Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: pods can have hostPorts without hostNetwork #3468

Closed
wants to merge 1 commit into from
Closed

feat: pods can have hostPorts without hostNetwork #3468

wants to merge 1 commit into from

Conversation

gregorycuellar
Copy link

Description

Pods can have hostPorts without hostNetwork.
I propose to remove the check that prevent checking annotations on pods that are not on hostNetwork.

Checklist

  • Unit tests updated
  • End user documentation updated

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Mar 11, 2023
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: gregorycuellar / name: CUELLAR Grégory (f2cb5ed)

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Mar 11, 2023
@k8s-ci-robot
Copy link
Contributor

Welcome @gregorycuellar!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Mar 11, 2023
@johngmyers
Copy link
Contributor

This appears to be incorrect. In many CNIs, connections to non-host-network pods would need to go to the pod IP, not the node IP.

@gregorycuellar
Copy link
Author

@johngmyers can you explain ?

What's the point of having an hostPort and send traffic to the Pod IP ? If you can send the traffic directly to the Pod IP, you don't need hostPorts.

Hostports and hostnetwork are two separated concepts, which ( as far as I know ) are not linked together.
Also, on many cloud providers, you can only define hostports and not hostnetwork.

I don't know all CNIs so maybe there are exceptions, I don't know about.

@johngmyers
Copy link
Contributor

In CNIs, such as the AWS VPC CNI, that don't use an overlay network you can send traffic to the pod IP.

This PR simply removes the check, so will create records for pods that don't have any hostPorts. It also ignores the ports.hostIP fields. So it will publish DNS records with incorrect or non-working IPs.

@johngmyers
Copy link
Contributor

If you want to extend the pod source's support for non-host-network pods, you will likely need to handle them as a separate case.

@gregorycuellar
Copy link
Author

I think, I understood the case you are mentioning.

For me, it was covered as you have the possibility to have internal hostname ( which point to pod IP ) and hostname ( to node IP ).
Also, with the check in place, none are defined if there is not hostnetwork, so this use case is not working today.

Without the PR :

  • with hostnetwork and no annotation -> nothing defined
  • with hostnetwork and internal hostname annotation -> Pod IP
  • with hostnetwork and hostname annotation -> Node IP
  • without hostnetwork and no annotation -> nothing defined
  • without hostnetwork and internal hostname annotation -> nothing defined
  • without hostnetwork and hostname annotation -> nothing defined
  • ports.hostIP is ignored

With the PR :

  • with hostnetwork and no annotation -> nothing defined
  • with hostnetwork and internal hostname annotation -> Pod IP
  • with hostnetwork and hostname annotation -> Node IP
  • without hostnetwork and no annotation -> nothing defined
  • without hostnetwork and internal hostname annotation -> Pod IP
  • without hostnetwork and hostname annotation -> Node IP
  • ports.hostIP is ignored

I will try, to rework the PR, to have :

  • with hostnetwork and no annotation -> nothing defined
  • with hostnetwork and internal hostname annotation -> Pod IP
  • with hostnetwork and hostname annotation -> Node IP
  • without hostnetwork and no annotation -> nothing defined
  • without hostnetwork and internal hostname annotation -> Pod IP
  • without hostnetwork and hostname annotation -> Node IP if hostPort is defined, Pod IP otherwise
  • ports.hostIP is used if defined

@johngmyers
Copy link
Contributor

johngmyers commented May 8, 2023
edited
Loading

#3174 is similar

I have a branch https://github.com/johngmyers/external-dns/tree/pod-from-node which switches the source of internal IPs for pods from the podIP to the nodes. This is necessary for IPv6, when the pod network is single-stack but nodes are dual-stack. That pending change is likely to interact with extending the pod source to handle non-host-network pods. (I withdraw this comment.)

@johngmyers
Copy link
Contributor

I concur with the proposed semantics of May 7.

@johngmyers
Copy link
Contributor

I believe if there are multiple ports it should use the union of all hostIPs if said union is non-empty.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 17, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign johngmyers for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 7, 2023
@mloiseleur
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Oct 27, 2023
@mloiseleur
Copy link
Contributor

@gregorycuellar Wdyt of #3174 ? Would this solve your issue ? If not, do you think you can rebase and fix tests ?

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 20, 2024
edited
Loading

@gregorycuellar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-external-dns-lint d900018 link true /test pull-external-dns-lint

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@gregorycuellar
Copy link
Author

@mloiseleur No, with 3174, it's still not possible to Node IP if hostNetwork is not defined. ( cf L103 )

PR has been rebased and tests fixed.

@mloiseleur mloiseleur mentioned this pull request Jan 22, 2024
Open
2 tasks
peterhoneder added a commit to unwired/external-dns that referenced this pull request Jan 22, 2024
@peterhoneder
fixed review comments
27e2581 
- incorporated changes from PR kubernetes-sigs#3468 to allow for arbitrary annotations
  to be used no matter the hostNetwork property's value
- updated docs to make clear how the annotations are used for pods
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 19, 2024
@gregorycuellar
Copy link
Author

@mloiseleur do you think it can be merged or should it be abandoned ?

@mloiseleur
Copy link
Contributor

We are discussing this pod feature with the other maintainers.
See the conversation started on the other PR.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle rotten
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 11, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@jcralbino
Copy link

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Aug 12, 2024
@k8s-ci-robot
Copy link
Contributor

@jcralbino: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

raoulbhatia pushed a commit to unwired/external-dns that referenced this pull request Sep 27, 2024
@peterhoneder @raoulbhatia
fixed review comments
d926862 
- incorporated changes from PR kubernetes-sigs#3468 to allow for arbitrary annotations
  to be used no matter the hostNetwork property's value
- updated docs to make clear how the annotations are used for pods
raoulbhatia pushed a commit to unwired/external-dns that referenced this pull request Jan 7, 2025
@peterhoneder @raoulbhatia
fixed review comments
fbd4bc5 
- incorporated changes from PR kubernetes-sigs#3468 to allow for arbitrary annotations
  to be used no matter the hostNetwork property's value
- updated docs to make clear how the annotations are used for pods
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@njuettner njuettner Awaiting requested review from njuettner

@seanmalloy seanmalloy Awaiting requested review from seanmalloy

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@gregorycuellar @k8s-ci-robot @johngmyers @mloiseleur @k8s-triage-robot @jcralbino