Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuration of transport channel size in agent and server #624

Merged
merged 5 commits into from
Jun 20, 2024
Merged

Allow configuration of transport channel size in agent and server #624

merged 5 commits into from
Jun 20, 2024

Conversation

cnvergence
Copy link
Contributor

@cnvergence cnvergence commented May 6, 2024
edited
Loading

See also:
#586

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 6, 2024
@k8s-ci-robot k8s-ci-robot requested review from elmiko and ipochi May 6, 2024 11:20
@k8s-ci-robot
Copy link
Contributor

Welcome @cnvergence!

It looks like this is your first PR to kubernetes-sigs/apiserver-network-proxy 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/apiserver-network-proxy has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 6, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @cnvergence. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label May 6, 2024
@jkh52
Copy link
Contributor

jkh52 commented May 9, 2024

/ok-to-test

/assign @cheftako

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 9, 2024
@jkh52
Copy link
Contributor

jkh52 commented May 9, 2024

/assign @ipochi

cheftako
cheftako reviewed May 10, 2024
View reviewed changes
cmd/server/app/options/options.go Outdated
@@ -136,6 +137,7 @@ func (o *ProxyRunOptions) Flags() *pflag.FlagSet {
flags.StringVar(&o.AuthenticationAudience, "authentication-audience", o.AuthenticationAudience, "Expected agent's token authentication audience (used with agent-namespace, agent-service-account, kubeconfig).")
flags.StringVar(&o.ProxyStrategies, "proxy-strategies", o.ProxyStrategies, "The list of proxy strategies used by the server to pick an agent/tunnel, available strategies are: default, destHost, defaultRoute.")
flags.StringSliceVar(&o.CipherSuites, "cipher-suites", o.CipherSuites, "The comma separated list of allowed cipher suites. Has no effect on TLS1.3. Empty means allow default list.")
flags.UintVar(&o.XfrChannelSize, "xfr-channel-size", o.XfrChannelSize, "The size of the channel for transferring data between the proxy server and the agent.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have 2 transfer channels in the server. 1) KAS -> KNP Server -> KNP Agent and 2) KNP Agent -> KNP Server -> KAS. This makes both channels be set with the same transfer channel size. Do we want to allow them to be configured to different values?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initially, they were set to the same value, but in this case we could also make it configurable

@cheftako
Copy link
Contributor

I like the change it seems valuable. Just a couple of minor questions it would be good to iron out first.

@cnvergence
Copy link
Contributor Author

/retest

@cnvergence cnvergence requested review from cheftako and jkh52 May 14, 2024 20:39
@cnvergence
Copy link
Contributor Author

PTAL again :)

cheftako
cheftako reviewed May 29, 2024
View reviewed changes
pkg/server/server.go
@@ -417,7 +417,7 @@ func (s *ProxyServer) Proxy(stream client.ProxyService_ProxyServer) error {
streamUID := uuid.New().String()
klog.V(5).InfoS("Proxy request from client", "userAgent", userAgent, "serverID", s.serverID, "streamUID", streamUID)

recvCh := make(chan *client.Packet, xfrChannelSize)
recvCh := make(chan *client.Packet, s.xfrChannelSize)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the transfer channel for traffic coming from the KAS (frontend). However the options indicate that the size is only for the tunnel segment between the server and agent. We should either fix the flag description to mention both tunnel segments or add a separate configuration for each tunnel segment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have decided to fix the flag, as I didn't want to add another configuration flag, to keep it at the same value as it was originally set.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 29, 2024
@cnvergence
Allow configuration of transport channel size in agent and server
5a8e1fd 
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
@cnvergence
remove commented line
8ace398 
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
@cnvergence
review comments, test XfrChannelSize validation
d0471d8 
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
@cnvergence
restore int value
62e778d 
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
@cnvergence
fix description
31dffc5 
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
@cnvergence cnvergence requested a review from cheftako June 3, 2024 15:20
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 4, 2024
cnvergence
cnvergence commented Jun 5, 2024
View reviewed changes
cmd/server/app/options/options.go
@@ -136,6 +137,7 @@ func (o *ProxyRunOptions) Flags() *pflag.FlagSet {
flags.StringVar(&o.AuthenticationAudience, "authentication-audience", o.AuthenticationAudience, "Expected agent's token authentication audience (used with agent-namespace, agent-service-account, kubeconfig).")
flags.StringVar(&o.ProxyStrategies, "proxy-strategies", o.ProxyStrategies, "The list of proxy strategies used by the server to pick an agent/tunnel, available strategies are: default, destHost, defaultRoute.")
flags.StringSliceVar(&o.CipherSuites, "cipher-suites", o.CipherSuites, "The comma separated list of allowed cipher suites. Has no effect on TLS1.3. Empty means allow default list.")
flags.IntVar(&o.XfrChannelSize, "xfr-channel-size", o.XfrChannelSize, "The size of the two KNP server channels used in server for transferring data. One channel is for data coming from the Kubernetes API Server, and the other one is for data coming from the KNP agent.")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cheftako just let me know, how it does look for you now

@cnvergence cnvergence mentioned this pull request Jun 13, 2024
Open
@cheftako
Copy link
Contributor

/lgtm
/approve
Thanks for making this change!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 20, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cheftako, cnvergence

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 20, 2024
@k8s-ci-robot k8s-ci-robot merged commit fc590c6 into kubernetes-sigs:master Jun 20, 2024
16 checks passed
@cnvergence cnvergence deleted the add-flag-channel-size branch July 8, 2024 08:32
@cnvergence cnvergence mentioned this pull request Nov 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elmiko elmiko Awaiting requested review from elmiko

@ipochi ipochi Awaiting requested review from ipochi

@jkh52 jkh52 Awaiting requested review from jkh52

@cheftako cheftako Awaiting requested review from cheftako

Assignees

@cheftako cheftako

@ipochi ipochi

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cnvergence @k8s-ci-robot @jkh52 @cheftako @ipochi