Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support setting ipMode: Proxy for LB service for VPC mode #541

Merged
merged 1 commit into from
Apr 15, 2024
Merged

Support setting ipMode: Proxy for LB service for VPC mode #541

merged 1 commit into from
Apr 15, 2024

Conversation

timdengyun
Copy link
Contributor

@timdengyun timdengyun commented Apr 7, 2024
edited

Refer to:
KEP-1860 Make Kubernetes aware of the LoadBalancer behaviour
kubernetes/kubernetes#119937: Make Kubernetes aware of the LoadBalancer behaviour
Kubernetes 1.29: New (alpha) Feature, Load Balancer IP Mode for Services

Starting from K8s 1.29.0, we can specify iPMode of load balancer status with VIP or Proxy.

This patch is to set Loadbalancer service status ipMode when the K8s version is >= 1.29.0
and VPC mode enabled:
The setting conditions:

  1. service tanzu.vmware.com/ingress-ip-mode label
  2. Default ipMode is Proxy if the label is not set or invalid values are set.

Testing Done:
in K8s 1.29.1 env and enable feature gate in kube-proxy, kube-apiserver,.

  1. Set label: tanzu.vmware.com/ingress-ip-mode: vip for one lb service, and create the lb service, check lb status ipMode is VIP.
    status:
    loadBalancer:
    ingress:
    • ip: 192.168.64.1
      ipMode: VIP
kubectl get svc -A -o wide
NAMESPACE     NAME          TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                  AGE     SELECTOR
ns-2          tcp-svc-lb2   LoadBalancer   10.97.203.125   192.168.64.1   80:31954/TCP             80m     app=tcp

Check IPTable rules:  iptables -L -t nat
Chain KUBE-SERVICES (2 references)
target     prot opt source               destination
KUBE-SVC-63L2GNUUG6ILWM3U  tcp  --  anywhere             10.97.203.125        /* ns-2/tcp-svc-lb2:tcp cluster IP */ tcp dpt:http
KUBE-EXT-63L2GNUUG6ILWM3U  tcp  --  anywhere             192.168.64.1         /* ns-2/tcp-svc-lb2:tcp loadbalancer IP */ tcp dpt:http
There is DNAT rule KUBE-EXT-63L2GNUUG6ILWM3U generated for loadbalancer IP 192.168.64.1
and also there is cluster IP rule.
  1. Set label: tanzu.vmware.com/ingress-ip-mode: proxy for one lb service, and create the lb service, check lb status ipMode is Proxy.
    status:
    loadBalancer:
    ingress:
    • ip: 192.168.244.1
      ipMode: Proxy
Check IPTable rules:  iptables -L -t nat
Chain KUBE-SERVICES (2 references)
target     prot opt source               destination
KUBE-SVC-63L2GNUUG6ILWM3U  tcp  --  anywhere             10.97.203.125        /* ns-2/tcp-svc-lb2:tcp cluster IP */ tcp dpt:http

There is no DNAT rule generated for loadbalancer IP 192.168.64.1 only cluster IP rule.
  1. Unset label tanzu.vmware.com/ingress-ip-mode or set invalid values other than vip or proxy, check lb status is ipMode: Proxy.
    There is no DNAT rule generated.

in K8s < 1.29.0 env, lb service controller is not started.

@TaoZou1
Copy link
Contributor

TaoZou1 commented Apr 7, 2024

2. VIP.

-> proxy?

per https://kubernetes.io/blog/2023/12/18/kubernetes-1-29-feature-loadbalancer-ip-mode-alpha/
This field specifies how the load balancer IP behaves and can be specified only when the .status.loadBalancer.ingress.ip field is also specified

Do we need to check that field before update IPmode?

@timdengyun timdengyun force-pushed the support_ipMode_Proxy_for_VPC branch from b02c1aa to 16aa9ac Compare April 8, 2024 08:53
@timdengyun
Copy link
Contributor Author

  1. VIP.

-> proxy?

per https://kubernetes.io/blog/2023/12/18/kubernetes-1-29-feature-loadbalancer-ip-mode-alpha/ This field specifies how the load balancer IP behaves and can be specified only when the .status.loadBalancer.ingress.ip field is also specified

Do we need to check that field before update IPmode?

Agreed, we can check status.loadBalancer.ingress.ip field before setting IPmode.

@timdengyun timdengyun requested a review from TaoZou1 April 8, 2024 08:55
@timdengyun timdengyun force-pushed the support_ipMode_Proxy_for_VPC branch from 16aa9ac to 31d2409 Compare April 9, 2024 01:53
@timdengyun
Support setting ipMode: Proxy for LB service for VPC mode
089e829 
Refer to:
https://kubernetes.io/blog/2023/12/18/kubernetes-1-29-feature-loadbalancer-ip-mode-alpha/
Starting from K8s 1.29.0, we can specify iPMode of load balancer status with VIP or Proxy.

This patch is to set Loadbalancer service status ipMode when the K8s version is >= 1.29.0
and VPC mode enabled:
The setting conditions:
1. service tanzu.vmware.com/ingress-ip-mode label
2. Default ipMode is Proxy if the label is not set or invalid values are set.
@timdengyun timdengyun force-pushed the support_ipMode_Proxy_for_VPC branch from 31d2409 to 089e829 Compare April 9, 2024 01:54
@timdengyun timdengyun merged commit eb24ae8 into vmware-tanzu:main Apr 15, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TaoZou1 TaoZou1 TaoZou1 approved these changes

@lxiaopei lxiaopei Awaiting requested review from lxiaopei

@dantingl dantingl Awaiting requested review from dantingl

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@timdengyun @TaoZou1 @vmwclabot