Add skipServices to support NodeLocal DNSCache with AntreaProxy #2882
Conversation
|
@antoninbas @tnqn I didn't find an efficient way to check the cache hit inside a DNS pod, I used a prometheus locally to check the metric |
Codecov Report
@@ Coverage Diff @@
## main #2882 +/- ##
===========================================
- Coverage 61.18% 40.94% -20.24%
===========================================
Files 284 157 -127
Lines 23494 19586 -3908
===========================================
- Hits 14374 8020 -6354
- Misses 7565 10803 +3238
+ Partials 1555 763 -792
Flags with carried forward coverage won't be shown. Click here to find out more.
|
luolanzone
force-pushed
the
local-dns-cache
branch
from
b8e2be4 to
1f9b648
Compare
| @@ -190,3 +190,6 @@ antreaProxy: | |||
| # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses. | |||
| # Note that the option is only valid when proxyAll is true. | |||
| #nodePortAddresses: [] | |||
| # A string array of values which specifies the service list should skip proxying. Values can be a valid ClusterIP (e.g. 10.11.1.2) | |||
cmd/antrea-agent/agent.go
Outdated
| if o.config.AntreaProxy.SkipServices != nil { | ||
| util.SkipServices = o.config.AntreaProxy.SkipServices | ||
| } |
There was a problem hiding this comment.
Setting a global variable in a separate package like this is not good practice IMO. Please add a method on the proxier to configure this, or pass the list during proxier initialization.
There was a problem hiding this comment.
done via pass the list through proxier initialization
third_party/proxy/util/utils.go
Outdated
| @@ -77,6 +81,21 @@ func ShouldSkipService(service *v1.Service) bool { | |||
| klog.V(3).Infof("Skipping service %s in namespace %s due to Type=ExternalName", service.Name, service.Namespace) | |||
| return true | |||
| } | |||
|
|
|||
| if matchSkipServices(service.Namespace+"/"+service.Name) || matchSkipServices(service.Spec.ClusterIP) { | |||
| klog.Infof("Skipping service %s in namespace %s due to it matches SkipService List ", service.Name, service.Namespace) | |||
There was a problem hiding this comment.
use structured logging
klog.InfoS("Skipping Service because it matches skipServices list ", "service", klog.KObj(svc)
luolanzone
force-pushed
the
local-dns-cache
branch
from
1f9b648 to
c1eaea1
Compare
build/yamls/antrea.yml
Outdated
| @@ -3953,6 +3953,9 @@ data: | |||
| # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses. | |||
| # Note that the option is only valid when proxyAll is true. | |||
| #nodePortAddresses: [] | |||
| # A string array of values which specifies the service list should skip proxying. Values can be a valid | |||
There was a problem hiding this comment.
An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these Services will not be load-balanced).
| @@ -203,14 +203,15 @@ func run(o *Options) error { | |||
| v4Enabled := config.IsIPv4Enabled(nodeConfig, networkConfig.TrafficEncapMode) | |||
| v6Enabled := config.IsIPv6Enabled(nodeConfig, networkConfig.TrafficEncapMode) | |||
| proxyAll := o.config.AntreaProxy.ProxyAll | |||
| skipServices := o.config.AntreaProxy.SkipServices | |||
There was a problem hiding this comment.
should there be a check in options.go with a warning if AntreaProxy is disabled by len(skipServices) > 0?
pkg/agent/proxy/proxier_test.go
Outdated
| makeTestService(svc1PortName.Namespace, svc1PortName.Name, func(svc *corev1.Service) { | ||
| svc.Spec.ClusterIP = "10.96.10.12" | ||
| svc.Spec.Ports = []corev1.ServicePort{{ | ||
| Name: svc1PortName.Port, | ||
| Port: int32(svc1Port), | ||
| Protocol: corev1.ProtocolTCP, | ||
| }} | ||
| }), | ||
| makeTestService(svc2PortName.Namespace, svc2PortName.Name, func(svc *corev1.Service) { | ||
| svc.Spec.ClusterIP = "192.168.1.2" | ||
| svc.Spec.Ports = []corev1.ServicePort{{ | ||
| Name: svc2PortName.Port, | ||
| Port: int32(svc2Port), | ||
| Protocol: corev1.ProtocolTCP, | ||
| }} | ||
| }), |
There was a problem hiding this comment.
maybe this should be a separate test case because with the current code, it's not clear what all what the test is actually verifying. I assume that the point of the test is that even though we add these Services, because they are skipped, we don't expect any new call to InstallServiceFlows?
But these Services don't seem to have any Endpoints, and IIRC we skip such Services completely in installServices. So not sure what we are testing here. At the very least there should be an explanatory comment.
There was a problem hiding this comment.
yes, it expects with no new call to InstallServiceFlows, let me check if a separate case works or a comment.
There was a problem hiding this comment.
done, added a new test case TestClusterSkipServices
luolanzone
force-pushed
the
local-dns-cache
branch
2 times, most recently
from
144aa05 to
9263f5a
Compare
cmd/antrea-agent/options.go
Outdated
| @@ -232,6 +232,10 @@ func (o *Options) setDefaults() { | |||
| } | |||
|
|
|||
| func (o *Options) validateAntreaProxyConfig() error { | |||
| if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) && len(o.config.AntreaProxy.SkipServices) > 0 { | |||
| klog.Warningf("skipServices will be ignored due to AntreaProxy is disabled") | |||
There was a problem hiding this comment.
