Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create events on route updates failures and don't keep node routes to main route table #8

Merged
merged 1 commit into from
Jan 31, 2023
Merged

Create events on route updates failures and don't keep node routes to main route table #8

merged 1 commit into from
Jan 31, 2023

Conversation

MartinWeindel
Copy link
Member

What this PR does / why we need it:
Events are now created in the kube-system namespace on route updates, especially if they are failing.
Note, that on normal operation the event is created only once.
If the route update has errors, the event is created everytime. As soon as it recovers an event for normal operation is created one time.
These events will be analysed by a health check of the provider-aws extension.

Additionally, the main table will not contain the routes to the worker nodes anymore. It is sufficient to have them in the route tables for the subnets. If the VPC is used by multiple clusters, keeping the routes in the main table would cause quota issues (RouteLimitExceeded) just sooner. There is a hard limit of 1000 routes per route table according to the AWS documentation, see Amazon VPC quotas

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

Create events on route updates failures and don't keep node routes to main route table

@MartinWeindel MartinWeindel requested a review from a team as a code owner January 30, 2023 17:13
@gardener-robot gardener-robot added needs/review Needs review size/s Size of pull request is small (see gardener-robot robot/bots/size.py) labels Jan 30, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 30, 2023
@MartinWeindel
Copy link
Member Author

/invite @ScheererJ @DockToFuture @axel7born

@gardener-robot-ci-3 gardener-robot-ci-3 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 30, 2023
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 31, 2023
kon-angelo
kon-angelo reviewed Jan 31, 2023
View reviewed changes
pkg/updater/routes.go Outdated
Comment on lines 110 to 112
for _, route := range table.Routes {
if route.NatGatewayId != nil && aws.StringValue(route.DestinationCidrBlock) == "0.0.0.0/0" {
// all subnet route tables have a NAT gateway route
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it makes sense to make the inverse check of looking at IGW instead of the NAT GWs. Would it make any sense in BYO-VPC cases where there may be other route tables ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. Checking of IGW now in main route table.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it always required to have an internet gateway? Would it be possible to do it differently in a bring-your-own scenario, e.g. via vpc peering?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently this is checked at runtime: https://github.com/gardener/gardener-extension-provider-aws/blob/907425e071477b973e56f319c43786a43ede67af/pkg/controller/infrastructure/configvalidator.go#L119 especially for BYO scenario

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have simplified the main table recognition by using the name tag.
What do you think? @ScheererJ @kon-angelo

@MartinWeindel MartinWeindel mentioned this pull request Jan 31, 2023
Merged
ScheererJ
ScheererJ approved these changes Jan 31, 2023
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels Jan 31, 2023
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 31, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 31, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 31, 2023
kon-angelo
kon-angelo approved these changes Jan 31, 2023
View reviewed changes
Copy link
Contributor

@kon-angelo kon-angelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@MartinWeindel MartinWeindel merged commit 24f043e into main Jan 31, 2023
@MartinWeindel MartinWeindel deleted the events-on-update branch January 31, 2023 12:30
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScheererJ ScheererJ ScheererJ approved these changes

@kon-angelo kon-angelo kon-angelo approved these changes

@axel7born axel7born Awaiting requested review from axel7born

@DockToFuture DockToFuture Awaiting requested review from DockToFuture

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging size/s Size of pull request is small (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@MartinWeindel @ScheererJ @kon-angelo @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot