-
Notifications
You must be signed in to change notification settings - Fork 38.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement ServiceSpec.AllocateLoadBalancerNodePorts #92744
Conversation
/cc @andrewsykim The |
/cc @rikatz Wanna take a look later :) |
Comment obsoleted by the bool -> *bool switch described below!The allocateLoadBalancerNodePorts field is visible in output from
But;
This service does not have allocateLoadBalancerNodePorts defined. @andrewsykim Is this something we can affect? Ideal would be that allocateLoadBalancerNodePorts:true will be hidden once "true" becomes the default. Then users not caring about the function would not even see it. |
|
Came across this, see the "Use pointers" comment; Seem to give you a 3-state var; true, false, unset. Would it be feasible to use a pointer in the ServiceSpec struct?
|
Tried it, works like a charm. I'll do the switch. This also allows the admission hook to be more intelligent; if unset, (nil) set a default, if set, leave it. |
/test pull-kubernetes-bazel-build |
/test pull-kubernetes-bazel-test |
I know that actually checking the flag shall not go into alpha according to the KEP but I could not resist commiting a very small update that seem to be sufficient;
In this case the I let the reviewers take a look and see if I have missed anything, and I can revert the commit if needed. |
/test pull-kubernetes-bazel-test |
Tests keep on failing. When searching for "allocateLoadBalancerNodePorts" in the
I suspect I have missed some file generation or that test-data must be updated. @andrewsykim Can you please have a look and see what I have missed? In previous failed test there was printouts liks "run; hack/..." which was very helpful. Thanks a lot to whoever added them. |
^ saw this in the logs and there's a hack script to update this |
/retest |
1 similar comment
/retest |
@@ -185,6 +185,11 @@ func dropServiceDisabledFields(newSvc *api.Service, oldSvc *api.Service) { | |||
ing.IPMode = nil | |||
} | |||
} | |||
|
|||
// Clear AllocateLoadBalancerNodePorts if ServiceLBNodePortControl if not enabled | |||
if !utilfeature.DefaultFeatureGate.Enabled(features.ServiceLBNodePortControl) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This check used to check for !allocateLoadBalancerNodePortsInUse
but it seems like we dropped it, was that intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, since the allocateLoadBalancerNodePorts must be nil if the feature-gate is not set. At least that's how I have understood it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
allocateLoadBalancerNodePorts must be nil if the feature-gate is not set
This and if an existing resource has the field already set. So this check should still check if oldSvc
was using this field, and if it was, don't drop it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah this needs to preserve the field if it was already set in oldSvc. The rationale is that a user might upgrade to 1.21, use the field, temporarily roll back to 1.20 (where it is gated) - the field value should be preserved so that when they roll forward it is still present.
If this is the only issue I will approve but we need a followup to fix this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re-skim: This will need a followup, still.
@@ -376,6 +389,11 @@ func dropTypeDependentFields(newSvc *api.Service, oldSvc *api.Service) { | |||
newSvc.Spec.HealthCheckNodePort = 0 | |||
} | |||
|
|||
// AllocateLoadBalancerNodePorts may only be set for type LoadBalancer | |||
if newSvc.Spec.Type != api.ServiceTypeLoadBalancer { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think here we also need to check whether allocatedLoadBalancerNodePorts
was trying to be set by oldSvc
, otherwise this wouldn't fail validation checks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So something like
// If a user is switching to a type that doesn't need allocatedLoadBalancerNodePorts AND they did not change
// this field, it is safe to drop it.
if oldSvc.Spec.Type == api.ServiceTypeLoadBalancer && newSvc.Spec.Type != api.ServiceTypeLoadBalancer {
if oldSvc.Spec.AllocateLoadBalancerNodePorts == newSvc.Spec.AllocatedLoadBalancerNodePorts {
newSvc.Spec.AllocateLoadBalancerNodePorts = nil
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we also add a test case for this in TestDropTypeDependentFields?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why all the extra checks? If type != LoadBalancer the AllocateLoadBalancerNodePorts must be nil no matter what.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also find the conditions hard to follow. If the type is changed from LoadBalancer but newSvc sets AllocateLoadBalancerNodePorts to true or false it will remain != nil?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not a very common scenario, but I think this is covering the case where a user changes from Type=LoadBalancer to Type=NodePort (or others) AND tries to toggle allocateLoadBalancerNodePorts
in the same request. That should fail validation since allocateLoadBalancerNodePorts
is only relevant for Type=LoadBalancer. If we always drop based on type, that request would silently pass with allocateLoadBalancerNodePorts
being dropped, which is not what the user intended.
In other words, we should only drop the field if the type changed from LoadBalancer
-> NodePorts
(or others) AND allocateLoadBalancerNodePorts
did not change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we only want to auto-clear fields if we don't need it AND the user is not trying to change it. If they are trying to change it then we should let validation fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as above, followup needed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The 2 comments I have can be a followup.
/lgtm
/approve
@@ -185,6 +185,11 @@ func dropServiceDisabledFields(newSvc *api.Service, oldSvc *api.Service) { | |||
ing.IPMode = nil | |||
} | |||
} | |||
|
|||
// Clear AllocateLoadBalancerNodePorts if ServiceLBNodePortControl if not enabled | |||
if !utilfeature.DefaultFeatureGate.Enabled(features.ServiceLBNodePortControl) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah this needs to preserve the field if it was already set in oldSvc. The rationale is that a user might upgrade to 1.21, use the field, temporarily roll back to 1.20 (where it is gated) - the field value should be preserved so that when they roll forward it is still present.
If this is the only issue I will approve but we need a followup to fix this
@@ -376,6 +389,11 @@ func dropTypeDependentFields(newSvc *api.Service, oldSvc *api.Service) { | |||
newSvc.Spec.HealthCheckNodePort = 0 | |||
} | |||
|
|||
// AllocateLoadBalancerNodePorts may only be set for type LoadBalancer | |||
if newSvc.Spec.Type != api.ServiceTypeLoadBalancer { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we only want to auto-clear fields if we don't need it AND the user is not trying to change it. If they are trying to change it then we should let validation fail.
uggh, needs rebase but is otherwise approved |
As per: kubernetes/enhancements#1864 (comment) Please get this rebased and re-LGTM ASAP Thanks! |
a396ec0
to
8fca0f9
Compare
/retest |
@andrewsykim @thockin Thanks for your guidance and patiance in my first API update 👍 I hope this will be the last update in this PR. I will immediate create a new PR for the followup's when it's merged. I have rebased, but not updated the review items since;
I have (temporary) removed the unused function |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Summarizing some of the follow-up items in case they were lost in review:
- CreateStrategy shouldn't drop
spec.allocateLoadBalancerNodePorts
if an exisitng Service was using it - dropTypeDependentFields should check if
spec.allocateLoadBalancerNodePorts
is changing when the service type also changes - unit tests for dropTypeDependentFields when type changes from LoadBalancer to something else.
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: thockin, uablrek The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
/sig network
What this PR does / why we need it:
Implements KEP 1864-disable-lb-node-ports
Which issue(s) this PR fixes:
Special notes for your reviewer:
NOTE; This is a Work In Progress and shall not be merged (yet).
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: