Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle Empty clusterCIDR #36833

Merged
merged 1 commit into from
Nov 16, 2016
Merged

Handle Empty clusterCIDR #36833

merged 1 commit into from
Nov 16, 2016

Conversation

mandarjog
Copy link
Contributor

@mandarjog mandarjog commented Nov 15, 2016
edited by k8s-oncall

What this PR does / why we need it:
Handles empty clusterCIDR by skipping the corresponding rule.

Which issue this PR fixes
fixes #36652

Special notes for your reviewer:

  1. Added test to check for presence/absence of XLB to SVC rule
  2. Changed an error statement to log rules along with the error string in case of a failure; This ensures that full debug info is available in case of iptables-restore errors.

Empty clusterCIDR causes invalid rules generation.
Fixes issue #36652

This change is Reviewable

@k8s-ci-robot
Copy link
Contributor

Can a kubernetes member verify that this patch is reasonable to test? If so, please reply with "@k8s-bot ok to test" on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands will still work. Regular contributors should join the org to skip this step.

If you have questions or suggestions related to this bot's behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Nov 15, 2016
bprashanth
bprashanth reviewed Nov 15, 2016
View reviewed changes
Copy link
Contributor

@bprashanth bprashanth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't you mention that you were writing an e2e for this (iptables-restore --test)? or do you want to send a follow up, or file a bug and we'll add it sometime since it sounds useful to detect a bad configuration and explicitly warn

pkg/proxy/iptables/proxier_test.go
onlyLocalNodePorts(t, fp, ipt, true)
}

func onlyLocalNodePorts(t *testing.T, fp *Proxier, ipt *iptablestest.FakeIPTables, shouldLBTOSVCRuleExist bool) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you just check the fp.clusterCIDR and get rid of the last bool arg?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@bprashanth bprashanth self-assigned this Nov 15, 2016
@bprashanth bprashanth added this to the v1.5 milestone Nov 15, 2016
@bprashanth bprashanth added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Nov 15, 2016
@mandarjog
Copy link
Contributor Author

I will open an issue and handle it there separately.

I started it but realized it is more work than I thought.

Regards,
Sent from my Ericsson Blaze

Mandar U Jog

On Nov 15, 2016, at 12:04 PM, Prashanth B notifications@github.com wrote:

@bprashanth commented on this pull request.

Didn't you mention that you were writing an e2e for this (iptables-restore --test)? or do you want to send a follow up, or file a bug and we'll add it sometime since it sounds useful to detect a bad configuration and explicitly warn

In pkg/proxy/iptables/proxier_test.go:

func TestOnlyLocalNodePorts(t *testing.T) {
ipt := iptablestest.NewFake()
fp := NewFakeProxier(ipt)

  • onlyLocalNodePorts(t, fp, ipt, true)
    +}
    +
    +func onlyLocalNodePorts(t *testing.T, fp *Proxier, ipt *iptablestest.FakeIPTables, shouldLBTOSVCRuleExist bool) {
    can you just check the fp.clusterCIDR and get rid of the last bool arg?


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@mandarjog
Handle Empty clusterCIDR
3fdc343 
Empty clusterCIDR causes invalid rules generation.
Fixes issue kubernetes#36652
@bprashanth
Copy link
Contributor

LGTM thanks

@bprashanth bprashanth added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 16, 2016
@mandarjog
Copy link
Contributor Author

@bprashanth Thanks, Tests passed.

@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 3d64d91 into kubernetes:master Nov 16, 2016
@mandarjog mandarjog deleted the issue_36652 branch November 16, 2016 23:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bprashanth bprashanth bprashanth left review comments

Assignees

@bprashanth bprashanth

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.5
Development

Successfully merging this pull request may close these issues.

kube-proxy cannot set iptables rules for services
5 participants
@mandarjog @k8s-ci-robot @bprashanth @k8s-github-robot @googlebot