New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Task tracker of IPVS beta #51602

Closed
m1093782566 opened this Issue Aug 30, 2017 · 17 comments

Comments

Projects
None yet
6 participants
@m1093782566
Member

m1093782566 commented Aug 30, 2017

There are some work to be done in the follow-up of #46580, that is, help IPVS existing alpha.

  • GCE CI failures(#54916)

  • cross-node visit NodePort (#53393)

  • hairpin issue (#53775)

  • Using ipset doing snat and packet filtering and reduce iptables call(#54203).

  • automatically load ip_vs_* kernel modules. (#51874, #52003)

  • creating e2e test suite for IPVS in upstream CI (#52834).

  • ip cmd -> netlink bind/unbind IP address to/from dummy device(#51686)

  • rsync to HEAD of iptables(#51682, #52014)

  • enable flush batch API(#52015)

  • Fix TODOs in codes (#52403)

  • Bug report (#51694, #52330)

  • Default sync period(#51777)

  • IPV6 support(#52935, #53120 and more...)

/cc @thockin @quinton-hoole @haibinxie

@FengyunPan

This comment has been minimized.

Show comment
Hide comment
@FengyunPan

FengyunPan commented Aug 30, 2017

/cc

@choury

This comment has been minimized.

Show comment
Hide comment
@choury

choury Aug 30, 2017

Contributor

ref cleanLegacyService
It will generate annoy error info If unbind multi-ports on one service .

Contributor

choury commented Aug 30, 2017

ref cleanLegacyService
It will generate annoy error info If unbind multi-ports on one service .

@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566

m1093782566 Aug 31, 2017

Member

@choury You're right. I think it's a nice finding. Can you fire a PR to fix it?

Member

m1093782566 commented Aug 31, 2017

@choury You're right. I think it's a nice finding. Can you fire a PR to fix it?

@choury

This comment has been minimized.

Show comment
Hide comment
@choury

choury Aug 31, 2017

Contributor

@m1093782566 Sure, I'll make it soon.

Contributor

choury commented Aug 31, 2017

@m1093782566 Sure, I'll make it soon.

@choury

This comment has been minimized.

Show comment
Hide comment
@choury

choury Aug 31, 2017

Contributor

I found it is treated as already bound if ip returned 2 in EnsureVirtualServerAddressBind, but ref to the manual and source code of ip , it just means an error was reported by the kernel, such as "Operation not permitted".
I prefer to use netlink instead of ip command to manage ip address.

Contributor

choury commented Aug 31, 2017

I found it is treated as already bound if ip returned 2 in EnsureVirtualServerAddressBind, but ref to the manual and source code of ip , it just means an error was reported by the kernel, such as "Operation not permitted".
I prefer to use netlink instead of ip command to manage ip address.

@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566

m1093782566 Aug 31, 2017

Member

I prefer to use netlink instead of ip command to manage ip address.

Actually, I have considered to use netlink before. I think what you said make sense, but can we discuss it in other thread? I mean, create a new issue and link it here? Thanks!

Member

m1093782566 commented Aug 31, 2017

I prefer to use netlink instead of ip command to manage ip address.

Actually, I have considered to use netlink before. I think what you said make sense, but can we discuss it in other thread? I mean, create a new issue and link it here? Thanks!

@choury

This comment has been minimized.

Show comment
Hide comment
@choury

choury Aug 31, 2017

Contributor

@m1093782566 I opened a issue #51694

Contributor

choury commented Aug 31, 2017

@m1093782566 I opened a issue #51694

@SEJeff

This comment has been minimized.

Show comment
Hide comment
@SEJeff

SEJeff Aug 31, 2017

Contributor

s/tracer/tracker/ on the subject @m1093782566 :)

Contributor

SEJeff commented Aug 31, 2017

s/tracer/tracker/ on the subject @m1093782566 :)

@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566

m1093782566 Aug 31, 2017

Member

OOPS... I will fix that typo. Thanks @SEJeff

Member

m1093782566 commented Aug 31, 2017

OOPS... I will fix that typo. Thanks @SEJeff

@m1093782566 m1093782566 changed the title from Task tracer of moving IPVS outside of alpha to Task tracker of moving IPVS outside of alpha Aug 31, 2017

@choury

This comment has been minimized.

Show comment
Hide comment
@choury

choury Sep 6, 2017

Contributor

Wish to use ipset to replace KUBE-MARK-MASQ chain.

