Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

better support of ipv6-only clusters: prevent creation of default-ipv4-pool during calico-node startup #8156

Merged
merged 1 commit into from
Apr 23, 2024
Merged

better support of ipv6-only clusters: prevent creation of default-ipv4-pool during calico-node startup #8156

merged 1 commit into from
Apr 23, 2024

Conversation

kruftik
Copy link
Contributor

@kruftik kruftik commented Oct 24, 2023
edited
Loading

Description

Current calico-node startup logic supports creation of default ip-pools both for ipv4 and ipv6 stacks if the ones do not exist. However, it does not take into account accordingly the ipv6-only clusters (without ipv4 addresses on any interfaces at all): as soon as default-ipv4 pool being created, every calico-node instance begin log flooding with something like:

felix/route_table.go 1016: Failed to get link attributes error=interface not present ifaceRegex="^vxlan.calico$" ipVersion=0x4 tableIndex=254

This PR mitigate such an issue: in addition to NO_DEFAULT_POOLS environment variable, CALICO_IPV4POOL_CIDR=none and CALICO_IPV6POOL_CIDR=none special values are added.

Release Note

In order to prevent default IP-pools creation, `CALICO_IPV4POOL_CIDR`=`none` and `CALICO_IPV6POOL_CIDR`=`none` environment variable special values are now supported.

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

  • docs-pr-required: This change requires a change to the documentation that has not been completed yet.
  • docs-completed: This change has all necessary documentation completed.
  • docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

  • release-note-required: This PR has user-facing changes. Most PRs should have this label.
  • release-note-not-required: This PR has no user-facing changes.

Other optional labels:

  • cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
  • needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

@kruftik kruftik requested a review from a team as a code owner October 24, 2023 13:41
@marvin-tigera marvin-tigera added this to the Calico v3.27.0 milestone Oct 24, 2023
@marvin-tigera marvin-tigera added release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Oct 24, 2023
@CLAassistant
Copy link

CLAassistant commented Oct 24, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@kruftik kruftik force-pushed the prevent-default-ipv4-pool-creation branch from 2f7387a to dbdbc47 Compare October 24, 2023 13:42
@mazdakn
Copy link
Member

mazdakn commented Oct 24, 2023
edited
Loading

/sem-approve

@caseydavenport
Copy link
Member

I wonder if instead of introducing new env vars for this, we should follow the pattern we used for CALICO_NETWORKING_BACKEND and support a none option for the existing IPV4POOL_CIDR variable.

That said, I am curious why using NO_DEFAULT_POOLS and then creating an IPv6 pool out-of-band isn't viable here? That would be my preferred solution here, since in general I would like us to move away from using calico/node to create IP pools - configuring APIs from a collection of env vars makes it hard to support all of the necessary use cases. For now though, calico/node is where default IP pools are created, so I'm not completely against merging something like this as a stopgap.

@kruftik
Copy link
Contributor Author

kruftik commented Oct 31, 2023

@caseydavenport ,

we should follow the pattern we used for CALICO_NETWORKING_BACKEND and support a none option for the existing IPV4POOL_CIDR variable.

yeah, it's a better option. I will refactor the PR into such an approach.

@kruftik
Copy link
Contributor Author

kruftik commented Nov 7, 2023

@caseydavenport , done. Could you look into?

@kruftik kruftik force-pushed the prevent-default-ipv4-pool-creation branch from 737bbcb to 395be5e Compare November 7, 2023 09:21
@kruftik kruftik force-pushed the prevent-default-ipv4-pool-creation branch from b981afb to 4635380 Compare November 7, 2023 12:57
caseydavenport
caseydavenport requested changes Nov 30, 2023
View reviewed changes
Copy link
Member

@caseydavenport caseydavenport left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the delay here - this looks good to me!

I do think we need a pair of unit tests to verify this behavior works - here's an example of a similar test you can base it on:

calico/node/pkg/lifecycle/startup/startup_test.go

Lines 455 to 477 in 8d31b26

It("should properly handle NO_DEFAULT_POOLS env variable", func() {
// Create clients for test.
cfg, err := apiconfig.LoadClientConfigFromEnvironment()
Expect(err).NotTo(HaveOccurred())
c, err := client.New(*cfg)
Expect(err).NotTo(HaveOccurred())
be, err := backend.NewClient(*cfg)
Expect(err).NotTo(HaveOccurred())
err = be.Clean()
Expect(err).NotTo(HaveOccurred())
// Set the env variables specified.
os.Setenv("NO_DEFAULT_POOLS", "true")
// Run the UUT.
configureIPPools(ctx, c, kubeadmConfig)
// Get the IPPool list.
poolList, err := c.IPPools().List(ctx, options.ListOptions{})
Expect(err).NotTo(HaveOccurred())
Expect(poolList.Items).To(BeEmpty(), "Environment %#v", os.Environ())
})

@kruftik kruftik force-pushed the prevent-default-ipv4-pool-creation branch from 4635380 to dd96f62 Compare December 4, 2023 07:34
@caseydavenport
Copy link
Member

/sem-approve

@mazdakn
Copy link
Member

mazdakn commented Mar 19, 2024

@sridhartigera This might be related to your recent works.

@caseydavenport caseydavenport self-assigned this Mar 19, 2024
@caseydavenport
Copy link
Member

@kruftik is this still on your radar? The only thing remaining is a unit test (see my last comment)

@kruftik kruftik force-pushed the prevent-default-ipv4-pool-creation branch from d9946cd to 30c5eb8 Compare April 15, 2024 06:06
@kruftik
Copy link
Contributor Author

kruftik commented Apr 15, 2024

@kruftik is this still on your radar? The only thing remaining is a unit test (see my last comment)

seems like done

@caseydavenport
Copy link
Member

/sem-approve

@marvin-tigera marvin-tigera merged commit 42f2d8d into projectcalico:master Apr 23, 2024
2 checks passed
@caseydavenport caseydavenport added docs-not-required Docs not required for this change and removed docs-pr-required Change is not yet documented labels Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@com30n com30n com30n left review comments

@caseydavenport caseydavenport caseydavenport approved these changes

Assignees

@caseydavenport caseydavenport

Labels
docs-not-required Docs not required for this change merge-when-ready release-note-required Change has user-facing impact (no matter how small)
Projects
None yet
Milestone
Calico v3.29.0
Development

Successfully merging this pull request may close these issues.
7 participants
@kruftik @CLAassistant @mazdakn @caseydavenport @com30n @mgleung @marvin-tigera