[SIG-Network] Ingress NGINX meeting 20210706
Summary
TLDRThe July 6, 2021 Kubernetes community meeting focused on welcoming new member Carol Chan from F5 and addressing various technical issues. The team discussed unlabeled support requests, including a potential bug with set timeouts, the challenge of retaining source IP in UDP streaming, and scaling issues during load testing. They also touched on template updates for issue reporting and branch management for the upcoming v1 release. The meeting concluded with action items and a plan for a new release to align with Kubernetes v1.22.
Takeaways
- 📅 The meeting took place on July 6, 2021, and was focused on the Kubernetes community with an emphasis on following the code of conduct.
- 🔐 Any violations of the code of conduct should be reported privately to the SIG chairs or the meeting organizer.
- 👋 A new member, Carol Chan, introduced herself, joining from the F5 team with 15 years of experience, and will assist with technical project management.
- 🔍 The meeting agenda included issues triage and action items, with a focus on unlabeled support requests that are over a month old.
- 🆚 Discussion on a potential bug involving 'set timeout' and 'set timeouts' functions in the Lua part of the project, where there is confusion about the correct usage.
- 👷♂️ There was a debate on whether certain issues were bugs or not, and the need for more information to make accurate assessments.
- 🛑 A suggestion to close an issue regarding retaining the source IP during UDP streaming, as it may not align with the ingress controller's purpose.
- 📝 A mention of a template for reporting issues to ensure consistency and provide necessary information for triage.
- 🚀 The importance of branch management and the release of v1.8.0 were discussed, with updates on the progress of addressing related issues.
- 🔄 The need for testing and feedback on the new version of the ingress controller, especially from those who have mistakenly deployed the wrong manifest.
- 🗂️ A discussion on manifest files and the need to update documentation to avoid confusion, especially regarding the stable version of the ingress controller.
Q & A
What is the main purpose of the meeting described in the transcript?
-The main purpose of the meeting is a Kubernetes community meeting focused on discussing issues and action items related to the Sign Network Ingress Engineer subproject.
What is the Code of Conduct mentioned in the meeting?
-The Code of Conduct is a set of guidelines that participants are asked to follow, which essentially involves being excellent with each other, and any violations should be reported privately to the SIG chairs or the meeting organizer.
Who is Carol Chan and what is her role in the meeting?
-Carol Chan is a new participant who has joined from the F5 team. She has been with F5 for 15 years and recently moved to the NGINX side. She will be assisting with technical project management and providing direction to the team.
What is the issue with the 'setTimeout' and 'setInterval' functions discussed in the meeting?
-The issue discussed is that there are two functions with similar names but different numbers of arguments, which is causing confusion. The meeting participants are unsure whether the complaint about the functions is valid or if the code is correct.
What is the approach to handling unlabeled support requests in the meeting?
-The approach is to go through the unlabeled support requests, especially those that are a month old and have not been addressed, to ensure they are properly labeled and triaged.
Why is the issue about retaining the source IP during UDP streaming considered not an issue?
-The issue is considered not an issue because when using NGINX as a proxy, it naturally creates a new stream, and retaining the source IP in such a context is not typical behavior for an ingress controller.
What is the general approach to dealing with issues that require more information?
-The general approach is to ask the issue reporter to follow a template that provides necessary information, such as the NGINX version, service details, and configuration. If the information is not provided, the issue is labeled as 'needs-information'.
What is the significance of the 'v1' and 'v1beta1' admission webhook in the context of the meeting?
-The 'v1' and 'v1beta1' admission webhooks are significant because the team is discussing the transition and support for these versions in the context of Kubernetes updates and ensuring compatibility.
What is the role of the 'stable.txt' file mentioned in the meeting?
-The 'stable.txt' file is used to point to the stable version of the manifests for users, especially when there have been changes that could break compatibility with older versions, ensuring users are directed to the correct resources.
What is the plan for the next release of the ingress controller?
