Loadbalanced client src ip preservation enters beta #33957
Conversation
k8s-github-robot
added
size/L
|
Please re-title. "ESIPP" has almost no meaning outside our little crew in the office :) |
| @@ -445,7 +445,7 @@ kube::util::fetch-openapi-spec() { | |||
| # repo, e.g. "upstream" or "origin". | |||
| kube::util::git_upstream_remote_name() { | |||
| git remote -v | grep fetch |\ | |||
| grep -E 'github.com[/:]kubernetes/kubernetes|k8s.io/kubernetes' |\ | |||
| grep -E 'github.com[/:]kubernetes/kubernetes|k8s.io/kubernetes|GoogleCloudPlatform/kubernetes' |\ | |||
There was a problem hiding this comment.
really? Isn't it time to change your remote? I don't think we should do this
| in.Annotations[apiservice.AlphaAnnotationExternalTraffic] = valueBeta | ||
| } | ||
|
|
||
| return autoConvert_api_Service_To_v1_Service(in, out, s) |
There was a problem hiding this comment.
so if a user writes alpha, they will get both alpha and beta back out. I guess that is OK - just for simplicity?
There was a problem hiding this comment.
in case they rollback
There was a problem hiding this comment.
I rescind my OK. Consider this:
User writes alpha
You upconvert to beta
User reads it back in newer client and changes the beta config, writes back
Which do we use? alpha or beta? They should be mutually exclusive.
There was a problem hiding this comment.
Clarify?
Going from v1 -> internal type, alpha clobbers beta. This will happen through kubectl etc.
Going from internal type -> v1, beta clobbers, because our internal system components do this (so assignment of healthcheck-nodeport shouldn't get clobbered by emptystring, for example).
We store in etcd as v1. On bootup apiserver reads and converts.
User reads it back in newer client and changes the beta config, writes back
So this is going from v1->internal? that will just overwrite beta with alpha.
If we end up with 2 versions, alpha wins, because presumably alpha is holding some resources from before the upgrade.
| @@ -161,10 +161,10 @@ func (rs *REST) Create(ctx api.Context, obj runtime.Object) (runtime.Object, err | |||
| if shouldCheckOrAssignHealthCheckNodePort(service) { | |||
| var healthCheckNodePort int | |||
| var err error | |||
| if l, ok := service.Annotations[apiservice.AnnotationHealthCheckNodePort]; ok { | |||
| if l, ok := service.Annotations[apiservice.BetaAnnotationHealthCheckNodePort]; ok { | |||
There was a problem hiding this comment.
what about existing objects which have alpha annotation and not beta?
There was a problem hiding this comment.
I'm copying it over during conversion, so when the apiserver/controller is restarted and gets objects down watch/list whatever they'll get substituted in when they translate to the internal type
bprashanth
changed the title
firewalls quota seems to now be available though, so kicking this |
|
@k8s-bot gce test this |
|
@k8s-bot gci gce e2e test this |
|
Still firewall quota (#33957 (comment)), @kubernetes/goog-testing delete it? |
|
@k8s-bot unit test this |
|
@bprashanth project is cleaned up now. @k8s-bot gci gce e2e test this |
k8s-github-robot
added
the
needs-rebase
|
Jenkins verification failed for commit 2726c2c46cce135d7bce368e7b9fa57d98eee1f0. Full PR test history. The magic incantation to run this job again is |
k8s-github-robot
added
needs-rebase
|
Jenkins Kubemark GCE e2e failed for commit 2726c2c46cce135d7bce368e7b9fa57d98eee1f0. Full PR test history. The magic incantation to run this job again is |
k8s-github-robot
added
size/XL
bprashanth
added
release-note
bprashanth
changed the title
bprashanth
force-pushed
the
esipp-beta
branch
from
f32868f to
e861be7
Compare
bprashanth
force-pushed
the
esipp-beta
branch
from
e861be7 to
25c00b6
Compare
|
ping me when ready |
k8s-github-robot
added
the
needs-rebase
bprashanth
force-pushed
the
esipp-beta
branch
from
25c00b6 to
c049229
Compare
|
Jenkins unit/integration failed for commit c0492294ec7826c12ece0191ea8627bf9fc826b7. Full PR test history. The magic incantation to run this job again is |
|
Jenkins GCE e2e failed for commit c0492294ec7826c12ece0191ea8627bf9fc826b7. Full PR test history. The magic incantation to run this job again is |
|
Jenkins GCE etcd3 e2e failed for commit c0492294ec7826c12ece0191ea8627bf9fc826b7. Full PR test history. The magic incantation to run this job again is |
|
Jenkins GCI GCE e2e failed for commit c0492294ec7826c12ece0191ea8627bf9fc826b7. Full PR test history. The magic incantation to run this job again is |
bprashanth
force-pushed
the
esipp-beta
branch
from
c049229 to
5029bb0
Compare
k8s-github-robot
removed
the
needs-rebase
|
Jenkins GKE smoke e2e failed for commit 5029bb0. Full PR test history. The magic incantation to run this job again is |
|
Jenkins GCI GKE smoke e2e failed for commit 5029bb0. Full PR test history. The magic incantation to run this job again is |
|
Oh yeah, the validation was kind of a pain because I wanted to lock down the pair of alpha annotations but this should be good to go. Failures are flakes @thockin |
|
Reviewed 1 of 9 files at r6, 2 of 8 files at r11, 4 of 5 files at r12, 1 of 1 files at r14, 4 of 4 files at r15. pkg/api/validation/validation_test.go, line 5211 at r15 (raw file):
test that it allows beta? pkg/api/validation/validation_test.go, line 6485 at r15 (raw file):
Is it important to disallow the disabling of the alpha feature? I think I get the rest, but why this? Comments from Reviewable |
|
pkg/api/validation/validation_test.go, line 6485 at r15 (raw file):
|
|
pkg/api/validation/validation_test.go, line 5211 at r15 (raw file):
|
thockin
added
the
lgtm
|
LGTM On Wed, Oct 19, 2016 at 10:48 PM, Prashanth B notifications@github.com
|
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
Sounds like we're going to try out the proposal (#30819 (comment)) for annotations -> fields on just one feature in 1.5 (scheduler). Or do we want to just convert to fields right now?
This change is