Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apiserverproxy: introduce self managed network interface #10575

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

apiserverproxy: introduce self managed network interface #10575

wants to merge 2 commits into from
+3 −3

Conversation

hown3d
Copy link

@hown3d hown3d commented Sep 25, 2024

How to categorize this PR?

/area networking
/kind enhancement

What this PR does / why we need it:
gardener/apiserver-proxy#138 and gardener/apiserver-proxy#125 introduced changes to the apiserver-proxy component to manage it's own network interface to move away from loopback device lo

Reason is cilium ignoring the lo device when considering host addresses in eBPF datapath mode:
See gardener/gardener-extension-networking-cilium#386 for additional information.

Which issue(s) this PR fixes:
Fixes gardener/gardener-extension-networking-cilium#386

Special notes for your reviewer:
During testing with the local setup the rollout of the new network interface did not interfere existing connections.
Having the address bind to loopback and the new device did not raise any issues.
Cleanup is done when a node roll occurs anyway.

Lukas Hoehl added 2 commits September 25, 2024 14:17
apiserverproxy: introduce own network interface
1e59976 
move from loopback device to a self managed interface

Signed-off-by: Lukas Hoehl <[email protected]>
update apiserver-proxy image tag
31ba3b4 
Signed-off-by: Lukas Hoehl <[email protected]>
@gardener-prow gardener-prow bot added area/networking Networking related kind/enhancement Enhancement, improvement, extension labels Sep 25, 2024
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Sep 25, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign shafeeqes for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added the cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. label Sep 25, 2024
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Sep 25, 2024

Hi @hown3d. Thanks for your PR.

I'm waiting for a gardener member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@gardener-prow gardener-prow bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Sep 25, 2024
@hown3d
Copy link
Author

hown3d commented Sep 25, 2024

/hold wait for apiserver-proxy v0.18.0 release

@gardener-prow gardener-prow bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 25, 2024
axel7born
axel7born reviewed Sep 25, 2024
View reviewed changes
pkg/component/networking/apiserverproxy/apiserver_proxy.go
@@ -331,7 +331,7 @@ func (a *apiserverProxy) computeResourcesData() (map[string][]byte, error) {
ImagePullPolicy: corev1.PullIfNotPresent,
Args: []string{
fmt.Sprintf("--ip-address=%s", a.values.advertiseIPAddress),
"--interface=lo",
"--interface=apiserverproxy0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we don't run with --cleanup=true the address on the loopback device will not be deleted. Do we need to roll this out in two steps? First enable cleanup and set the interface with the next release?
https://github.com/gardener/apiserver-proxy/blob/5c0731a4a9c96d2ebdd97ddb3b68e1e21c8a8761/cmd/apiserver-proxy-sidecar/main.go#L29

@gardener-ci-robot
Copy link
Contributor

The Gardener project currently lacks enough active contributors to adequately respond to all PRs.
This bot triages PRs according to the following rules:

  • After 15d of inactivity, lifecycle/stale is applied
  • After 15d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 7d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Mark this PR as rotten with /lifecycle rotten
  • Close this PR with /close

/lifecycle stale

@gardener-prow gardener-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 10, 2024
@axel7born
Copy link
Contributor

/remove-lifecycle stale

@gardener-prow gardener-prow bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 11, 2024
@gardener-ci-robot
Copy link
Contributor

The Gardener project currently lacks enough active contributors to adequately respond to all PRs.
This bot triages PRs according to the following rules:

  • After 15d of inactivity, lifecycle/stale is applied
  • After 15d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 7d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Mark this PR as rotten with /lifecycle rotten
  • Close this PR with /close

/lifecycle stale

@gardener-prow gardener-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 26, 2024
@gardener-prow gardener-prow bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 6, 2024
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Nov 6, 2024

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@axel7born axel7born axel7born left review comments

@rfranzke rfranzke Awaiting requested review from rfranzke

@ScheererJ ScheererJ Awaiting requested review from ScheererJ

Assignees
No one assigned
Labels
area/networking Networking related cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/enhancement Enhancement, improvement, extension lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

direct routing and BPF datapath of kube-proxy replacement
3 participants
@hown3d @gardener-ci-robot @axel7born