-The plan is to release a new version, likely v0.48, after addressing certain issues and completing cherry picks of changes like the 'modsecurity' updates and other optimizations, ensuring compatibility with the upcoming Kubernetes v1.22 release.
Outlines
🗓️ Introduction and New Member Welcome
The script begins with a welcome to a Kubernetes community meeting held on July 6, 2021, by the ingress engineer of the sign network subproject. The meeting starts with a reminder to adhere to the code of conduct and to report any violations. The facilitator introduces new member Carol Chan from F5, who has joined the team to assist with technical project management. The session then moves on to issues triage and action items, with a focus on unlabeled support requests and the introduction of new participants.
🔍 Issue Triage and Bug Discussion
The second paragraph delves into the issue triage process, where the team discusses unlabeled support requests. A specific issue regarding 'set timeout' versus 'set timeouts' is highlighted, with a need for further investigation into the Lua part of the code. The conversation also touches on the responsibilities of team members and the potential need for labeling the issue as a bug. The paragraph ends with a decision to seek clarification on whether the observed behavior is correct or if there's a need for correction.
📝 Addressing Technical Queries and Ingress Issues
In this paragraph, the team addresses various technical queries and issues related to the ingress controller. They discuss the challenges of retaining the source IP during UDP streaming and the limitations of the ingress controller in this context. The team also evaluates whether certain issues are bugs or feature requests, with a decision to close some as they do not align with the engineering goals. The paragraph concludes with a discussion on scaling issues during load testing and the need for more information to properly address these concerns.
📌 Action Items and Documentation Updates
The fourth paragraph focuses on action items and the importance of following templates for issue reporting. The team discusses the need for more information in triage and the process for handling issues that do not meet the necessary criteria. They also touch on the topic of branch management and the release of version 0.8.1, with updates on the progress of these tasks. The paragraph ends with a reminder of the next steps and the need to address any outstanding action items.
🛠️ Testing and Code Optimization
This paragraph discusses the testing of the ingress controller and the discovery of issues by Jordan Liggitt. It mentions the resolution of some of these issues by team members and the process of addressing others, such as ingress class support. The conversation also includes a discussion on the optimization of admission web code, with suggestions for removing deep copy and other potential improvements. The paragraph concludes with a plan for the next release and the importance of aligning with the release of Kubernetes v1.22.
📝 Final Thoughts and Closing Remarks
The final paragraph wraps up the meeting with a review of the action items and a discussion on the release of the next version of the ingress controller. The team also talks about the need for offline conversations regarding template generation and the potential for adding gRPC demo applications and tests. The paragraph ends with thanks to the participants and a sign-off until the next meeting.
Mindmap
Keywords
💡Sign Network Ingress Engineer
💡Kubernetes
💡Code of Conduct
💡SIG Chairs
💡Technical Project Management
💡Issues Triage
💡Action Items
💡Set Timeouts
💡Ingress Controller
💡Load Testing
💡Manifests
💡Helm
💡GRPC
💡Deep Copy
Highlights
Introduction of new member Carol Chan from F5, recently joined the NGINX side, focusing on technical project management.
Focus on complying with the Kubernetes community code of conduct.
Carol Chan to help with direction and technical project management.
Plan to go through unlabeled support requests and issues, focusing on those with comments and that are about a month old.
Discussion on a bug related to the function set timeout and set timeouts, involving Lua part and needing more inspection.
Clarification that Tor Dash is not an NGINX employee, emphasizing the importance of accurate issue reporting.
Analysis of keeping the source IP the same while setting up UDP streaming with NGINX acting as a proxy.
Consideration of marking the issue as a bug, involving the labeling process and needing further validation.
Recommendation to query in Slack for confirmation on issues when contributors from other regions can't join the meeting.
Discussion on issues related to NGINX scaling during load testing and the importance of detailed issue reporting following the template.
Emphasis on the importance of filling out the issue template to provide comprehensive information for accurate triage.
Decision to close issues that seem to be more support requests rather than actual bugs.
Conversation on the impact of versioning and backward compatibility with users pointing to the main branch manifest.
Plans to address optimization suggestions, particularly around the deep copy and code efficiency in the admission webhook.
Preparation for the next release, coordinating alpha and stable versions, and managing cherry-picks for mod security and other updates.
Transcripts
hello everyone
this is sign network ingress engineer
subproject meeting
today is july 6 2021 this is a
kubernetes
community meeting and we ask you to
comply with the code of conduct
which is basically be excellent with
each other any violation should be
reported to the sig chairs or the one
running this meeting privately
so we've got a couple new folks on so
we'll go ahead and let them
introduce themselves then we'll go right
into issues triage
and look at our action items so
we've got a couple no we got one new
person carol do you want to introduce
yourself
hi i'm carol chan i've been at
f5 for 15 years but recently joined the
nginx side of the house
um i work with alan who's on the call
thank you thanks for joining she's going
to be helping us out with
technical project management stuff
trying to give us a little bit help us
out with direction things like that i
know that we
will take all the help that we can get
right ricardo
sorry sorry james i was looking at the
other side and missed it
that's all good carol just introduced
herself and said she's gonna be helping
out from the f5 team
i said we'll take as much help as we can
get yeah yeah yeah
exactly welcome
all right so i think from the issue
trials perspective i was just going to
go through
the unlabeled um support requests that
are issues that come up i have some
already pulled up
i saw that there are some that have
comments so some of them are about a
month old we just
probably want to stay on top of the ones
that aren't labeled um so i was just
going to go ahead and walk through those
unless anyone has any high level ones
that we need to talk to i know i've got
a list of some
that i asked in this the chat but um i'm
just going to run through the unlabeled
ones
give that time box after about 15
minutes
no objections will go ahead and get
started
uh okay set timeout instead of set
timeouts
so it looks like again yeah there's a
couple of these uh tour dash was looking
at
but this doesn't look like it's a bug
function is messed up those functions
take a different number of arguments
yeah i i i i need some some some
some some others to take a look into the
lua part because i'm not
sure how how these get connected
yeah usually elvin
is the one to to to query about those
things and
i guess also wayne is is someone that
that deals with this thing but i
couldn't i couldn't
actually realize if tardash is saying
yeah hey the code is right or hey
yeah what you are complaining is right
like what seems to be correct yeah
the function doesn't look like those two
functions do have separate
um
[Music]
to that part james so we have uh it
seems that we have uh
two set two set thigh mouths right so
we have this uh sethi mouth and the set
time mouths
and the setting mouth takes three
arguments
but the set timeout takes only one
argument
and the thing that cause it's calling
set timeouts or set timeout
yeah that does look set timeout yeah
yeah i have no idea
you can you can just you can just query
like kardash
if it thinks that what what what exactly
seems to be correct
the code or the or the complaint and we
can we can
follow with that
yeah and james just to clarify it
doesn't seem like tor dash
is an nginx employee okay thank you for
that
yep english is fun
this does look like it is a bug that
needs the
look that or at least it's confusing why
we have two separate timeouts
is it label is it label bug i can't i
should
have these memorized there's a label bug
ricardo that's uh
kind of kind bug yeah
and do i just want to be mean and assign
it to
um no who are you
yeah we we can we can wait for some
answer
as you are committing probably you are
going to receive the github notification
but i i still need to
to at least like put the issues that i
want to
deal with then they i am adding a
priority but yeah
first confirm is this is actually an
issue or not so
you you can probably paste this and and
and like query
in slack you can just because as the
the the folks in asia they are not able
to join here
you can maybe ask for like for
for weighing or for for someone saying
hey can you please take a look into this
and
and say if this is right or wrong and if
this should be corrected because
they usually they are faster taking a
