proxy/userspace: respect minSyncInterval #71735
Conversation
k8s-ci-robot
added
release-note
dcbw
force-pushed
the
userspace-proxy-ratelimiting
branch
2 times, most recently
from
2cfe08c
to
d3ef149
Compare
|
/priority important-soon |
k8s-ci-robot
added
priority/important-soon
|
/assign @thockin |
dcbw
force-pushed
the
userspace-proxy-ratelimiting
branch
from
d3ef149
to
9954110
Compare
|
/test pull-kubernetes-e2e-kops-aws |
|
/test pull-kubernetes-kubemark-e2e-gce-big |
dcbw
force-pushed
the
userspace-proxy-ratelimiting
branch
from
9954110
to
6397110
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/retest |
There was a problem hiding this comment.
IMO this code is as dead as it could be. The only significant user is OpenShift as far as I know. I'd rather never touch it again, but I know that is not realistic.
Also, it seems like maybe this could be broken into a couple commits for easier review?
I raised some questions about this design, but I think you should add yourselves as approvers in OWNERS for this subdir. If it evolves, I will lose context on the impl. I don't think it is covered by e2e, either (more argument for breaking it to a separate repo and having its own e2e tests)
dcbw
force-pushed
the
userspace-proxy-ratelimiting
branch
from
6397110
to
7bcade9
Compare
k8s-ci-robot
removed
the
lgtm
@thockin broken into two commits; second commit is largely testcase updates. |
|
@thockin I've split out as many things into individual commits as I think I can; let me know if you want me to try splitting "proxy: consolidate ServicesHandler/EndpointsHandler into ProxyProvider" though. Otherwise, PTAL thanks! |
dcbw
force-pushed
the
userspace-proxy-ratelimiting
branch
from
9e2728b
to
2a42fac
Compare
|
@danwinship could you do another review too? Thanks! |
|
@JacobTanenbaum also might be of interest to you since you're looking at the proxy these days. |
k8s-ci-robot
added
the
needs-rebase
Proxies should be able to cleanly figure out when endpoints have been synced, so make all ProxyProviders also implement EndpointsHandler and pass those through to loadbalancers when required.
If a testcase does time out and 'go test' prints the call stack, make sure everything from previous tests is cleaned up so the call stack is easier to understand.
We'll use this shortly to prevent premature syncing before all initial endpoints and services have been received from the apiserver.
Keeps things consistent with iptables/IPVS proxies. Proxies don't handle ServiceTypeExternalName even if the ClusterIP is set.
dcbw
force-pushed
the
userspace-proxy-ratelimiting
branch
from
2a42fac
to
9a8e4d3
Compare
|
@danwinship @thockin I believe I've addressed all comments. PTAL thanks! |
The userspace proxy does not have any ratelimiting and when many services are used will hammer iptables every time a service or endpoint change occurs. Instead build up a map of changed services and process all those changes at once instead of each time an event comes in. This also ensures that no long-running processing happens in the same call chain as the OnService* calls as this blocks other handlers attached to the proxy's parent ServiceConfig object for long periods of time. Locking can also now be simplified as the only accesses to the proxy's serviceMap happen from syncProxyRules(). So instead of locking in many functions just lock once in syncProxyRules() like the other proxies do. https://bugzilla.redhat.com/show_bug.cgi?id=1590589 https://bugzilla.redhat.com/show_bug.cgi?id=1689690
dcbw
force-pushed
the
userspace-proxy-ratelimiting
branch
from
9a8e4d3
to
cc2b31a
Compare
k8s-ci-robot
removed
the
needs-rebase
|
@dcbw: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
@thockin PTAL thanks! |
Per recommendation of @thockin: kubernetes#71735 (review) --- IMO this code is as dead as it could be. The only significant user is OpenShift as far as I know. I'd rather never touch it again, but I know that is not realistic. Also, it seems like maybe this could be broken into a couple commits for easier review? I raised some questions about this design, but I think you should add yourselves as approvers in OWNERS for this subdir. If it evolves, I will lose context on the impl. I don't think it is covered by e2e, either (more argument for breaking it to a separate repo and having its own e2e tests) ---
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dcbw, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
@thockin thanks Tim! |
The userspace proxy does not have any ratelimiting and when many
services are used will hammer iptables every time a service or
endpoint change occurs.
https://bugzilla.redhat.com/show_bug.cgi?id=1590589
/kind bug
/sig network