enhancements icon indicating copy to clipboard operation
enhancements copied to clipboard

Published 20 hours ago β€’ verified publisher icon kubernetes

Cleaning up IPTables Chain Ownership

Open danwinship opened this issue 3 years ago β€’ 19 comments

Enhancement Description

  • One-line enhancement description (can be used as a release note): Clean up the IPTables chain ownership tangle between kubelet and kube-proxy
  • Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/3178-iptables-cleanup/
  • Discussion Link: https://github.com/kubernetes/kubernetes/issues/82125, more recently https://github.com/kubernetes/kubernetes/issues/106480
  • Primary contact (assignee): @danwinship
  • Responsible SIGs: sig-network
  • Enhancement target (which target equals to which milestone):
    • Alpha release target (x.y): 1.25
    • Beta release target (x.y): 1.27
    • Stable release target (x.y): 1.28
  • [ ] Alpha
    • [x] KEP (k/enhancements) update PR(s): https://github.com/kubernetes/enhancements/pull/3179, https://github.com/kubernetes/enhancements/pull/3418, https://github.com/kubernetes/enhancements/pull/3444
    • [x] Code (k/k) update PR(s): https://github.com/kubernetes/kubernetes/pull/110289, https://github.com/kubernetes/kubernetes/pull/110290, https://github.com/kubernetes/kubernetes/pull/110291, https://github.com/kubernetes/kubernetes/pull/110628
    • [ ] Docs (k/website) update PR(s): https://github.com/kubernetes/website/pull/34478

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

danwinship avatar Jan 23 '22 20:01 danwinship

/sig network

danwinship avatar Jan 23 '22 20:01 danwinship

This is tagged for 1.25 - is that right?

thockin avatar Jan 26 '22 21:01 thockin

@thockin yeah... oh, I explained in the PR but not here. It involves changing the same pieces of code that the internal traffic policy and proxy terminating endpoints and preferlocal traffic policy KEPs are changing, and I wasn't sure we had time to queue another change on top of those ones for 1.24. And it's not like it's urgent or anything anyway...

danwinship avatar Jan 27 '22 14:01 danwinship

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Apr 27 '22 15:04 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar May 27 '22 15:05 k8s-triage-robot

/remove-lifecycle rotten

danwinship avatar May 27 '22 20:05 danwinship

Added to spreadsheet for 25

thockin avatar Jun 20 '22 21:06 thockin

Hello @danwinship πŸ‘‹, 1.25 Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PT on Thursday June 23, 2022, which is just over 3 days from now.

~Could you please confirm if this KEP targetting to beta in release cycle?~

This enhancement is targeting alpha in 1.25

Here's where this enhancement currently stands:

  • [ ] KEP file using the latest template has been merged into the k/enhancements repo.
  • [ ] KEP status is marked as implementable
  • [ ] KEP has a updated detailed test plan section filled out
  • [X] KEP has up to date graduation criteria
  • [X] KEP has a production readiness review that has been completed and merged into k/enhancements.

Looks like for this one, we would need to update the following:

For note, the status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

Priyankasaggu11929 avatar Jun 21 '22 09:06 Priyankasaggu11929

Could you please confirm if this KEP targetting to beta in release cycle?

no, it is targeting alpha... so what needs to be done?

danwinship avatar Jun 21 '22 13:06 danwinship

@danwinship, thanks for confirming. I corrected my above checklist for stage alpha. Thank you!

Priyankasaggu11929 avatar Jun 21 '22 13:06 Priyankasaggu11929

@Priyankasaggu11929 I believe this should now be ready for alpha

danwinship avatar Jun 23 '22 20:06 danwinship

With KEP PR #3418 merged now, the enhancement is ready for the upcoming Enhancements Freeze.

For note, the status is now marked as tracked. Thank you so much! πŸ™‚

Priyankasaggu11929 avatar Jun 24 '22 00:06 Priyankasaggu11929

Hello @danwinship πŸ‘‹

Checking in once more as we approach 1.25 code freeze at 01:00 UTC on Wednesday, 3rd August 2022.

Please ensure the following items are completed:

  • [X] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
  • [ ] All PRs are fully merged by the code freeze deadline.
    • https://github.com/kubernetes/kubernetes/pull/110291
    • https://github.com/kubernetes/kubernetes/pull/110290
    • https://github.com/kubernetes/kubernetes/pull/110289
    • https://github.com/kubernetes/kubernetes/pull/110628

Please verify, if there are any additional k/k PRs besides the ones listed above.

Please plan to get the open k/k merged by the code freeze deadline. The status of the enhancement is currently marked as at-risk.

Please also update the issue description with the relevant links for tracking purpose. Thank you so much!

Priyankasaggu11929 avatar Jul 25 '22 07:07 Priyankasaggu11929

Hello @danwinship :wave:

Checking in once more as we approach 1.25 code freeze at 01:00 UTC on Wednesday, 3rd August 2022.

