New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support topology aware hints #9165
feat: support topology aware hints #9165
Conversation
@tombokombo: This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi @tombokombo. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: tombokombo <tombo@sysart.tech>
8965346
to
b7e8423
Compare
@ElvinEfendi @tao12345666333 could you please take a look? Thx |
/assign |
@tao12345666333 Do we have any update on the review? |
any update? |
How do you know that it's not working? How are you checking active endpoints for you ingress/svc? |
@tao12345666333 any update? |
@tombokombo |
} | ||
} | ||
} | ||
return emptyZone |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why defining a new var when you can just return empty? I would just do return "" and remove this var declaration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not defined just for one use, it appears here
https://github.com/kubernetes/ingress-nginx/pull/9165/files#diff-e2c540c6da86368f0fa693d5634db0a92e8ef119e5cc2609bd3d24baf6c0fa8aR116
I defined it for better readability, not just comparing against empty string, but against variable which name give some hint what is going on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now it has even more usage.
} | ||
} | ||
if useTopologyHints { | ||
klog.V(3).Infof("All endpoint slices has zone hint, using zone %q for Service %q", zoneForHints, svcKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can move this log to after the for, inside the if, and get rid of this additional "if useTopologyHints" just for this logging
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All other possible places are inside loops, it will spam logs depending on count of endpointslices objects.
TypeMeta: metav1.TypeMeta{APIVersion: "v1", Kind: "Node"}, | ||
} | ||
|
||
node, err := kubeClient.CoreV1().Nodes().Get(context.TODO(), pod.Spec.NodeName, metav1.GetOptions{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please add a comment here on why we need the Node information now. BTW, is this already part of the clusterrole we use in ingress? can't remember :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I will add comment. Yes cluster role is without change and can access nodes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/ok-to-test
@tombokombo change seems fine, I just want to add some safeguards.
Thanks
Signed-off-by: tombokombo <tombo@sysart.tech>
Signed-off-by: tombokombo <tombo@sysart.tech>
So much looking forward to this @tombokombo – thanks for taking the time! Paying a hefty preminum today on GCP with all the Inter-Zone Egress when we run multi-zonal clusters. |
Signed-off-by: tombokombo <tombo@sysart.tech>
0cb4a44
to
1b8a726
Compare
Signed-off-by: tombokombo <tombo@sysart.tech>
/retest |
@tombokombo left some minor comment. Looks good to me, if the helm test fails again we need to check what is going on |
Thanks for this feature! Am I reading it right that an ingress-nginx pod in a zone A, will never proxy requests to endpoints outsize of zone A? Because it seems like kube-proxy can end up proxying to the endpoints outside of its zone: https://kubernetes.io/docs/concepts/services-networking/topology-aware-hints/#implementation-kube-proxy |
@ElvinEfendi Regarding safeguard, I'm checking if all slices endpoints has hints, if no, fallback to normal. Safeguard are mostly implemented on endpoint slice controller, not kube-proxy, see So behaviour should be same as kube-proxy has. |
/label tide/merge-method-squash |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rikatz, tombokombo The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* support topology aware hints Signed-off-by: tombokombo <tombo@sysart.tech> * add flag to enable topology and fixes Signed-off-by: tombokombo <tombo@sysart.tech> * update readme Signed-off-by: tombokombo <tombo@sysart.tech> * add e2e test Signed-off-by: tombokombo <tombo@sysart.tech> * isolate topology test Signed-off-by: tombokombo <tombo@sysart.tech> * gofmt fix Signed-off-by: tombokombo <tombo@sysart.tech> Signed-off-by: tombokombo <tombo@sysart.tech>
What this PR does / why we need it:
This PR brings support for topology aware hints service annotation. If annotation is present on service and all conditions are met ( see safeguards in doc ), ingress controller pod will try to use endpoint slices zone hints.
Feature is enabled with service annotation
service.kubernetes.io/topology-aware-hints: "auto"
.Follow up to #8890
Will work only on not "scoped" controller deployment. It needs a clusterrole to access node, which is running controller pod to extract topology labels. For scoped deployment, it just print warning about inaccessible NODE info and will work as you don't have topology labeled cluster, which means no hints.
Types of changes
Which issue/s this PR fixes
How Has This Been Tested?
Checklist:
Does my pull request need a release note?
Any user-visible or operator-visible change qualifies for a release note. This could be a:
No release notes are required for changes to the following:
For more tips on writing good release notes, check out the Release Notes Handbook