For endpoints that are services of ovs' pods, kube-proxy sends down redundant table entries on the node
Bug #1900073 reported by
liujinxin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| kuryr-kubernetes |
New
|
Undecided
|
Unassigned | ||
Bug Description
The kuryr-controller does not completely take over kube-proxy's functions, meaning that kuryr-controller and kube-proxy coexist, but kube-proxy Can't distinguish if the endpoints is an ovs pod or not, and still configures them on the host (whether in iptables or ipvs mode).
so obviously, these rules issued by kube-proxy about endpoints being ovs' pods on the host are redundant
For example, if the endpoints of a svc are all ovs pods, the kube-proxy does not need to configure the svc configuration on the host (e.g., issue iptables rules for the svc), because these rules are not used.
Revision history for this message
| Michal Dulko (michal-dulko-f) wrote | #1 |
| description: | updated |
Revision history for this message
| Maysa de Macedo Souza (maysa) wrote | #3 |
Revision history for this message
| liujinxin (scilla) wrote | #4 |
Revision history for this message
| Maysa de Macedo Souza (maysa) wrote | #5 |
To post a comment you must log in.
Can you elaborate? Which functions of kube-proxy are not taken over by kuryr-controller? Why would you want to run kube-proxy alongside Kuryr? That's not really a supported scenario. We've tried doing that in order to drop dependency on Octavia, but had troubles to join kube-proxy networking with OpenStack's pod networking.