jayunit100 opened this issue May 3, 2021 · 8 comments
Closed

a self-awareness "interface" for NFT pod #13

jayunit100 opened this issue May 3, 2021 · 8 comments
Assignees
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@jayunit100
Copy link
Contributor

The NFT tables pod is susceptible to naughty bhaviour when iptables is installed.

To remediate this, and also, to create a precendent for other service proxy backends, lets:

  • add a "SystsemCheck()" or similar implementatino in the NFT backend
  • Have it verify that all iptables rules (i.e. see the ones in hack/kind recipe: Coredns cant resolve 10.96.0.1 #12) are empty
  • if iptables rules non-empty print continous warnings that are extremely idiot-proof , i.e.
    warning: ip routing may not work properly due to mutliple kernel firewalls !

This will make it really easy for folks struggling w/ the incompatibilities (iptables, legacy iptables, and nft, and so on) to know why loadbalancing rules written by NFT arent getting honored.

@jayunit100
Copy link
Contributor Author

/assign @hanlins

@jayunit100
Copy link
Contributor Author

@mcluseau let us know if any details we need to update here

@hanlins
Copy link
Contributor

hanlins commented May 3, 2021

Had some discussion with @mcluseau, later we might introduce subcommand to-best-fit which selects the best sink backend based on the system check results. Will add some functionality here to check whether the nft requirement is met. In the nft sink, will invoke this backend but won't error out if the system is not compatible. We will leave this flexibility of using nft backend to the users, only leave some logs the potential compatibility issues.

@jayunit100
Copy link
Contributor Author

make sure those logs are really explicit and repeated periodically :)

@k8s-triage-robot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 2, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Sep 1, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Development

No branches or pull requests

4 participants