look when when we ask them to
okay so yeah
again this is a long so he's trying to
keep the source ip the same
while setting up and doing udp
streaming but
i do agree it's like nginx is acting as
a proxy of course it's going to create a
new stream
so i don't think this really i don't
think this is an issue if he needs to
retain that then probably not use a
proxy
yeah any other thoughts
yeah i mean there's some ways you can
you can do like
transparent ipv and things like that but
not in an ingress controller context
that's that's just yeah
yeah and definitely not with udp right
yeah yeah especially with that like it's
that's actually i mean you can do it but
yeah it's not
gonna be clean and you need to be able
to do some like kernel level network
tweaks
to get it to behave properly properly
with that
we're probably gonna ask for a
suggestion as soon as i close this
i don't know if this isn't nice or
appropriate but it does this theme like
his request doesn't really
jive with what we're trying to
accomplish within engineering
yeah is it just close ricardo flash
close yeah
because like ingress
actually in gen x is actually not the
layer seven right so
when you use like this one as an http
proxy you can
forward the ip with the like
the header or so on yeah but with tcp
and udp you are saying hey i want to
modify
the packet heat the packet heater which
is
which usually you do in a router or
something like that doing applying some
network address translation but not with
the
ingress yeah yeah i mean it's like i
said it's it's possible to do with uh by
setting up ip transparency but i don't
know if it's even possible to do
at the container at a container level if
it is
i don't know either that would probably
require more research
but that just sounds again complicating
it and
yeah it's it's a very edge case
use case it seems like to try to
implement in something
as generic as the ingress controller is
you know supposed to be
i think this is just a uh
i wonder if this was a scaling issue
because he was getting i was getting bad
requests
i wonder if while they were doing the
load testing if it was scaling up
he doesn't have any other information
about virgins
he's got some logs but he doesn't have
the nginx version
he doesn't say if the
the app was auto scaling or if anything
else
i think that was the only other thing i
saw it here so we're seeing a response
code in nginx while doing load testing
i feel like he needs to add a little bit
more information around the service
and probably the nginx yeah
configuration
yeah so we we added the template
so people who could follow the template
instead of like just
just creating a blank issue and putting
everything there right so
and the template is older than 29 days
as far as i remember so
yeah we have that we have about a month
ago
so yeah yeah the first thing i would ask
is like hey
please follow follow the template we
need a bunch of information there
and do uh triage needs information
it's like yeah we trust you that this
might be a bird
but we need some more information other
than your access logs
and no slash triage
more information needed needs needs dash
information
needs i think it's neat
yeah yeah let's just find the type
18 we got about three more we can
probably get through one more
what
[Music]
yeah same thing like no gameplay
do we have at least yeah we have a
deployment that we'll see
[Music]
nope memory limits
it still doesn't give us the but i think
long is actually taking a look go
to the bottom
yeah because it seems like more like a
sport other than above right
yeah specifically is like hey how can i
turn
ingress in gynex for this workload so
yeah i agree with long we should
probably close this and and ask
like hey please ask supporting who's
like channel
but feel free to reopen if you think
this is a bug or something like that
because it's uh
it's okay as well yeah it seems like
more like a
scaling issue if anything
all right then i got maybe time for one
more
yeah same thing here yeah
i'm not gonna sign in i'm gonna trust
that long put that in here
yeah we've seen that question before
and i know that we've had that recently
that con that same conversation
alrighty i think that's good
do we have any action items besides the
ones and open topics that we need to
review
i know you've got to go at 12 30 ricardo
uh yeah i can't remember of any action
item right now
maybe there is in some somewhere in the
middle notes from last week
i think last week there was just more uh
last conversation was
around the branch management and yeah
801 drop
i already did that
yeah have we gotten any feedback i
haven't seen anything come through
specifically on v1 yeah yeah yeah cool
so
uh i'm gonna i'm gonna pass through this
one and probably
probably know i will have to drop in 10
minutes but
