-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Internal Traffic Policy in AntreaProxy #2792
Support Internal Traffic Policy in AntreaProxy #2792
Conversation
Codecov Report
@@ Coverage Diff @@
## main #2792 +/- ##
==========================================
- Coverage 64.17% 63.01% -1.16%
==========================================
Files 278 278
Lines 27825 27861 +36
==========================================
- Hits 17856 17558 -298
- Misses 8048 8438 +390
+ Partials 1921 1865 -56
Flags with carried forward coverage won't be shown. Click here to find out more.
|
5994fee
to
93d3f31
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what are we doing for e2e testing?
given that the feature gate is only enabled by default in K8s v1.22+, maybe we should have some temporary Antrea e2e tests for local internal traffic policy.
7bda9a3
to
e52a40f
Compare
4029309
to
19d01b6
Compare
19d01b6
to
f6b9cac
Compare
In the commit message:
|
f6b9cac
to
b451b70
Compare
This PR is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days |
c313c53
to
a440e31
Compare
@tnqn @jianjuns @antoninbas @wenyingd Could you review this PR when you are available? I have rebased this PR. I only added unit tests, and I will add e2e tests in another PR. Thanks a lot. |
/test-all |
a440e31
to
ca25c33
Compare
/test-all-features-conformance |
/test-windows-proxyall-e2e |
/test-ipv6-only-e2e |
/test-all-features-conformance |
ca25c33
to
9bb09d0
Compare
9bb09d0
to
3a27beb
Compare
/test-all-features-conformance |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few nits.
3a27beb
to
98697a7
Compare
InternalTrafficPolicy is introduced in Kubernetes 1.21. Service Internal Traffic Policy enables internal traffic restrictions to only route internal traffic to Endpoints within the Node the traffic originated from. The "internal" traffic here refers to traffic originated from Pods in the current cluster. This can help to reduce costs and improve performance. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
98697a7
to
f6804fc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@tnqn Do you have any comments about this PR? |
/test-all-features-conformance |
/test-integration |
// of the Service are different, install two groups. One group has all Endpoints, the other has only | ||
// local Endpoints. | ||
groupID := p.groupCounter.AllocateIfNotExist(svcPortName, true) | ||
if err = p.ofClient.InstallServiceGroup(groupID, svcInfo.StickyMaxAgeSeconds() != 0, localEndpointUpdateList); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question - I know it is not introduced by you, but what is the strategy to handle errors? Is it right just to ignore them?
InternalTrafficPolicy is introduced in Kubernetes 1.21. Service Internal
Traffic Policy enables internal traffic restrictions to only route
internal traffic to Endpoints within the Node the traffic originated
from. The "internal" traffic here refers to traffic originated from Pods
in the current cluster. This can help to reduce costs and improve
performance.
Signed-off-by: Hongliang Liu lhongliang@vmware.com