-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding option to configure UDP timeouts for conntrack #120808
Adding option to configure UDP timeouts for conntrack #120808
Conversation
Skipping CI for Draft Pull Request. |
/approve |
/lgtm I had some fun and learned something with the pointers and the flags XD /assign @thockin for approval of the missing places |
LGTM label has been added. Git tree hash: 5b711d67e0293d9d28b6a009a43f24c3a6bb87fd
|
@aojea me too xD |
/triage accepted |
allErrs = append(allErrs, field.Invalid(fldPath.Child("TCPCloseWaitTimeout"), config.TCPCloseWaitTimeout, "must be greater than or equal to 0")) | ||
} | ||
|
||
if config.UDPTimeout.Duration < 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You added nil-checks to the above cases but not these new ones, why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TCPEstablishedTimeout and TCPCloseWaitTimeout are pointer types *metav1.Duration
.
The new ones - UDPTimeout and UDPStreamTimeout are value types metav1.Duration
so nil-check is not required here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did we opt to do them differently? I'm not sure the originals needed to be pointers, but half-and-half is probably the worst choice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but half-and-half is probably the worst choice.
I agree with this, but we already have a mixture of both.
Currently there are 8 fields with of type metav1.Duration
and 2 of type *metav1.Duration
.
We can't use objects of type *metav1.Duration
directly in pflag without setting any default value.
var param *metav1.Duration
fs.DurationVar(¶m.Duration, ...)
^^ this will panic as param is nil
#55261 changed types of TCPCloseWaitTimeout and TCPEstablishedTimeout to pointer types to allow zero values.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahh, I see. For TCP, we have default values which we assert. So we need to know the difference between "uspecified" (meaning "set the default value") and "specified as 0" (meaning "do not change").
We're not proposing default values for these new ones, so 0, whether specified or not, means "do not change it". Right?
And setting a default at this point is likely to end in tears for someone.
So adding the nil-check is actually wrong - the TCP fields must have a value by this point, and allowing nil to slip through is actually bad.
Can you please remove those nil-checks and add comments like "config.TCPEstablishedTimeout has a default value, so can't be nil"?
We should fix the API comment-docs, but we can do that later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please remove those nil-checks and add comments like "config.TCPEstablishedTimeout has a default value, so can't be nil"?
sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We went through these in another review, the pointers come from here #55261 , but should not be there honestly, are confusing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the pointer-ness DOES matter here - we need to know the difference between "uspecified" (meaning "set the default value") and "specified as 0" (meaning "do not change"), but these new fields do not have defaults.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the pointer-ness DOES matter here - we need to know the difference between "uspecified" (meaning "set the default value") and "specified as 0" (meaning "do not change"), but these new fields do not have defaults.
@thockin we tried to add a new cliflag.MetaDuration
flag - #120489 for the same purpose and this can be directly consumed by flag avoiding any panics.
Signed-off-by: Daman Arora <[email protected]>
ec0f654
to
15ae6cc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
/lgtm
/approve
LGTM label has been added. Git tree hash: 1f15838a7b6523b510511039c923ff9fead3cf8d
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aroradaman, danwinship, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #120214
Special notes for your reviewer:
This PR will allow users to configure the following netfilter conntrack options:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: