-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
coordinator should only set rp_filter for pod but not the node #3906
coordinator should only set rp_filter for pod but not the node #3906
Conversation
ffdab9b
to
cba03ad
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3906 +/- ##
=======================================
Coverage 81.28% 81.28%
=======================================
Files 50 50
Lines 4408 4408
=======================================
Hits 3583 3583
Misses 669 669
Partials 156 156
Flags with carried forward coverage won't be shown. Click here to find out more. |
cba03ad
to
34d9912
Compare
34d9912
to
0d1592e
Compare
1 如果是bug 修复,项目承诺的是 0.8 0.9 是稳定版本,为什么只关注 0.9 的历史版本 |
因为 #3898 只 cherry-pick 到了 0.9 和 1.0, 这个 PR 依赖它。这个 PR 既有feature ,也有一个小的 bug fixes |
我稍后检查 |
@@ -48,9 +48,6 @@ spec: | |||
items: | |||
type: string | |||
type: array | |||
hostRPFilter: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个需要保留,描述 deprecated , 后续 处理
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
0d1592e
to
166f344
Compare
47d5cec
to
d7df0d4
Compare
@@ -78,6 +81,9 @@ spec: | |||
type: string | |||
podMACPrefix: | |||
type: string | |||
podRPFilter: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个 描述 是 不清晰的
什么值是 不设置,保持默认,什么值是 会 生效 ,取值范围等
这整个 CRD 中的 field 都 添加一些 使用描述
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
如果只是 0 1 2 , 那用什么值 表示 不做任何动作,保留 pod 中的原始值
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
你说的对,目前代码 -1 表示不做任何操作
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
为什么只是 -1 , 不是 负数 。
如果 -2 -3 -4 会发生什么,有bug ? 健壮性
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
31d7d19
to
e900656
Compare
type: boolean | ||
hijackCIDR: | ||
description: HijackCIDR specifies additional destination subnets that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
additional destination subnets 这个需要明细下,否则看不懂
type: integer | ||
hostRuleTable: | ||
default: 500 | ||
description: HostRuleTable specifies the routing table number of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
需要说明 这个 table 是做什么用的
type: boolean | ||
txQueueLen: | ||
default: 0 | ||
description: TxQueueLen to set the tx_queue_len of the pod. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
需要说明下,0 代表什么,既然是 integer, 负数代表什么
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
type: string | ||
podMACPrefix: | ||
description: PodMACPrefix the fixed MAC address prefix, e.g. 0a:1b |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这需要体现: 输入 两个字节 , 并且,第一个字节的 最低位 必须是 0 , 它代表一个 单播的 mac 。 相关的 webhook 是否有做验证 ?
@@ -75,14 +89,26 @@ spec: | |||
- none | |||
type: string | |||
podDefaultRouteNIC: | |||
description: PodDefaultRouteNIC PodDefaultRouteNIC is used to configure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
缺省是什么
缺省是 空串 代表什么
docs/concepts/coordinator-zh_CN.md
Outdated
@@ -38,7 +38,8 @@ EOF | |||
| serviceCIDR | 默认的集群 Service 子网, 会注入到 Pod 中。不需要配置,自动从 Spidercoordinator default 中获取 | []stirng | optional | 默认从 Spidercoordinator default 中获取 | | |||
| hijackCIDR | 额外的需要从主机转发的子网路由。比如nodelocaldns 的地址: 169.254.20.10/32 | []stirng | optional | 空 | | |||
| hostRuleTable | 策略路由表号,同主机与 Pod 通信的路由将会存放于这个表号 | 整数型 | optional | 500 | | |||
| hostRPFilter | 设置主机上的 sysctl 参数 rp_filter | 整数型 | optional | 0 | | |||
| podRPFilter | 设置 Pod 的 sysctl 参数 rp_filter | 整数型 | optional | 0 | | |||
| hostRPFilter(遗弃) | 设置节点 的 sysctl 参数 rp_filter | 整数型 | optional | 0 | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hostRPFilter | (遗弃) 设置节点 的 sysctl 参数 rp_filter
ef2a004
to
0fac10c
Compare
@@ -125,7 +125,7 @@ func (g *_unixGetCoordinatorConfig) Handle(params daemonset.GetCoordinatorConfig | |||
TunePodRoutes: coord.Spec.TunePodRoutes, | |||
PodDefaultRouteNIC: nic, | |||
HostRuleTable: int64(*coord.Spec.HostRuleTable), | |||
HostRPFilter: int64(*coord.Spec.HostRPFilter), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个结构体定义不应该删除,它只是不被处理,却不能缺少定义?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里删除没有关系,这里是coordinator 请求 agent 获取 coordinatiorConfig,这个字段原来也没有用到
@@ -55,7 +55,7 @@ type Config struct { | |||
PodDefaultRouteNIC string `json:"podDefaultRouteNic,omitempty"` | |||
Mode Mode `json:"mode,omitempty"` | |||
HostRuleTable *int64 `json:"hostRuleTable,omitempty"` | |||
RPFilter int32 `json:"hostRPFilter,omitempty" ` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个结构体定义不应该删除,它只是不被处理,却不能缺少定义?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里可以加回来
@@ -53,7 +54,8 @@ This is the Spidercoordinators spec for users to configure. | |||
| detectGateway | enable detect gateway while launching pod, If the gateway is unreachable, pod will be failed to created; Note: We use ARP probes to detect if the gateway is reachable, and some gateway routers may warn about this | boolean | optional | true,false | false | | |||
| detectIPConflict | enable the pod's ip if is conflicting while launching pod. If an IP conflict of the pod is detected, pod will be failed to created | boolean | optional | true,false | false | | |||
| podMACPrefix | fix the pod's mac address with this prefix + 4 bytes IP | string | optional | a invalid mac address prefix | "" | | |||
| hostRPFilter | sysctls: rp_filter in host | int | required | 0,1,2;suggest to be 0 | 0 | | |||
| podRPFilter | set rp_filter sysctl for the pod | int | required | 0,1,2;suggest to be 0 | 0 | | |||
| hostRPFilter(deprecated) | set rp_filter sysctl for the node | int | required | 0,1,2;suggest to be 0 | 0 | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
没有名字 带deprecated,这属于 描述
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
cmd/coordinator/cmd/cni_types.go
Outdated
@@ -55,7 +55,7 @@ type Config struct { | |||
PodDefaultRouteNIC string `json:"podDefaultRouteNic,omitempty"` | |||
Mode Mode `json:"mode,omitempty"` | |||
HostRuleTable *int64 `json:"hostRuleTable,omitempty"` | |||
RPFilter int32 `json:"hostRPFilter,omitempty" ` | |||
RPFilter *int32 `json:"podRPFilter,omitempty" ` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Podrpfilter 准确,和原来代码 区分
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
90371ea
to
d4258d1
Compare
type: string | ||
podMACPrefix: | ||
description: 'PodMACPrefix the fixed MAC address prefix, the length | ||
is two bytes. the lowest bit of the first byte must be 0, which | ||
indicates the \ unicast MAC address. example: 0a:1b' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个单播mac是否有检验
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
f250e64
to
8b2837a
Compare
Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
8b2837a
to
7e94f03
Compare
|
coordinator should only set rp_filter for pod but not the node Signed-off-by: robot <tao.yang@daocloud.io>
Thanks for contributing!
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #3905
Special notes for your reviewer: