Pods Egress DSCP QoS proposal #1035
Conversation
oribon
changed the title
openshift-ci
bot
added
the
do-not-merge/work-in-progress
oribon
force-pushed
the
egress_qos
branch
4 times, most recently
from
7679258
to
e0a1867
Compare
oribon
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
oribon
force-pushed
the
egress_qos
branch
2 times, most recently
from
0569749
to
80c8ad1
Compare
oribon
force-pushed
the
egress_qos
branch
3 times, most recently
from
fcc5c1a
to
7acd7ed
Compare
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Adding the API necessary for the EgressQoS controller implementation as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
enhancements/network/egress-qos.md
Outdated
| A new API `EgressQoS` under the `k8s.ovn.org/v1` version will be added to `pkg/crd`. | ||
|
|
||
| A new controller in OVN-K will watch `EgressQoS`, `Pod` and `Node` objects, which will create the relevant QoS objects in OVN and result in the necessary flows to be programmed in OVS. To which logical switches these QoS objects are attached to differs a bit between SGW/LGW modes: | ||
| * In SGW mode it is enough to attach the QoS objects only to the single distributed `join` switch, as all pods egress traffic goes through it. |
There was a problem hiding this comment.
do we need to put it on 2 different switches (depending on gateway mode)? It would be easier to just do this on the node switch for both modes I think. Also, is the qos evaluation done after load balancer DNAT so that your dst match would be post service DNAT?
There was a problem hiding this comment.
I know I previously made a comment that steered you towards splitting to worker and join switch for different modes, but I think since we match on dest ip its OK to do them both on the worker switch.
@dceara pointed out that the qos eval is done pre-LB DNAT, so matching on destinations that are k8s endpoints woudln't work. Maybe its worth just noting that here?
There was a problem hiding this comment.
Is there any reason why the traffic can't be dscp-marked in the "egress" pipeline (egress from OVN perspective)? If we use "to-lport" QOS rules then there's no issue, those are applied after LB DNAT, so they could match on endpoint IPs.
There was a problem hiding this comment.
I know I previously made a comment that steered you towards splitting to worker and join switch for different modes, but I think since we match on dest ip its OK to do them both on the worker switch.
@dceara pointed out that the qos eval is done pre-LB DNAT, so matching on destinations that are k8s endpoints woudln't work. Maybe its worth just noting that here?
changed it to use node switches regardless of sgw/lgw.
Is there any reason why the traffic can't be dscp-marked in the "egress" pipeline (egress from OVN perspective)? If we use "to-lport" QOS rules then there's no issue, those are applied after LB DNAT, so they could match on endpoint IPs.
no reason, changed it to to-lport as it seems that it still works
Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Adding the API necessary for the EgressQoS controller implementation as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Adding the API necessary for the EgressQoS controller implementation as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
@oribon: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Adding the API necessary for the EgressQoS controller implementation as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Adding the API necessary for the EgressQoS controller implementation as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Adding the API necessary for the EgressQoS controller implementation as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Add the EgressQoS controller as described in openshift/enhancements#1035 Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
Signed-off-by: Ori Braunshtein obraunsh@redhat.com