Remove requirement that Endpoints IPs be IPv4 #23317
Conversation
|
Can one of the admins verify that this patch is reasonable to test? (reply "ok to test", or if you trust the user, reply "add to whitelist") This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
2 similar comments
|
Can one of the admins verify that this patch is reasonable to test? (reply "ok to test", or if you trust the user, reply "add to whitelist") This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
|
Can one of the admins verify that this patch is reasonable to test? (reply "ok to test", or if you trust the user, reply "add to whitelist") This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
k8s-github-robot
added
the
size/M
|
cc @kubernetes/sig-network @kubernetes/rh-networking @kubernetes/goog-cluster |
|
This had to happen eventually. @ArtfulCoder for final approval - can you think of anything this might cause trouble for? |
|
I think kube-proxy needs to be updated to handle IPv6 endpoints first. Otherwise if you're using the iptables-based proxier, adding an IPv6 endpoint would break all further service updates until that endpoint was deleted. |
|
@danwinship: Right, we are running without kube-proxy for now. The addresses are globally reachable anyway. We are working on fixing kube-proxy thuogh. Would you agree with failing appropriately in kube-proxy at first in the event of IPv6 addresses and then add additional support for ip6tables? |
| @@ -160,6 +160,11 @@ func IsValidIPv4(value string) bool { | |||
| return net.ParseIP(value) != nil && net.ParseIP(value).To4() != nil | |||
| } | |||
|
|
|||
| // IsValidIP tests that the argument is a valid IP address. | |||
| func IsValidIP(value string) bool { | |||
There was a problem hiding this comment.
if nobody else calls IsValidIPv4() why not just get rid of that function?
There was a problem hiding this comment.
Yep, you're right. Removed.
|
@ArtfulCoder are you going to review this or should I take it back? |
|
There are about 100 things that have to change to actually support ipv6. On Thu, Mar 31, 2016 at 12:21 AM, Thomas Graf notifications@github.com
|
|
This isn't just a case of kube-proxy "not supporting" IPv6 though. Adding an IPv6 endpoint to a service will break all further updates to the service until the IPv6 endpoint is removed. (I had originally thought it would break all services, but after testing it out I guess that's not true. The iptables proxier code updates each endpoint table separately, so it's only the updates of the table with the IPv6 endpoint that will fail: So I guess this isn't terrible.) |
aanm
force-pushed
the
removing-ipv4-enforcement
branch
from
a806a67 to
b15592f
Compare
k8s-github-robot
added
size/S
|
reviewing now |
|
I discussed offline with Tim. |
|
@ArtfulCoder Thanks for the feedback. Can you please point me out which docs are relevant to be updated? Thank you! |
|
The docs to update are the comments on |
aanm
force-pushed
the
removing-ipv4-enforcement
branch
from
b15592f to
e7bb157
Compare
|
Thanks. Out of curiosity, why there are 2 I've pushed the latest changes with proper documentation. Sigh I've to fix the conflicts first |
k8s-github-robot
added
needs-rebase
thockin
added
the
lgtm
|
GCE e2e build/test passed for commit 9885886d7d00bfbdc104bcf049f5d8082af9a61d. |
aanm
force-pushed
the
removing-ipv4-enforcement
branch
from
9885886 to
162d64b
Compare
| @@ -4909,13 +4909,13 @@ func TestValidateEndpoints(t *testing.T) { | |||
| ObjectMeta: api.ObjectMeta{Name: "mysvc", Namespace: "namespace"}, | |||
| Subsets: []api.EndpointSubset{ | |||
| { | |||
| Addresses: []api.EndpointAddress{{IP: "2001:0db8:85a3:0042:1000:8a2e:0370:7334"}}, | |||
| Addresses: []api.EndpointAddress{{IP: "[2001:0db8:85a3:0042:1000:8a2e:0370:7334]"}}, | |||
There was a problem hiding this comment.
Wasn't sure if I should have removed this test so I added a couple of square brackets to force failing
k8s-github-robot
removed
the
lgtm
|
GCE e2e build/test passed for commit 162d64b14be9e45798ca1c11cbc9438c868d399c. |
thockin
added
lgtm
k8s-github-robot
added
the
needs-rebase
aanm
force-pushed
the
removing-ipv4-enforcement
branch
from
162d64b to
6df2c3d
Compare
k8s-github-robot
removed
lgtm
|
GCE e2e build/test passed for commit 6df2c3de4a6689de59c186a0c72f2ecf7a8938eb. |
k8s-github-robot
added
the
needs-rebase
Signed-off-by: André Martins <aanm90@gmail.com>
aanm
force-pushed
the
removing-ipv4-enforcement
branch
from
6df2c3d to
c1a360b
Compare
k8s-github-robot
removed
the
needs-rebase
|
GCE e2e build/test passed for commit c1a360b. |
|
Ping @thockin |
thockin
added
the
lgtm
thockin
changed the title
|
GCE e2e build/test passed for commit c1a360b. |
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e build/test passed for commit c1a360b. |
|
Automatic merge from submit-queue |
Signed-off-by: André Martins aanm90@gmail.com
Release Note: The
EndpointsAPI object now allows IPv6 addresses to be stored. Other components of the system are not ready for IPv6 yet, and many cloud providers are not IPv6 compatible, but installations that use their own controller logic can now store v6 endpoints.