sdn: clean up startup scripts, remove DNS, watch config file #21654
Conversation
openshift-ci-robot
added
the
size/XL
| @@ -0,0 +1,96 @@ | |||
| package openshift_sdn | |||
There was a problem hiding this comment.
This file is moved over from pkg/cmd/server, but had enough deletions not to trigger the rename heuristic.
|
hey @dcbw, do you know if crio still does hostport mapping itself? We disable openshift-sdn hostport forwarding when the runtime is crio. |
Yes, crio and dockershim still behave differently here. But are we still supporting docker in 4.x |
openshift-ci-robot
added
size/XXL
|
Thanks for the review. I managed to kill another wrapper struct; updated. One notable change is that we no longer assume the IP address of the DNS server is the node's IP (in other words, the dnsmasq setup is dead). I wonder if we can get rid of it completely - the only thing we used the cluster DNS IP is passing it to the CNI plugin, which in turn sets up a route, which is only used in the event of a macvlan interface for the egress router. |
So that's from #20115 which was a spinoff of #20094. I'm not sure why we decided we needed to special-case the DNS IP specifically... the only case where that would be needed would be if the DNS IP was an IP on the local host that was neither the eth0 IP nor the tun0 IP. |
Actually, if the DNS IP was the host's eth0, then that would be problematic, since the traffic would probably go via the macvlan, which would fail thanks to hairpin. So that makes sense. The DNS IP now is a serviceip, so we definitely want to make sure its routed over the default pod interface. So I guess it "cant hurt." |
Right, but we already handle that separately. We already set up routes to use the pod network for traffic to clusterNetworkCIDR, traffic to serviceNetworkCIDR, and traffic to any IP address on the node's eth0. So if the DNS IP is a service IP or any of eth0's IP, then adding a route to it is just redundant. The DNS IP special case only matters if the IP is some other local IP. And given that when using egress IPs, we only do the special case for traffic to port 53 on the node's IP, without a special case for "DNS IP", we probably don't actually need the DNS IP case here either. |
|
Awesome. I'll rip all that out. |
|
On second thought, there's nothing stopping us from moving the DNS IP again. So I'll keep it for now. |
|
/retest |
1 similar comment
|
/retest |
|
Added one more bit of cleanup: we no longer special-case the DNS IP in the pod's routing table. |
|
/lgtm |
openshift-ci-robot
added
lgtm
|
/retest |
|
/lgtm |
Lots of changes: * Over the years, wrappers on wrappers on wrappers have been added. Clean those up somewhat (and yet somehow never enough). * Remove DNS from the network process. We no longer need this. * Watch for configuration file changes, and exit the SDN process if it does. * Remove ability to run standalone proxy from the openshift-sdn binary
We already explicitly add a route to the service cidr and the node's IP address. There's no need to also add one for the DNS IP.
|
Rebased on master. |
|
/retest |
|
/retest seems like flakes. |
|
/retest |
|
All green! @danwinship, @mfojtik would you mind approving? |
|
/lgtm |
|
That's cool, this PR was all green on Friday. /test e2e-aws-serial |
|
Back to all green. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: danwinship, soltysh, squeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
@squeed: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
Over the years, wrappers on wrappers on wrappers have been added. Clean those up somewhat (but not entirely, sadly).
Remove DNS from the network process. We no longer need this.
Watch for configuration file changes, and exit the SDN process if it does.