Skip to content

Create events on route updates failures and don't keep node routes to main route table #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MartinWeindel merged 1 commit into from
Jan 31, 2023
Merged

Create events on route updates failures and don't keep node routes to main route table #8

MartinWeindel merged 1 commit into from
Jan 31, 2023

Conversation

@MartinWeindel
Copy link
Member

@MartinWeindel MartinWeindel commented Jan 30, 2023

What this PR does / why we need it:
Events are now created in the kube-system namespace on route updates, especially if they are failing.
Note, that on normal operation the event is created only once.
If the route update has errors, the event is created everytime. As soon as it recovers an event for normal operation is created one time.
These events will be analysed by a health check of the provider-aws extension.

Additionally, the main table will not contain the routes to the worker nodes anymore. It is sufficient to have them in the route tables for the subnets. If the VPC is used by multiple clusters, keeping the routes in the main table would cause quota issues (RouteLimitExceeded) just sooner. There is a hard limit of 1000 routes per route table according to the AWS documentation, see Amazon VPC quotas

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

Create events on route updates failures and don't keep node routes to main route table

@MartinWeindel MartinWeindel requested a review from a team as a code owner January 30, 2023 17:13
@gardener-robot gardener-robot added needs/review Needs review size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 30, 2023
@ghost ghost added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 30, 2023
@MartinWeindel
Copy link
Member Author

MartinWeindel commented Jan 30, 2023

/invite @ScheererJ @DockToFuture @axel7born

@ghost ghost added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 30, 2023
kon-angelo
kon-angelo reviewed Jan 30, 2023
View reviewed changes
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 31, 2023
kon-angelo
kon-angelo reviewed Jan 31, 2023
View reviewed changes
pkg/updater/routes.go Outdated
Comment on lines 110 to 112
for _, route := range table.Routes {
if route.NatGatewayId != nil && aws.StringValue(route.DestinationCidrBlock) == "0.0.0.0/0" {
// all subnet route tables have a NAT gateway route
Copy link
Contributor

@kon-angelo kon-angelo Jan 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it makes sense to make the inverse check of looking at IGW instead of the NAT GWs. Would it make any sense in BYO-VPC cases where there may be other route tables ?

Copy link
Member Author

@MartinWeindel MartinWeindel Jan 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. Checking of IGW now in main route table.

Copy link
Member

@ScheererJ ScheererJ Jan 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it always required to have an internet gateway? Would it be possible to do it differently in a bring-your-own scenario, e.g. via vpc peering?

Copy link
Contributor

@kon-angelo kon-angelo Jan 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently this is checked at runtime: https://github.com/gardener/gardener-extension-provider-aws/blob/907425e071477b973e56f319c43786a43ede67af/pkg/controller/infrastructure/configvalidator.go#L119 especially for BYO scenario

Copy link
Member Author

@MartinWeindel MartinWeindel Jan 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have simplified the main table recognition by using the name tag.
What do you think? @ScheererJ @kon-angelo

@MartinWeindel MartinWeindel mentioned this pull request Jan 31, 2023
Merged
ScheererJ
ScheererJ approved these changes Jan 31, 2023
View reviewed changes
Copy link
Member

@ScheererJ ScheererJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels Jan 31, 2023
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 31, 2023
@ghost ghost removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 31, 2023
@ghost ghost added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jan 31, 2023
kon-angelo
kon-angelo approved these changes Jan 31, 2023
View reviewed changes
Copy link
Contributor

@kon-angelo kon-angelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@MartinWeindel MartinWeindel merged commit 24f043e into main Jan 31, 2023
@MartinWeindel MartinWeindel deleted the events-on-update branch January 31, 2023 12:30
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ScheererJ ScheererJ ScheererJ approved these changes

@kon-angelo kon-angelo kon-angelo approved these changes

@axel7born axel7born Awaiting requested review from axel7born

@DockToFuture DockToFuture Awaiting requested review from DockToFuture

Assignees

No one assigned

Labels

needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging size/S Denotes a PR that changes 10-29 lines, ignoring generated files. status/closed Issue is closed (either delivered or triaged)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@MartinWeindel @ScheererJ @kon-angelo @gardener-robot-ci-2 @gardener-robot