[WIP] Promote KEP-1672 to GA

[andrewsykim]

• One-line PR description: Promote feature EndpointSliceTerminatingCondition to GA and ProxyTerminatingEndpoints to Beta.

• Issue link: Proxy Terminating Endpoints  #1669 & Tracking Terminating Endpoints #1672

• Other comments:

[andrewsykim]

Marking this one WIP for now, I think some of the PRR questions need to be answered for KEP-1669

[wojtek-t]

/assign

[thockin]

Thanks!

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: andrewsykim, thockin
To complete the pull request process, please ask for approval from wojtek-t after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• keps/prod-readiness/OWNERS
• keps/sig-network/OWNERS [thockin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wojtek-t]

Did we went Beta in 1.22 without:
(a) having this tracked appropriately by RT?
(b) having PRR approved?

This sounds very wrong to me...

[andrewsykim]

There was a last-minute decision during a SIG Network call to include this feature as beta in v1.22 -- I guess we slipped the KEP updates though. Sorry, that's my bad :(

[thockin]

I have no particular recollection of how this came to be, and certainly did not mean to bypass any process.

[wojtek-t]

Please fill in the PRR questionaire for this KEP.

[andrewsykim]

hmm there's no diff for PRR cause all the questions were answered in the last release, let me know if there's a specific question I missed.

[wojtek-t]

There should be a diff - there are couple questions that weren't answered back then, including:

Are there any tests for feature enablement/disablement?

Have the tests been added? If so, please link them. If not - we shouldn't even go to beta...

What specific metrics should inform a rollback?

We were discussing adding a metric - has that happened?

Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?

Has that happened? Findings?

What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?

Has the metric mentioned there been added?

[andrewsykim]

Have the tests been added? If so, please link them. If not - we shouldn't even go to beta...

Oh yes, of course we added tests for feature enablement, do we want the PRR to link to every test case we added? The answer to the question says:

Yes, there will be strategy API unit tests validating if the new API field is allowed based on the feature gate.

Is that enough or do you want more details on the specific test cases (there's a lot)?

[andrewsykim]

Let me add more details on metrics, I think there was some back and forth on the viability of per endpoint metrics due to cardinality. But maybe total endpoints by condition is acceptable.

[wojtek-t]

Is that enough or do you want more details on the specific test cases (there's a lot)?

Please link them - no need to describe.

[andrewsykim]

Added all the PRs that adds unit, integration or e2e tests for this feature under Are there any tests for feature enablement/disablement?

[wojtek-t]

Sorry - can't comment on unchanged lines:

L182 - have those been added? If so, can you please link them?

[wojtek-t]

That's far from ideal, as often cluster admins may not understand application-level metrics.

I agree it might be hard to reflect the exact user-oriented behavior, but can we e.g. at least expose some kube-proxy level metric that will be showing how many:
(a) terminating & ready
(b) terminating & not-ready
endpoints can in theory be targetted?
[i.e. counters]

[andrewsykim]

Part of me thinks it's weird that we would have endpoints-level metrics for exclusively termianting endpoints. Should we address this more holsitically and metrics for all condition types?

e.g. at least expose some kube-proxy level metric that will be showing how many:

If we only care about total endpoints by condition should it be aggregated total from endpointslice controller or do we still want per-node terminating condition metrics?

[wojtek-t]

Automated or just manual? [I guess manual - if so, let's make it explicit]

Manual tests are still to be run.

Also - please ensure that the results will be added here to the KEP before the actual graduation will happen in k/k code [something like: https://github.com//pull/2538/files ]

[wojtek-t]

Those conditions are non-trivial to determine for cluster operators.

How about having the metrics I suggested above [this won't allow the answer for specific service, but at least for conjunctions of all services.

[wojtek-t]

I think that we're mixing two things here:
(a) what is the end-user experience [i.e. if user requests are being served correctly]
(b) if the feature itself works correctly at k8s level [e.g. if there is a terminating endpoint we send traffic to it instead of black-holing the traffic]

Your answer is generally about (a). But if answering (a) is hard, we should at least try to answer (b).
And answering (b) sounds possible to me.

As an example - this SLI (and corresponding SLO) should actually serve the purpose relatively well - and should require just adjusting some labels in the reported metrics....

[wojtek-t]

I think I'm not fully following - can you clarify?

[gracenng]

Hi @andrewsykim 1.23 enhancements shadow here. The current status of this enhancement is at risk as PRR is not approved and GA graduation criteria is missing. Friendly reminder that enhancement freeze is Sept 9th. Feel free to ping me on Slack once this PR is merged. Thanks

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[thockin]

I think I got my head screwed up. I was thinking that KEP freeze meant that all KEP PRs had to merge, but that can't be right. The KEP update for alpha->beta or beta->GA is a trailing indicator - and should only be merged AFTER the code is merged.

We can say these intend to change in 1.23 and merge changes to the KEP body, but we should NOT update the stage until AFTER the code is in.

So it's fine to block these PRs until code lands. That way, we don't end up with a KEP saying "beta" but the code not being complete (which is probably what happened here).

That's my fault, but I will ask sig-release to clarify and amplify that.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[andrewsykim]

/close

[k8s-ci-robot]

@andrewsykim: Closed this PR.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.