Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add a cloud-node-manager sidecar container called health-probe-proxy to transfer the traff… #5180

Merged

Conversation

nilo19
Copy link
Contributor

@nilo19 nilo19 commented Dec 18, 2023

…ic from port 10356 to the kube-proxy health check server port 10256. This sidecar will parse the proxy protocol packet data unit when the user uses private link service integrated with the service annotation and set the proxy protocol annotation. In this case the kube-proxy health probe server will not read the health probe request from the SLB and fails the health check.

What type of PR is this?

/kind feature

What this PR does / why we need it:

feat: Add a daemonset called health-probe-proxy to transfer the traffic from port 10356 to the kube-proxy health check server port 10256. This daemonset will parse the proxy protocol packet data unit when the user uses private link service integrated with the service annotation and set the proxy protocol annotation. In this case the kube-proxy health probe server will not read the health probe request from the SLB and fails the health check.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

feat: Add a cloud-node-manager sidecar container called health-probe-proxy to transfer the traffic from port 10356 to the kube-proxy health check server port 10256. This sidecar will parse the proxy protocol packet data unit when the user uses private link service integrated with the service annotation and set the proxy protocol annotation. In this case the kube-proxy health probe server will not read the health probe request from the SLB and fails the health check.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:


@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 18, 2023
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 18, 2023
@nilo19 nilo19 force-pushed the feat/health-probe-proxy branch from d0b7459 to 59e64db Compare December 18, 2023 07:29
@nilo19
Copy link
Contributor Author

nilo19 commented Dec 18, 2023

/test pull-cloud-provider-azure-e2e-ccm-vmss-shared-probe-capz

@nilo19
Copy link
Contributor Author

nilo19 commented Dec 19, 2023

/retest

@@ -0,0 +1,38 @@
apiVersion: apps/v1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's add the deployment charts into helm charts as part of cnm deployment (a new sidecar for it). And please add a new helm config to enable this sidecar, which is disable by default during preview.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@feiskyer feiskyer added this to the v1.29 milestone Jan 3, 2024
@nilo19
Copy link
Contributor Author

nilo19 commented Jan 3, 2024

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 3, 2024
@nilo19
Copy link
Contributor Author

nilo19 commented Jan 3, 2024

testing windows

@nilo19 nilo19 force-pushed the feat/health-probe-proxy branch from 59e64db to 52550f8 Compare January 7, 2024 02:19
@k8s-ci-robot k8s-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 7, 2024
@nilo19 nilo19 force-pushed the feat/health-probe-proxy branch from 52550f8 to c0cd776 Compare January 7, 2024 02:20
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 7, 2024
@nilo19 nilo19 removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 7, 2024
@nilo19
Copy link
Contributor Author

nilo19 commented Jan 7, 2024

/retest

enableHealthProbeProxy: false
healthCheckPort: 10356
targetPort: 10256
healthProbeProxyImage: "ss104301/health-probe-proxy:latest"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use my personal image as a placeholder and will replace to the mcr image when they are ready.

@nilo19 nilo19 force-pushed the feat/health-probe-proxy branch from c0cd776 to 73cbfef Compare January 8, 2024 06:26
labels:
component: health-probe-proxy
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove this line?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is useful when using addon manager to deploy health probe proxy.

…ic from port 10356 to the kube-proxy health check server port 10256. This daemonset will parse the proxy protocol packet data unit when the user uses private link service integrated with the service annotation and set the proxy protocol annotation. In this case the kube-proxy health probe server will not read the health probe request from the SLB and fails the health check.
@nilo19 nilo19 force-pushed the feat/health-probe-proxy branch from 73cbfef to d0f769f Compare January 9, 2024 00:27
@nilo19 nilo19 changed the title feat: Add a daemonset called health-probe-proxy to transfer the traff… feat: Add a cloud-node-manager sidecar container called health-probe-proxy to transfer the traff… Jan 9, 2024
@nilo19
Copy link
Contributor Author

nilo19 commented Jan 9, 2024

/retest

@nilo19
Copy link
Contributor Author

nilo19 commented Jan 9, 2024

@jwtty can you help approve?

Copy link
Member

@feiskyer feiskyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 9, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: feiskyer, nilo19

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit b65c47c into kubernetes-sigs:master Jan 9, 2024
14 checks passed
@nilo19 nilo19 deleted the feat/health-probe-proxy branch January 10, 2024 01:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants