Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Neg crd feature gate #1166

Merged
merged 2 commits into from
Jul 8, 2020
Merged

Neg crd feature gate #1166

merged 2 commits into from
Jul 8, 2020

Conversation

swetharepakula
Copy link
Member

@swetharepakula swetharepakula commented Jun 23, 2020
edited
Loading

Add feature gate for NEG CRDs and propagate flag to neg controller and manager.

  • Manager creates NEG CRs when NEG CRD is enabled
  • Controller deletes neg crds when deleting negs when NEG CRD is enabled

Depends on #1154 being merged

@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 23, 2020
@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Jun 23, 2020
@k8s-ci-robot
Copy link
Contributor

Hi @swetharepakula. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jun 23, 2020
@k8s-ci-robot k8s-ci-robot requested review from bowei and freehan June 23, 2020 21:48
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Jun 24, 2020
@freehan
Copy link
Contributor

freehan commented Jun 24, 2020

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jun 24, 2020
freehan
freehan reviewed Jun 25, 2020
View reviewed changes
pkg/neg/types/types.go Outdated Show resolved Hide resolved
pkg/neg/types/types.go Show resolved Hide resolved
pkg/context/context.go Outdated
@@ -127,6 +130,7 @@ func NewControllerContext(
NodeInformer: informerv1.NewNodeInformer(kubeClient, config.ResyncPeriod, utils.NewNamespaceIndexer()),
recorders: map[string]record.EventRecorder{},
healthChecks: make(map[string]func() error),
NegClient: networkendpointgroupClient,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NegClient -> NegCrdClient?

Copy link
Member Author

@swetharepakula swetharepakula Jul 6, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the other clients other than kube client are backendconfigclient and frontendconfigclient I am leaning towards NegClient or SvcNegClient.

pkg/neg/manager.go Outdated
@@ -260,6 +273,30 @@ func (manager *syncerManager) ReadinessGateEnabled(syncerKey negtypes.NegSyncerK
return false
}

func (manager *syncerManager) DeleteNegServiceCRs(namespace, name string) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this can stay as private function. This can be trigger within other public facing interfaces

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should also be ensureDeleteNegServiceCRs.
It should first check if the deleteionTimestamp is set, then proceed to delete if necessary.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made this a private function and called it from StopSyncer, and also checks for deletion timestamp before deleting.

pkg/neg/controller.go Outdated Show resolved Hide resolved
pkg/neg/manager.go Outdated
},
}

_, err = manager.negClient.NetworkingV1beta1().ServiceNetworkEndpointGroups(svcKey.namespace).Create(context.Background(), &negCR, metav1.CreateOptions{})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to do a get and validate if the object is in the desired state. Then create or update

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In what situations can we update the existing CR? If any of the ObjectMeta differs, I am thinking that an error should be raised. In other cases, Initialized and Synced conditions are harder to update since we don't really know the state. I am thinking to leave the Initialized condition unchanged, and change the Synced Condition to ConditionUnknown if we find an existing CR that matches the Neg we wish to create. What do you think?

pkg/neg/manager.go Outdated
@@ -121,6 +129,11 @@ func (manager *syncerManager) EnsureSyncers(namespace, name string, newPorts neg
// determine the implementation that calculates NEG endpoints on each sync.
epc := negsyncer.GetEndpointsCalculator(manager.nodeLister, manager.podLister, manager.zoneGetter,
syncerKey, portInfo.RandomizeEndpoints)

if err := manager.createNegCR(key, portInfo); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need to mirror this behavior for removes. So that you can clean up the CRs that needs to be deleted.

pkg/neg/types/interfaces.go Outdated
@@ -79,6 +79,8 @@ type NegSyncerManager interface {
GC() error
// ShutDown shuts down the manager
ShutDown()
// DeleteNegServiceCRs marks all NEG CRs corresponding to a service for deletion
DeleteNegServiceCRs(namespace, name string) error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you should not add this.

You might just need to modify the StopSyncer interface.

pkg/neg/manager.go Outdated
ObjectMeta: metav1.ObjectMeta{
Name: portInfo.NegName,
Namespace: svcKey.namespace,
Finalizers: []string{common.NegFinalizerKey},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest you do not add the finalizer in this PR because it would break HEAD if NEG CRD is enabled.

Add a TODO here and remember to add the finalizer in the following PR that handles GC.
Maybe just comment out this line and add TODO

pkg/neg/utils.go Outdated Show resolved Hide resolved
@swetharepakula
Add feature flag for custom neg names
e964640 
 - when enabled, NEG CRD is ensured in k8s cluster
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 27, 2020
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jun 29, 2020
@swetharepakula swetharepakula force-pushed the neg-crd-feature-gate branch from e9e8e5d to 7d3feb2 Compare July 1, 2020 00:12
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 1, 2020
@swetharepakula swetharepakula force-pushed the neg-crd-feature-gate branch from 7d3feb2 to 9836768 Compare July 1, 2020 00:27
@swetharepakula
newServicePorts return desired custom neg names
991b046 
 - names specified in service annotations are passed along into the port
 info map
@swetharepakula swetharepakula force-pushed the neg-crd-feature-gate branch 2 times, most recently from caa984c to 991b046 Compare July 6, 2020 17:31
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jul 6, 2020
@swetharepakula swetharepakula marked this pull request as ready for review July 6, 2020 17:32
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 6, 2020
@swetharepakula
Copy link
Member Author

The initial pull request was quite big, so splitting it into two. This now will only cover the feature gate and the utils changes necessary to start using custom names.

@swetharepakula swetharepakula mentioned this pull request Jul 6, 2020
Merged
freehan
freehan reviewed Jul 7, 2020
View reviewed changes
Copy link
Contributor

@freehan freehan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is one corner case I want to confirm:

Let us say the NEG annotation is {"ingress": "true", "exposed_ports": {80:{"name": "foo"}}}. Ingress and standalone NEG shared the same service port 80.

Should we allow this config? I think disallowing this config might be good enough. But want to see if it makes things easier for allowing it.

@swetharepakula
Copy link
Member Author

A few small improvements to the ingress controller and the helper utils and structs are necessary to support the change. One benefit we would gain from supporting it, would not having to do any error handling for that situation.

@swetharepakula
Copy link
Member Author

After discussing with @freehan, I think for now we should not support the config where Ingress is true with a custom named neg, as it would require the Ingress controller to also parse and store the information in service annotations. The custom named standalone neg implementation will not limit opening this restriction up in the future if desired.

freehan
freehan approved these changes Jul 8, 2020
View reviewed changes
Copy link
Contributor

@freehan freehan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 8, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: freehan, swetharepakula

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 8, 2020
@k8s-ci-robot k8s-ci-robot merged commit e288604 into kubernetes:master Jul 8, 2020
@swetharepakula swetharepakula deleted the neg-crd-feature-gate branch July 29, 2020 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freehan freehan freehan approved these changes

@bowei bowei Awaiting requested review from bowei

Assignees

@freehan freehan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@swetharepakula @k8s-ci-robot @freehan