New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1972776: improve dual-stack install-config validation #5005
Bug 1972776: improve dual-stack install-config validation #5005
Conversation
@danwinship: This pull request references Bugzilla bug 1972776, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (gpei@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
33c2cc7
to
b833aa1
Compare
/assign @aojea |
@danwinship: This pull request references Bugzilla bug 1972776, which is valid. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (gpei@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
b833aa1
to
b3914b2
Compare
/test e2e-metal-ipi-ovn-dualstack |
The core change makes sense to me. One nit, could the error message a user gets be a little more clear to say that the first network is the primary one? If we want to use the bugzilla bot, the drive-by fixes should probably be moved to a different PR. Also: where do we specify the service network needs to be a /112? |
LGTM
this is a kubernetes limitations, is that the question? or if we should document it? |
Since this (IPv4 addresses have to specified 1st in a dual-stack install-config) is an artificial limitation we are placing, we should also document this so that the customer gets it right the 1st time. |
/lgtm verify result: |
@jianlinliu: This pull request references Bugzilla bug 1972776, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Require the serviceNetwork subnet lengths to be in the range accepted by kube-apiserver.
Print the full CIDR (eg "172.30.0.0/16" rather than just "172.30.0.0"), and if there are multiple elements, print them in the order they appear, not sorted, since the order is relevant.
We had code to allow you to not specify an IPv6 machineNetwork value on dual-stack AWS clusters, but this is a no-op since we no longer allow you to configure dual-stack on AWS anyway. And if we support it in the future, it will likely be after improvements to IPv6 support on the AWS end, so this exception may no longer make sense at that point anyway.
b3914b2
to
cc1d3e9
Compare
Yes, this is documented. (I can't point you to it because the 4.8 docs aren't up yet, but it's there:
but this isn't... |
/lgtm |
/assign @jhixson74 @patrickdillon |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: patrickdillon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@danwinship: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@danwinship: All pull requests linked via external trackers have merged: Bugzilla bug 1972776 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.8 |
@danwinship: #5005 failed to apply on top of branch "release-4.8":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
tl;dr: require dual-stack install-configs to be "IPv4-primary". To be backported to 4.8.
At some point in early 4.7 we noticed that "IPv6-primary" dual-stack configurations (eg, where the first value for clusterNetworks/serviceNetworks is IPv6 rather than IPv4) didn't work right due to cluster-etcd-operator issues. I think that specific bug was fixed, but other problems have popped up, and more importantly, we aren't testing IPv6-primary installation anywhere, and dev-scripts actually can't bring up an IPv6-primary cluster currently. Someone just pointed out that a customer had tried this with a 4.8 fc release and was running into weird problems, so let's just block it.
(eg, see https://coreos.slack.com/archives/CQQ7P8UTT/p1623765189017300, https://coreos.slack.com/archives/CQQ7P8UTT/p1624015997022800)
The second commit is another fail-early-on-bad-config fix; it makes us reject values for serviceNetwork that will later be rejected by kube-apiserver.
The third and fourth commits are drive-by fixes, and don't necessarily have to be backported to 4.8.