Release v1.11.0

2023 Oct 06

Table of contents

NSM Release v1.11.0

NSM v1.11.0 has been tested on:

Changes since last release

Run integration tests in parallel

We need to run the rest of integration tests in parallel

See more details

Add LoadBalancer for vl3 networks

NSM vl3 could be perceived as alternative of k8s networks. Currently, k8s service is most useful thing in k8s network.

At this moment, NSM vl3 network doesn’t provide any alternative of k8s services. So we need to consider and implement the best solution for it.

See more details

Automatically sync-up NSM Site

NSM site is not up to date.

TODO: Consider Hugo modules, which would allow us to ‘import’ docs from repos into site.

See more details

Update vpp version

Status: RESOLVED.

See more details

Add interdomain healing examples

Currently, we don’t test healing over interdomain or floating interdomain. So we could add some examples of how to do that.

Scenarios:

  • Forwarders death in floating interdomain scenario
  • NSE death in floating interdomain scenario
  • NSM systems death in floating interdomain scenario
  • Proxy nsmgrs death in interdomain scenario
  • NSMGRs death in interdomain scenario
  • Registry death in interdomain scenario

We need to check scenarios from single cluster testing in multicluster scenarios.

See more details

Add health checks for vpp based apps

We’d added datapath checks for kernel ifaces. https://github.com/networkservicemesh/sdk-kernel/blob/main/pkg/kernel/tools/heal/liveness_check.go

See more details

System stability fixes and improvements

Update Spire version in Dockerfile for all cmd-repos

Update Spire version in Dockerfiles for all cmd-repos. Also add support for multi-arch build.

See more details

begin can’t do Unregister requests without Register requests

Status: RESOLVED.

See more details

Registry k8s can not correctly handle unregister when its scaled

Status: RESOLVED.

See more details

Parallel SDK testing

Status: RESOLVED.

See more details

Add VPP config for ARM

Add vpp config for ARM. The config will be the same as in this PR - https://github.com/networkservicemesh/cmd-forwarder-vpp/pull/905

See more details

Update all cmd-*-vpp repos that use edwarnicke/vpphelper

Status: RESOLVED.

See more details

No artifacts after CI run on public clusters

Status: RESOLVED.

See more details

Update dependent repositories workflow does update incorrectly

integration-k8s-kind re-uses .github workflow This is wrong, because this workflow updates integration-k8s-kind instead of integration-tests in dependent repositories (public clusters). For example: https://github.com/networkservicemesh/integration-k8s-kind/actions/runs/5656999510/job/15325140836

See more details

How can i make composition of endpoints?

Status: RESOLVED.

See more details

IPSec takes a lot of time on request

Our current implementation uses IKEv2 which requires an rsa key. The thing is the key generation takes about 3-5s - https://github.com/networkservicemesh/sdk-vpp/blob/main/pkg/networkservice/mechanisms/ipsec/common.go

See more details

Routing between 2 containers

Status: RESOLVED.

See more details

AF_PACKET stopped receiving traffic

https://jira.fd.io/browse/VPP-2081 This issues is a continuation of this discussion - https://github.com/networkservicemesh/govpp/issues/9

See more details

Feature Request: Allow configuration of initContainer resource requests and limits

Status: RESOLVED.

See more details

MatchesMonitorScopeSelector helper function checks only one field

[MatchesMonitorScopeSelector](https://github.com/networkservicemesh/api/blob/main/pkg/api/networkservice/connection_helpers.go

See more details

Add release automation for integration-k8s-${platform} repos

Status: RESOLVED.

See more details

Feature Request: Support configuration of NamespaceSelector

Auto registration creates a MutatingWebhookConfiguration with no Namespace filters. The mutation applies to all Namespaces.

The Webhook watching the system namespaces can create circular dependencies. Where system pods are required for Nodes to be made Ready to have the Webhook scheduled onto them.

We would like to configure this selector to exclude some Namespaces which should never be modified. For example we could configure the webhook to exclude the namespaces: nsm-system kube-system and spire.

Example of current webhook config:

kind: MutatingWebhookConfiguration
metadata:
  name: nsm-admission-webhook-k8s-5dfd78487d-26n5b
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    caBundle: <redacted>
    service:
      name: admission-webhook-svc
      namespace: nsm-system
      path: /mutate
      port: 443
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io
  namespaceSelector: {}
  objectSelector: {}
  reinvocationPolicy: Never
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - pods
    scope: '*'
  - apiGroups:
    - apps
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - deployments
    - statefulsets
    - daemonsets
    - replicasets
    scope: '*'
  sideEffects: None
  timeoutSeconds: 10

Example of desired webhook config:

kind: MutatingWebhookConfiguration
metadata:
  name: nsm-admission-webhook-k8s-5dfd78487d-26n5b
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    caBundle: <redacted>
    service:
      name: admission-webhook-svc
      namespace: nsm-system
      path: /mutate
      port: 443
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io
  namespaceSelector:
    matchExpressions:
    - key: kubernetes.io/metadata.name
      operator: NotIn
      values:
      - nsm-system
      - kube-system
      - spire
  objectSelector: {}
  reinvocationPolicy: Never
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - pods
    scope: '*'
  - apiGroups:
    - apps
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - deployments
    - statefulsets
    - daemonsets
    - replicasets
    scope: '*'
  sideEffects: None
  timeoutSeconds: 10

See more details

Allow setting of registration url via env variable

Status: RESOLVED.

See more details

“Permission tests” job runs even if there aren’t tests require permission in the repo

Status: RESOLVED.

See more details

Log rotated after 5 minutes in NSMgr / Registry

To fix a possible increased latency due to logging in forwarder-vpp we could add a new chain element for min logging if current log level is not equal TRACE

  • Log input to server chain
  • Return from server chain
  • Output from client chain
  • Return to client chain

See more details

reconnect services dynamically

Status: RESOLVED.

See more details

questions: dpdk plugin / VCL / service graph topology

Status: RESOLVED.

See more details

Endless retries on error

Status: RESOLVED.

See more details

Missed red arrows on community page

Status: RESOLVED.

See more details

missing interface in NSE after relocation

Status: RESOLVED.

See more details

Healing with two NSEs could keep previous IPContext values

Status: RESOLVED.

See more details

Automate updating versing of ‘go’

Updating version of ‘go’ is a very monotonous and most importantly time-consuming task since we need to update all our repositories (https://github.com/networkservicemesh?q=&type=all&language=go&sort= we have 54 repos)

See more details

Forwarder sometimes crashes with segmentation fault after restart

Status: RESOLVED.

See more details

netsvcmonitor chain element: nse doesn’t match with networkservice

Status: RESOLVED.

See more details

Release project board

Notes based on

Table of contents