Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify a DialContext in storage plugin clients #91785

Merged
merged 3 commits into from
Sep 18, 2020
Merged

Specify a DialContext in storage plugin clients #91785

merged 3 commits into from
Sep 18, 2020

Conversation

mattcary
Copy link
Contributor

@mattcary mattcary commented Jun 4, 2020
edited
Loading

Adds filtering of hosts to DialContexts. the provided DialContext wraps existing
clients' DialContext in an attempt to preserve any existing timeout
configuration. In some cases, we may replace infinite timeouts with golang
defaults.

  • scaleio: tcp connect/keepalive values changed from 0/15 to 30/30
  • storageos: no change

The added unit tests will fail to compile if the vendor patches are
accidentally reverted.

gluster and quobyte should be updated, but that is blocked on upstream changes on their drivers.

/kind bug
Which issue(s) this PR fixes:
#91542

kube-controller-manager: volume plugins can be restricted from contacting local and loopback addresses by setting `--volume-host-allow-local-loopback=false`, or from contacting specific CIDR ranges by setting `--volume-host-cidr-denylist` (for example, `--volume-host-cidr-denylist=127.0.0.1/28,feed::/16`)

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jun 4, 2020
@k8s-ci-robot
Copy link
Contributor

Welcome @mattcary!

It looks like this is your first PR to kubernetes/kubernetes 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/kubernetes has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 4, 2020
@k8s-ci-robot
Copy link
Contributor

Hi @mattcary. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mattcary
Copy link
Contributor Author

mattcary commented Jun 4, 2020

/cc msau
/cc tallclair

@k8s-ci-robot
Copy link
Contributor

@mattcary: GitHub didn't allow me to request PR reviews from the following users: msau.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc msau
/cc tallclair

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot requested a review from tallclair June 4, 2020 18:26
@k8s-ci-robot k8s-ci-robot added area/kubelet kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 4, 2020
@mattcary
Copy link
Contributor Author

mattcary commented Jun 4, 2020

Note that the current behavior of this patch is to always deny dialing localhost and similar addresses (as defined by proxy/util:IsProxyableIP).

It's not clear to me that's the behavior we want and I'd appreciate any opinions from the community.

(in addition to opinions about everything else in the CL :)

@msau42
Copy link
Member

msau42 commented Jun 4, 2020

/assign @misterikkit @jsafrane @gnufied
/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jun 4, 2020
msau42
msau42 reviewed Jun 4, 2020
View reviewed changes
pkg/volume/BUILD Outdated
@@ -54,6 +55,7 @@ go_library(
go_test(
name = "go_default_test",
srcs = [
"gke_patch_test.go",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

Jonathon suggested a different test to replace it but I'm not clear on what we're shooting for here.

vendor/github.com/heketi/heketi/client/api/go-client/client.go Outdated
@@ -14,13 +14,15 @@ package client

import (
"bytes"
"context"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to update vendor with the upstream changes instead of changing vendor directly. cc @misterikkit

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Michelle & Jonathon.

I'm not familiar with how to update vendor/, any pointers would be appreciated (here or offline).

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 3, 2020
@msau42
Copy link
Member

msau42 commented Sep 3, 2020

/milestone v1.20

The default behavior is unchanged, so this can be considered low risk.

@k8s-ci-robot k8s-ci-robot added this to the v1.20 milestone Sep 3, 2020
@justaugustus
Copy link
Member

Looks like /hack/update-vendor.sh needs to be run on this one.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

3 similar comments
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@mattcary
Copy link
Contributor Author

mattcary commented Sep 3, 2020

/test pull-kubernetes-verify

Looks like /hack/update-vendor.sh needs to be run on this one.

neither udpate-bazal nor update-vendor doesn't change anything on my local client. verify-bazel passes locally for me. Maybe a flake?

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 3, 2020
@mattcary
Copy link
Contributor Author

mattcary commented Sep 3, 2020

Trying a rebase.

@mattcary mattcary force-pushed the filtereddial branch 3 times, most recently from ffca8eb to 11dbc69 Compare September 11, 2020 20:19
@cheftako
Copy link
Member

Looks like it needs ./hack/update-bazel.sh to be run again.

@mattcary
Copy link
Contributor Author

I've run update-bazel and verify-bazel many times after many different rebasing tries on two different machines from two different checkouts, and neither reports any updates or changes my commits. verify-bazel runs successfully. I've tried manually patching in the udpate-bazel output from the presubmit queue, but that just fails the bazel build.

I've tried various other hack/update-* or hack/verify-* and they report that everything is working.

I think I'll need to make a totally new kubernetes checkout with a new go install, but it will take me a little while to get the time to do that.

@mattcary
update storageos vendor for FilteredDial change
74dbf27
@mattcary
Adds filtering of hosts to DialContexts.
f2e23af 
The provided DialContext wraps existing clients' DialContext in an attempt to
preserve any existing timeout configuration. In some cases, we may replace
infinite timeouts with golang defaults.

- scaleio: tcp connect/keepalive values changed from 0/15 to 30/30
- storageos: no change
@mattcary
update-bazel
299a296 
Change-Id: Iebc99ee13587f0cd4c43ab85c7295d458d679d1e
@mattcary
Copy link
Contributor Author

Hooray! update-bazel finally did something. Is it possible that one has to have a bazel-build succeed or somehow get sufficiently far before verify-bazel/update-bazel are effective? At any rate it seems happy now.

It made lots of updates in vendor/, I'm not sure if that's expected/desired?

@msau42
Copy link
Member

msau42 commented Sep 18, 2020

/lgtm
Vendor changes seem reasonable, just storageos libraries

/retest

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 18, 2020
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit b86e725 into kubernetes:master Sep 18, 2020
@github-actions github-actions bot mentioned this pull request Sep 22, 2020
Open
@misterikkit misterikkit mentioned this pull request Sep 30, 2020
Merged
@liggitt liggitt mentioned this pull request Jan 26, 2021
Merged
@danwinship danwinship mentioned this pull request May 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tallclair tallclair tallclair left review comments

@msau42 msau42 msau42 left review comments

@humblec humblec humblec left review comments

@misterikkit misterikkit misterikkit left review comments

@jsafrane jsafrane jsafrane left review comments

@liggitt liggitt liggitt left review comments

@cheftako cheftako cheftako left review comments

@caseydavenport caseydavenport Awaiting requested review from caseydavenport

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@gnufied gnufied

@liggitt liggitt

@jsafrane jsafrane

@misterikkit misterikkit

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/dependency Issues or PRs related to dependency changes area/ipvs area/kubectl area/kubelet area/release-eng Issues or PRs related to the Release Engineering subproject area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.20
Development

Successfully merging this pull request may close these issues.