Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPAddress allocator #115075

Merged
merged 17 commits into from
Mar 15, 2023
Merged

IPAddress allocator #115075

merged 17 commits into from
Mar 15, 2023
+9,002 −296

Conversation

aojea
Copy link
Member

@aojea aojea commented Jan 14, 2023
edited

/kind bug
/kind feature

What this PR does / why we need it:

This is the first step towards the implementation of KEP 1880, it introduces a new API object IPAddress and a feature gate MultiCIDRServiceAllocator

The feature gate enables a new ClusterIP Allocator that uses the IPAddress object instead of the the actual bitmap allocator, removing the current service cidr size limitations (ipv4 is a /12 and ipv6 /108) and setting the maximum size of a service CIDR in /64

The new IPAllocator uses IPAddress objects that reference the Service to store the ClusterIP, creating a 1-to-1 relation.
This relation is maintained by a repair controller that runs in the apiserver.

- Added a new IPAddress object kind
- Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

Please use the following format for linking documentation:

- [KEP]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/1880-multiple-service-cidrs

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/apiserver area/code-generation area/kubectl area/test kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jan 14, 2023
@kubernetes kubernetes deleted a comment from diadj Jan 15, 2023
@cici37
Copy link
Contributor

cici37 commented Jan 17, 2023

/remove-sig api-machinery

@k8s-ci-robot k8s-ci-robot removed the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Jan 17, 2023
aojea
aojea commented Jan 23, 2023
View reviewed changes
pkg/features/kube_features.go Outdated Show resolved Hide resolved
@aojea
make update
ba42ed9 
Change-Id: I19e12ca05d977dca63043cb07ecf8a90e0e525c5
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 14, 2023
@k8s-ci-robot k8s-ci-robot added the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Mar 14, 2023
@aojea
Copy link
Member Author

aojea commented Mar 14, 2023

PR needs rebase.

rebased

@thockin we need sudo 😄

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 14, 2023
@aojea
Copy link
Member Author

aojea commented Mar 14, 2023

Kubernetes e2e suite: [It] [sig-cli] Kubectl client kubectl subresource flag GET on status subresource of built-in type (node) returns identical info as GET on the built-in type expand_less

known flake

/test pull-kubernetes-e2e-kind
#116619

thockin
thockin reviewed Mar 14, 2023
View reviewed changes
Copy link
Member

@thockin thockin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On behalf of the review done by others and the fact that it is alpha

/lgtm
/approve

pkg/apis/networking/types.go Show resolved Hide resolved
pkg/apis/networking/validation/validation.go Show resolved Hide resolved
staging/src/k8s.io/api/networking/v1alpha1/well_known_labels.go
Comment on lines +21 to +26
// LabelIPAddressFamily is used to indicate the IP family of a Kubernetes IPAddress.
// This label simplify dual-stack client operations allowing to obtain the list of
// IP addresses filtered by family.
LabelIPAddressFamily = "ipaddress.kubernetes.io/ip-family"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can field selectors be used in watch? I have never done that...

We can revisit this and either make it a field selector or a "magic" label or something. I agree we need to make some guarantees

staging/src/k8s.io/api/networking/v1alpha1/well_known_labels.go
// objects to be managed by different controllers or entities within the
// same cluster. It is highly recommended to configure this label for all
// IPAddress objects.
LabelManagedBy = "ipaddress.kubernetes.io/managed-by"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to fix owner ref. Grr....

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 14, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 6bd9bd2d25dd4855c9f7941cc91f3746c1f94c08

@thockin
Copy link
Member

thockin commented Mar 15, 2023
edited

indiana_jones_hat_under_the_door

@thockin
Copy link
Member

thockin commented Mar 15, 2023

/retest

@aojea aojea mentioned this pull request Mar 15, 2023
Closed
@sftim
Copy link
Contributor

sftim commented Mar 15, 2023

Changelog suggestion

- Added a new IPAddress object kind
- Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64

something like that?

sftim
sftim reviewed Mar 15, 2023
View reviewed changes
staging/src/k8s.io/api/networking/v1alpha1/well_known_labels.go
Comment on lines +27 to +31
// LabelManagedBy is used to indicate the controller or entity that manages
// an IPAddress. This label aims to enable different IPAddress
// objects to be managed by different controllers or entities within the
// same cluster. It is highly recommended to configure this label for all
// IPAddress objects.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should register this - see https://kubernetes.io/docs/reference/labels-annotations-taints/

staging/src/k8s.io/api/networking/v1alpha1/well_known_labels.go
// objects to be managed by different controllers or entities within the
// same cluster. It is highly recommended to configure this label for all
// IPAddress objects.
LabelManagedBy = "ipaddress.kubernetes.io/managed-by"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we can't fix owner reference, or find an equivalent mechanism that doesn't use labels, could the label key be kubernetes.io/managed-by? I'd like to just have one notion of things managing things rather than n of them.

staging/src/k8s.io/api/networking/v1alpha1/well_known_labels.go
Comment on lines +21 to +25
// TODO: Use IPFamily as field with a field selector,And the value is set based on
// the name at create time and immutable.
// LabelIPAddressFamily is used to indicate the IP family of a Kubernetes IPAddress.
// This label simplify dual-stack client operations allowing to obtain the list of
// IP addresses filtered by family.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we need a label, we should register this - see https://kubernetes.io/docs/reference/labels-annotations-taints/

I'd go for network.kubernetes.io/ip-address-family. Network is a nice general concept whereas IP address feels very specific. And, as a project, we control the namespace fairly effectively.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, there is also a comment to move it to a field, once we settle we should update all the docs accordingly

@aojea
Copy link
Member Author

aojea commented Mar 15, 2023

/milestone v1.27

approved before code freeze
#115075 (comment)

@k8s-ci-robot k8s-ci-robot added this to the v1.27 milestone Mar 15, 2023
@aojea
Copy link
Member Author

aojea commented Mar 15, 2023

On behalf of the review done by others and the fact that it is alpha

/lgtm /approve

@thockin it seems it didn't pick the approve label correctly, can you retag?

@thockin
Copy link
Member

thockin commented Mar 15, 2023

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea, khenidak, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 15, 2023
@k8s-ci-robot k8s-ci-robot merged commit f44d561 into kubernetes:master Mar 15, 2023
@BenTheElder
Copy link
Member

Congrats @aojea :-)

@aojea
Copy link
Member Author

aojea commented Mar 15, 2023

Summarizing issues from this PR to not forget, please add the things you find missing, so I can start incorporating them to the follow up in #116516

  • Document upgrades and rollbacks, specially for those clusters with size that are now allowed that were not allowed before
  • Owner references, namespaces -> non-namespaces, it seems we should keep using label IPAddress allocator #115075 (comment)
  • Field-selector vs Label-selector, the flexibility of labels makes it simpler to create controllers that handle IPAddresses and need to be dual-stack IPAddress allocator #115075 (comment), I prefer to keep using labels why podLister do not support FieldSelector? client-go#604 since I expect most of the consumers will need to do a lot of filtering client side
  • Drop ParentReference UID
  • If we use labels, document them properly

@cici37
Copy link
Contributor

cici37 commented Mar 16, 2023

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danwinship danwinship danwinship left review comments

@liggitt liggitt liggitt left review comments

@smarterclayton smarterclayton smarterclayton left review comments

@thockin thockin thockin left review comments

@sftim sftim sftim left review comments

@andrewsykim andrewsykim Awaiting requested review from andrewsykim

@apelisse apelisse Awaiting requested review from apelisse

@BenTheElder BenTheElder Awaiting requested review from BenTheElder

@khenidak khenidak Awaiting requested review from khenidak

Assignees

@BenTheElder BenTheElder

@thockin thockin

@khenidak khenidak

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/code-generation area/kubectl area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
[sig-release] Bug Triage
Archived in project
Milestone
v1.27
Development

Successfully merging this pull request may close these issues.

None yet