KEP 1645: add more conflict condition on asymetrical traffic #5706
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: MrFreezeex The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
kind/kep
|
Suggested approach makes sense to me and feels less disruptive than changing the guidance from union to intersection. /lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM, thank you Arthur! |
| set of exported services don’t match, the clusterset service will expose the | ||
| union of service ports declared on its constituent services. | ||
| union of service ports declared on its constituent services and raise a `PortConflict` | ||
| conflict condition. In that case, network traffic must be directed only to endpoints |
There was a problem hiding this comment.
In sentence for how IPFamilies should be handled above, its directed that the implementer "may" raise a conflict, while this one I'm commenting on here which is for ports says they "will". This line about ports is also more strict on what must be done for routing ("must be directed only") vs how it is described above for IPFamilies ("might result in network traffic reaching only a subset"). Is the difference in how these are treated on purpose? Based on what I saw from the notes from when we discussed in SIG-MC (ref) I think they should both mandate that the conflict raise should be required but how the implementation routes should be implementation defined.
There was a problem hiding this comment.
Ah yes indeed, I used "may" for IPFamilies because the exact handling is all implementation defined but since there is a "when" in the sentence which may not apply to some implementations it seems fine to change the "may" by a "must" and some implementations won't need to care about that at all. We would most likely not be able to check that in the conformance tests though but that's a separate concerns from the KEP anyway!
MrFreezeex
force-pushed
the
KEP1645-port-ipfamilies-more-conflict
branch
from
3442bf2 to
639a31b
Compare
k8s-ci-robot
removed
the
lgtm
|
New changes are detected. LGTM label has been removed. |
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
MrFreezeex
force-pushed
the
KEP1645-port-ipfamilies-more-conflict
branch
from
639a31b to
8f3993b
Compare
5 participants
Make ports raise a conflict when it's not a exact match and a note describing that implementation must not redirect traffic to endpoints from services that actually doesn't declare this port.
Also suggest doing the same for IPFamilies which might have asymmetrical issues. It's merely a suggestion as IPfamilies handling are implementation defined and some implementation may not have issues like that.