Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-0.15] Allow smooth upgrades to new kube-proxy with nft #5383

Merged
merged 1 commit into from
Mar 24, 2023
Merged

[release-0.15] Allow smooth upgrades to new kube-proxy with nft #5383

merged 1 commit into from
Mar 24, 2023

Conversation

eks-distro-pr-bot
Copy link
Contributor

This is an automated cherry-pick of #5345

/assign g-gaston

@g-gaston
Allow smooth upgrades to new kube-proxy with nft
15fb10e 
The new eks-d version includes the new kube-proxy with support for
iptables nft. The old kube-proxy always uses iptables legacy.

During an upgrade, when the new machine for the new CP node is started,
if the machine has iptables nft as the default, the kubelet will use it.
Then, before capi updates the kube-proxy image version in the DS (this
doesn't happen until the CP upgrade is finished), the old kube-proxy is
scheduled in the node. This old kube-proxy doesn't support nft and
always uses iptables legacy. When it starts, it adds legacy iptables
rules. However, at this point the kubelet has already added iptables-nft
rules.

After the CP has been updated, capi updates the kube-proxy DS to the new
version. This new version has the new wrapper, which detects the rules
introduced by the kubelet, so it starts using nft.

The hypothesis is that these leftover legacy rules break the k8s service
IP "redirection".

This allows a smooth transition by scheduling a DS with the old kube proxy
only in the old nodes and schedule a DS with the new kube-proxy only in
the new nodes.
@eks-distro-pr-bot eks-distro-pr-bot mentioned this pull request Mar 24, 2023
Merged
6 tasks
@eks-distro-bot
Copy link
Collaborator

Hi @eks-distro-pr-bot. Thanks for your PR.

I'm waiting for a aws member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@eks-distro-bot eks-distro-bot added needs-ok-to-test size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Mar 24, 2023
@g-gaston
Copy link
Member

/lgtm
/ok-to-test

@g-gaston
Copy link
Member

With @cxbrowne1207's permission
/approve

@eks-distro-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: g-gaston

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov
Copy link

codecov bot commented Mar 24, 2023

Codecov Report

❗ No coverage uploaded for pull request base (release-0.15@9d135e6). Click here to learn what that means.
The diff coverage is n/a.

@@               Coverage Diff               @@
##             release-0.15    #5383   +/-   ##
===============================================
  Coverage                ?   72.65%           
===============================================
  Files                   ?      441           
  Lines                   ?    36660           
  Branches                ?        0           
===============================================
  Hits                    ?    26634           
  Misses                  ?     8426           
  Partials                ?     1600

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@cxbrowne1207
Copy link
Member

/retest

1 similar comment
@g-gaston
Copy link
Member

/retest

@eks-distro-bot eks-distro-bot merged commit cd8f0cb into aws:release-0.15 Mar 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@g-gaston g-gaston

Labels
approved lgtm ok-to-test size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@eks-distro-pr-bot @eks-distro-bot @g-gaston @cxbrowne1207