New autodetection method KubernetesInternalIP added

[hanamantagoudvk]

Description

New autodetection method KubernetesInternalIP / KubernetesInternalIP6 being introduced so that calico can always pick the node IP deterministically.

Fixes projectcalico/calico#4870

Fixes projectcalico/calico#5090

[CLAassistant]

All committers have signed the CLA.

[caseydavenport]

Tagging for v3.22

[hanamantagoudvk]

@caseydavenport : Could you please prioritize it for v3.21 ? Our customer deployment needs this solution.

[caseydavenport]

First pass - thanks for the PR! This is mostly looking good but I think we need to make a few structural changes to reduce the scale impact that a periodic node query on every node in the cluster can have. We'll also need unit tests for this in order to merge.

Let me know if you have any questions!

[caseydavenport]

This code needs to work on non-kubernetes clusters as well - I'd suggest modeling after the logic above: https://github.com/projectcalico/node/pull/1242/files#diff-e481557bd1e2fed4cea80458ebb02e18797fdf49c42944f4a8d6c23cbfbec3f9R130

[hanamantagoudvk]

modified as per suggestion

[caseydavenport]

should probably put this in the autodetection package along with the other methods.

[caseydavenport]

It would require moving the getLocalCIDR function with it, but I think that's OK

[hanamantagoudvk]

modified as per suggestion

[caseydavenport]

@hanamantagoudvk just checking in on this one - did you see my latest comments?

[hanamantagoudvk]

@hanamantagoudvk just checking in on this one - did you see my latest comments?

@caseydavenport : Sorry for the delay. Uploaded the new patchset. I am still not able to run UT cases in my setup.
I get some error related to setup. I am working on UT part.

[tomastigera]

I have nothing major against this change, tbh I like that it is coming, we did consider it for eBPF and then we went different way. So great! 👍 I will leave it to @caseydavenport to approve.

[tomastigera]

this function is used only with ipv4 ...

[hanamantagoudvk]

same comment as below

[tomastigera]

why don't we do this for ipv4? TBH this is test code and we can assume that the test passes in valid addresses, nothing that changes dynamically. It would be more interesting to test different permutations, mix with other address types etc.

[hanamantagoudvk]

yes i want to add various combinations with IPv4 and IPv6 addresses, but not able to mock the GetInterfaces method inside autoDetectUsingK8sInternalIP. Due to that , configureIPsAndSubnets always returns false

[caseydavenport]

I mostly don't understand why we're now passing DEFAULT_INTERFACES_TO_EXCLUDE as an argument through several layers of call stack, especially since it's not used in the new autodetection method. We should revert that.

Otherwise this is looking good.

[caseydavenport]

I think we should revert this change to pass DEFAULT_INTERFACES_TO_EXCLUDE all the way through the call stack of the autodetection functions. It seems to be an extra argument just to pass a constant value.

[caseydavenport]

/sem-approve

[caseydavenport]

@hanamantagoudvk you've got an import cycle looks like:

package command-line-arguments01:39
	imports github.com/projectcalico/node/pkg/lifecycle/startup01:39
	imports github.com/projectcalico/node/pkg/lifecycle/startup/autodetection01:39
	imports github.com/projectcalico/node/pkg/lifecycle/startup: import cycle not allowed01:39
Makefile:281: recipe for target 'dist/bin//calico-node-amd64' failed

[hanamantagoudvk]

package command-line-arguments01:39
	imports github.com/projectcalico/node/pkg/lifecycle/startup01:39
	imports github.com/projectcalico/node/pkg/lifecycle/startup/autodetection01:39
	imports github.com/projectcalico/node/pkg/lifecycle/startup: import cycle not allowed01:39
Makefile:281: recipe for target 'dist/bin//calico-node-amd64' failed

@caseydavenport
The reason for above import cycle is DEFAULT_INTERFACES_TO_EXCLUDE . Due to split in code now , DEFAULT_INTERFACES_TO_EXCLUDE has remained in startup package and its getting used in autodetection package. autodetection package imports startup package and vice-versa.

[caseydavenport]

The reason for above import cycle is DEFAULT_INTERFACES_TO_EXCLUDE . Due to split in code now , DEFAULT_INTERFACES_TO_EXCLUDE has remained in startup package and its getting used in autodetection package. autodetection package imports startup package and vice-versa.

Should probably just move DEFAULT_INTERFACES_TO_EXCLUDE to the autodetection package then, right?

[hanamantagoudvk]

The reason for above import cycle is DEFAULT_INTERFACES_TO_EXCLUDE . Due to split in code now , DEFAULT_INTERFACES_TO_EXCLUDE has remained in startup package and its getting used in autodetection package. autodetection package imports startup package and vice-versa.

Should probably just move DEFAULT_INTERFACES_TO_EXCLUDE to the autodetection package then, right?

@caseydavenport
yes now i have moved DEFAULT_INTERFACES_TO_EXCLUDE into the autodetection pkg.

[hanamantagoudvk]

@caseydavenport : Please review it and let me know if anything is pending ? I am not able to see the below errors in General Tests since i dont have access to CI system.

[caseydavenport]

This LGTM - Thanks for all of the hard work on this @hanamantagoudvk

[caseydavenport]

@hanamantagoudvk just a static check failure it looks like:

pkg/lifecycle/startup/startup_test.go:86:5: composites: `k8s.io/api/core/v1.NodeAddress` composite literal uses unkeyed fields (govet)04:51
				{v1.NodeInternalIP, ipv4},04:51
				^04:51
pkg/lifecycle/startup/startup_test.go:87:5: composites: `k8s.io/api/core/v1.NodeAddress` composite literal uses unkeyed fields (govet)04:52
				{v1.NodeInternalIP, ipv6},04:52
				^

[hanamantagoudvk]

@caseydavenport , what else is failing now ?

[caseydavenport]

I think they were test flakes, kicked off another build.

[caseydavenport]

UT for Node IP assignment and conflict checking. Test variations on how IPs are detected. [It] Test with no "IP" env var set 02:25
/go/src/github.com/projectcalico/node/pkg/lifecycle/startup/startup_test.go:90602:25
  Expected02:25
      <bool>: false02:25
  to equal02:25
      <bool>: true02:25
  /go/src/github.com/projectcalico/node/pkg/lifecycle/startup/startup_test.go:902

This test appears to be failing consistently

[caseydavenport]

@hanamantagoudvk thanks for sticking with this! Glad we got it merged.

What was the last issue with that test? I couldn't tell because the commits were squashed.

Also, are you planning to do documentation for this PR? If so I can help.

Similarly, we probably want operator support for this feature as well - I can pick that up if you're strapped for time.

[hanamantagoudvk]

@caseydavenport , basically ginkgo orders the testcases alphabetically. So the tests i added were run before the existing one and it was setting the IP env variable and not resetting it. So due to that the testcases were failing. In my local setup , it used to pass on and off. So now i put a code to reset those env variables.

Regarding documentation , yes i can do the documentation.

Ya that operator support , you can pick that up.

[hanamantagoudvk]

@caseydavenport , regarding documentation , i believe in calico website where different autodetection methods are listed , we need to this new one as well. Other than anywhere else we need to capture this one ?

If i need to modify the calico website content , which repo i need to look at and modify it ?