Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #80942: Fix a bug in the IPVS proxier where virtual servers are not #81482

Merged
merged 1 commit into from Aug 20, 2019
Merged

Automated cherry pick of #80942: Fix a bug in the IPVS proxier where virtual servers are not #81482

merged 1 commit into from Aug 20, 2019

Conversation

andrewsykim
Copy link
Member

Cherry pick of #80942 on release-1.14.

#80942: Fix a bug in the IPVS proxier where virtual servers are not

@andrewsykim
Fix a bug in the IPVS proxier where virtual servers are not cleaned u…
c92ecef 
…p even though the corresponding Service object was deleted.
@k8s-ci-robot k8s-ci-robot added this to the v1.14 milestone Aug 15, 2019
@k8s-ci-robot k8s-ci-robot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Aug 15, 2019
@k8s-ci-robot k8s-ci-robot added sig/network Categorizes an issue or PR as relevant to SIG Network. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Aug 15, 2019
@andrewsykim
Copy link
Member Author

/retest

@andrewsykim
Copy link
Member Author

There's more context in #80942, but adding some here for reviewers:

A few releases ago the IPVS proxy added graceful termination support, mainly because removing an IPVS backend also deletes all of it's connections, unlike the iptables proxy which persists the connection even after the endpoint is removed.

This mainly fixes a bug where we don't trigger graceful termination for a deleted Service if it has real servers and as a result, the Service can never be deleted. The following check was problematic and removed as part of this PR:

// If we still have real servers graceful termination is not done
if len(rsList) > 0 {
    continue
}

When reviewing the PR though, we realized that there's no need to trigger graceful termination at all if a Service is deleted. At that point we shouldn't care about connections terminating and only attempt graceful termination if a backend is removed for an existing Service and so we updated the PR to ignore graceful termination on Service deletion entirely.

It's worth calling out that graceful termination on Service deletion was initially added because IPVS with sysctl expire_nodest_conn=0 will silently drop packets of a destination server that is no longer available, so pods would persist connections to a deleted Service. Because in #71834 we set expire_nodest_conn=1, we don't have to worry about the kernel silently dropping packets for removed backends and we can immediately remove a virtual server along with it's real servers immediately when a Service is deleted.

@lbernail please add more if I missed anything.

/assign @thockin @lbernail @m1093782566

@andrewsykim
Copy link
Member Author

/assign @thockin

@lbernail
Copy link
Contributor

/lgtm
/retest

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 15, 2019
@tpepper
Copy link
Member

tpepper commented Aug 16, 2019

/kind bug
/priority important-soon
from parent PR

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Aug 16, 2019
@thockin
Copy link
Member

thockin commented Aug 16, 2019

Thanks!

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andrewsykim, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 16, 2019
@feiskyer feiskyer added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Aug 20, 2019
@k8s-ci-robot k8s-ci-robot merged commit 57353f7 into kubernetes:release-1.14 Aug 20, 2019
@andrewsykim andrewsykim mentioned this pull request Aug 26, 2019
Closed
@gongguan gongguan mentioned this pull request Mar 18, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns

@Lion-Wei Lion-Wei Awaiting requested review from Lion-Wei

Assignees

@lbernail lbernail

@thockin thockin

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/network Categorizes an issue or PR as relevant to SIG Network. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.14
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@andrewsykim @lbernail @tpepper @thockin @k8s-ci-robot @feiskyer