l2: exclude common virtual interfaces for announce services

[cyclinder]

In arp mode, Some common virtual interfaces should not be used to announce services, such as kube-ipvs0, docker0, etc. This PR will dispatch these common virtual interfaces.

Signed-off-by: cyclinder qifeng.guo@daocloud.io

#1727

l2: exclude common virtual interfaces for announce services.

[fedepaol]

cc @oribon @gclawes want to hear your thoughts about this

[oribon]

the idea seems good but maybe having it as a configmap is better
also, if someone has an interface selector that selects one of these will this "global exclude" override it? (might be unrelated, need to revisit the l2 code)

[fedepaol]

So, let's move this forward but let's have the list overrideable and not hardcoded. A configmap read upon start is good enough imo, no need to handle the live reload.

[fedepaol]

So, let's move this forward but let's have the list overrideable and not hardcoded. A configmap read upon start is good enough imo, no need to handle the live reload.

Wdyt @cyclinder ?

[cyclinder]

So, let's move this forward but let's have the list overrideable and not hardcoded. A configmap read upon start is good enough imo, no need to handle the live reload.

I think both are ok, but I prefer hardcoded :)

First of all, it shouldn't be related to the current interface-selector, it's more of a global-exclude list, right? If it is a configmap, I think this will increase its complexity. 🤔

[fedepaol]

So, let's move this forward but let's have the list overrideable and not hardcoded. A configmap read upon start is good enough imo, no need to handle the live reload.

I think both are ok, but I prefer hardcoded :)

First of all, it shouldn't be related to the current interface-selector, it's more of a global-exclude list, right? If it is a configmap, I think this will increase its complexity. thinking

right, it must be independent and always applied, more or less as your current logic is but loading that list from a configmap when the process starts instead of having it hardcoded. This will help us to avoid releases when users hit a corner case we didn't think about

[cyclinder]

@fedepaol got it. I try to working on this.

[cyclinder]

Hi @fedepaol , Could you mind having a review? Thanks. It seems this CI failing isn't related to this changes.

[fedepaol]

Hi @fedepaol , Could you mind having a review? Thanks. It seems this CI failing isn't related to this changes.

yup, will do soon-ish (and I have an outstanding pr to fix the ci)

[cyclinder]

I made some testing base on these changes on my local, It works well, as speaker log shown below:

➜  metallb git:(l2ann) ✗ kubectl get po -n metallb-system         
NAME                          READY   STATUS    RESTARTS   AGE
controller-76f86696dd-xznhb   0/1     Running   0          6s
speaker-ccqtb                 0/1     Running   0          4s
speaker-pzznd                 0/1     Running   0          5s
speaker-vsd9l                 0/1     Running   0          4s
➜  metallb git:(l2ann) ✗ kubectl logs -f -n metallb-system speaker-ccqtb 
{"branch":"l2ann","caller":"main.go:97","commit":"f56103a5-dirty","goversion":"gc / go1.18.3 / amd64","level":"info","msg":"MetalLB speaker starting (commit f56103a5-dirty, branch l2ann)","ts":"2023-02-27T09:16:35Z","version":""}
{"caller":"main.go:148","interfacesToExclude":["docker.*","cbr.*","dummy.*","virbr.*","lxcbr.*","veth.*","lo","^cali.*","^tunl.*","flannel.*","kube-ipvs.*","cni.*","^nodelocaldns.*"],"level":"error","op":"show the list of interfaces that announce to exclude","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"lo","level":"info","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"tunl0","level":"info","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth313c8572","level":"info","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth24b1f795","level":"info","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth8013fa28","level":"info","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:134","event":"createARPResponder","interface":"eth0","level":"info","msg":"created ARP responder for interface","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:143","event":"createNDPResponder","interface":"eth0","level":"info","msg":"created NDP responder for interface","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:134","event":"createARPResponder","interface":"eth1","level":"info","msg":"created ARP responder for interface","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:143","event":"createNDPResponder","interface":"eth1","level":"info","msg":"created NDP responder for interface","ts":"2023-02-27T09:16:35Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth24b1f795","level":"info","ts":"2023-02-27T09:16:45Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth8013fa28","level":"info","ts":"2023-02-27T09:16:45Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"lo","level":"info","ts":"2023-02-27T09:16:55Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"tunl0","level":"info","ts":"2023-02-27T09:16:55Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth313c8572","level":"info","ts":"2023-02-27T09:16:55Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth24b1f795","level":"info","ts":"2023-02-27T09:16:55Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth8013fa28","level":"info","ts":"2023-02-27T09:16:55Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"lo","level":"info","ts":"2023-02-27T09:17:05Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"tunl0","level":"info","ts":"2023-02-27T09:17:05Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth313c8572","level":"info","ts":"2023-02-27T09:17:05Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth24b1f795","level":"info","ts":"2023-02-27T09:17:05Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth8013fa28","level":"info","ts":"2023-02-27T09:17:05Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"lo","level":"info","ts":"2023-02-27T09:17:15Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"tunl0","level":"info","ts":"2023-02-27T09:17:15Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth313c8572","level":"info","ts":"2023-02-27T09:17:15Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth24b1f795","level":"info","ts":"2023-02-27T09:17:15Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth8013fa28","level":"info","ts":"2023-02-27T09:17:15Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"lo","level":"info","ts":"2023-02-27T09:17:25Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"tunl0","level":"info","ts":"2023-02-27T09:17:25Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth313c8572","level":"info","ts":"2023-02-27T09:17:25Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth24b1f795","level":"info","ts":"2023-02-27T09:17:25Z"}
{"caller":"announcer.go:85","event":"announced interface to exclude","interface":"veth8013fa28","level":"info","ts":"2023-02-27T09:17:25Z"}

