-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make aws-cni config more flexible and generalized #11816
Make aws-cni config more flexible and generalized #11816
Conversation
625161b
to
b8c401d
Compare
pkg/apis/kops/networking.go
Outdated
// Specifies whether ipamd should configure rp filter for primary interface. | ||
// Setting this to false will require rp filter to be configured through init container. | ||
AwsVpcK8sCniConfigureRpFilter string `json:"awsVpcK8sCniConfigureRpFilter,omitempty"` | ||
Env []EnvVar `json:"env,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should not remove the documentation comment
pkg/apis/kops/networking.go
Outdated
@@ -248,12 +248,19 @@ type RomanaNetworkingSpec struct { | |||
|
|||
// AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking | |||
type AmazonVPCNetworkingSpec struct { | |||
// Specifies whether ipamd should configure rp filter for primary interface. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doc comment needs to start with the name of the field.
pkg/apis/kops/networking.go
Outdated
// Setting this to false will require rp filter to be configured through init container. | ||
AwsVpcK8sCniConfigureRpFilter string `json:"awsVpcK8sCniConfigureRpFilter,omitempty"` | ||
Env []EnvVar `json:"env,omitempty"` | ||
// If ENABLE_POD_ENI is set to true, in order for the kubelet to connect via TCP (for liveness or readiness probes) to pods that are using per pod security groups, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doc comment needs to start with the name of the field.
upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml.template
Show resolved
Hide resolved
Thanks for the review, @johngmyers ! |
pkg/apis/kops/networking.go
Outdated
InitImageName string `json:"initImageName,omitempty"` | ||
// AwsVpcK8sCniConfigureRpFilter specifies whether ipamd should configure rp filter for primary interface. | ||
// Setting this to false will require rp filter to be configured through init container. | ||
AwsVpcK8sCniConfigureRpFilter string `json:"awsVpcK8sCniConfigureRpFilter,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of this refers to the AWS VPC CNI, so that part of the name is redundant.
"RP" is an acronym for "Reverse Path".
The possible values are "true" and "false", so it's a boolean.
AwsVpcK8sCniConfigureRpFilter string `json:"awsVpcK8sCniConfigureRpFilter,omitempty"` | |
ConfigureRPFilter *bool `json:"configureRPFilter,omitempty"` |
pkg/apis/kops/networking.go
Outdated
// The init container image name to use | ||
InitImageName string `json:"initImageName,omitempty"` | ||
// AwsVpcK8sCniConfigureRpFilter specifies whether ipamd should configure rp filter for primary interface. | ||
// Setting this to false will require rp filter to be configured through init container. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should mention the default is true.
pkg/apis/kops/networking.go
Outdated
// in order for the kubelet to connect via TCP (for liveness or readiness probes) to pods that are using per pod security groups. | ||
// This will increase the local TCP connection latency slightly. | ||
// To use this setting, a Linux kernel version of at least 4.6 is needed on the worker node. | ||
DisableTCPEarlyDemux string `json:"disableTCPEarlyDemux,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also a boolean.
We try to avoid negative booleans.
DisableTCPEarlyDemux string `json:"disableTCPEarlyDemux,omitempty"` | |
TCPEarlyDemux *bool `json:"enableTCPEarlyDemux,omitempty"` |
8a05ab4
to
5f9f480
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still think that initializing the Env vars with the options kOps overrides by default in template functions is better and also allows users to change those too in a generic way, without adding extra options.
5f9f480
to
e239838
Compare
So I did that with everything else, however it seems like these two are actually different from the default values according to the docs, so I needed to make an override on them. Is there a better way to handle that, than the one I used? |
/retest |
6ffaba3
to
dd26563
Compare
Hey @MoShitrit, sorry for the delay, but was traveling for the past few days. Will take another look at this today. |
I would add a template function like this: if cluster.Spec.Networking != nil && cluster.Spec.Networking.AmazonVPC != nil {
c := cluster.Spec.Networking.AmazonVPC
dest["AmazonVpcEnvVars"] = func() map[string]string {
envVars := map[string]string{
"AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER": "false",
}
for _, e := range c.Env {
envVars[e.Name] = e.Value
}
return envVars
}
} and change the template to use it instead of directly accessing the env vars: {{- range $name, $value := AmazonVpcEnvVars }}
- "name": "{{ $name }}"
"value": "{{ $value }}"
{{- end }} This way we can change the defaults, but still allow overwriting them. |
dd26563
to
0bdfabc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are just some remaining nits, otherwise looks good from my point of view. Maybe also squash the commits.
@rifelpet Want to take a look too?
upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml.template
Show resolved
Hide resolved
upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml.template
Show resolved
Hide resolved
0bdfabc
to
c4ab20a
Compare
…mplate functions for ease of customization Update auto-generated files
c4ab20a
to
6dee0ad
Compare
/lgtm Will let @hakman do the final approval |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @MoShitrit!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hakman The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
1 similar comment
/retest |
Fixes #11144
/cc @hakman