Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KEP-4020: Unknown Version Interoperability Proxy #4015

Merged
merged 20 commits into from
Jun 9, 2023

Conversation

richabanker
Copy link
Contributor

@richabanker richabanker commented May 17, 2023

  • One-line PR description: Adds a KEP

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented May 17, 2023

CLA Missing ID CLA Not Signed

@k8s-ci-robot k8s-ci-robot requested review from deads2k and lavalamp May 17, 2023 01:04
@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels May 17, 2023
@richabanker richabanker changed the title Uvip [WIP] Uvip May 17, 2023
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 17, 2023
@richabanker richabanker changed the title [WIP] Uvip [WIP] KEP-4020: Unknown Version Interoperability Proxy May 17, 2023
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels May 17, 2023
@richabanker richabanker force-pushed the UVIP branch 4 times, most recently from dfd9b62 to ccea337 Compare May 17, 2023 19:47
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jun 8, 2023
@enj
Copy link
Member

enj commented Jun 8, 2023

Had a discussion with Joe earlier today and wanted to write down some thoughts from that here.

We should be make sure that this feature (as it moves to GA) remains useful to folks who decide to opt out of the proxying aspect. So consider a future where the storage version API and this feature are all GA but the admin has opt-ed out of allowing API servers to communicate to each other (however that ends up being expressed - and it should be something that can be expressed - there needs to be way to opt out of attempting the network calls to begin with instead of trying them and having them fail).

We should make is so that the new handler is still active in that case, and when it sees a request for an API that it does not know about, before returning a 404 for it, it would check to see if any other API servers could serve that API via the information it has about them per the SV API. If other API servers could serve it, it would instead return a 503 directly since it is not allowed to proxy to them. Since there would be no proxying attempted in this case, I do believe that this would introduce another race condition per this earlier thread #4015 (comment) though I am unsure of how to resolve that.

2. The StorageVersion informer cache hasn't synced yet or if `StorageVersionManager.Completed()` has returned false. We will serve error 503 in this case
3. The request has a header `X-Kubernetes-UVIP-Rerouted:true` that indicates that this request has been proxied once already. If for some reason the resource is not found locally, we will serve error 503
4. No StorageVersion was retrieved for it, meaning the request is for an aggregated API or for a custom resource
5. If the local apiserver ID is found in the list of serviceable-by server IDs from the internal map
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an implementation detail, but I'll mention it here so I don't forget-- To determine if the local apiserver can handle a GVK, I'd prefer check the apiserver's already available in-memory registry of available GVKs directly than to check the data loaded in from StorageVersion API. This will be fast and low risk.

@jpbetz
Copy link
Contributor

jpbetz commented Jun 9, 2023

Added some minor comments and naming nits. LGTM once those are reviewed.

@deads2k: PRR also looks good to me for alpha.

@deads2k
Copy link
Contributor

deads2k commented Jun 9, 2023

Content and PRR lgtm.

/approve

approving and leaving lgtm with @jpbetz

/hold

holding so this doesn't merge without Joe's ack. @jpbetz feel free to remove when ready.

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jun 9, 2023
@aojea
Copy link
Member

aojea commented Jun 9, 2023

LGTM from the networking pov

@jpbetz
Copy link
Contributor

jpbetz commented Jun 9, 2023

/lgtm
/approve
/hold cancel

Thank you @richabanker!

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 9, 2023
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 9, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, jpbetz, Richabanker

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit a80dc49 into kubernetes:master Jun 9, 2023
@k8s-ci-robot k8s-ci-robot added this to the v1.28 milestone Jun 9, 2023
@richabanker
Copy link
Contributor Author

richabanker commented Jun 9, 2023

Sorry for the delay in getting to the nits. Sending those out in a separate PR. Thanks all for the review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants