Exception request: KEP 1880 - Multiple Service CIDRs
20 views
Skip to first unread message
Tim Hockin
Jun 14, 2024, 2:32:13 PMJun 14
to kubernetes-sig-release, releas...@kubernetes.io, kubernetes-sig-network, Antonio Ojea, Maciej Szulik
Filing on behalf of Antonio who is already on his weekend.
This KEP missed final approval because of a late discovered potential
race condition around feature enablement, and because the reviewer
(me) got COVID this week and lost 3+ days of review/discussion time.
See risk section below for more details.
Thanks for the consideration
-----------------------------------------
* Enhancement name: Multiple Service CIDRs
* Enhancement status (alpha/beta/stable): moving alpha -> beta
* SIG: network
* k/enhancements repo issue #:
https://github.com/kubernetes/enhancements/issues/1880
* PR #’s: https://github.com/kubernetes/enhancements/pull/4645
* Additional time needed (in days): 7 (until EOD Friday CET)
* Reason this enhancement is critical for this milestone: This has
been in Alpha for a while, but we know nobody tests alphas. This
addresses long-standing user pain, and we want to press forward to
Beta, but off by default. This will give potential users more
confidence in the feature, while mitigating risk.
* Risks from adding code late: I don't think we will add code late,
just KEP approval. The feature is largely complete in alpha with
pretty robust tests. There are some minor changes we want to make in
alpha to beta (simplifications and more tests).
PRR called out a potential race during enablement of this feature,
wherein version skew between apiservers could result in the same IP
being allocated twice. The race is very small and unlikely: 2
services created via 2 skewed apiservers, both getting allocated the
same IP, performed within the propagation time of a watch event, at
just the right moment wrt an async controller loop. But it is real.
We would use the extra week to discuss true solutions or further
mitigations, and update the KEP language. Given that it is planned to
be off-by-default, it could be made part of the release notes (worst
case). We do not anticipate this making us miss the code deadline, or
significantly increasing the risk. If so we will withdraw from this
release.
* Risks from cutting enhancement: Further delay in getting real
feedback on this API, which has already taken longer than we hoped
(due mostly to Antonio and I being busy maintainers, not due to risk).
This KEP missed final approval because of a late discovered potential
race condition around feature enablement, and because the reviewer
(me) got COVID this week and lost 3+ days of review/discussion time.
See risk section below for more details.
Thanks for the consideration
-----------------------------------------
* Enhancement name: Multiple Service CIDRs
* Enhancement status (alpha/beta/stable): moving alpha -> beta
* SIG: network
* k/enhancements repo issue #:
https://github.com/kubernetes/enhancements/issues/1880
* PR #’s: https://github.com/kubernetes/enhancements/pull/4645
* Additional time needed (in days): 7 (until EOD Friday CET)
* Reason this enhancement is critical for this milestone: This has
been in Alpha for a while, but we know nobody tests alphas. This
addresses long-standing user pain, and we want to press forward to
Beta, but off by default. This will give potential users more
confidence in the feature, while mitigating risk.
* Risks from adding code late: I don't think we will add code late,
just KEP approval. The feature is largely complete in alpha with
pretty robust tests. There are some minor changes we want to make in
alpha to beta (simplifications and more tests).
PRR called out a potential race during enablement of this feature,
wherein version skew between apiservers could result in the same IP
being allocated twice. The race is very small and unlikely: 2
services created via 2 skewed apiservers, both getting allocated the
same IP, performed within the propagation time of a watch event, at
just the right moment wrt an async controller loop. But it is real.
We would use the extra week to discuss true solutions or further
mitigations, and update the KEP language. Given that it is planned to
be off-by-default, it could be made part of the release notes (worst
case). We do not anticipate this making us miss the code deadline, or
significantly increasing the risk. If so we will withdraw from this
release.
* Risks from cutting enhancement: Further delay in getting real
feedback on this API, which has already taken longer than we hoped
(due mostly to Antonio and I being busy maintainers, not due to risk).
Angelos Kolaitis
Jun 17, 2024, 8:45:13 AMJun 17
to release-team, Tim Hockin, Antonio Ojea, Maciej Szulik, kubernetes-sig-release, kubernetes-sig-network
Hi all,
Following discussion in Slack, the release team is APPROVING this exception request. Your updated deadline to merge all open code implementation PRs and docs for your KEP is 18:00 PST Friday, 21st June 2024.
If you need any clarification, please reach out to us in the #sig-release Slack channel.
Thanks,
Angelos Kolaitis
1.31 Release Team Lead
Following discussion in Slack, the release team is APPROVING this exception request. Your updated deadline to merge all open code implementation PRs and docs for your KEP is 18:00 PST Friday, 21st June 2024.
If you need any clarification, please reach out to us in the #sig-release Slack channel.
Thanks,
Angelos Kolaitis
1.31 Release Team Lead
Reply all
Reply to author
Forward
0 new messages