New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate kube-proxy options #53780
Validate kube-proxy options #53780
Conversation
/sig network /area kube-proxy |
pkg/apis/componentconfig/types.go
Outdated
// the system's kernel or iptables versions are insufficient, this always falls back to the | ||
// userspace proxy. | ||
type ProxyMode string | ||
|
||
const ( | ||
ProxyModeUserspace ProxyMode = "userspace" | ||
ProxyModeIPTables ProxyMode = "iptables" | ||
ProxyModeIPVS ProxyMode = "ipvs" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For your reference, #53860 also add IPVS and Kernelspace.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. validate ipvs scheduler **What this PR does / why we need it**: validate ipvs scheduler options **Which issue this PR fixes**: closes #53975 **Special notes for your reviewer**: It depends on work of #53780. **Release note**: ```release-note NONE ``` /sig network /area kube-proxy
30f94f9
to
84fbc3b
Compare
84fbc3b
to
9bb7eb3
Compare
/retest |
9bb7eb3
to
95a0263
Compare
/cc @xiangpengzhao for review :) |
@m1093782566 so sorry for not noticing this PR when I trying to improve test coverage for kube-proxy validation in #54848. For the IPVS part, this PR is more reasonable than that one. |
Never mind. I think you did good job :) |
95a0263
to
35ef9a5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just two nits. otherwise LGTM.
} | ||
} | ||
|
||
func TestValidateKubeProxyIPVSScheduler(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test case can be removed here since it's already added in #54848 :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem.
cmd/kube-proxy/app/validation.go
Outdated
allErrs = append(allErrs, field.Invalid(fldPath.Child("SyncPeriod"), config.SyncPeriod, "must be greater than 0")) | ||
} | ||
|
||
if config.MinSyncPeriod.Duration < 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to check if MinSyncPeriod > SyncPeriod ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a nice finding!
I think we can check MinSyncPeriod > SyncPeriod
in validation although currently it's already checked in proxier.go. Let's change it to see if anyone object to it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
although currently it's already checked in proxier.go
IMO, it's better validating earlier than later :)
35ef9a5
to
2ad7efe
Compare
Comments are fixed now, PTAL. Thanks! |
cmd/kube-proxy/app/validation.go
Outdated
@@ -87,6 +87,30 @@ func validateKubeProxyIPTablesConfiguration(config componentconfig.KubeProxyIPTa | |||
allErrs = append(allErrs, field.Invalid(fldPath.Child("MinSyncPeriod"), config.MinSyncPeriod, "must be greater than or equal to 0")) | |||
} | |||
|
|||
if config.MinSyncPeriod.Duration > config.SyncPeriod.Duration { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why checking this both here and L108?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's an interesting finding :)
Because both iptables and ipvs proxy has the SyncPeriod
and MinSyncPeriod
- they don't share the same SyncPeriod
and MinSyncPeriod
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to validate them both in iptables and ipvs mode.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool! I didn't notice this :)
2ad7efe
to
8cab993
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please fix the dup code caused by rebase.
pkg/apis/componentconfig/types.go
Outdated
@@ -20,6 +20,191 @@ import ( | |||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | |||
) | |||
|
|||
// ClientConnectionConfiguration contains details for constructing a client. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should be removed from this file as #53645 is merged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. Thanks!
@@ -163,6 +163,7 @@ const ( | |||
ProxyModeUserspace ProxyMode = "userspace" | |||
ProxyModeIPTables ProxyMode = "iptables" | |||
ProxyModeIPVS ProxyMode = "ipvs" | |||
ProxyModeIPVS ProxyMode = "ipvs" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dup of L165
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice catch! Done.
8cab993
to
6f57ebb
Compare
CI is still unhappy due to
I guess this is also introduced by rebase. Sorry for the pain caused by #53645. It hurts a lot of PRs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just a nit now.
return allErrs | ||
} | ||
|
||
func validateKubeProxyIPVSConfiguration(config componentconfig.KubeProxyIPVSConfiguration, fldPath *field.Path) field.ErrorList { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/componentconfig/kubeproxyconfig
and other places it appears.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure.
6f57ebb
to
c7071ed
Compare
CI is happy now :) |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: m1093782566, thockin Associated issue: 53852 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/retest |
1 similar comment
/retest |
/retest Review the full test history for this PR. |
/test all [submit-queue is verifying that this PR is safe to merge] |
@m1093782566: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Automatic merge from submit-queue (batch tested with PRs 53780, 55663, 55321, 52421, 55659). If you want to cherry-pick this change to another branch, please follow the instructions here. |
What this PR does / why we need it:
Validate ipvs proxy options
Which issue this PR fixes : fixes #53852
Special notes for your reviewer:
Release note: