Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "kube-proxy: check KUBE-MARK-DROP" #85527

Merged
merged 1 commit into from Nov 23, 2019
Merged

Conversation

@aojea
Copy link
Member

aojea commented Nov 22, 2019

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:

/kind api-change

/kind bug

/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:

This reverts commit 1ca0ffe.

kube-proxy is not recreating the rules associated to the
KUBE-MARK-DROP chain, that is created by the kubelet.

Is preferrable to avoid the dependency between the kubelet and
kube-proxy, so each of them handles their own rules.

Which issue(s) this PR fixes:

Fixes #85414

Special notes for your reviewer:

This is only needed for kube-proxy operating in dual-stack with iptables, and that PR wasn't merged.
Also, there is a discussion about this topic with a better solution than this
#82125 (comment)

Does this PR introduce a user-facing change?:

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:


This reverts commit 1ca0ffe.

kube-proxy is not recreating the rules associated to the
KUBE-MARK-DROP chain, that is created by the kubelet.

Is preferrable avoid the dependency between the kubelet and
kube-proxy and that each of them handle their own rules.
@aojea

This comment has been minimized.

Copy link
Member Author

aojea commented Nov 22, 2019

/assign @danwinship @thockin

my apologies for introducing this bug
/sig network

@aojea

This comment has been minimized.

Copy link
Member Author

aojea commented Nov 22, 2019

/priority critical-urgent
/milestone v1.17

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Nov 22, 2019

@aojea: You must be a member of the kubernetes/milestone-maintainers GitHub team to set the milestone. If you believe you should be able to issue the /milestone command, please contact your and have them propose you as an additional delegate for this responsibility.

In response to this:

/priority critical-urgent
/milestone v1.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@danwinship

This comment has been minimized.

Copy link
Contributor

danwinship commented Nov 23, 2019

Ugh, yeah, it looks like every time the proxier syncs, it deletes the contents of kubelet's KUBE-MARK-DROP chain. That's bad. (The fact that we apparently have no tests that KUBE-MARK-DROP is working correctly is also bad.)

So this fix is correct, and removing it won't break anything (because it was only half of the fix anyway) and this is absolutely needed for 1.17, beyond just fixing the flaky test.

/lgtm
/approve

(I don't have milestone bits either but @thockin should notice this when he gets back to work. Or it looks like @khenidak could set the milestone.)

@k8s-ci-robot k8s-ci-robot added the lgtm label Nov 23, 2019
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Nov 23, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea, danwinship

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dims

This comment has been minimized.

Copy link
Member

dims commented Nov 23, 2019

/milestone v1.17

@danwinship

This comment has been minimized.

Copy link
Contributor

danwinship commented Nov 23, 2019

(The fact that we apparently have no tests that KUBE-MARK-DROP is working correctly is also bad.)

#85572

@aojea

This comment has been minimized.

Copy link
Member Author

aojea commented Nov 23, 2019

/test pull-kubernetes-e2e-gce
timed out 🤔

@aojea

This comment has been minimized.

Copy link
Member Author

aojea commented Nov 23, 2019

/test pull-kubernetes-e2e-gce
Failed test
k8s.io] Pods should support pod readiness gates [NodeFeature:PodReadinessGate

@k8s-ci-robot k8s-ci-robot merged commit 459b1d7 into kubernetes:master Nov 23, 2019
14 of 15 checks passed
14 of 15 checks passed
tide Not mergeable. Retesting: pull-kubernetes-e2e-gce-100-performance
Details
cla/linuxfoundation aojea authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-dependencies Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-kind Job succeeded.
Details
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-node-e2e-containerd Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
@k8s-ci-robot k8s-ci-robot modified the milestones: v1.17, v1.18 Nov 23, 2019
k8s-ci-robot added a commit that referenced this pull request Nov 24, 2019
…upstream-release-1.17

Automated cherry pick of #85527: Revert "kube-proxy: check KUBE-MARK-DROP"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.