New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: Create dnsIP by selecting the tenth IP from k8s svc CIDR #51990
Conversation
/assign @krousey |
} | ||
dnsIP := svcIP.To4() | ||
dnsIP[3] += 9 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why adding 9
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to stick with dnsIP which is being assigned today.
Assuming that svcIP is 10.96.0.1 with the above logic the user will get dnsIP as 10.96.0.10. This is the same IP which a k8s user is getting today. Open for any other suggestion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@madhukar32 Well, I think this will result in a conflict. We cannot guarantee 10.96.0.10
has been reserved only for dnsIP
. It could be a svcIP
, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dixudx: Ok I am new to k8s so I might be completely wrong, please correct me.
We create this dnsIP in the above code(which is the svcIP for kube-dns svc) and then go and create the actual service here. After kube-dns svc is created it will be actually reserved for kube-dns svc only. Until and unless it is forcefully deleted. So we are pretty much reserving an IP today also isn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@madhukar32 Also this value will exceed 255
, right? What's more, dnsIP
consumes ip resources from service ip pool, which means we can only create half of services as before. This may cause big trouble for large cluster upgrading.
I think we'd better avoid such hard-coded way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dixudx: On the value, I have cross verified that it will not exceed 255 https://play.golang.org/p/KlUAsNrzFJhttps://play.golang.org/p/KlUAsNrzFJ
Just to clarify here, when I say dnsIP its the service clusterIP of kube-dns svc and it is suppose to be from service ip pool.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The 9th ip will only have the same behaviour when the service ip is .1 (but is most consistent this solution than the one we have now)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please use "k8s.io/kubernetes/pkg/registry/core/service/ipallocator".GetIndexedIP(svcSubnet, 10)
or similar for this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@luxas: Thanks! Thats a good idea, will update the commit
/ok-to-test |
/retest |
a6dd21b
to
f1f3416
Compare
f1f3416
to
4089eb0
Compare
/retest |
4089eb0
to
99e1697
Compare
@kubernetes/sig-cluster-lifecycle-pr-reviews /assign @luxas |
@madhukar32: Reiterating the mentions to trigger a notification: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add --service-subnet
to the kubeadm phase addons kube-dns
flag with this change...
99e1697
to
4e0424f
Compare
@luxas: 👍 Have added |
/retest |
0f5714e
to
54c882f
Compare
/retest |
@luxas: Could you please review this once again. Have added |
@madhukar32 Thanks for this PR! It will make the mandatory kubedns useful when using a custom service subnet. |
54c882f
to
dd529b2
Compare
dd529b2
to
63655b4
Compare
@luxas : Could you please review this |
CC @kubernetes/sig-cluster-lifecycle-pr-reviews |
@madhukar32: Reiterating the mentions to trigger a notification: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@madhukar32 If you rebase this PR I can look at it and approve it |
63655b4
to
2c8a42a
Compare
@luxas have rebased this PR. Could you please review now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @madhukar32!
This basically looks good to me, but please fix the small nit and add an unit test while you do improve the code here :)
func getDNSIP(client clientset.Interface) (net.IP, error) { | ||
k8ssvc, err := client.CoreV1().Services(metav1.NamespaceDefault).Get("kubernetes", metav1.GetOptions{}) | ||
// getDNSIP returns a dnsIP, which is 10th IP in svcSubnet CIDR range | ||
func getDNSIP(cfg *kubeadmapi.MasterConfiguration) (net.IP, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while you're here, please add an unit test for this function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and a nit: I'd prefer if you only passed serviceSubnet string
here, not the full cfg
object
2c8a42a
to
359d814
Compare
@luxas thanks for reviewing, have taken care of your comments. Could you please check now? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve no-issue
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: luxas, madhukar32 Associated issue: 51997 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
Creates dnsIP by selecting the ninth IP from k8s svc cluster IP, instead of appending 0 to the k8s svcIP string.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #51997Special notes for your reviewer:
This is helpful when we have service cluster range CIDR as 10.87.116.64/26 (for example), previously this would have failed while parsing the dnsIP, as we used to append a 0 to the k8s svc clusterIP string. This will get the same dnsIP 10.96.0.10 for very widely used service cluster range CIDR 10.96.0.0/12
Release note: