Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow multi-CNI setups to set usesSecondaryIP #10828

Merged
merged 2 commits into from
Mar 1, 2021
Merged

Allow multi-CNI setups to set usesSecondaryIP #10828

merged 2 commits into from
Mar 1, 2021

Conversation

ravens
Copy link
Contributor

@ravens ravens commented Feb 15, 2021

This PR removes a previously introduced check on the CNI plugin presence.

The original PR #8617 seems to introduce some checks on the use of incompatible CNI plugins, but in fact the CNI plugin is used to set the --node-ip Kubelet option in case the useSecondaryIP flag is set to true. A Kops cluster operator should be able to declare that when using a CNI plugin like Calico for example.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 15, 2021
@k8s-ci-robot
Copy link
Contributor

Welcome @ravens!

It looks like this is your first PR to kubernetes/kops 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/kops has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot
Copy link
Contributor

Hi @ravens. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 15, 2021
@olemarkus
Copy link
Member

This option does prevent the install of incompatible networking options. The check you remove in this PR would allow specifying a user-managed CNI in addition to a kOps-managed CNI (or kubeet-like networking), which kOps cannot support.

You can however set spec.networking.cni and manage two CNIs independently yourself.

Could you elaborate more on your usecase for this?

@ravens
Copy link
Contributor Author

ravens commented Feb 15, 2021

This case (cni + another cni) used to work with kops 1.17 - our use case on AWS is to use calico as main CNI and to use Multus to bring ENI to specific pods. Without the CNI option setup, Kubelet does not set up the --node-ip option and Kubelet starts to grab up all the IPs, creating duplicate internalIPs after a while.

While I do see some CNI options being incompatible (i.e. Calico + Cilium), this particular one should not be marked as incompatible IMO.

@olemarkus
Copy link
Member

So it is actually spec.networking.cni.usesSecondaryIP that you want to configure. It is perhaps not placed in the in the best struct for this ...

I think maybe if you move this if block below kopeio and remove the optionTaken = true part from the block we achieve what we want. CNI cannot be combined with kubenet-like networking (a lot of the code in kOps would break over this), but it can be combined with any actual CNIs.

@olemarkus
Copy link
Member

/cc @hakman
you may have an opinion on this as well, perhaps

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 15, 2021
@ravens
Copy link
Contributor Author

ravens commented Feb 15, 2021

@olemarkus thanks for the suggestion ! Indeed the focus is actually on the spec.networking.cni.usesSecondaryIP option. I amended the PR to reflect your proposal.

@olemarkus
Copy link
Member

Thanks. Lets see if anyone else has any comments. If not, I'll merge in not too long.

/assign

@hakman
Copy link
Member

hakman commented Feb 18, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 18, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: olemarkus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 1, 2021
@hakman
Copy link
Member

hakman commented Mar 1, 2021

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 1, 2021
@olemarkus olemarkus mentioned this pull request Mar 1, 2021
Merged
@olemarkus olemarkus mentioned this pull request Mar 1, 2021
Merged
@hakman hakman changed the title validation.go: remove checks on CNI Allow multi-CNI setups to set usesSecondaryIP Mar 1, 2021
@hakman hakman added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Mar 1, 2021
k8s-ci-robot added a commit that referenced this pull request Mar 1, 2021
@k8s-ci-robot
Merge pull request #10956 from olemarkus/automated-cherry-pick-of-#10…
8bdbd77 
…828-origin-release-1.19

Automated cherry pick of #10828: validation.go: remove checks on CNI
k8s-ci-robot added a commit that referenced this pull request Mar 1, 2021
@k8s-ci-robot
Merge pull request #10958 from olemarkus/automated-cherry-pick-of-#10…
d7d4070 
…828-origin-release-1.20

Automated cherry pick of #10828: validation.go: remove checks on CNI
@k8s-ci-robot k8s-ci-robot merged commit 9d8dec6 into kubernetes:master Mar 1, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Mar 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olemarkus olemarkus olemarkus approved these changes

@mikesplain mikesplain Awaiting requested review from mikesplain

@hakman hakman Awaiting requested review from hakman

Assignees

@olemarkus olemarkus

@hakman hakman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/api cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.
4 participants
@ravens @k8s-ci-robot @olemarkus @hakman