Add support for Service Traffic Distribution in Antrea Proxy #6604
Conversation
hongliangl
added
the
action/release-note
hongliangl
force-pushed
the
20240808-support-svc-traffic-distribute
branch
6 times, most recently
from
bde680b
to
4a6d33d
Compare
pkg/agent/proxy/topology.go
Outdated
| if hintsAnnotation != "" && hintsAnnotation != "Disabled" && hintsAnnotation != "disabled" { | ||
| klog.InfoS("Skipping topology aware Endpoint filtering since Service has unexpected value", "annotationTopologyAwareHints", v1.DeprecatedAnnotationTopologyAwareHints, "hints", hintsAnnotation) | ||
|
|
||
| // Ignore the value of hintsAnnotation if the ServiceTrafficDistribution feature is enabled. |
There was a problem hiding this comment.
Do you know why the code is slightly different for kube-proxy? https://github.com/kubernetes/kubernetes/blob/6fc0a69044f1ac4c13841ec4391224a2df241460/pkg/proxy/topology.go#L153-L161
There was a problem hiding this comment.
More generally, I wonder why this code is necessary for correctness. It seems to me that the real consumer of service.kubernetes.io/topology-mode and .spec.trafficDistribution is the EndpointSlice controller, and not the Service proxy. @tnqn do you know?
There was a problem hiding this comment.
Good catch! The current code is wrong. I made #6607 to fix it.
There was a problem hiding this comment.
@antoninbas both EndpointSlice controller and Service proxy are the consumers of the configuration.
- EndpointSlice controller adds hints to each endpoint when the feature is enabled.
- Service proxy consumes hints of endpoints when the feature is enabled, instead of unconditionally using the hints.
There was a problem hiding this comment.
Ah, I think I get your point. You are talking about each Service's configuration, instead of the global configuration. I agree with you this looks duplicate, and inconsistent for service.kubernetes.io/topology-mode and .spec.trafficDistribution. Perhaps it's just because the feature is implemented by different authors.
There was a problem hiding this comment.
Yes, I find the inconsistency strange and that's also related to my other comment. This seems to be the existing logic:
- if both features are disabled, ignore the hints
- if the TrafficDistribution feature is disabled (hence, the TopologyAwareHints feature is enabled), and we don't see an annotation, ignore the hints
- otherwise, consume the hints
For consistency, IMO it should have been:
- Consume the hints if and only if at least one the of the following conditions is true
- the TrafficDistribution feature is enabled and
.spec.trafficDistributionis set - the TopologyAwareHints feature is enabled and we see an annotation
However, I only see the current implementation being an issue if Feature Gates are set inconsistently between the proxy and the EndpointSlice controller. And we should probably just follow what kube-proxy is doing here.
There was a problem hiding this comment.
the TrafficDistribution feature is enabled and .spec.trafficDistribution is set
One more thing, we need to bump k8s.io/api v0.29.2 (the version we use right now) to v0.30.x, than we can consume .spec.trafficDistribution in Antrea Proxy.
There was a problem hiding this comment.
Since we have decided to keep the implementation consistent with kube-proxy, there is no need to consume .spec.trafficDistribution directly and we don't need to update K8s dependencies just yet.
| klog.InfoS("Skipping topology aware Endpoint filtering since Service has unexpected value", "annotationTopologyAwareHints", v1.DeprecatedAnnotationTopologyAwareHints, "hints", hintsAnnotation) | ||
|
|
||
| // Ignore the value of hintsAnnotation if the ServiceTrafficDistribution feature is enabled. | ||
| if !p.serviceTrafficDistributionEnabled { |
There was a problem hiding this comment.
Again, this is what kube-proxy is doing, but it's confusing to me because serviceTrafficDistributionEnabled is a global setting (determined only by the feature gate). It seems that checking svc.Spec.TrafficDistribution would make more sense (specific to this Service). But maybe I am missing something and this is the desired / expected behavior.
There was a problem hiding this comment.
I was also confused by that svc.Spec.TrafficDistribution is not consumed by kube-proxy code, and it is consumed by EndpointSlice controller code. If I understood correctly, the serviceTrafficDistributionEnabled is a global setting to decide whether to check svc.Spec.TrafficDistribution for a Service and reconcile hints for the corresponding EndpointSlice of the Service. https://github.com/kubernetes/kubernetes/blob/6cca485fe71dc5fb0cb8004b98d7aec792e9d791/staging/src/k8s.io/endpointslice/trafficdist/trafficdist.go#L28
hongliangl
force-pushed
the
20240808-support-svc-traffic-distribute
branch
from
4a6d33d
to
b6f6fd0
Compare
docs/feature-gates.md
Outdated
| @@ -35,6 +35,7 @@ edit the Agent configuration in the | |||
| | `AntreaProxy` | Agent | `true` | GA | v0.8 | v0.11 | v1.14 | Yes | Must be enabled for Windows. | | |||
| | `EndpointSlice` | Agent | `true` | GA | v0.13.0 | v1.11 | v1.14 | Yes | | | |||
| | `TopologyAwareHints` | Agent | `true` | Beta | v1.8 | v1.12 | N/A | Yes | | | |||
| | `ServiceTrafficDistribution` | Agent | `true` | Alpha | v2.2 | N/A | N/A | Yes | | | |||
There was a problem hiding this comment.
The default is true? If the change is straightfoward and we are confident in its quality and want it to be enabled by default, the stage should be Beta to be consistent.
There was a problem hiding this comment.
+1 I personally support going straight to Beta and enabling it by default.
K8s 1.31 was just released and the feature has been promoted already
There was a problem hiding this comment.
My bad, this should be false. I copied this from the line above it and forgot to modify the default value.
There was a problem hiding this comment.
@hongliangl It may still make sense to introduce this as Beta right away:
- there is no requirement that feature gates always go through Alpha stage
- code changes are small and mostly ported over from kube-proxy
- this change should have no impact unless users set
.spec.trafficDistribution - the feature gate is already Beta / enabled by default in the latest K8s version, as it only stayed in Alpha stage for one minor release
There was a problem hiding this comment.
It was done as you said.
hongliangl
force-pushed
the
20240808-support-svc-traffic-distribute
branch
from
b6f6fd0
to
c8e76c0
Compare
`ServiceTrafficDistribution` enables Traffic Distribution for Services in Antrea Proxy. This feature allows for more flexible and intelligent routing decisions by considering both topology and non-topology factors. For more details, refer to this [link](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/4444-service-traffic-distribution). Note: To activate this feature in Antrea Proxy, Kubernetes must be version 1.30 or higher, with the `ServiceTrafficDistribution` feature gate (a Kubernetes-specific feature gate) enabled to add Endpoint zone hints in the Kubernetes EndpointSlice controller. Without these prerequisites, the feature may not function as intended in Antrea Proxy. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl
force-pushed
the
20240808-support-svc-traffic-distribute
branch
from
c8e76c0
to
19c6c43
Compare
|
/test-all |
For #6592
ServiceTrafficDistributionenables Traffic Distribution for Services in Antrea Proxy. Thisfeature allows for more flexible and intelligent routing decisions by considering both
topology and non-topology factors. For more details, refer to this link.
Note: To activate this feature in Antrea Proxy, Kubernetes must be version 1.30 or higher, with
the
ServiceTrafficDistributionfeature gate (a Kubernetes-specific feature gate) enabled to addEndpoint zone hints in the Kubernetes EndpointSlice controller. Without these prerequisites,
the feature may not function as intended in Antrea Proxy.