Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ipvs proxier nodeport #56685

Merged
merged 5 commits into from
Dec 18, 2017
Merged

Fix ipvs proxier nodeport #56685

merged 5 commits into from
Dec 18, 2017

Conversation

m1093782566
Copy link
Contributor

@m1093782566 m1093782566 commented Dec 1, 2017
edited
Loading

What this PR does / why we need it:

Fix ipvs proxier nodeport.

Which issue(s) this PR fixes:
Fixes #55923

Special notes for your reviewer:

We bump the netwlink version in the 1st commit because:

  • We call netlink.RouteListFiltered() to filter LOCAL type addresses from kernel route table. netlink.RouteListFiltered() exists in newer-version netlink package

  • newer-version netlink package migrate syscall to golang.org/x/sys/unix, k8s cross-build can benefit from it as well. The Go doc for syscall says:

NOTE: This package is locked down. Code outside the standard Go repository should be migrated to use the corresponding package in the golang.org/x/sys repository. That is also where updates required by new systems or versions should be applied. See https://golang.org/s/go1.4-syscall for more information.

Release note:

Fix ipvs proxier nodeport eth* assumption

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Dec 1, 2017
@k8s-ci-robot
Copy link
Contributor

@m1093782566: GitHub didn't allow me to assign the following users: brendanburns.

Note that only kubernetes members can be assigned.

In response to this:

/assign @thockin @brendanburns

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

@m1093782566: GitHub didn't allow me to assign the following users: brendanburns.

Note that only kubernetes members can be assigned.

In response to this:

/assign @brendanburns

/unassign @lavalamp

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@m1093782566 m1093782566 mentioned this pull request Dec 1, 2017
Closed
@m1093782566 m1093782566 force-pushed the fix-nodeport branch 3 times, most recently from 642eb52 to 9da9b34 Compare December 2, 2017 06:46
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 2, 2017
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Dec 2, 2017
thockin
thockin reviewed Dec 4, 2017
View reviewed changes
pkg/proxy/ipvs/proxier.go Outdated
@@ -171,36 +170,27 @@ type IPGetter interface {
NodeIPs() ([]net.IP, error)
}

// realIPGetter is a real NodeIP handler, it implements IPGetter.
type realIPGetter struct{}

func (r *realIPGetter) NodeIPs() (ips []net.IP, err error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function could use a comment explaining what it does, and what the heuristic is.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It also seems to have no tests

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function could use a comment explaining what it does, and what the heuristic is.

Sounds fair, added now. PTAL.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It also seems to have no tests

It's fixed now. PTAL.

pkg/proxy/ipvs/netlink_linux.go
// 10.0.0.10 scope host src 10.0.0.10
// Then cut the unique src IP fields,
// --> result set: [10.0.0.1, 10.0.0.10]
func (h *netlinkHandle) GetLocalAddresses(filterDev string) (sets.String, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are the tests?

Copy link
Contributor Author

@m1093782566 m1093782566 Dec 5, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Believe me, I am 100% want to add tests.

The reason why I didn't do that is I am unable to do that. GetLocalAddresses() will revoke netlink.LinkByName() to get a REAL network interface and netlink.RouteListFiltered() to list REAL route table. In order to testing them, I have to create a REAL network interface and give the test code root privilege. Unfortunately, the UT codes run in upstream CI can NOT acquire such privileges. Am I missing something?

Or, Should we check the user id before running tests? e.g.

if user.Current().Uid == 0 {
  do test
}

??

It seems odd.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my view, we can add tests for the caller side: NodeIPs()?

@thockin
Copy link
Member

thockin commented Dec 4, 2017

I don't like having to ask for tests. I know they are tedious, but they really are required. The project in general, and this effort (ipvs overall) in particular are too important.

@m1093782566
Copy link
Contributor Author

I apologize - if the missing tests make you unhappy.

Tests are already there. Please take a look again when you have time.

@kubernetes kubernetes deleted a comment from k8s-github-robot Dec 6, 2017
@thockin
Copy link
Member

thockin commented Dec 15, 2017

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 15, 2017
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to @fejta).

Review the full test history for this PR.

@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 16, 2017
@m1093782566
Copy link
Contributor Author

m1093782566 commented Dec 18, 2017
edited
Loading

PR rebased to resolve conflicts.... It needs re-lgtm.

@brendandburns
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 18, 2017
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brendandburns, m1093782566, thockin

Associated issue: #55923

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:
  • OWNERS [brendandburns,thockin]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 54379, 56593, 56685, 54174, 57309). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit 6719e7a into kubernetes:master Dec 18, 2017
@gyliu513
Copy link
Contributor

@m1093782566 can you please back merge this to 1.9.0? As in 1.9.0, ipvs claimed it is already beta, but NodePort service does not work, this is not acceptable.

@Lion-Wei Lion-Wei mentioned this pull request Jan 13, 2018
Closed
This was referenced Jan 23, 2018
Closed
Closed
@m1093782566 m1093782566 mentioned this pull request Feb 22, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thockin thockin thockin left review comments

Assignees

@thockin thockin

@brendandburns brendandburns

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/ipvs cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ipvs NodePort is not working if host not using eth{i} as nic name
8 participants
@m1093782566 @k8s-ci-robot @thockin @fejta-bot @brendandburns @k8s-github-robot @gyliu513 @lavalamp