Use Pod IP for peer communication #220
Conversation
clobrano
force-pushed
the
e1879-use-pod-ip-port-0
branch
from
8a0f42e
to
a71be9c
Compare
|
/test 4.15-openshift-e2e |
1 similar comment
|
/test 4.15-openshift-e2e |
|
/test 4.15-openshift-e2e |
pkg/peers/peers.go
Outdated
| addresses[i] = node.Status.Addresses | ||
| for _, pod := range pods.Items { | ||
| if pod.Spec.NodeName == node.Name { | ||
| addresses[i] = pod.Status.PodIP |
There was a problem hiding this comment.
I was wondering why we have a string type now, and indeed there is a better choice IMHO, what about using pod.Status.PodIPs[0]?
There was a problem hiding this comment.
Do you mean moving around this data as PodIP and then let popPeersIP deal with it returning the string[] of IPs?
There was a problem hiding this comment.
I mean, at which point of the chain would it be better to use the underlining PodIP.IP?
IIUC, the only interface requiring the string is grpc.DialContext
There was a problem hiding this comment.
I would use PodIP everywhere where we used NodeAddress before.
But: oh, it's just a wrapper around a string, I expected a more IP-ish thing 😁
And: oh, we did not even check the type of the NodeAddress in the old version of popNodes, and just took the first one 🙈
There was a problem hiding this comment.
But: oh, it's just a wrapper around a string, I expected a more IP-ish thing 😁
😁 yep, moreover at the end of the day we use the string, so not sure it's worth it
pkg/apicheck/check.go
Outdated
| } | ||
|
|
||
| chosenNodesAddresses := c.popNodes(&nodesToAsk, nodesBatchCount) | ||
| healthyResponses, unhealthyResponses, apiErrorsResponses, _ := c.getHealthStatusFromPeers(chosenNodesAddresses) | ||
| chosenPodIPs := c.popPeerIPs(&peersToAsk, nodesBatchCount) |
There was a problem hiding this comment.
nit: at other places we use peer instead of node or pod, what about naming this var chosenPeerIPs as well?
There was a problem hiding this comment.
you're right, just a typo here
clobrano
force-pushed
the
e1879-use-pod-ip-port-0
branch
from
c6a8cd3
to
a8900ec
Compare
clobrano
force-pushed
the
e1879-use-pod-ip-port-0
branch
from
a8900ec
to
15dc2cc
Compare
|
/test 4.15-openshift-e2e |
1 similar comment
|
/test 4.15-openshift-e2e |
|
/lgtm |
|
code lgtm, but I would prefer to have enabled peer check e2e tests before merging this |
clobrano
force-pushed
the
e1879-use-pod-ip-port-0
branch
from
15dc2cc
to
070f0bd
Compare
clobrano
force-pushed
the
e1879-use-pod-ip-port-0
branch
from
070f0bd
to
7f0cf11
Compare
- re-enable and fix api check log tests in e2e test
- use service IP for killing API connection
- kill API connection on SNR DS pod
- add peer check server logs and use them for test which can't
get logs from unhealthy node's SNR agent pod
- wait for pod deletion only, not restart (restart is caused by
reboot, not SNR)
- refactor / cleanup e2e tests
- fix owner check / node name / machine name in peer check server
and agent reconciler
- update sort-imports, which ignores generated files now
Signed-off-by: Carlo Lobrano <[email protected]>
Signed-off-by: Carlo Lobrano <[email protected]>
Signed-off-by: Carlo Lobrano <[email protected]>
At startup (but it might happen in other moments too), some peers' Pod IP can still be empty, which means that until the next peers update we cannot check the connection with the other peers. Return an error in case a peer's Pod IP is empty. Signed-off-by: Carlo Lobrano <[email protected]>
clobrano
force-pushed
the
e1879-use-pod-ip-port-0
branch
from
7f0cf11
to
cda2f3f
Compare
|
/test 4.15-openshift-e2e |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: clobrano, slintes The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/test all |
|
/hold cancel |
|
/retest |
4.12? |
|
It doesn't seem something related to our test. /retest |
looks very unrelated, upi is also wrong, should be ipi IIUC |
|
/cherry-pick release-0.9 |
|
@slintes: new pull request created: #234 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release-0.9 |
|
@slintes: #220 failed to apply on top of branch "release-0.9": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
meh, reopening and fixing #234 |
Why we need this PR
SNR Peers communication uses hostnetwork (Node IP), which exposes a HTTP/2 endpoint.
Using the Pod IP will make the port harder to attack.
Changes made
In place of looking for Nodes' IP, we look for other agents' Pod IP.
Which issue(s) this PR fixes
https://issues.redhat.com/browse/ECOPROJECT-1879
Test plan