Please ensure that the following PR(s) :-

  • https://github.com/kubernetes/kubernetes/pull/110291 are merged before code freeze which is in two days.

Thanks a lot for updating the issue description with all relevant info.

parul5sahoo avatar Aug 01 '22 03:08 parul5sahoo

all (non-docs) alpha PRs now merged

danwinship avatar Aug 01 '22 15:08 danwinship

Thanks for the update, @danwinship. The status is now marked as tracked.

Priyankasaggu11929 avatar Aug 01 '22 15:08 Priyankasaggu11929

The KEP states:

We will also document the new KUBE-IPTABLES-HINT chain and its intended use, as well as the best practices for detecting the system iptables mode in previous releases.

This chain was added in v1.24; do we have plans to add that documentation (eg: for v1.25)?

sftim avatar Aug 04 '22 16:08 sftim

@danwinship Hi! 1.25 Docs Lead here! Adding to the comment above, today is the Docs Placeeholder PR deadline and we will need a placeholder PR to k/website today, if the KEP is correct. Please let us know if you have any questions.

kcmartin avatar Aug 04 '22 16:08 kcmartin

@danwinship , we're passed the 1.25 Docs Ready for Review deadline and the KEP for this enhancement states there will be a documentation update

We will also document the new KUBE-IPTABLES-HINT chain and its intended use, as well as the best practices for detecting the system iptables mode in previous releases.

Please create a PR to add documentation to the k/website repo to the dev-1.25 branch

reylejano avatar Aug 10 '22 09:08 reylejano

sorry, belatedly created https://github.com/kubernetes/website/pull/36020

danwinship avatar Aug 16 '22 16:08 danwinship

Can't proceed until 1.27

thockin avatar Sep 29 '22 17:09 thockin

/label lead-opted-in

thockin avatar Feb 02 '23 23:02 thockin

/stage beta

Atharva-Shinde avatar Feb 06 '23 17:02 Atharva-Shinde

Hello @danwinship @thockin πŸ‘‹, Enhancements team here.

Just checking in as we approach Enhancements freeze on 18:00 PDT Thursday 9th February 2023.

This enhancement is targeting for stage beta for 1.27 (correct me, if otherwise)

Here's where this enhancement currently stands:

  • [ ] KEP readme using the latest template has been merged into the k/enhancements repo.
  • [X] KEP status is marked as implementable for latest-milestone: 1.27
  • [X] KEP readme has a updated detailed test plan section filled out
  • [X] KEP readme has up to date graduation criteria
  • [ ] KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would just need to update the following:

  • Add response for this question in the Scalability questionnaire of the KEP readme

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

Atharva-Shinde avatar Feb 06 '23 17:02 Atharva-Shinde

With all the KEP requirements in place and merged into k/enhancements, this enhancement is all good for the upcoming enhancements freeze. πŸš€

The status of this enhancement is marked as tracked. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

Atharva-Shinde avatar Feb 08 '23 18:02 Atharva-Shinde

Hi @danwinship πŸ‘‹ , I’m reaching out from the 1.27 Release Docs team. This enhancement is marked as β€˜Needs Docs’ for the 1.27 release. Please follow the steps detailed in the documentation to open a PR against dev-1.27 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by March 16. For more information, please take a look at Documenting for a release to familiarize yourself with the documentation requirements for the release. Please feel free to reach out with any questions. Thanks!

taniaduggal avatar Mar 10 '23 14:03 taniaduggal

Hey again @danwinship πŸ‘‹ Enhancements team here, Just checking in as we approach 1.27 code freeze at 17:00 PDT on Tuesday 14th March 2023.

Here's where this enhancement currently stands:

  • [X] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
  • [X] All PR/s are fully merged by the code freeze deadline.
    • https://github.com/kubernetes/kubernetes/pull/114472
    • https://github.com/kubernetes/kubernetes/pull/114470

Also please let me know if there are other PRs in k/k we should be tracking for this KEP. As always, we are here to help if any questions come up. Thanks!

Atharva-Shinde avatar Mar 11 '23 19:03 Atharva-Shinde

NEXT: Aiming for GA in 1.28

thockin avatar Apr 27 '23 16:04 thockin

Hello @danwinship πŸ‘‹, Enhancements team here.

Just checking in as we approach enhancements freeze on Thursday, 16th June 2023.

Looks like this enhancement is targeting for stage stable for v1.28 (correct me if otherwise)

Here's where this enhancement currently stands:

  • [X] KEP readme using the latest template has been merged into the k/enhancements repo.
  • [ ] KEP status is marked as implementable for latest-milestone:v1.28
  • [X] KEP readme has a updated detailed test plan section filled out
  • [X] KEP readme has up to date graduation criteria
  • [ ] KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would need to update the following:

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you :)

Atharva-Shinde avatar Jun 09 '23 20:06 Atharva-Shinde

Is this still planning on going to stable in 1.28? I don't see a KEP update PR.

johnbelamaric avatar Jun 13 '23 21:06 johnbelamaric