yeah so jordan legit uh reached me
and he he was
he was trying he was making some tests
into the view one
he first of all he he really thanked us
to to
bring this to move forward otherwise
we would be some some sort of blocking
to remove you one better one from
not that we would not that we would
block because they
were already removing that from from the
v122 but
as this is like the most used ingress it
would be a
huge problem for people to move forward
right so
he he did some tests and he found
three issues one one of them carlos
panato already took care of
which was named parts so i have tested
and that got merged the other one
uh is about inverse class which i
am going to take care probably this week
i was
finalizing other urgent things but
this is my my next on the top of my
top of my pile of things to do but
about supporting ingress class and the
other one
is still open but
let me see because because jordan
jordan is he's really nice so he he
already wrote also
what are the corrections for those teams
so let me see here although
legit
yeah so the other one is
to handle or ignore known services back
in so
apparently non-service
beckons they are not being handled or
illuminated properly i i need to take a
look
into exactly what what jordan is saying
about that
i guess it's related to to the plugins
but he already actually
added like the patch as well when carlos
is going to take care of this so
uh it's uh it's mostly
it's mostly a matter of of accepting and
releasing a new cubesat in and some
other stuff
but yeah where three issues and
and i just need to take care of the
ingress class
and carlos is taking care of this other
one as well so
it's going fine uh we've got some folks
testing uh not because they wanted but
because
they they have deployed the the wrong
manifest
or something like that but yeah i've
seen that in kind
but it seems to be working like they
said hey ingress
and giant x works fine the version one
alpha works fine
in the latest versions of kind but not
the older one so can you please fix the
manifests but
it's a it seems to be working fine
but that's simple we didn't update the
the helm manifests
yeah what happens actually is that i
updated the kind manifest only to drop
the support for v1 better one admission
webhook
because i needed that to to the
uh to to to pass the tests
but i completely forgot that dropping
that would break
users using the version 0 47 in kind
so i have added that stable.txt
file and changed the kind documentation
to point properly to the stable.txt
instead of
saying hey this is a stable version go
to this tab go to this branch and
and use these this manifest instead of
using the one that's
in on the main branch oh so the
documentation issue on the kind side
pointing to our
newest release no actually it was uh
it was my failure because i dropped it
yeah i've dropped it we have decided not
to to drop or move
any of the manifests here to v1 right
but
i i have dropped the mission web hook
for kind uh the v1
the v1 better one so
when i was doing the the badge and
because
it wasn't on on kind mind manifest and
because folks they were
were pointing to the to the manifest in
in the main branch
which was correct because we didn't drop
it anything we shouldn't have dropped
anything there
uh they got some errors in the admission
web hook trying to
uh check like the wrong the wrong
object so i instead of like reverting
everything
or trying to do something really complex
i have discussed it with with benjamin
elder and
and and antonio if like adding a
stable.txt in the root
in the root the root of the ripple when
and adding in the documentation of
kind so instead of just doing a quick
city i'll apply in the manifest doing
like
stable version equals to what that's
inside that file and then keep
i apply in from the manifest in that
range
should work and they were okay and i did
that so this is why
i i have added that that stable.ext in
our
in our main repo so ben asked me to
probably later publish there
publish the manifest somewhere else like
hey this is the stable manifests that
that folks need you to follow instead of
having
two steps of exporting a variable
with curl and then doing a cube ctrl
apply
uh i think i might go into the
conversation
with our next set of conversation
actually because if we generate
we can have an alpha like an alpha and
stable in the helm
manifests folders that also can go into
this whole template generation
conversation
yeah i think today we are doing things
pretty pretty you know in some somehow
they are pretty complicated right
because the manifest they can be always
the same in the home shards they can
always be the same and they just need
some some input information to generate
all of those files
so i am i'm wondering how can we make it
seem more more code-like
