Reset attributes of endpoints correctly #107773
Conversation
k8s-ci-robot
added
kind/bug
|
Hi @haoruan. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: haoruan The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
sig/api-machinery
| @@ -257,7 +257,7 @@ func (c *Controller) UpdateKubernetesService(reconcile bool) error { | |||
| return err | |||
| } | |||
| endpointPorts := createEndpointPortSpec(c.PublicServicePort, "https", c.ExtraEndpointPorts) | |||
| if err := c.EndpointReconciler.ReconcileEndpoints(kubernetesServiceName, c.PublicIP, endpointPorts, reconcile); err != nil { | |||
| if err := c.EndpointReconciler.ReconcileEndpoints(kubernetesServiceName, c.PublicIP, endpointPorts, true); err != nil { | |||
There was a problem hiding this comment.
do we know why this was this way?
The comment in line 236 explains this is on purpose
// Service definition is not reconciled after first // run, ports and type will be corrected only during // start.
There was a problem hiding this comment.
anyway, if this has to change, I think that the right place is in Line239 or just removing the (reconcile bool) input variable.
There was a problem hiding this comment.
In that case, it will also impact master services in line 256:
if err := c.CreateOrUpdateMasterServiceIfNeeded(kubernetesServiceName, c.ServiceIP, servicePorts, serviceType, reconcile); err != nil {
but if it's safe, I agree, removing the bool variable is better.
There was a problem hiding this comment.
I think it was related to #15791 (comment)
There was a problem hiding this comment.
what does it look like to transition the extra ports setting on masters? do we want skewed masters with different settings dueling/churning setting/resetting these, or should the latest master started win?
|
my main concern, after reading the original PR, is that this was done this way in purpose @liggitt may remember the reason, but the issue referred in this PR seems legit If this moves forward, this will need a test verifying the issue referred so we don't regress |
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
|
This exhibits the same behavior as current endpoints generated by the endpoints controller, users with permission can modify endpoints (and they are not reconciled), if you have power permissions the system doesn't stop you to do "bad things" ( i.e. See related discussion here #98066 (comment) Moreover, Jordan comment is spot on #107773 (comment) , right now there is the convention that all apiserver have the same port, and this change will make impossible to move to extra ports in the future. In my opinion we should not modify this behavior |
What type of PR is this?
/kind bug
What this PR does / why we need it:
Reset ports of endpoints to correct values if it is changed to some nonsense that won't work.
Which issue(s) this PR fixes:
Fixes #104252
Special notes for your reviewer:
The master service ports and type are configurable since #15791, and will be corrected only during start, that's why the param is always false for UpdateKubernetesService.
But for endpoints, ports should be reset to correct value.
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: