Support for netavark backed podman(4.x+) - fixing #2882 #2883
Conversation
… to the no_proxy list
|
|
k8s-ci-robot
added
the
cncf-cla: no
|
Welcome @wherka-ama! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @wherka-ama. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/M
| noProxyJoined := strings.Join(noProxyList, ",") | ||
| envs[common.NOProxy] = noProxyJoined | ||
| envs[strings.ToLower(common.NOProxy)] = noProxyJoined | ||
| } | ||
| return envs, nil | ||
| } | ||
|
|
||
| type PodmanNetworks []struct { |
There was a problem hiding this comment.
This type shouldn’t be exported.
There was a problem hiding this comment.
Corrected. Thanks!
| // Note: this is best effort based on the default CoreDNS spec | ||
| // https://github.com/kubernetes/dns/blob/master/docs/specification.md | ||
| // Any user created pod/service hostnames, namespaces, custom DNS services | ||
| // are expected to be no-proxied by the user explicitly. | ||
| noProxyList = append(noProxyList, ".svc", ".svc.cluster", ".svc.cluster.local") | ||
| noProxyList = append(noProxyList, ".svc", ".svc.cluster", ".svc.cluster.local", strings.Join([]string{cfg.Name, "control-plane"}, "-")) |
There was a problem hiding this comment.
Changes to this method seem unrelated to netavark support and should also be kept consistent with the docker implementation
There was a problem hiding this comment.
This should be a separate commit or PR, and it should probably not reimplement naming the control plane endpoint with different logic.
There was a problem hiding this comment.
@BenTheElder : agreed, this is a separate problem. Should I create a separate issue for that and take this part out from the current PR?
There was a problem hiding this comment.
This should be a separate commit or PR, and it should probably not reimplement naming the control plane endpoint with different logic.
Agreed. I've taken it out and will create a separate issue + another PR as an attempt to tackle the no_proxy inconsistencies. Thanks!
|
/hold holding waiting for podman developers to disclose more about the future plans of the network #2882 (comment) we already have several places that fork based on the podman version, and we can't keep growing like that |
k8s-ci-robot
added
do-not-merge/hold
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
| func getSubnets(networkName string) ([]string, error) { | ||
| // TODO: unmarshall json and get rid of this complex query | ||
| format := `{{ range (index (index (index (index . "plugins") 0 ) "ipam" ) "ranges")}}{{ index ( index . 0 ) "subnet" }} {{end}}` |
There was a problem hiding this comment.
I can't remember now exactly, but I think we only care about the first plugin and subnet
There was a problem hiding this comment.
I can't remember now exactly, but I think we only care about the first plugin and subnet
@aojea : would you like me to change that to replicate this behaviour here as well? I'm not sure what was the reasoning behind the first implementation, so would be happy to follow your guidance.
There was a problem hiding this comment.
yeah. match the first implementation, it is safer
There was a problem hiding this comment.
@aojea : I have a couple of points before I actually push any further commits to this PR
- At one point in the issue (current kind does not seem to support netavark backed rootless podman(4.x+) #2882 (comment)) you pointed at the existing checks which I could use as my guideline. I'm fine with the version check(if we are to stick with explicit flows), but the part where there was a check to see if we are in the Rootless mode doesn't seem appropriate to me. The trigger of the error here is the presence of the environment variables linked with http(s) proxy. It makes no difference whether we run it as root or not. I've tested it and we have a consistent behaviour here. It is indeed generic in that regard.
- I did a bit of a refactoring of the code(patch attached) to be very explicit with the versions/layouts used so that allows on very easy decommissioning of the legacy flow when the time comes. However, I must stress it became excessively verbose and I count on your judgement here to decide if that's the direction we should take.
- In the refactored version I'm referring to the first plugin/subnet - mimicking the old query.
@BenTheElder: I would welcome your opinion on that aspect as well.
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
| func getSubnets(networkName string) ([]string, error) { | ||
| // TODO: unmarshall json and get rid of this complex query |
There was a problem hiding this comment.
New TODO: unit test parsing with some known real data to prevent regressions. (doesn't need to be this PR, we should have done that before)
There was a problem hiding this comment.
New TODO: unit test parsing with some known real data to prevent regressions. (doesn't need to be this PR, we should have done that before)
@BenTheElder : funny you mentioned that cause I thought there is something missing in that area indeed and I've already started working on unit tests to cover at least what I've touched ;-)
We can either do it in the next PR, which I'm happy to deliver pretty soon(couple of days max, but hopefully tomorrow) or we can put this one on hold and bundle it with unit tests. Please do let me know what's your preference and I'll go with it.
There was a problem hiding this comment.
another PR when you have time would be great!! no rush, I'm trying to land one or two more fixes ahead of k8s 1.25 / kind v0.15 but I think unit tests can wait / are more forward thinking 😅
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: BenTheElder, wherka-ama The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Adding support for netavark backed podman(4.x+)
See: #2882