Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Two small bugs in dual-stack init #99555

Merged
merged 2 commits into from Mar 3, 2021
Merged

Two small bugs in dual-stack init #99555

merged 2 commits into from Mar 3, 2021

Conversation

thockin
Copy link
Member

@thockin thockin commented Feb 28, 2021
edited

Working on the REST overhaul, adding testing turned these up:

  1. Headless+Selectorless, on a single-stack cluster, policy=PreferDual

Prior to this commit, the result was a single IPFamiliy (because we
checked that the 2nd allocator was present). This changes that case to
populate both families (we don't care if the allocator exists), which is
the same as RequireDual.

  1. ClusterIP, user specifies 2 families but no IPs

Prior to this commit, the policy was inferred to be SingleStack. This
changes that case to correctly default to RequireDual when 2 families
are present but no IPs.

On single-stack configured (IPv4 or IPv6, but not both) clusters, Services which are both headless (no clusterIP) and selectorless (empty or undefined selector) will report `ipFamilyPolicy RequireDualStack` and will have entries in `ipFamilies[]` for both IPv4 and IPv6.  This is a change from alpha, but does not have any impact on the manually-specified Endpoints and EndpointSlices for the Service.

@thockin thockin added kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/network Categorizes an issue or PR as relevant to SIG Network. area/apiserver area/ipv6 labels Feb 28, 2021
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 28, 2021
@k8s-ci-robot
Copy link
Contributor

@thockin: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. approved Indicates a PR has been approved by an approver from all required OWNERS files. release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 28, 2021
aojea
aojea reviewed Mar 2, 2021
View reviewed changes
pkg/registry/core/service/storage/rest_test.go
@@ -3892,7 +3892,7 @@ func TestDefaultingValidation(t *testing.T) {
},
},
expectedIPFamilyPolicy: &preferDualStack,
expectedIPFamilies: []api.IPFamily{api.IPv4Protocol},
expectedIPFamilies: []api.IPFamily{api.IPv4Protocol, api.IPv6Protocol},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why if you "prefer" (not "require") and the cluster is single stack we have 2 ip families?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Headless, selector-less semantics.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically, this is a corner case we can't comprehend from Service alone. It could already be holding dual-stack endpoints (I know some users were doing this). So we acknowledge that and admit that this Service could have both. "require" vs "prefer" was what we specced - it felt more explicit.

aojea
aojea reviewed Mar 2, 2021
View reviewed changes
pkg/registry/core/service/storage/rest.go

// Special-case: headless+selectorless
if len(service.Spec.ClusterIPs) > 0 && service.Spec.ClusterIPs[0] == api.ClusterIPNone && len(service.Spec.Selector) == 0 {
// If the use said nothing about policy and we can't infer it, they get dual-stack
Copy link
Member

@aojea aojea Mar 2, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this not against the least surprise principle?
previous behaviour was the same as before dualstack

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a case could be made that it has zero effect on user. As a matter of fact users already use that to create dual stack endpoints for non dualstack clusters today (before dual stack became a thing on kubernetes)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we don't enforce that they can't create Endpoints of any family. At this case we just need to pick a value for the policy. RequireDual was what we wrote in the KEP.

@khenidak
Copy link
Contributor

khenidak commented Mar 2, 2021

nit: Please add release notes. Behavior is changing on single stack clusters.

re second part of the PR (2 ClusterIPs => RequireDualStack) -- we don't need to do that since it is already set in defaulting

kubernetes/pkg/apis/core/v1/defaults.go

Lines 139 to 142 in e4e9c31

if len(obj.Spec.ClusterIPs) == 2 || len(obj.Spec.IPFamilies) == 2 {
requireDualStack := v1.IPFamilyPolicyRequireDualStack
obj.Spec.IPFamilyPolicy = &requireDualStack
}
.

