New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kube-proxy: Fix bug in rejecting 0 endpoint svc #72534

Merged
merged 5 commits into from Jan 15, 2019

Conversation

@thockin
Copy link
Member

thockin commented Jan 3, 2019

/kind bug

What this PR does / why we need it:

As cited in #20767 (thanks @vllry), we do not REJECT when we should (I think).

Which issue(s) this PR fixes:

xref #20767
xref #19576

Special notes for your reviewer:

I can't find any reasons NOT to do this, butthat doesn't mean they don't exist.


Connections from Pods to Services with 0 endpoints will now ICMP reject immediately, rather than blackhole and timeout.

@m1093782566 Please cross-check with IPVS mode for similar changes?

thockin added some commits Jan 3, 2019

kube-proxy: reject 0 endpoints on forward
Previously we only REJECTed on OUTPUT which works for packets from the
node but not for packets from pods on the node.
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Jan 3, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@thockin

This comment has been minimized.

Copy link
Member Author

thockin commented Jan 3, 2019

/retest

@m1093782566

This comment has been minimized.

Copy link
Member

m1093782566 commented Jan 4, 2019

Okay, thanks @thockin

@m1093782566

This comment has been minimized.

Copy link
Member

m1093782566 commented Jan 4, 2019

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm label Jan 4, 2019

@rramkumar1

This comment has been minimized.

Copy link
Member

rramkumar1 commented Jan 4, 2019

/lgtm
/hold
@m1093782566 Can you verify whether an IPVS PR is needed here? I would like to make sure that if we need an IPVS PR that it is at least LGTM'd before pushing this one through (so we stay in sync).

@dcbw

dcbw approved these changes Jan 4, 2019

Copy link
Member

dcbw left a comment

/lgtm

Might solve some problems we've seen too...

@thockin

This comment has been minimized.

Copy link
Member Author

thockin commented Jan 14, 2019

@m1093782566

This comment has been minimized.

Copy link
Member

m1093782566 commented Jan 15, 2019

@thockin

From my test, there is no such issue in IPVS mode, xref:

#20767 (comment)

@rramkumar1 I think we can let this PR in now.

/hold cancel

@m1093782566

This comment has been minimized.

Copy link
Member

m1093782566 commented Jan 15, 2019

/test pull-kubernetes-integration

@fejta-bot

This comment has been minimized.

Copy link

fejta-bot commented Jan 15, 2019

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit fc28264 into kubernetes:master Jan 15, 2019

19 checks passed

cla/linuxfoundation thockin authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-e2e-kubeadm-gce Skipped
pull-kubernetes-godeps Skipped
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped
pull-kubernetes-local-e2e-containerized Skipped
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
tide In merge pool.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment