fix kube-proxy panic because of nil sessionAffinityConfig

[m1093782566]

What this PR does / why we need it:

fix kube-proxy panic because of nil sessionAffinityConfig

Which issue this PR fixes: closes #51499

Special notes for your reviewer:

I apology that this bug is introduced by #49850 :(

@thockin @smarterclayton @gnufied

Release note:

NONE

[m1093782566]

/assign @thockin

[thockin]

Isn't that set in defaulting? When we read it back from API it should get default values. Before we merge this, I need to understand why that isn't working.

[m1093782566]

Isn't that set in defaulting? When we read it back from API it should get default values.

When we set the default value in pkg/api/v1/defaults.go, we meet the UT issues.

--- FAIL: TestRoundTripTypes (0.31s)

roundtrip.go:326: Service: diff: 
		object.Spec.Selector:
		  a: map[string]string{}
		  b: map[string]string(nil)
		object.Spec.ExternalIPs:
		  a: []string{}
		  b: []string(nil)
		object.Spec.SessionAffinityConfig:
		  a: <nil>
		  b: &api.SessionAffinityConfig{ClientIP:(*api.ClientIPConfig)(0xc420643f48)}
		object.Spec.LoadBalancerSourceRanges:
		  a: []string{}
		  b: []string(nil)
		object.Status.LoadBalancer.Ingress:
		  a: []api.LoadBalancerIngress{}
		  b: []api.LoadBalancerIngress(nil)

It looks like a testcase that goes through defaulting, which causes the diff to fail. Unfortunately, we don't have a great general solution to this (yet) except to patch up the test case to not depend on defaulting. Set that value explicitly.

So, we set the value explicitly which means the timeout value is required when session affinity type is client ip. For example, we set it explicitly in pkg/master/controller.go.

I guess your may refer to

// ClientIPConfig represents the configurations of Client IP based session affinity.
type ClientIPConfig struct {
	// timeoutSeconds specifies the seconds of ClientIP type session sticky time.
	// The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
	// Default value is 10800(for 3 hours).
	// +optional
	TimeoutSeconds *int32
}

The comment message maybe not proper.

[thockin]

Sorry, I am lost. Defaulting causes round-trip failures, so you manually specify values in a test. OK. But the defaulting still is in place, right? How does that manifest as a nil pointer on the consumer?

…

On Mon, Aug 28, 2017 at 11:52 PM, DuJun ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In pkg/proxy/iptables/proxier.go <#51500 (comment)> : > @@ -196,7 +196,15 @@ func newServiceInfo(svcPortName proxy.ServicePortName, port *api.ServicePort, se } var stickyMaxAgeSeconds int if service.Spec.SessionAffinity == api.ServiceAffinityClientIP { - stickyMaxAgeSeconds = int(*service.Spec.SessionAffinityConfig.ClientIP.TimeoutSeconds) + // We changed the API definition that sessionAffinityConfig is required when Isn't that set in defaulting? When we read it back from API it should get default values. When we set the default value in pkg/api/v1/defaults.go, we meet the UT issues. --- FAIL: TestRoundTripTypes (0.31s) roundtrip.go:326: Service: diff: object.Spec.Selector: a: map[string]string{} b: map[string]string(nil) object.Spec.ExternalIPs: a: []string{} b: []string(nil) object.Spec.SessionAffinityConfig: a: <nil> b: &api.SessionAffinityConfig{ClientIP:(*api.ClientIPConfig)(0xc420643f48)} object.Spec.LoadBalancerSourceRanges: a: []string{} b: []string(nil) object.Status.LoadBalancer.Ingress: a: []api.LoadBalancerIngress{} b: []api.LoadBalancerIngress(nil) It looks like a testcase that goes through defaulting, which causes the diff to fail. Unfortunately, we don't have a great general solution to this (yet) except to patch up the test case to not depend on defaulting. Set that value explicitly. So, we set the value explicitly which means the timeout value is required when session affinity type is client ip. For example, we set it explicitly in pkg/master/controller.go. I guess your may refer to // ClientIPConfig represents the configurations of Client IP based session affinity. type ClientIPConfig struct { // timeoutSeconds specifies the seconds of ClientIP type session sticky time. // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". // Default value is 10800(for 3 hours). // +optional TimeoutSeconds *int32 } The comment message maybe not proper. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#51500 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFVgVGdPZE_NhrwZ4hPDxtIIuNxfB-m8ks5sc7VCgaJpZM4PFb8X> .

[m1093782566]

How does that manifest as a nil pointer on the consumer?

Because the service data is still stored in etcd - for example, service kubernetes. When we delete the legacy services whose session affinity type is Client IP, kube-proxy stops panic.

[m1093782566]

See https://github.com/kubernetes/kubernetes/blob/master/pkg/master/controller.go#L245

KUBE-APISERVER currently doesn't support updating session affinity config for service kubernetes - it only updates service type and ports.

[thockin]

When we read it out of the API, I thought it should get defaulted again, as it transitions from internal to versioned. @lavalamp @cheftako ?

