New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1720332: images/kube-proxy: update to 4.1, add iptables wrappers #23235
Bug 1720332: images/kube-proxy: update to 4.1, add iptables wrappers #23235
Conversation
@squeed: This pull request references a valid Bugzilla bug. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@squeed: This pull request references a valid Bugzilla bug. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
I don't see a 4.2 bugzilla which was VERIFIED that this was fixed in 4.2. I also don't see how this solves $whatever the problem is. It just changes where the iptables binaries come from, right? Can I get a better explaination of the problem and how it is fixed in the bugzilla(s)? |
/hold |
Turns out this broke the ART build (but not OSBS, go figure) in 4.2 - need #23250 to merge. @eparis This is a bit of a funny thing - we are building this image exclusively for third-party network vendors who don't use openshift-sdn, so that they don't have to deploy an out-of-tree kube-proxy binary. Otherwise, it's not deployed. So, QE isn't really doing any validation. We can't use the existing iptables binaries because of the RHEL7+8 problem: they use very different netfilter mechanisms, and there's no consistent kernel API. The only branching point we can use is which binary is symlinked on the host. This is what we do in production for openshift-sdn in 4.1, so this is bringing kube-proxy in-line with what is already deployed and tested. |
FWIW, the PR to have the operator install standalone kube-proxy for 4.2 is openshift/cluster-network-operator#201 and is QE'd in SDN-247. We probably won't backport the operator change, but still shoud to release the 4.1 image for partners to do development |
we'll re-review next week. but this is going to miss 4.1.4. the need for 23250 scares me enough not to destabilize 4.1.4 :) |
OK, cherry-picked the fixes so that it builds in ART too, not just OSBS. @pecameron, please review + lgtm |
/hold cancel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
@knobunc I would like group lead sign-off on this one before approving a cherry-pick given it sounds like there is no QE involvement with validating this |
This is needed for third-party SDN plugins. It is not used by the OpenShift SDN, so it can not destabilize the core product. But this change fixes a problem we found with the SDN image, and it will be a problem for third-party images, and thus should be back-ported. Thanks! /approve |
FYI, after this merges, we need to notify Adam Haile to tweak some settings in the ART pipeline. |
@crawford updated both commits. |
/retest |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dcbw, knobunc, pecameron, squeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
18 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest Please review the full test history for this PR and help us cut down flakes. |
@squeed: All pull requests linked via external trackers have merged. The Bugzilla bug has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This backports the image change in #23163.
This image is currently unused, but is needed by third-parties. So soak time will have no effect.