Contributor

choury commented Sep 6, 2017

Wish to use ipset to replace KUBE-MARK-MASQ chain.

@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566

m1093782566 Oct 18, 2017

Member

Wish to use ipset to replace KUBE-MARK-MASQ chain.

I find it's a reasonable suggestion and am trying to make it workable...

Member

m1093782566 commented Oct 18, 2017

Wish to use ipset to replace KUBE-MARK-MASQ chain.

I find it's a reasonable suggestion and am trying to make it workable...

@Lion-Wei

This comment has been minimized.

Show comment
Hide comment
@Lion-Wei

Lion-Wei Oct 27, 2017

Contributor

There are to ways to add IPVS CI job:

  1. Use kubeadm, but kubeadm doesn't support any kube-proxy config right now, so I had this pr #53962 , and also, kubernetes-anywhere need support it too, see this pr: kubernetes/kubernetes-anywhere#464
  2. Use gce/kube-up.sh build cluster. See this pr: kubernetes/test-infra#5209

The second way is much easier and faster, but I was told they gonna deprecated the kube-up.sh, so in the long term, we still need kubeadm and kubernetes-anywhere's support.

If anybody have better way or have some suggestion about this, please let me know, I'll be really appreciate, Thanks.

Contributor

Lion-Wei commented Oct 27, 2017

There are to ways to add IPVS CI job:

  1. Use kubeadm, but kubeadm doesn't support any kube-proxy config right now, so I had this pr #53962 , and also, kubernetes-anywhere need support it too, see this pr: kubernetes/kubernetes-anywhere#464
  2. Use gce/kube-up.sh build cluster. See this pr: kubernetes/test-infra#5209

The second way is much easier and faster, but I was told they gonna deprecated the kube-up.sh, so in the long term, we still need kubeadm and kubernetes-anywhere's support.

If anybody have better way or have some suggestion about this, please let me know, I'll be really appreciate, Thanks.

@SEJeff

This comment has been minimized.

Show comment
Hide comment
@SEJeff

SEJeff Nov 5, 2017

Contributor

This one is done as both PRs are merged:

 automatically load ip_vs_* kernel modules. (#51874, #52003)
Contributor

SEJeff commented Nov 5, 2017

This one is done as both PRs are merged:

 automatically load ip_vs_* kernel modules. (#51874, #52003)
@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566
Member

m1093782566 commented Nov 5, 2017

@SEJeff ACK!

@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566

m1093782566 Nov 20, 2017

Member

/area ipvs

Member

m1093782566 commented Nov 20, 2017

/area ipvs

@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566

m1093782566 Nov 20, 2017

Member

We are almost reaching the beta, except GCE CI failures, see #54916

The failure is the case that, visiting Cluster IP from Pod A, and the backend Pod B is in the same host with the Pod A. Pod A failed to get response from Pod B until timeout.

I can reproduce the failures in my GCE cluster with kubent as network plugin, but it works fine in my local-up cluster and people has never reported the issue yet.

@Lion-Wei and I are digging...

Member

m1093782566 commented Nov 20, 2017

We are almost reaching the beta, except GCE CI failures, see #54916

The failure is the case that, visiting Cluster IP from Pod A, and the backend Pod B is in the same host with the Pod A. Pod A failed to get response from Pod B until timeout.

I can reproduce the failures in my GCE cluster with kubent as network plugin, but it works fine in my local-up cluster and people has never reported the issue yet.

@Lion-Wei and I are digging...

@m1093782566 m1093782566 changed the title from Task tracker of moving IPVS outside of alpha to Task tracker of IPVS beta Nov 30, 2017

@m1093782566

This comment has been minimized.

Show comment
Hide comment
@m1093782566

m1093782566 Nov 30, 2017

Member

IPVS CI is green now.

Member

m1093782566 commented Nov 30, 2017

IPVS CI is green now.

k8s-merge-robot added a commit that referenced this issue Dec 4, 2017

Merge pull request #56623 from m1093782566/ipvs-beta
Automatic merge from submit-queue (batch tested with PRs 52748, 56623). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Declare ipvs proxier beta in v1.9

**What this PR does / why we need it**:

This PR declares ipvs proxier beta - we have finished all tasks in IPVS proxier beta scope.

**Which issue(s) this PR fixes**:
Fixes #51602

**Special notes for your reviewer**:

**Release note**:

```release-note
Declare ipvs proxier beta
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment