[sig-windows] update winkernel to only use dualstack if the node and config supports it #101047
Conversation
k8s-ci-robot
added
release-note
|
Skipping CI for Draft Pull Request. |
k8s-ci-robot
added
size/M
jsturtevant
force-pushed
the
issue-100966-dualstack-windows
branch
from
dd8565c
to
d3de2d4
Compare
k8s-ci-robot
added
size/L
jsturtevant
force-pushed
the
issue-100966-dualstack-windows
branch
3 times, most recently
from
c3d8513
to
754856b
Compare
|
Updated the PR description for the things addressed. I've tested this on a WS 2019 overlay host, 2019 l2bridge host and WS 2004 host. On the WS 2004 host the if Add logging: I am going to follow up to find out if what the correct version of support should be because the docs state: |
|
/test pull-kubernetes-e2e-aks-engine-azure-windows |
|
|
|
the failure on /test pull-kubernetes-e2e-aks-engine-windows-dockershim |
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
/retest |
| klog.InfoS("failed to find an ip. You may need set the --bind-address flag", "err", err) | ||
| } | ||
| } | ||
|
|
||
| interfaces, _ := net.Interfaces() //TODO create interfaces |
There was a problem hiding this comment.
This is a todo, it has a performance problem to iterate over the interfaces first and later over the addreses
#103116
| @@ -610,6 +692,15 @@ func NewProxier( | |||
| return nil, fmt.Errorf("source-vip flag not set") | |||
| } | |||
|
|
|||
| if nodeIP.IsUnspecified() { | |||
There was a problem hiding this comment.
Since we are using detectNodeIP that deals with unspecified, is it possible to get an unspecified here?
I couldn't check all code paths, just asking
There was a problem hiding this comment.
Yes it could be unspecified, in DualStack the bind address doesn't go through detectNodeIp, which only works with IPv4. This is the same on Linux: https://github.com/kubernetes/kubernetes/blob/90b02692e2980d460fa2e53bf4509df1ec10475f/cmd/kube-proxy/app/server_others.go#L239 https://github.com/kubernetes/kubernetes/blob/90b02692e2980d460fa2e53bf4509df1ec10475f/cmd/kube-proxy/app/server_windows.go#L120
jsturtevant
force-pushed
the
issue-100966-dualstack-windows
branch
from
90b0269
to
a5a4d01
Compare
jsturtevant
force-pushed
the
issue-100966-dualstack-windows
branch
from
a5a4d01
to
d5d9327
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
| return false | ||
| } | ||
|
|
||
| return v.AtLeast(version.MustParseSemantic("11.10.0")) |
There was a problem hiding this comment.
We should try fixing this in hcsshim to avoid this version check across other components (like here in kube-proxy and possibly CNI's) ... we can merge this PR but should revert this change back once this is fixed in hcsshim
There was a problem hiding this comment.
In 1.23 I can update the hcsshim library and this logic will no longer be required because it will have the correct checks internally.
|
/test pull-kubernetes-integration |
1 similar comment
|
/test pull-kubernetes-integration |
|
@aojea could you take another look? |
I can't say much about the windows logic and I'm out until next week, I think that overall is ok, so don't wait for me if you want to get it merged today |
|
/approve |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aojea, jsturtevant, sbangari The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/retest |
|
@jsturtevant thanks for fixing this. Shouldn't this be backported to all affected releases? |
|
@jsturtevant i'm assuming we need to backport this to 1.21? |
|
Yes, this should get backported to 1.21. |
|
I added a card on our board to track backporting |
…#101047-upstream-release-1.21 Automated cherry pick of #101047: Only use dualstack if the node and config supports it
What type of PR is this?
/kind bug
What this PR does / why we need it:
Overlay (VXLAN) networks on Windows do not support dual-stack networking today, so we should not use the dualstack proxy. Additionally the dual stack proxier should only be created if the host supports it.
This fixes a couple issues:
--bind-addressflag was not respected for Windows single stackWhich issue(s) this PR fixes:
Fixes #100966
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: