Bug 1845664: release-4.5 Cleanup Conntrack when endpoints and pods are deleted #180
Conversation
openshift-ci-robot
added
bugzilla/severity-high
|
@JacobTanenbaum: This pull request references Bugzilla bug 1845664, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
JacobTanenbaum
changed the title
|
/retest |
|
ci/prow/e2e-aws-ovn /retest |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
@JacobTanenbaum does this backport need to be redone to match the new upstream implementation? |
|
/bugzilla refresh |
openshift-ci-robot
added
do-not-merge/hold
|
@dcbw: This pull request references Bugzilla bug 1845664, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
when a pod is deleted make sure to delete any conntrack entries assocaited with those pods. https://bugzilla.redhat.com/show_bug.cgi?id=1787434 Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
when using node port services in a multinode cluster when a backend server pod gets deleted there could be conntrack entries associated with that pods ip on any node in the cluster. When removing an endpoint from the list of endpoints we should be deleteing all conntrack entries that may include the stale information Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
the cherry-pick of 0951d91 did not apply cleanly had to manually add github.com/vishvananda/netlink v0.0.0-20200625175047-bca67dfc8220 to mod.go and run go mod vendor then had to manually add the below files to the git tree vendor/github.com/vishvananda/netlink/.gitignore vendor/github.com/vishvananda/netlink/devlink_linux.go vendor/github.com/vishvananda/netlink/go.mod vendor/github.com/vishvananda/netlink/go.sum vendor/github.com/vishvananda/netlink/nl/devlink_linux.go vendor/github.com/vishvananda/netns/go.mod vendor/github.com/vishvananda/netns/go.sum vendor/golang.org/x/sys/unix/fdset.go vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go vendor/golang.org/x/sys/unix/zptrace_x86_linux.go vendor/golang.org/x/sys/windows/empty.s
forgot to return after an error for conntrack deletion Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
…delete conntrack the original implementation of the conntrack deletion will cause errors it deletes all conntrack accross all ports for all protocols. after revendoring the netlink code use it to allow filtering the UDP and SCTP protocols and filter to delete selected ports Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com> the cherry pick did not apply cleanly commit 663ba29 was added between since we checked for format of error and log messages. Needed slight manual edits becasue of the log messages
JacobTanenbaum
force-pushed
the
release-4.5-BZ1845664
branch
from
6787e1d
to
e25f547
Compare
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
@dcbw please take a look, manual edits where necessary on two of the commits (4f8232c and e25f547) the first because the revendor wasn't clean and the second because a large PR that edited the formating of log messages went in that has not been backported (and doesn't backport cleanly). Let me know what you think? |
|
aws had some sig-storage issues /retest |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dcbw, JacobTanenbaum The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
sdodson
added
the
cherry-pick-approved
|
@JacobTanenbaum: All pull requests linked via external trackers have merged: openshift/ovn-kubernetes#180. Bugzilla bug 1845664 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
- What this PR does and why is it needed
When pods and endpoints are deleted if there are ongoing networking connections there will be a stale conntrack entry. This PR ensures that those conntrack entries are cleaned up
- Special notes for reviewers
- How to verify it
See the BZ for reproduction information
- Description for the changelog
Add cleanup of pods and endpoints conntrack entries