Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable kubeproxy when creating a kube-router cluster #9321

Merged
merged 1 commit into from
Jun 10, 2020
Merged

Disable kubeproxy when creating a kube-router cluster #9321

merged 1 commit into from
Jun 10, 2020

Conversation

rifelpet
Copy link
Member

kube-router e2e jobs have been failing for a while: https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/e2e-kops-aws-cni-kuberouter/1270539617296191488

Completed cluster failed validation: spec.spec.kubeProxy.enabled: Forbidden: kube-router requires kubeProxy to be disabled
172
2020/06/10 02:15:10 process.go:155: Step '/tmp/kops502689941/kops create cluster --name e2e-kops-aws-cni-kuberouter.test-cncf-aws.k8s.io --ssh-public-key /workspace/.ssh/kube_aws_rsa.pub --node-count 4 --node-volume-size 48 --master-volume-size 48 --master-count 1 --zones eu-west-1b --master-size c5.large --kubernetes-version https://storage.googleapis.com/kubernetes-release/release/v1.18.3 --admin-access 35.238.143.128/32 --cloud aws --networking=kube-router --override cluster.spec.nodePortAccess=0.0.0.0/0' finished in 2.563231933s

This should fix the validation error. Existing clusters aren't affected, though they'd also fail validation if they are enabling kubeproxy.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jun 10, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 10, 2020
@rifelpet rifelpet force-pushed the kuberouter-kubeproxy branch from e74af1d to 0895218 Compare June 10, 2020 02:54
@hakman
Copy link
Member

hakman commented Jun 10, 2020

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 10, 2020
@hakman
Copy link
Member

hakman commented Jun 10, 2020

/retest

@k8s-ci-robot k8s-ci-robot merged commit 1f948b5 into kubernetes:master Jun 10, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.19 milestone Jun 10, 2020
@olemarkus
Copy link
Member

Perhaps it is time to get this one merged #8928
That would be the correct way of fixing this, I think.

@rifelpet
Copy link
Member Author

#8928 would require that someone pass cluster.spec.kubeProxy.enabled=false in their create cluster command right? given that it would be a requirement to have a functional kube-router cluster, wouldnt it make more sense to have that set automatically? But I agree we should get that PR in :) perhaps if no one else has any thoughts on the cli flag or SetClusterFields keys, then we should proceed.

@rifelpet rifelpet mentioned this pull request Jun 10, 2020
Merged
@olemarkus
Copy link
Member

Maybe I looked at this incorrectly. You implicitly passing cluster.spec.kubeProxy.enabled=false aren't you? So the spec is correct afterwards. If so, I think maybe just a log line saying that you are implicitly disabling kube-proxy is enough here. Could be that some of the cilium stuff could do the same thing actually.

@rifelpet
Copy link
Member Author

kubeproxy is enabled by default:

https://github.com/kubernetes/kops/blob/master/nodeup/pkg/model/kube_proxy.go#L47-L50

so yes, if create cluster is changing the default behavior, maybe adding a log line here would be a good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johngmyers johngmyers Awaiting requested review from johngmyers

@joshbranham joshbranham Awaiting requested review from joshbranham

Assignees

@hakman hakman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.19
Development

Successfully merging this pull request may close these issues.
4 participants
@rifelpet @k8s-ci-robot @hakman @olemarkus