Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow forwarding of all traffic inside the Kubernetes network #3919

Merged
merged 1 commit into from
May 15, 2024
Merged

Allow forwarding of all traffic inside the Kubernetes network #3919

merged 1 commit into from
May 15, 2024

Conversation

milan-zededa
Copy link
Contributor

For Longhorn and other pods to function properly on the Kubernetes "cni0" network, we should allow:

  • all DNS traffic
  • forwarding from pods to services
  • forwarding between pods

But we may need to adjust these rules later as we continue developing the Kubernetes clustering support...

@milan-zededa
Allow forwarding of all traffic inside the Kubernetes network
1db749e 
For Longhorn and other pods to function properly on the Kubernetes
"cni0" network, we should allow:
- all DNS traffic
- forwarding from pods to services
- forwarding between pods

But we may need to adjust these rules later as we continue developing
the Kubernetes clustering support...

Signed-off-by: Milan Lenco <milan@zededa.com>
eriknordmark
eriknordmark approved these changes May 15, 2024
View reviewed changes
Copy link
Contributor

@eriknordmark eriknordmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@naiming-zededa can you find some device in orangeCorp which is not used by the Jenkins runs and/or figure out how to have Eden run with a kubevirt image so we can get some regression testing in place for kubevirt?

@naiming-zededa
Copy link
Contributor

@eriknordmark I will look into the eden integration with the kubevirt

@milan-zededa
Copy link
Contributor Author

@eriknordmark I will look into the eden integration with the kubevirt

@naiming-zededa This works for me to run kubevirt-EVE under eden (just change eve.tag for your locally built EVE):

make clean && make build-tests
./eden config add default
./eden config set default --key eve.disks --value 1
./eden config set default --key eve.disk --value 65536
./eden config set default --key eve.hv --value kubevirt
./eden config set default --key eve.tag --value 0.0.0-rules-for-cni0-80cf51d0
./eden config set default --key eve.log-level --value debug
./eden config set default --key eve.ram --value 16384
./eden config set default --key eve.cpus --value 8
./eden config set default --key sdn.disable --value true
./eden setup -v debug --grub-options='set_global hv_dom0_cpu_settings "dom0_max_vcpus=2"; set_global hv_eve_cpu_settings "eve_max_vcpus=2"; set_global hv_ctrd_cpu_settings "ctrd_max_vcpus=2"; set_global dom0_extra_args "$dom0_extra_args eve_install_zfs_with_raid_level "; set_global hv_dom0_mem_settings "dom0_mem=9000M,max:9000M"; set_global hv_eve_mem_settings "eve_mem=7500M,max:7500M"; set_global hv_ctrd_mem_settings "ctrd_mem=5000M,max:5000M"'
./dist/bin/eden+ports.sh 2223:2223 2224:2224 5912:5902 5911:5901 8027:8027 8028:8028 8029:8029 8030:8030 8031:8031
./eden start
./eden eve onboard

@naiming-zededa
Copy link
Contributor

@eriknordmark I will look into the eden integration with the kubevirt

@naiming-zededa This works for me to run kubevirt-EVE under eden (just change eve.tag for your locally built EVE):

make clean && make build-tests
./eden config add default
./eden config set default --key eve.disks --value 1
./eden config set default --key eve.disk --value 65536
./eden config set default --key eve.hv --value kubevirt
./eden config set default --key eve.tag --value 0.0.0-rules-for-cni0-80cf51d0
./eden config set default --key eve.log-level --value debug
./eden config set default --key eve.ram --value 16384
./eden config set default --key eve.cpus --value 8
./eden config set default --key sdn.disable --value true
./eden setup -v debug --grub-options='set_global hv_dom0_cpu_settings "dom0_max_vcpus=2"; set_global hv_eve_cpu_settings "eve_max_vcpus=2"; set_global hv_ctrd_cpu_settings "ctrd_max_vcpus=2"; set_global dom0_extra_args "$dom0_extra_args eve_install_zfs_with_raid_level "; set_global hv_dom0_mem_settings "dom0_mem=9000M,max:9000M"; set_global hv_eve_mem_settings "eve_mem=7500M,max:7500M"; set_global hv_ctrd_mem_settings "ctrd_mem=5000M,max:5000M"'
./dist/bin/eden+ports.sh 2223:2223 2224:2224 5912:5902 5911:5901 8027:8027 8028:8028 8029:8029 8030:8030 8031:8031
./eden start
./eden eve onboard

Cool. thanks Milan.

@zedi-pramodh
Copy link

I am testing this on kubevirt eve. Will let you know in 30 mins

naiming-zededa
naiming-zededa reviewed May 15, 2024
View reviewed changes
Copy link
Contributor

@naiming-zededa naiming-zededa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@zedi-pramodh
Copy link

This fix works

cf4b1766-574b-4974-bfac-be568107225c:/# kubectl get pods -n longhorn-system
NAME READY STATUS RESTARTS AGE
longhorn-manager-4zk4x 1/1 Running 5 (108s ago) 2d
csi-provisioner-667796df57-ftfbp 1/1 Running 7 (108s ago) 2d
instance-manager-bca21716a86dee3a2902863854db6ec7 1/1 Running 0 85s
csi-attacher-5c4bfdcf59-5msfg 1/1 Running 6 (109s ago) 2d
csi-snapshotter-959b69d4b-pfkg5 1/1 Running 7 (109s ago) 2d
csi-provisioner-667796df57-ftlbn 1/1 Running 6 (108s ago) 2d
csi-snapshotter-959b69d4b-rxwvl 1/1 Running 7 (108s ago) 2d
csi-resizer-694f8f5f64-8fgh2 1/1 Running 8 (108s ago) 2d
csi-snapshotter-959b69d4b-sqhgd 1/1 Running 6 (108s ago) 2d
csi-attacher-5c4bfdcf59-6d8w4 1/1 Running 7 (108s ago) 2d
longhorn-driver-deployer-576d574c8-tzpzt 1/1 Running 5 (108s ago) 2d
csi-resizer-694f8f5f64-gk5gc 1/1 Running 7 (108s ago) 2d
csi-resizer-694f8f5f64-qm8s7 1/1 Running 7 (108s ago) 2d
engine-image-ei-acb7590c-b2hsh 1/1 Running 5 (108s ago) 2d
longhorn-csi-plugin-kjjmj 3/3 Running 26 (108s ago) 2d
csi-attacher-5c4bfdcf59-xb7bc 1/1 Running 7 (61s ago) 2d
longhorn-ui-7d4b94df76-w4w89 1/1 Running 12 (70s ago) 2d
csi-provisioner-667796df57-fffwb 1/1 Running 8 (58s ago) 2d
longhorn-ui-7d4b94df76-rcxlh 1/1 Running 10 (63s ago) 2d

@eriknordmark
Copy link
Contributor

The yetus complaints are about unmodified code in pkg/pillar/types so ignoring those.

@eriknordmark eriknordmark merged commit 6efe64e into lf-edge:master May 15, 2024
31 of 36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@naiming-zededa naiming-zededa naiming-zededa left review comments

@eriknordmark eriknordmark eriknordmark approved these changes

@zedi-pramodh zedi-pramodh Awaiting requested review from zedi-pramodh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@milan-zededa @naiming-zededa @zedi-pramodh @eriknordmark