-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix destination return expired ip when endpoints in namespace kube-system #4055 #4133
Conversation
…stem linkerd#4055 Signed-off-by: humboldt <humboldt_xie@163.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks, @humboldt-xie!
@humboldt-xie I couldn't replicate the issue you describe in #4055 The code path is: That being said, while testing your branch, I can see there's a continued stream of endpoint events for
This appears to be a known issue: kubernetes/kubernetes#86286 and kubernetes/kubernetes#23812 -- That's probably why we had this filter in place. If we still can't reproduce your issue, my recommendation would be to leave these filters in place (or better yet, remove them all like you did, and see if there's a way to use a selector to exclude them in the informer 😉 ) |
did you run
first ? |
@alpeb view the code from master if we get a new portPublisher there would list new endpoint from k8s
if we get and sub a exist portPublisher it would get endpoints from mem,but never update:
|
That event is harmless even if it is not filtered Because the listening ports are empty:
The only effect is that there are two more servicePublisher structures in memory And will always print the debugging information |
I can reproduce this issue on After installing Linkerd, I deploy nginx to the kube-system namespace: ---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
selector:
app: nginx Then I run a curl pod:
Then I roll the nginx:
The curl loop then hangs and never recovers. Interestingly, the |
I agree with @alpeb that these constant debug log messages clog up the output and make the debug logs basically useless. It's not the cleanest solution, but maybe we should simply skip updates from |
add:
to your service and client pod |
maybe we can change the code:
to
create ServicePublisher and update endpoints when someone subscribe |
apply this yaml ,and run
and:
|
@humboldt-xie I'd rather not change the way that publishers and subscribers work in this PR. A more targeted change would be to simply ignore the events that we don't care about. |
@humboldt-xie are you still working on this or should we close it out? |
Watch events for objects in the kube-system namespace were previously ignored. In certain situations, this would cause the destination service to return invalid (outdated) endpoints for services in kube-system - including unmeshed services. It was suggested [1] that kube-system events were ignored to avoid handling frequent Endpoint updates - specifically from controllers using Endpoints for leader elections [2]. As of Kubernetes 1.20, these controllers default to using Leases instead of Endpoints for their leader elections [3], obviating the need to exclude (or filter) updates from kube-system. The exclusions have been removed accordingly. [1]: linkerd#4133 (comment) [2]: kubernetes/kubernetes#86286 [3]: kubernetes/kubernetes#94603 Signed-off-by: Jacob Henner <code@ventricle.us>
Watch events for objects in the kube-system namespace were previously ignored. In certain situations, this would cause the destination service to return invalid (outdated) endpoints for services in kube-system - including unmeshed services. It [was suggested][1] that kube-system events were ignored to avoid handling frequent Endpoint updates - specifically from [controllers using Endpoints for leader elections][2]. As of Kubernetes 1.20, these controllers [default to using Leases instead of Endpoints for their leader elections][3], obviating the need to exclude (or filter) updates from kube-system. The exclusions have been removed accordingly. [1]: #4133 (comment) [2]: kubernetes/kubernetes#86286 [3]: kubernetes/kubernetes#94603 Signed-off-by: Jacob Henner <code@ventricle.us>
destination return expired ip when endpoints in namespace kube-system #4055
Signed-off-by: humboldt humboldt_xie@163.com