right saying hey this is a new version
and
point to this controller version and
apply everywhere and we just publish
somewhere else not like
not in not even yeah
maybe on on google google cloud
infrastructure
which kubernetes have an account so i
just need to ask for the
cupcakes working group the same one that
the same one that runs our cloud builds
uh okay um
[Music]
foreign
and ricardo before you drop i don't
i know we've talked about this one we
agree on the template generation
um i don't have the context for these
two
for the deep copy or the removing bezel
grp example
i think the conversation there really
was just point to
um jrp's uh grpc's example
and drop bars yeah no so uh
so about the jrpc long long is taking
care of this one
we have an application
uh a demo application inside
and actually we don't need that so that
there is
a bunch of a bunch of examples um on
grpc example
so what i have asked too long to do is
hey take a look if we can use the
example
in in google's repo or
somewhere like that but compiling in our
own so
because if we just go and remove this
that this might be like some breaking
change and
actually it's not i don't think it's
cool like to keep pointing users to
outside of the repo
like hey just go do that
as they say in the documentation right
so uh
actually it's like an opportunity for
him to learn a little bit of go as well
so
he told me and he said hey okay i'm
really okay of doing that so
my suggestion was let's replace
everything here
to like something really similar we
don't need like the protoc we don't need
to compile all of those protobuffers
because the google
demonstration already have everything so
the only thing that you need to do is at
this main.go and compile this
application and say hey
now this is the demo application of grpc
that folks can also use that to test and
this might be
actually a way that we could add some
eqe tests
of grpc as well because i don't think we
have it
but we should test grpc as well so
so yeah this is this is uh
this is actually long long mistaking
i'll look into that
and the other one about deep copy
is uh he kill you i think it's
his name
yeah uh kill you he
he he reached me and and he he got some
some suggestions about optimization of
the code mainly on the admission web
code so the first one
was to drop the shell script that does
uh the clean up of
the angina the cleanup and formatting of
njmaxx.com to
some gold bases and this is uh already
present
in in the main branch and i i have asked
it to him to to make a cherry peak into
the old branch
as well and this is the other one so
this other one is actually i i might be
i might be a bit annoyed sometimes with
those like
deep copy or not but because i i have
been hurting in the past about this like
trying to he writes some pointers and
not
understanding how things works but he
seems to to know
actually what he's doing i i just told
him that i
i wanna make some some some further
tests
uh just to say hey okay we we are really
safe with your change
removing the div copy and just just
going to the the the reference of the
pointer
uh yeah so it's mostly like
usually i i i did a lot of these and
and i i made a lot of mistakes and bugs
in the main kk ripple so this is why i
am i'm just trying to figure out
if this got an impact or not but this is
just going fine
i it's it's the next one after i can
finish the ingress class team because
this is an optimization
for big users
but i think it can wait until i finish
and we can release the v1 next alpha or
a better one before
they release kubernetes v122 otherwise
they are going to release v1022 and if
we don't have like ingress view one
people are going to start complaining
with us yeah and i think that's going to
be our
our next release are we going to be
doing one this week i think that's the
last thing before i can let you go
yeah yeah yeah yeah i i wanna i wanna
talk with you
offline about this but i wanna do a
release of you and alpha and also
after we finish the cherry peaks of the
mod security and
this one that that he opened
uh really is a new v0.48
probably we should probably do that
okay sounds good well i'll go
i'll go ahead and let you let you go i
know you're a few minutes over
thanks as always okay okay see you folks
have a nice week
um as far as that i unless you guys have
any other things that you want to
discuss i know yeah damien you and your
team looked at a couple issues last week
i don't know if we had any follow-up
that we needed to discuss
um damian just stepped away because of
kid duty
um
i'll ping him offline okay um
unless anyone else has any other topics
that we need to discuss we can go ahead
and drop for the
for this week
all right well thanks everyone and i'll
see you in a couple weeks
carol i'll talk to you tomorrow bye
thank you
bye
thank you
5.0 / 5 (0 votes)