-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update kube-router to v2.1.0 #16440
Update kube-router to v2.1.0 #16440
Conversation
* Update version v1.6.0 -> v2.1.0 * expose container runtime socket to kube-router * kube-router loadbalancer controller * Add access / information that is needed by the load balancer controller in kube-router. * add access to endpoint slices for services controller * enable hairpin mode on kube-router * There are integration tests in kops that expect that hairpin functionality is always enabled, as such we now enable hairpin-mode in kube-router by default. * enable hostPID access * kube-router now requires access to the host's process namespace. See cloudnativelabs/kube-router#1584 for more information.
Hi @aauren. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
af0a292
to
da0ce7c
Compare
I went ahead and re-added the skip regex for the 2 failing kube-router tests TCP close/wait which appears to be flaky as this one isn't failing consistently in my similar test-bed and the kube-proxy URLs one as something appears to have changed in the test package that causes this to fail. I'll look more into these later, but this should hopefully get it through. |
* kube-router enable service.kubernetes.io tests * kube-router enable load-balancer tests * kube-router enable endpointslice tests
da0ce7c
to
821ab18
Compare
Nice bump. Thanks @aauren! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hakman The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@aauren: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/test pull-kops-e2e-cni-amazonvpc |
/test pull-kops-e2e-k8s-aws-calico |
…-upstream-release-1.29 Automated cherry pick of #16440: Update kube-router to v2.1.0
@hakman for review
Changes:
/etc/iproute2/rt_tables
into the container as well which is used by kube-router to configure source routing for DSRhostPID: true
functionality for DSRPOD_NAME
so that user's can easily enable load-balancing mode for kube-routerI found that in the current main branch of kops that kube-router's old method of adding instance modify permissions to the nodes no longer works correctly. I believe that this permission should be coming in when kube-router is chosen as the networking provider:
However, this no longer seems to be applying to nodes correctly and when this is missing kube-router is not able to forward pod traffic to other nodes.
After poking around a bit, I also noticed that other CNIs like Calico have special logic in the IAM builder like the following to add similar functionality in the IAM node builder code: https://github.com/kubernetes/kops/blob/master/pkg/model/iam/iam_builder.go#L467-L469
So I added this functionality for kube-router as well and found that it works correctly and enables kube-router to disable the src-dest check in AWS.
Additionally removed all of the skip_regex.go exceptions that were kept for kube-router as with this version update kube-router now passes all of the upstream e2e conformance tests.