kubelet: get IP based on service network IP mode for dual-stack support. #70659
Conversation
|
@pmichali: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
do-not-merge/work-in-progress
|
Hi @pmichali. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
area/kubeadm
area/kubelet
sig/cluster-lifecycle
|
Commit message for this change... |
|
NOTE: this is WIP because regression was found in etcd for IPv6 clusters and this commit includes the cherry picked fix under PR 70633. Once that is merged, a rebase can be done for this commit. |
| if err != nil { | ||
| return nil, err | ||
| addrType := preferredFamily() | ||
| if addrType != "" { |
There was a problem hiding this comment.
Will address when I rebase.
There was a problem hiding this comment.
this whitespace issue seems to be present still.
There was a problem hiding this comment.
Sorry, I missed it. Had spaces vs tab, so it looked fine in my editor. Will be in next patch.
cmd/kubeadm/app/phases/etcd/local.go
Outdated
| @@ -90,7 +92,7 @@ func CreateStackedEtcdStaticPodManifestFile(client clientset.Interface, manifest | |||
| } | |||
|
|
|||
| // notifies the other members of the etcd cluster about the joining member | |||
| etcdPeerAddress := fmt.Sprintf("https://%s:%d", cfg.APIEndpoint.AdvertiseAddress, kubeadmconstants.EtcdListenPeerPort) | |||
| etcdPeerAddress := fmt.Sprintf("https://%s", net.JoinHostPort(cfg.APIEndpoint.AdvertiseAddress, strconv.Itoa(kubeadmconstants.EtcdListenPeerPort))) | |||
There was a problem hiding this comment.
https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/phases/etcd/local_test.go
would need some updates too?
There was a problem hiding this comment.
This and the following change are part of the PR 70633 commit (a fix to a regression) that this PR needs. Mention has been made on that PR to add UT changes. When it is merged, I'll rebase to pickup the latest.
| @@ -282,7 +284,7 @@ func performEtcdStaticPodUpgrade(client clientset.Interface, waiter apiclient.Wa | |||
| if err != nil { | |||
| return true, errors.Wrap(err, "failed to retrieve the current etcd version") | |||
| } | |||
| currentEtcdVersionStr, ok := currentEtcdVersions[fmt.Sprintf("https://%s:%d", cfg.APIEndpoint.AdvertiseAddress, constants.EtcdListenClientPort)] | |||
| currentEtcdVersionStr, ok := currentEtcdVersions[fmt.Sprintf("https://%s", net.JoinHostPort(cfg.APIEndpoint.AdvertiseAddress, strconv.Itoa(constants.EtcdListenClientPort)))] | |||
There was a problem hiding this comment.
https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/phases/upgrade/staticpods_test.go
would need dual stack coverage too.
k8s-ci-robot
added
priority/important-longterm
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
pmichali
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: pmichali If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Updated commit, removing dependent changes from PR #70633, which has since merged. This is ready for review. Two questions... This uses the DNS_SVC_IP environment variable, which was introduced with IPv6 only capability previously, to determine if the IPv4 or IPv6 address is used for pod. If not specified, it will default back to trying to find the IPv4 address on the pod first, and then trying to find the IPv6 address. Would the requirement of this environment variable constitute a "user facing" change? If not, how do I remove the release note label? I accidentally deleted the text that is used to trigger this label, and only have the text "NONE", and I don't remember what the syntax is supposed to be. |
|
/assign @dchen1107 |
|
Reviewers, PTAL, and let me know about the release note question I posed. Thanks! |
|
@neolit123 Can you take a look at the latest changes? This is ready for review. Thanks! |
| glog.V(3).Infof("DNS Service IP is %s", dnsServiceIP) | ||
| dnsIP := net.ParseIP(dnsServiceIP) | ||
| if dnsIP == nil { | ||
| glog.Warningf("Unable to parse DNS_SVC_IP (%s) to determine preferred family", dnsServiceIP) |
There was a problem hiding this comment.
i think it make sense to indicate that the fall back here is to -4.
simplest way is to use a goto to a label before:
fallback:
glog.V(3).Infof("Using IPv4.....
yet i see that goto is not that widely used in the project.
There was a problem hiding this comment.
I'm changing the wording of the message. Let me know if that is OK.
| if err != nil { | ||
| return nil, err | ||
| addrType := preferredFamily() | ||
| if addrType != "" { |
There was a problem hiding this comment.
this whitespace issue seems to be present still.
k8s-ci-robot
added
ok-to-test
|
also please add a release note as per the PR template: |
|
/remove-area kubeadm |
| glog.V(3).Infof("DNS Service IP is %s", dnsServiceIP) | ||
| dnsIP := net.ParseIP(dnsServiceIP) | ||
| if dnsIP == nil { | ||
| glog.Warningf("Unable to parse DNS_SVC_IP (%s) to determine preferred family", dnsServiceIP) |
There was a problem hiding this comment.
I'm changing the wording of the message. Let me know if that is OK.
| if err != nil { | ||
| return nil, err | ||
| addrType := preferredFamily() | ||
| if addrType != "" { |
There was a problem hiding this comment.
Sorry, I missed it. Had spaces vs tab, so it looked fine in my editor. Will be in next patch.
|
@neolit123 Thanks for looking. I was wondering if a release note is needed for this change. See my post 5 days ago... I'm thinking not, but need guidance here. |
In GetPodIP, the kubelet code attempts to get the IPv4 address for the pod, and if that fails, tries to get the IPv6 address. That works fine for IPv4 only and IPv6 only mode, but not for dual-stack, where each pod will have both addresses. In addition, since dual-stack will support only a single (selectable) family for services, we need to also ensure that kubelet is using the same family, when getting the IP. One way to do that is to request the IP, based on the family used for services. With the previous introduction of IPv6 only mode, a DNS_SVC_IP environment variable was defined, so that DNS used an IP that was in the family for services. The variable can be provided to the kubelet, via a drop-in file, as is done for kubeadm-dind-cluster. This change makes use of that information, reading the variable, and, if set, will use the same family as the DNS IP in the request to obtain the pod IP. Otherwise, it will fall back on trying to get the IPv4 address, and then trying to get the IPv6 address, if no IPv4 address is available (to support backward compatibility). Fixes Issue: kubernetes#70653 /area ipv6 /sig network
|
/test pull-kubernetes-local-e2e-containerized |
|
@freehan @dchen1107 Can you PTAL at this kubelet change? Also, regarding my question above, is a release note needed? If so, I could use a bit of guidance on the wording. If not, how do I remote the release note label? |
|
@thockin could you help getting some eyes on this. I'm running out of time to be able to work on getting this merged (taking on new position at work with limited upstream involvement). Thanks! |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Still an issue on 1.14 /reopen |
|
@internetionals: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Allows kubelet to obtain the correct IP from pods, when operating in dual-stack mode.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #70653
Special notes for your reviewer:
Intent of this is to allow IPv4 only and IPv6 only to work as they do today, but adapt kubelet for when running in dual-stack cluster.
Does this PR introduce a user-facing change?:
NONE
/area ipv6
/sig network