Enhance operational efficiency of K8s cluster in user's IDC #2157

huangchenzhao · 2024-09-30T15:36:01Z

What type of PR is this?

/kind feature
/kind design

What this PR does / why we need it:

#2124

Which issue(s) this PR fixes:

Fixes #2156

huangchenzhao · 2024-09-30T15:36:38Z

It is draft now and will be finished soon.

cmd/yurthub/app/options/options.go

cmd/yurthub/app/start.go

go.mod

rambohe-ch · 2024-10-27T07:19:28Z

pkg/yurthub/locallb/locallb.go

+	}
+	m.iptablesManager.addIptablesRules(m.cloudIP, m.apiserverIPs)
+
+	podInformer := informerFactory.Core().V1().Pods()


It is not a good idea to list/watch pod for monitoring kube-apiserver IPs, because we want to narrow the permission of informer.

maybe we can use an endpoints(like tenant-kas-svc) for storing the address of kube-apiserver, so we only need to list/watch this endpoints for getting address of kube-apiserver.

pkg/yurthub/locallb/locallb.go

pkg/yurthub/locallb/iptables.go

cmd/yurthub/app/options/options.go

codecov · 2024-10-27T20:11:28Z

Codecov Report

Attention: Patch coverage is 51.78571% with 27 lines in your changes missing coverage. Please review.

Project coverage is 59.00%. Comparing base (7763e7c) to head (3a4d21e).
Report is 38 commits behind head on master.

Files with missing lines	Patch %	Lines
cmd/yurthub/app/config/config.go	37.14%	15 Missing and 7 partials ⚠️
cmd/yurthub/app/options/options.go	75.00%	4 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2157      +/-   ##
==========================================
+ Coverage   58.93%   59.00%   +0.06%     
==========================================
  Files         210      211       +1     
  Lines       18968    19105     +137     
==========================================
+ Hits        11179    11273      +94     
- Misses       6707     6745      +38     
- Partials     1082     1087       +5

Flag	Coverage Δ
unittests	`59.00% <51.78%> (+0.06%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

rambohe-ch · 2024-10-28T10:24:01Z

pkg/yurthub/locallb/iptables.go

+	ramdomBalancingProbability := im.getRamdomBalancingProbability(len(ips))
+	for index, ip := range ips {
+		// All packets (from kubelet, kubeproxy, pods, etc.) are loadbalanced to multiple addresses of apiservers deployed in daemonset, except packets which are sent to host control plane.
+		err := im.ipt.Append("nat", "OUTPUT", "! -d", tenantKasService, "-p", "tcp", "-m", "statistic", "--mode", "random", "--probability", strconv.FormatFloat(ramdomBalancingProbability[index], 'f', -1, 64), "-j", "DNAT", "--to-destination", ip)


we need to add port for the iptables rule, because source port and dest port maybe different.

rambohe-ch · 2024-10-28T10:27:38Z

pkg/yurthub/locallb/iptables.go

+}
+
+func (im *IptablesManager) updateIptablesRules(tenantKasService string, ips []string) error {
+	if err := im.cleanIptablesRules(tenantKasService, ips); err != nil {


If ips are changed, the new ips can not be used for finding the old iptables rule, so the old iptables rule will be leaked.

huangchenzhao · 2024-10-29T20:44:02Z

/rerun

… K8s cluster in user's IDC (openyurtio#2156)

sonarqubecloud · 2024-10-29T20:58:42Z

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

huangchenzhao · 2024-10-29T21:01:40Z

/rerun

rambohe-ch · 2024-10-30T11:52:04Z

/LGTM

huangchenzhao marked this pull request as ready for review September 30, 2024 15:38

huangchenzhao marked this pull request as draft September 30, 2024 15:38

huangchenzhao force-pushed the locallb branch from 7a5ff36 to 45a5329 Compare October 27, 2024 06:16