Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update ESIPP documentation to reflect new fields #4093

Merged
merged 1 commit into from
Jun 27, 2017

Conversation

MrHohn
Copy link
Member

@MrHohn MrHohn commented Jun 15, 2017

Documentation for kubernetes/enhancements#27.

External Source IP Preservation (ESIPP) is promoted from Beta to GA in 1.7.

/assign @chenopis
cc @bowei @freehan


This change is Reviewable

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 15, 2017
@chenopis chenopis added this to the 1.7 milestone Jun 15, 2017
@chenopis chenopis requested review from bowei and freehan June 20, 2017 17:57
Copy link
Contributor

@chenopis chenopis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor edit suggestions.

potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and
may cause a second hop to another node, but should have good overall load-spreading.
* `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the
service. If not specified, HealthCheckNodePort is created by the service api backend
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

capitalize API

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

may cause a second hop to another node, but should have good overall load-spreading.
* `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the
service. If not specified, HealthCheckNodePort is created by the service api backend
with the allocated nodePort. Will use user-specified nodePort value if specified by the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add "It" and "the": "It will use the user-specified..."

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

* `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the
service. If not specified, HealthCheckNodePort is created by the service api backend
with the allocated nodePort. Will use user-specified nodePort value if specified by the
client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what the meaning of this sentence is. I think you mean:

It is only has an effect when Type is set to "LoadBalancer" and ExternalTrafficPolicy is set to "Local".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is much better, applied.

* `service.beta.kubernetes.io/healthcheck-nodeport` annotation <-> `Service.Spec.HealthCheckNodePort` field

`service.beta.kubernetes.io/external-traffic` annotation has a different set of values
comparing to `Service.Spec.ExternalTrafficPolicy` field, the values match as follows:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggested edit: "...compared to the `Service.Spec.ExternalTrafficPolicy` field. The values match as follows:"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, applied.

@MrHohn
Copy link
Member Author

MrHohn commented Jun 21, 2017

Thanks! Re-pushed commit.

@chenopis
Copy link
Contributor

Ok, we just need a tech lgtm from @bowei or @freehan.

@MrHohn
Copy link
Member Author

MrHohn commented Jun 21, 2017

/assign @bowei @freehan

@chenopis
Copy link
Contributor

@bowei @freehan This PR still requires a tech review.

FYI, all feedback must be addressed and LGTMs given by EOD Tue, June 27th so that this can be merged for the 1.7 release on June 28th.


This feature can be activated by adding the beta annotation below to the metadata section of the Service Configuration file.
* `Service.Spec.ExternalTrafficPolicy` - It denotes if this Service desires to route
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change: service.spec.externalTrafficPolicy

Specify fields as they appear in YAML/JSON manifests, not in the API:

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, change applied.

source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks
potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and
may cause a second hop to another node, but should have good overall load-spreading.
* `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

service.spec.healthCheckNodePort

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change applied.

v1.7. Please consider using API fields instead.

* `service.beta.kubernetes.io/external-traffic` annotation <-> `Service.Spec.ExternalTrafficPolicy` field
* `service.beta.kubernetes.io/healthcheck-nodeport` annotation <-> `Service.Spec.HealthCheckNodePort` field
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above, use field names as they appear in the YAML manifests (same below)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes applied.

}
}
```

Below you could find the deprecated beta annotations. We may stop supporting them after
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do not use "we". Suggested rewrite:

Below you could find the deprecated annotations used to enable this feature prior to its stable version. Newer Kubernetes versions may stop supporting these after v1.7. Please update existing applications to
use the fields directly.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is much better, applied change.


This feature can be activated by adding the beta annotation below to the metadata section of the Service Configuration file.
* `service.spec.externalTrafficPolicy` - It denotes if this Service desires to route
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The starting word "It" seems strange, remove?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need to add what values the field can take (this is a boolean, right?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it could be either "Local" or "Cluster". Added a sentence to make it clear.

source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks
potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and
may cause a second hop to another node, but should have good overall load-spreading.
* `service.spec.healthCheckNodePort` - It specifies the healthcheck nodePort for the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The starting word "It" seems strange, remove?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to add the values that this can take.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated sentence.

}
}
```

Below you could find the deprecated annotations used to enable this feature
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make this a subsection

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@@ -97,20 +99,34 @@ which should produce output like this:

The IP address is listed next to `LoadBalancer Ingress`.

## Annotation to modify the LoadBalancer behavior for preservation of Source IP
In 1.5, a Beta feature has been added that changes the behavior of the external LoadBalancer feature.
## Modify the LoadBalancer behavior for preservation of Source IP
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would make this more direct:

## Preserving the client source IP

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds great, applied.

In 1.5, a Beta feature has been added that changes the behavior of the external LoadBalancer feature.
## Modify the LoadBalancer behavior for preservation of Source IP

Due to the implementation of this feature, the source IP for sessions as seen in the target
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete "for sessions as"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.


Due to the implementation of this feature, the source IP for sessions as seen in the target
container will *not be the original source IP* of the client. This is the default behavior as
of Kubernetes v1.7. However, starting in v1.5, an optional beta feature has been added that
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace starting with "This is the default..."

To enable preservation of the client IP, the following field can be configured in the service spec:

you can delete the version stuff as you already cover it below in the beta etc discussion.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, modified sentences.

@MrHohn MrHohn force-pushed the release-1.7-esipp-ga branch from e26f786 to 7267270 Compare June 27, 2017 04:05
load-spreading. "Local" preserves the client source IP and avoids a second hop
for LoadBalancer and NodePort type services, but risks potentially imbalanced
traffic spreading.
* `service.spec.healthCheckNodePort` - specifies the healthcheck nodePort (a 32
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

16-bit, probably easier just to say (numeric port number)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, applied.

}
}
```

### Deprecated Beta annotations
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

### Feature availability
| 1.7+ | supports the full ... |
|  1.5 - 1.6 | Beta ... |
|  <1.5 | Unsupported |

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added availability table.

@MrHohn MrHohn force-pushed the release-1.7-esipp-ga branch from 7267270 to 48caf20 Compare June 27, 2017 17:03
@chenopis chenopis merged commit d8f5b4f into kubernetes:release-1.7 Jun 27, 2017
@MrHohn MrHohn deleted the release-1.7-esipp-ga branch October 5, 2017 00:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants