Allow for Patches to api-server and other changes #13
Conversation
FayeGibbins
commented
Jun 12, 2019
FayeGibbins
commented
- Update to apline 3.9
- 1 sec sleep if api-server errs when patching
- small refactor
- new flag --patchnode (default off) to enable patching
- More info logs
- Some JSON munging to enable patching
- Munge the AWS update from 2 to 1 method
- Allow the passing of an options struct through the code base.
|
Having a look at the changes now, but you'll need to add the new |
|
Will do, thanks
From: Guy Templeton <notifications@github.com>
Reply-To: ottoyiu/k8s-ec2-srcdst <reply@reply.github.com>
Date: Wednesday, 12 June 2019 at 15:53
To: ottoyiu/k8s-ec2-srcdst <k8s-ec2-srcdst@noreply.github.com>
Cc: Faye Gibbins <faye.gibbins@skyscanner.net>, Author <author@noreply.github.com>
Subject: Re: [ottoyiu/k8s-ec2-srcdst] Allow for Patches to api-server and other changes (#13)
Having a look at the changes now, but you'll need to add the new github.com/mattbaird/jsonpatch dependency to Gopkg.toml as the build is currently failing.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#13?email_source=notifications&email_token=AJHNPDUSAKX3EXDLDUGJEUDP2EEWHA5CNFSM4HXIEREKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXQWHPQ#issuecomment-501310398>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AJHNPDU4OSO27KNJC6IOPO3P2EEWHANCNFSM4HXIEREA>.
|
|
Thanks for the PR! Can you explain the intent for introducing json patch? I seem to be lacking some context for this change by just reading the code. |
|
Hi @ottoyiu-san, |
|
|
||
| flag.Set("logtostderr", "true") | ||
| flag.Parse() | ||
|
|
||
| var my_opts = common.K8sEc2SrcdstOpts{ |
There was a problem hiding this comment.
By go convention this should be camelCase rather than snake_case: https://github.com/golang/go/wiki/CodeReviewComments#variable-names
| @@ -18,10 +18,19 @@ import ( | |||
| func main() { | |||
| kubeconfig := flag.String("kubeconfig", "", "Path to a kubeconfig file") | |||
| version := flag.Bool("version", false, "Prints current k8s-ec2-srcdst version") | |||
| patchnode := flag.Bool("patchnode", false, "By default k8s-ec2-srcdst updates the node opbject, this flag turns on patching instead. This can be useful for when AWS api rate limiting is an issue.") | |||
| @@ -1,4 +1,4 @@ | |||
| FROM alpine:3.6 | |||
| FROM alpine:3.9 | |||
There was a problem hiding this comment.
What's the reason for updating the Alpine version?
| @@ -48,8 +53,9 @@ func NewSrcDstController(client kubernetes.Interface, ec2Client *ec2.EC2) *Contr | |||
| 60*time.Second, | |||
| // Callback Functions to trigger on add/update/delete | |||
| cache.ResourceEventHandlerFuncs{ | |||
| AddFunc: c.handler, | |||
| UpdateFunc: func(old, new interface{}) { c.handler(new) }, | |||
| //AddFunc: c.handler, | |||
There was a problem hiding this comment.
You can remove this commented out code.
| @@ -7,6 +7,10 @@ import ( | |||
| "k8s.io/client-go/tools/clientcmd" | |||
| ) | |||
|
|
|||
| type K8sEc2SrcdstOpts struct { | |||
There was a problem hiding this comment.
If you're exporting this it should have a comment for godoc to pick up as with the funcs in this file.
| // Sleep for a second and give it one | ||
| // more try. The sleep also stops us | ||
| // slamming AWS if api-server is | ||
| // containtly refusing to allow the |
| // https://github.com/kubernetes/client-go/blob/master/kubernetes/typed/core/v1/node.go#L170 | ||
| if _, err := c.client.Core().Nodes().Patch(nodeCopy.Name, types.JSONPatchType, json_patch); err != nil { | ||
| glog.Errorf("Failed to patch %s annotation: %v", SrcDstCheckDisabledAnnotation, err) | ||
| // Sleep for a second and give it one |
There was a problem hiding this comment.
This comment is slightly oddly formatted with so many line breaks. It also doesn't make clear to me in what circumstance the retry after 1 second would handle an initial failure. The reference to AWS is also confusing me here as the calls to AWS' APIs occur outside of this logic loop.
| glog.V(5).Info(string(json_patch)) | ||
| // https://github.com/kubernetes/client-go/blob/master/kubernetes/typed/core/v1/node.go#L170 | ||
| if _, err := c.client.Core().Nodes().Patch(nodeCopy.Name, types.JSONPatchType, json_patch); err != nil { | ||
| glog.Errorf("Failed to patch %s annotation: %v", SrcDstCheckDisabledAnnotation, err) |
There was a problem hiding this comment.
Why an Errorf if we're going to give it a second try? Seems like Warningf would make more sense to me as it's not necessarily an error yet. I'd also make clear in this message that it's only the first attempt.
| // containtly refusing to allow the | ||
| // patches. | ||
| time.Sleep(1 * time.Second) | ||
| if _, err := c.client.Core().Nodes().Patch(nodeCopy.Name, types.JSONPatchType, json_patch); err != nil { |
There was a problem hiding this comment.
We don't log that we've managed a successful patch on a second attempt that I can see.
| if err != nil { | ||
| glog.Errorf("Failed to MarshalIndent: %v", err) | ||
| } | ||
| glog.V(5).Info(string(json_patch)) |
There was a problem hiding this comment.
Given that this is basically debug info this doesn't feel like it should be displayed at a lower verbosity level than some of the meaningful info messages around which nodes have been successfully patched.
|
Hello @ottoyiu , We've been using the controller in production for quite some time and it's working well. Unfortunately, we have a very busy AWS account and we often get rate limited. When we have a scaling event and we get rate limited, we see the controller reporting the following errors
and getting a lot of 409 responses from the Kubernetes API server. In this scenario, the node is marked as ready but the src/dst check is still enabled. This means that we drop all the cross-az traffic. By using a patch method, we think we will be able to solve this issue. We already tested in one of our production cluster where we added ~100 nodes at once and we didn't see any problem or delay in disabling the src/dst check. Please get in touch with us if you think there is something we're missing or anything else we can do for you. |
| @@ -48,14 +49,18 @@ func TestDisableSrcDstIfEnabled(t *testing.T) { | |||
| ec2Client := NewMockEC2Client() | |||
| kubeClient := fake.NewSimpleClientset(&v1.NodeList{Items: []v1.Node{*node0, *node1}}) | |||
|
|
|||
| var my_opts = common.K8sEc2SrcdstOpts{ | |||
There was a problem hiding this comment.
It also seems like we should add a test for this new functionality when PatchNode = true
| @@ -7,6 +7,10 @@ import ( | |||
| "k8s.io/client-go/tools/clientcmd" | |||
| ) | |||
|
|
|||
| type K8sEc2SrcdstOpts struct { | |||
| Patchnode bool | |||
|
@maruina @FayeGibbins @gjtempleton thanks for the contribution, explanation and the code review. This seem to work at first glance as a workaround for the update conflicts. We have an internal branch for this project that is completely re-written to make use of informers, and indexers that already take care of this issue. We want to ultimately merge that back upstream here. However, I'm not sure where it is in the timeline unfortunately. I will see if I can get an update from the person involved with maintaining this project at my office. |
|
Thanks for getting back to us so quickly. If those internal changes are able to be merged back upstream here that would be great as they sound like they'll also be a solution to the problem we're seeing. We really appreciate the effort you put into maintaining this project. |