Unfortunately (?) there is no klog.WarningS and the recommendation is to use klog.InfoS (kubernetes/klog#184)
There was a problem hiding this comment.
there is klog.Warning, but I'd like to update it as klog.Warningf("skipServices %v will be ignored due to AntreaProxy is disabled",o.config.AntreaProxy.SkipServices)
There was a problem hiding this comment.
@luolanzone my point was that we are transitioning to structured logging everywhere, so we should not use klog.Warning / klog.Warningf at all. We should use klog.InfoS instead.
There was a problem hiding this comment.
ah, Ok, I am not aware of this kind of transition, I have changed it to use klog.InfoS now.
pkg/agent/proxy/proxier_test.go
Outdated
| }), | ||
| ) | ||
|
|
||
| fullServices := append(extraSvcs, makeTestService(svcPortName.Namespace, svcPortName.Name, func(svc *corev1.Service) { |
There was a problem hiding this comment.
s/fullServices/allServices
luolanzone
force-pushed
the
local-dns-cache
branch
from
9263f5a to
3f92aee
Compare
third_party/proxy/service.go
Outdated
|
|
||
| recorder record.EventRecorder | ||
| recorder record.EventRecorder | ||
| // skipServices indicates the service list which should skip proxying |
There was a problem hiding this comment.
| // skipServices indicates the service list which should skip proxying | |
| // skipServices indicates the service list for which we should skip proxying |
luolanzone
force-pushed
the
local-dns-cache
branch
from
3f92aee to
fee8df3
Compare
There was a problem hiding this comment.
I think this title doesn't reflect what the patch does properly, which will confuse code reader. Instead of supporting NodeLocal DNSCache with AntreaProxy, it just provides a way that can support NodeLocal DNSCache and user still needs to configure Antrea to achieve it.
cmd/antrea-agent/options.go
Outdated
| @@ -232,6 +232,10 @@ func (o *Options) setDefaults() { | |||
| } | |||
|
|
|||
| func (o *Options) validateAntreaProxyConfig() error { | |||
| if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) && len(o.config.AntreaProxy.SkipServices) > 0 { | |||
| klog.InfoS("skipServices will be ignored due to AntreaProxy is disabled", "skipServices", o.config.AntreaProxy.SkipServices) | |||
There was a problem hiding this comment.
Is "due to AntreaProxy is disabled" correct grammatically? I think it should be "due to AntreaProxy being disabled" or "when AntreaProxy is disabled" @antoninbas
There was a problem hiding this comment.
yes you're correct. Either solution works, or even "skipServices will be ignored because AntreaProxy is disabled"
There was a problem hiding this comment.
done, change it to skipServices will be ignored because AntreaProxy is disabled and updated PR's summary and description
third_party/proxy/util/utils.go
Outdated
| return false | ||
| } | ||
| if matchSkipServices(service.Namespace+"/"+service.Name, skipServices) || matchSkipServices(service.Spec.ClusterIP, skipServices) { | ||
| klog.InfoS("Skipping service because it matches skipServices list ", "service", klog.KObj(service)) |
There was a problem hiding this comment.
| klog.InfoS("Skipping service because it matches skipServices list ", "service", klog.KObj(service)) | |
| klog.InfoS("Skipping service because it matches skipServices list", "service", klog.KObj(service)) |
third_party/proxy/service.go
Outdated
| recorder record.EventRecorder | ||
| // skipServices indicates the service list for which we should skip proxying | ||
| // it will be initialized from antrea-agent.conf | ||
| skipServices []string |
There was a problem hiding this comment.
It should be worthy to use a set to keep the services which provides O(1) time for query, otherwise having N skipServices means the code needs to compare 2*N times for each service.
There was a problem hiding this comment.
I didn't point this out, because my assumption was that the list of services (provided in the antrea-agent configuration) would always be small (< 10 or so), in which case a slice works fine and may even be faster than a map / set. However, if we think someone may want to use this with more services, then we should definitely use a set. That's the least risky option since we don't have too much control over how people may use this option :)
luolanzone
changed the title
luolanzone
force-pushed
the
local-dns-cache
branch
2 times, most recently
from
4cae243 to
ff855d3
Compare
third_party/proxy/service.go
Outdated
| return &ServiceChangeTracker{ | ||
| items: make(map[types.NamespacedName]*serviceChange), | ||
| makeServiceInfo: makeServiceInfo, | ||
| recorder: recorder, | ||
| ipFamily: ipFamily, | ||
| processServiceMapChange: processServiceMapChange, | ||
| skipServices: skipSvcSet, |
There was a problem hiding this comment.
| skipServices: skipSvcSet, | |
| skipServices: sets.NewString(skipServices...), |
There was a problem hiding this comment.
done and updated the commit msg.
luolanzone
force-pushed
the
local-dns-cache
branch
from
ff855d3 to
0960c0f
Compare
Add a skipServices in antrea-agent.conf so AntreaProxy can be configured to skip proxying kube-dns service which allow user to use NodeLocal DNSCache Resolves antrea-io#2137 Signed-off-by: Lan Luo <[email protected]>
luolanzone
force-pushed
the
local-dns-cache
branch
from
0960c0f to
aeb8266
Compare
|
/test-all |
Add a
skipServicesinantrea-agent.confso AntreaProxy can be configured to skip proxying kube-dns service which allow user to useNodeLocal DNSCacheResolves #2137
Signed-off-by: Lan Luo [email protected]