…

On Tue, Aug 29, 2017 at 12:12 AM, DuJun ***@***.***> wrote: How does that manifest as a nil pointer on the consumer? Because the service data is still stored in etcd - for example, service kubernetes. When we delete the legacy services whose session affinity type is Client IP, kube-proxy stops panic. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#51500 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFVgVFKEy5EcFhM-lInXU1RfHDnqvWAbks5sc7nXgaJpZM4PFb8X> .

[m1093782566]

But the defaulting still is in place, right?

Do you refer to

func SetDefaults_Service(obj *v1.Service) {
	if obj.Spec.SessionAffinity == "" {
		obj.Spec.SessionAffinity = v1.ServiceAffinityNone
	}
	if obj.Spec.Type == "" {
		obj.Spec.Type = v1.ServiceTypeClusterIP
	}
	for i := range obj.Spec.Ports {
		sp := &obj.Spec.Ports[i]
		if sp.Protocol == "" {
			sp.Protocol = v1.ProtocolTCP
		}
		if sp.TargetPort == intstr.FromInt(0) || sp.TargetPort == intstr.FromString("") {
			sp.TargetPort = intstr.FromInt(int(sp.Port))
		}
	}
	// Defaults ExternalTrafficPolicy field for NodePort / LoadBalancer service
	// to Global for consistency.
	if (obj.Spec.Type == v1.ServiceTypeNodePort ||
		obj.Spec.Type == v1.ServiceTypeLoadBalancer) &&
		obj.Spec.ExternalTrafficPolicy == "" {
		obj.Spec.ExternalTrafficPolicy = v1.ServiceExternalTrafficPolicyTypeCluster
	}
}

?

I am afraid I didn't set default values here.

[m1093782566]

I think I have almost found out how to fix the defaulting issue - I need to hack pkg/api/fuzzer/fuzzer.go.

@thockin
Please see if the changes are fine. I apologize again for introducing the serious bug. Soooooorry...

[m1093782566]

When we read it out of the API, I thought it should get defaulted again, as
it transitions from internal to versioned.

It's true.

[thockin]

we probably should fuzz affinity explicitly. There are many examples to follow, but basically declare a slice of valid values, pick a random number mod the length of that slice, set the value and THEN do this fixup. Basically every enumerated field should go through this.

[thockin]

The chance of the fuzzer choosing a valid string is ~0

[m1093782566]

ACK. Please see if the changes are fine.

PS. Since there is a restriction on affinity type and affinity config - config is required when type is ClientIP. So, I employ a temporary struct,

struct {
	affinityType   api.ServiceAffinity
	affinityConfig *api.SessionAffinityConfig
}

to describe the relationship between them.

[thockin]

This was in some form of the original PR, Iknow I looked at it. Github tools ... ugh. Yes, defaulting is necessary

[m1093782566]

/test pull-kubernetes-e2e-gce-bazel

[m1093782566]

kindly ping @smarterclayton

Can you help reviewing this PR when you have a chance?

[thockin]

if we really want to fuzz this, we should do:

possible := []string{ api.ServiceAffinityNone, api.ServiceAffinityClientIP }
ss.SessionAffinity = possible[random % len(possible)]
switch ss.SessionAffinity {
case api.ServiceAffinityClientIP:
  ss.SessionAffinityConfig = new(api.SessionAffinityConfig)
  ss.SessionAffinityConfig.ClientIP = new(api.ClientIPConfig)
  ss.SessionAffinityConfig.ClientIP.TimeoutSeconds = random() % api.SessionAffinityMax
}

[m1093782566]

Thanks for your good example :)

[thockin]

Don't forget || obj.Spec.SessionAffinityConfig.ClientIP == nil || obj.Spec.SessionAffinityConfig.ClientIP.TimeoutSeconds == 0

[m1093782566]

Yes, I agree. But, do you mean obj.Spec.SessionAffinityConfig.ClientIP.TimeoutSeconds == nil?

TimeoutSeconds is *int32 type and we treat *TimeoutSeconds == 0 as an invalid value, ref: https://github.com/kubernetes/kubernetes/blob/master/pkg/api/validation/validation.go#L1913

[thockin]

also check for ServiceAffinityNone and set SessionAffinityConfig == nil ?

[m1093782566]

Currently, we will ignore SessionAffinityConfig when ServiceAffinityNone, but I am fine to check it :)

[thockin]

And update tests

[m1093782566]

@thockin

I pushed an update. PTAL.

[m1093782566]

/retest

[thockin]

/lgtm
/approve

[thockin]

/retest

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: m1093782566, thockin

Associated issue: 51499

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/api/OWNERS [thockin]
• pkg/master/OWNERS [thockin]
• pkg/proxy/OWNERS [thockin]
• staging/src/k8s.io/api/core/OWNERS [thockin]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[k8s-github-robot]

Automatic merge from submit-queue (batch tested with PRs 51819, 51706, 51761, 51818, 51500)