New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[IMPROVEMENT] Remove static sessionAffinity: ClientIP set in most services if not required #7399
Comments
The scope of this issue is to investigate whether or not we can remove Can Longhorn run in an "multitenant" environment in which some nodes related to one tenant can only talk to other nodes related to one tenant? Before getting started with the main investigation, I decided to try to understand exactly how/why Longhorn cannot work in the "multitenant" environment today. SetupIn a two node cluster, temporarily ensure it is impossible for one node (
TestAttempt to access the
Deep dive
Examining the iptables rules on
During PREROUTING, if a packet is destined for the longhorn-backend ClusterIP ( The chain that handles load balancing (
When we jump to a related chain, we update the associated list with the source IP and then change the destination of the packet to the one configured (e.g. The lists are stored in /proc. In this example, packets from
The attempt at routing from the
We can fix the "problem" by removing its entry in the
ConclusionIt's fairly easy to understand why tenancy (when set up this way) can cause major problems for Longhorn. It's not 100% clear that removing
|
We have had Today we have it in four services:
It seems likely that we simply copied the original services when creating new ones. |
So far, I cannot see any reason to keep
|
Tests for QA (working list) (checked when completed by me before QA review):
Tests for developer (working list):
|
End-to-end tests WITHOUT |
I recommend we stop hard coding |
Pre Ready-For-Testing Checklist
|
Moved to 1.6.0. |
Verified passed on master-head (longhorn-manager 9aec52) and v1.6.x-head (longhorn-manager 59df82) following the test plan. Upgrading Longhorn from
But after the upgrade, they no more exist:
And don't have issue in the following regression tests. The UI is checked too. It still works as well. |
What's the task? Please describe
Longhorn API doesn't require sessions as each API call should be independent. Although backing image download and upload are present, the internal forwarding is handled by Longhorn manager and not the load balancer layer. However, most services have sessionAffinity hard-coded with ClientIP.
/charts/longhorn/templates/services.yaml#L1-L16
Describe the sub-tasks
Additional context
The text was updated successfully, but these errors were encountered: