k8s: allow setting multiple k8s API server addresses#20090
k8s: allow setting multiple k8s API server addresses#20090fristonio wants to merge 5 commits intocilium:masterfrom
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
|
@fristonio Welcome back! 😅 Would it be possible to set the new param from Helm? Currently, we use this hack to pass the API server endpoint addr - https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml#L193. |
|
Hey @brb 👋 |
fristonio
added
the
release-note/minor
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
fristonio
force-pushed
the
pr/fristonio/feat-19038
branch
2 times, most recently
from
d978a26 to
dfc36a5
Compare
|
/test |
sayboras
left a comment
sayboras
left a comment
There was a problem hiding this comment.
👋 super happy to see you around 🎖️
One small comment as per below, the rest looks reasonable to me.
qmonnet
left a comment
qmonnet
left a comment
There was a problem hiding this comment.
Looks good, with a few nits - see below (plus a typo on --k8s-api-erver-addresses in your first commit log).
One question: I'm wondering if it would make sense to have “URLs” instead of “Addresses” in the flag (and Helm value) name? Reading “addresses” I'd first think of IP addresses, maybe URLs would make it more explicit?
Awesome to have you contributing again! ❤️
fristonio
force-pushed
the
pr/fristonio/feat-19038
branch
from
13aa021 to
dd44542
Compare
|
Hey @qmonnet! 👋 |
qmonnet
left a comment
qmonnet
left a comment
There was a problem hiding this comment.
Good points raised by Tom, but I'm good for my own review. Thanks again! :)
fristonio
force-pushed
the
pr/fristonio/feat-19038
branch
from
dd44542 to
96f167d
Compare
fristonio
force-pushed
the
pr/fristonio/feat-19038
branch
from
53a2159 to
e61c4bb
Compare
|
/test Job 'Cilium-PR-K8s-GKE' hit: #17628 (93.58% similarity) |
joestringer
added
the
dont-merge/needs-rebase
|
Looks like this just needs rebase, address any CI failures, plus operator / cli codeowner review. If there's something particular you'd like me to look at, then let me know - otherwise I'll let the other core reviewers follow up. |
* This commit introduces a new command line flag to specify multiple kubernetes addresses that can be used with clients. By default the client will pick the first APIServer address for setting up the client. During a failed heartbeat check for k8s API server we will rotate the API server to use with the client. * cilium-agent --k8s-api-server-urls=IP1,IP2,IP3 ... to use this feature. * The flag takes precedence over already existing `--k8s-api-server` flag. * The flag modfies the host address for client-go http.RoundTripper to use configured APIServerURL in k8s.config. The heartbeat thread rotates the APIServer URL when there is a failure causing subsequent request to be sent to the rotated host. Signed-off-by: Deepesh Pathak <deepeshpathak09@gmail.com>
* Use helm option `k8s.apiServerURLs` to set multiple k8s server
urls for the client to use.
* Example helm command
```
helm install cilium cilium/cilium \
--namespace kube-system \
--set k8s.apiServerURLs="https://172.18.0.4:6443 https://172.18.0.3:6443 https://172.18.0.5:6443"
```
Signed-off-by: Deepesh Pathak <deepeshpathak09@gmail.com>
Signed-off-by: Deepesh Pathak <deepeshpathak09@gmail.com>
Signed-off-by: Deepesh Pathak <deepeshpathak09@gmail.com>
* This commit adds APIServer URL rotation logic during initial client setup. * Update tests helper to use the new helm option `k8s.apiServerURLs` to specify Kubernetes API server address in kube-proxy free setup. Signed-off-by: Deepesh Pathak <deepeshpathak09@gmail.com>
fristonio
force-pushed
the
pr/fristonio/feat-19038
branch
from
e61c4bb to
ea41042
Compare
|
/test |
fristonio
removed
the
dont-merge/needs-rebase
| config.APIServerURL = nil | ||
| config.APIServerURLs = []*url.URL{} |
There was a problem hiding this comment.
These fields are being accessed without being protected by their mutex
| type httpRoundTripper struct { | ||
| delegate http.RoundTripper | ||
| } | ||
|
|
||
| func (rt *httpRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { | ||
| req.URL.Host = GetAPIServerURL().Host | ||
| return rt.delegate.RoundTrip(req) | ||
| } | ||
|
|
||
| func defaultHTTPRoundTripper(rt http.RoundTripper) http.RoundTripper { | ||
| return &httpRoundTripper{ | ||
| delegate: rt, | ||
| } | ||
| } |
There was a problem hiding this comment.
Can you leave a comment stating what this is doing?
| if viper.IsSet(K8sAPIServer) { | ||
| if len(c.K8sAPIServerURLs) > 0 { | ||
| log.Warningf("The option %s has been deprecated in favour of %s. Ignoring %s: %s", | ||
| K8sAPIServer, K8sAPIServerURLs, K8sAPIServer, viper.GetString(K8sAPIServer)) | ||
| } else { | ||
| c.K8sAPIServer = viper.GetString(K8sAPIServer) | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
in the daemon/flags.go we should be marking the flag as deprecated.
|
Moving to draft, please mark it ready for review when you are ready to pick it up. |
| type configuration struct { | ||
| // APIServerURL is the URL address of the API server | ||
| APIServerURL string | ||
| APIServerURL *url.URL |
There was a problem hiding this comment.
Can this member be dropped?
|
This pull request has been automatically marked as stale because it |
github-actions
bot
added
the
stale
|
This pull request has not seen any activity since it was marked stale. |
9 participants
See commit message for detailed description
Introduce a new command line parameter(
--k8s-api-server-urls) and helm option(k8s.apiServerURLs) to specify multiple k8s API server addresses for the client to use.Fixes: #19038