Reserve Static IPv6 address before syncing L4 ILB#2157
Reserve Static IPv6 address before syncing L4 ILB#2157k8s-ci-robot merged 2 commits intokubernetes:masterfrom
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
approved
|
CI will fail on vendor folder verification for now I am waiting for vendor (GoogleCloudPlatform) to have a tag that includes addresses mocks with IPv6 GoogleCloudPlatform/k8s-cloud-provider#123 |
panslava
force-pushed
the
reserve-ipv6-on-sync
branch
2 times, most recently
from
7b1758a to
41458ee
Compare
|
/hold |
k8s-ci-robot
added
the
do-not-merge/hold
panslava
force-pushed
the
reserve-ipv6-on-sync
branch
6 times, most recently
from
c7e3307 to
85d19d9
Compare
k8s-ci-robot
added
size/XL
panslava
force-pushed
the
reserve-ipv6-on-sync
branch
2 times, most recently
from
6aee662 to
b09b781
Compare
|
Is it even supported on GCP public APIs? |
|
@cezarygerard yes, it was added recently, and now all of these code api calls are supported (I verified) |
|
/unhold |
k8s-ci-robot
removed
the
do-not-merge/hold
panslava
force-pushed
the
reserve-ipv6-on-sync
branch
from
b09b781 to
bac5dc3
Compare
|
/assign cezarygerard |
|
are you going to implement the same for L4NET LB? |
|
@cezarygerard yes #2165 |
| // Release the address that was reserved, in all cases. If the forwarding rule was successfully created, | ||
| // the ephemeral IP is not needed anymore. If it was not created, the address should be released to prevent leaks. | ||
| if err := ipv6AddrMgr.ReleaseAddress(); err != nil { | ||
| klog.Errorf("EnsureInternalLoadBalancer: failed to release IPv6 address reservation, possibly causing an orphan: %v", err) |
There was a problem hiding this comment.
Not sure..... I am not 100% sure if this does not return false positive errors, which we don't want to return to customers and scare them
| // the ephemeral IP is not needed anymore. If it was not created, the address should be released to prevent leaks. | ||
| if err := addrMgr.ReleaseAddress(); err != nil { | ||
| klog.Errorf("EnsureInternalLoadBalancer: failed to release address reservation, possibly causing an orphan: %v", err) | ||
| klog.Errorf("EnsureInternalLoadBalancer: failed to release IPv4 address reservation, possibly causing an orphan: %v", err) |
There was a problem hiding this comment.
Not sure..... I am not 100% sure if this does not return false positive errors, which we don't want to return to customers and scare them
| defer func() { | ||
| // Release the address that was reserved, in all cases. If the forwarding rule was successfully created, | ||
| // the ephemeral IP is not needed anymore. If it was not created, the address should be released to prevent leaks. | ||
| if err := ipv6AddrMgr.ReleaseAddress(); err != nil { |
There was a problem hiding this comment.
what if customer reserved ip before and created the service with this ip?
There was a problem hiding this comment.
ReleaseAddress() deletes only controller managed address. Controller created address will have the same name as forwarding rule name, so controller will try to delete address with this name. If it was custom static address owned by customer -- controller will not delete it (nit: as long as customer didn't use forwarding rule name for their address)
| return l4.deleteFirewall(ipv6FirewallName) | ||
| } | ||
|
|
||
| func (l4 *L4) getOldIPv6ForwardingRule(existingBS *composite.BackendService) (*composite.ForwardingRule, error) { |
There was a problem hiding this comment.
There is a test TestDualStackInternalLoadBalancerModifyProtocol which verifies the whole flow where this functions is useful, that we reserve IP address when protocol is changed
Though, if you think it would be useful, I can add a test specifically for this function, but I would say this is more a private helper function, that just abstracts functionality for readability
This will prevent losing address while recreating forwarding rule
panslava
force-pushed
the
reserve-ipv6-on-sync
branch
from
bac5dc3 to
9e2d9b1
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cezarygerard, panslava The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
4 participants
This will prevent losing address while recreating forwarding rule
Tested running locally with real cluster