@thockin thockin force-pushed the dualstack-bugs-from-rest-overhaul branch from 15e9642 to e27168d Compare March 2, 2021 23:55
thockin
thockin commented Mar 2, 2021
View reviewed changes
Copy link
Member Author

@thockin thockin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stray comments removed.

pkg/registry/core/service/storage/rest.go Outdated Show resolved Hide resolved
pkg/registry/core/service/storage/rest.go

// Special-case: headless+selectorless
if len(service.Spec.ClusterIPs) > 0 && service.Spec.ClusterIPs[0] == api.ClusterIPNone && len(service.Spec.Selector) == 0 {
// If the use said nothing about policy and we can't infer it, they get dual-stack
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we don't enforce that they can't create Endpoints of any family. At this case we just need to pick a value for the policy. RequireDual was what we wrote in the KEP.

pkg/registry/core/service/storage/rest_test.go
@@ -3892,7 +3892,7 @@ func TestDefaultingValidation(t *testing.T) {
},
},
expectedIPFamilyPolicy: &preferDualStack,
expectedIPFamilies: []api.IPFamily{api.IPv4Protocol},
expectedIPFamilies: []api.IPFamily{api.IPv4Protocol, api.IPv6Protocol},
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically, this is a corner case we can't comprehend from Service alone. It could already be holding dual-stack endpoints (I know some users were doing this). So we acknowledge that and admit that this Service could have both. "require" vs "prefer" was what we specced - it felt more explicit.

@thockin
Copy link
Member Author

thockin commented Mar 3, 2021

we don't need to do that since it is already set in defaulting

That leaves a hole in the REST tests I am adding in the larger rework effort. Maybe it makes sense to just do it all here and remove that defaulting?

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Mar 3, 2021
@thockin thockin force-pushed the dualstack-bugs-from-rest-overhaul branch from e27168d to b21cf1a Compare March 3, 2021 05:11
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/apps Categorizes an issue or PR as relevant to SIG Apps. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 3, 2021
@thockin
Copy link
Member Author

thockin commented Mar 3, 2021

I added a second commit which removes the code in defaults.go - it is all handled in REST anyway.

@pacoxu
Copy link
Member

pacoxu commented Mar 3, 2021
edited

/test pull-kubernetes-dependencies
for go build github.com/aws/aws-sdk-go/service/ec2: /usr/local/go/pkg/tool/linux_amd64/compile: signal: killed (oom?)

@aojea
Copy link
Member

aojea commented Mar 3, 2021

LGTM
defer to @khenidak

@thockin
Copy link
Member Author

thockin commented Mar 3, 2021

/retest

@khenidak
Copy link
Contributor

khenidak commented Mar 3, 2021

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2021
@thockin
Two small bugs in dual-stack init
1e39f6c 
Imporved testing turned these up:

1) Headless+Selectorless, on a single-stack cluster, policy=PreferDual

Prior to this commit, the result was a single IPFamiliy (because we
checked that the 2nd allocator was present).  This changes that case to
populate both families (we don't care if the allocator exists), which is
the same as RequireDual.

2) ClusterIP, user specifies 2 families but no IPs

Prior to this commit, the policy was inferred to be SingleStack.  This
changes that case to correctly default to RequireDual when 2 families
are present but no IPs.
@thockin
Remove defaults for ipFamilyPolicy and ipFamilies
84856c7 
These same values are set in the REST stack and it's easier to maintain
that code all in one place.

defaults.go is best for static values.
@thockin
Copy link
Member Author

thockin commented Mar 3, 2021

It looks like the go 1.15 is being used in the test? When I run these locally they pass..

@thockin thockin force-pushed the dualstack-bugs-from-rest-overhaul branch from b21cf1a to 84856c7 Compare March 3, 2021 19:51
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2021
@thockin
Copy link
Member Author

thockin commented Mar 3, 2021

Rebased

@khenidak
Copy link
Contributor

khenidak commented Mar 3, 2021

/lgtm
/approve
/retest

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: khenidak, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@khenidak
Copy link
Contributor

khenidak commented Mar 3, 2021

/test pull-kubernetes-e2e-kind-ipv6

@k8s-ci-robot k8s-ci-robot merged commit 4013bd1 into kubernetes:master Mar 3, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Mar 3, 2021
@thockin thockin deleted the dualstack-bugs-from-rest-overhaul branch August 2, 2021 04:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aojea aojea aojea left review comments

@khenidak khenidak khenidak left review comments

@deads2k deads2k Awaiting requested review from deads2k

@juanvallejo juanvallejo Awaiting requested review from juanvallejo

Assignees

@khenidak khenidak

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/ipv6 cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/network Categorizes an issue or PR as relevant to SIG Network. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@thockin @k8s-ci-robot @khenidak @pacoxu @aojea