Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Phase 2 dualstack #79386

Merged
merged 4 commits into from Aug 29, 2019

Conversation

@khenidak
Copy link
Contributor

commented Jun 25, 2019

What type of PR is this?

/kind api-change
/kind feature

What this PR does / why we need it:
Builds on #73977, phase two of https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/20180612-ipv4-ipv6-dual-stack.md (ALPHA).

Special notes for your reviewer:
Has to be merged on top of #73977

Does this PR introduce a user-facing change?:

+ to run:
Master: convert service CIDR to list  `--service-cluster-ip-range=<CIDR>,<CIDR>` and make sure `IPv6DualStack` feature flag is turned on. The flag is validated and used as the following:

1. `--service-cluster-ip-range[0]` is consider primary service range, and will be used for any service with `Service.Spec.IPFamily = nil` or any service in the at the time of turning on the feature flag.
2. A cluster can be dualstack (i.e. Pods and nodes carry dualstack IPs) but does not need to support ingress on dualstack. In this case the cluster can perform egress using `PodIPs` (according to family and binding selection in user code) but will ingress will only be performed against the pod primary IP. This can be configured by supplying single entry to `--service-cluster-ip-range` flag.
3. Maximum of two entries is allowed in `--service-cluster-ip-range` and they are validated to be dual stacked `i.e. --service-cluster-ip-range=<v4>,<v6> or --service-cluster-ip-range=<v6>,<v4>`  
4. Max 20 bit for range (min network bits `<v6>/108` or <v4>/12)

kube-controller-manager: convert service CIDR to list `--service-cluster-ip-range=<CIDR>,<CIDR>` and make sure `IPv6DualStack` feature flag is turned on. The flag is validated as above.

+ to use:
A new service spec field `Service.Spec.IPFamily` has been added. The default of this field is family of (first service cidr in --service-cluster-ip-range flag). The value is defaulted as described above  once the feature gate is turned on. Here are the possible values for this field:
2. IPv4: api-server will assign an IP from a `service-cluster-ip-range` that is `ipv4` (either the primary or the secondary, according to how they were configured).
2. IPv6: api-server will assign an IP from a `service-cluster-ip-range` that is `ipv6` (either the primary or the secondary, according to how they were configured).

Notes (v1.16):
1. IPVS is the only proxy supported (as of v1.16 ) by Dualstack.
2. Dualstack is mutually exclusive with `EndpointSlice` feature. They can not be turned on together.  `metaproxy` is yet to implement EndpointSlice handling.

note: Because ClusterIP field is immutable a change in Service.Spec.IPFamily is not allowed (because it triggers ClusterIP changes).

What is in the box?

  • Service processing: modified service ClusterIP assignment
  • Endpoint Processing: modified Endpoint selection (according to the family of ClusterIP)
  • node ipam filtering for secondary service CIDR range

Commit List (4 commits)

  • api type changes.
  • endpoint processing
  • node ipam filtering
  • generated items for the api changes.

Execution Plan

  • Service Type Changes
  • Service Processing (assigning IP according to family) Changes
  • Service -> Select endpoints matching only the IPFamily
  • (POSTPONED) Default service creation (Kubernetes default service for each family of ServiceCIDRs)
  • complete unit tests for pkg/registry/core/service/storage/rest_test.go
  • update EnsureLoadbalancer() to disable services not not within primary service IP range.
  • update node ipam to exclude secondary Service IP Ranges from assignable clusters cidrs.
  • kube-proxy changes (owned by @vllry)

@thockin @vllry

@kubernetes/sig-network-api-reviews

@vllry

This comment has been minimized.

Copy link
Contributor

commented Jun 25, 2019

/assign

@khenidak

This comment has been minimized.

Copy link
Contributor Author

commented Aug 24, 2019

/test pull-kubernetes-conformance-kind-ipv6

1 similar comment
@khenidak

This comment has been minimized.

Copy link
Contributor Author

commented Aug 26, 2019

/test pull-kubernetes-conformance-kind-ipv6

@aojea

This comment has been minimized.

Copy link
Contributor

commented Aug 26, 2019

@khenidak those DNS failures in the kind-ipv6 job probably are waiting for this fix #81750 , they may be unrelated

@khenidak khenidak force-pushed the khenidak:phase2-dualstack branch from a5bff05 to f68fa96 Aug 26, 2019
@khenidak

This comment has been minimized.

Copy link
Contributor Author

commented Aug 26, 2019

kind tests are failing because of #81750

@khenidak

This comment has been minimized.

Copy link
Contributor Author

commented Aug 26, 2019

/test pull-kubernetes-bazel-test

@lachie83

This comment has been minimized.

Copy link
Member

commented Aug 26, 2019

/milestone v1.16

@k8s-ci-robot k8s-ci-robot added this to the v1.16 milestone Aug 26, 2019
Copy link
Member

left a comment

/lgtm
/approve
/hold

Turning back to proxy PRs

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Aug 27, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: khenidak, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@khenidak khenidak referenced this pull request Aug 28, 2019
@khenidak khenidak force-pushed the khenidak:phase2-dualstack branch from f68fa96 to c27e0b0 Aug 28, 2019
@k8s-ci-robot k8s-ci-robot removed the lgtm label Aug 28, 2019
@thockin

This comment has been minimized.

Copy link
Member

commented Aug 28, 2019

Proxier PR is ready, removing hold

/remove hold

@thockin

This comment has been minimized.

Copy link
Member

commented Aug 28, 2019

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm label Aug 28, 2019
@khenidak

This comment has been minimized.

Copy link
Contributor Author

commented Aug 28, 2019

/test pull-kubernetes-kubemark-e2e-gce-big

@lachie83

This comment has been minimized.

Copy link
Member

commented Aug 28, 2019

/hold cancel

@k8s-ci-robot k8s-ci-robot merged commit 550fb1b into kubernetes:master Aug 29, 2019
24 checks passed
24 checks passed
cla/linuxfoundation khenidak authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-conformance-image-test Skipped.
pull-kubernetes-conformance-kind-ipv6 Job succeeded.
Details
pull-kubernetes-cross Skipped.
pull-kubernetes-dependencies Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-csi-serial Skipped.
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gce-iscsi Skipped.
pull-kubernetes-e2e-gce-iscsi-serial Skipped.
pull-kubernetes-e2e-gce-storage-slow Skipped.
pull-kubernetes-godeps Skipped.
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped.
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-node-e2e-containerd Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
pull-publishing-bot-validate Job succeeded.
Details
tide In merge pool.
Details
@wozniakjan wozniakjan referenced this pull request Aug 29, 2019
3 of 4 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.