Could you mind taking a look? Thanks :) @fedepaol

[fedepaol]

nit: this doesn't have to be a var, could be a const. Also, I'd use the presence of the file instead of the boolean to understand if we need to enable the mechanism. Maybe that's where we want to override the path? But I think it's fair to have it hardcoded.

Also also, I'd do all the parsing in one shot and have the parse function return the regexp, so we have all the logic in one place.

[cyclinder]

It would be better if we provide a flag to override the path, It's good for helm install：

when the value is empty in values.yaml: We don't create configMap, and we don't mount the file...

When the value is not empty and the file exists, we enable this mechanism， Is it ok?

[cyclinder]

In addition , I think all the configurations here(

metallb/speaker/main.go

Line 205 in 6a5ad67

type controllerConfig struct {

), should be declared in one place(in a configMap) so that it is easy to configure and update, how about this?

[fedepaol]

I still don't see the value in setting passing the name as a parameter. It can be a convention.
If we don't want the file, we don't create the volume and the configmap, the load of the file will fail and we won't override.

[fedepaol]

In addition , I think all the configurations here(

metallb/speaker/main.go

Line 205 in 6a5ad67

type controllerConfig struct {

), should be declared in one place(in a configMap) so that it is easy to configure and update, how about this?

I don't like this approach, having flags give a better understanding of what's being passed to the process and that's what people expect. Configmaps for knobs are fine if they are tweaks that are not normally expected to be used.

[cyclinder]

I don't like this approach, having flags give a better understanding of what's being passed to the process and that's what people expect. Configmaps for knobs are fine if they are tweaks that are not normally expected to be used.

OK, Thanks for the reply. I just had a whim, please ignore my thoughts

[cyclinder]

If we don't want the file, we don't create the volume and the configmap, the load of the file will fail and we won't override.

I currently read the env to determine if this mechanism is enabled and if the value is not empty and the file exists then it is enabled. The -set .speaker.excludeInterfaces.configPath flag is used when the helm install. The default configPath is '/etc/metallb/conf.yaml', if it is empty, it is not enabled.

Do you mean we don't need to expose env to enable this mechanism?

[cyclinder]

I still don't see the value in setting passing the name as a parameter.

The benefit of this is that we can decide whether to enable this mechanism when helm install

[fedepaol]

we can still decide, we set a parameter in helm that drives the creation of the volume and the related configmap (and by default I'd create them). If those are not created, the go code will land in the notexists error and will not parse the map. Or I am missing something?

[cyclinder]

Yes, That's what the PR does. The difference is that now this parameter is a string, indicating the config path to the file. Or should this be a boolean type? Then we hardcode the config file path in go code.

[fedepaol]

sorry for the delay, left one last comment (I hope). I think the boolean parameter is not necessary as we are using a fixed path by convention, so we can rely on the presence or the absence of the file to drive the parsing

[fedepaol]

Did one last minute change about naming directly on your branch.
LGTM

[fedepaol]

There was a nit confgmap.yaml

[cyclinder]

There was a nit confgmap.yaml

Thanks, Does CI Failling is related to these changes?

[fedepaol]

There was a nit confgmap.yaml

Thanks, Does CI Failling is related to these changes?

nope, it's related to the operator not being updated to the latest frr yet (this PR: metallb/metallb-operator#328)

We can ignore the failure for now.