Release v1.11.0
2023 Oct 06
Table of contents
NSM Release v1.11.0
NSM v1.11.0 has been tested on:
Changes since last release
Run integration tests in parallel
We need to run the rest of integration tests in parallel
Add LoadBalancer for vl3 networks
NSM vl3 could be perceived as alternative of k8s networks. Currently, k8s service is most useful thing in k8s network.
At this moment, NSM vl3 network doesn’t provide any alternative of k8s services. So we need to consider and implement the best solution for it.
Automatically sync-up NSM Site
NSM site is not up to date.
TODO: Consider Hugo modules, which would allow us to ‘import’ docs from repos into site.
Update vpp version
Status: RESOLVED.
Add interdomain healing examples
Currently, we don’t test healing over interdomain or floating interdomain. So we could add some examples of how to do that.
Scenarios:
- Forwarders death in floating interdomain scenario
- NSE death in floating interdomain scenario
- NSM systems death in floating interdomain scenario
- Proxy nsmgrs death in interdomain scenario
- NSMGRs death in interdomain scenario
- Registry death in interdomain scenario
We need to check scenarios from single cluster testing in multicluster scenarios.
Add health checks for vpp based apps
We’d added datapath checks for kernel ifaces. https://github.com/networkservicemesh/sdk-kernel/blob/main/pkg/kernel/tools/heal/liveness_check.go
System stability fixes and improvements
Update Spire version in Dockerfile for all cmd-repos
Update Spire version in Dockerfiles for all cmd-repos. Also add support for multi-arch build.
begin
can’t do Unregister
requests without Register
requests
Status: RESOLVED.
Registry k8s can not correctly handle unregister when its scaled
Status: RESOLVED.
Parallel SDK testing
Status: RESOLVED.
Add VPP config for ARM
Add vpp config for ARM. The config will be the same as in this PR - https://github.com/networkservicemesh/cmd-forwarder-vpp/pull/905
Update all cmd-*-vpp repos that use edwarnicke/vpphelper
Status: RESOLVED.
No artifacts after CI run on public clusters
Status: RESOLVED.
Update dependent repositories
workflow does update incorrectly
integration-k8s-kind
re-uses .github workflow
This is wrong, because this workflow updates integration-k8s-kind
instead of integration-tests
in dependent repositories (public clusters).
For example:
https://github.com/networkservicemesh/integration-k8s-kind/actions/runs/5656999510/job/15325140836
How can i make composition of endpoints?
Status: RESOLVED.
IPSec takes a lot of time on request
Our current implementation uses IKEv2 which requires an rsa
key.
The thing is the key generation takes about 3-5s - https://github.com/networkservicemesh/sdk-vpp/blob/main/pkg/networkservice/mechanisms/ipsec/common.go
Routing between 2 containers
Status: RESOLVED.
AF_PACKET stopped receiving traffic
https://jira.fd.io/browse/VPP-2081 This issues is a continuation of this discussion - https://github.com/networkservicemesh/govpp/issues/9
Feature Request: Allow configuration of initContainer resource requests and limits
Status: RESOLVED.
MatchesMonitorScopeSelector helper function checks only one field
[MatchesMonitorScopeSelector](https://github.com/networkservicemesh/api/blob/main/pkg/api/networkservice/connection_helpers.go
Add release automation for integration-k8s-${platform} repos
Status: RESOLVED.
Feature Request: Support configuration of NamespaceSelector
Auto registration creates a MutatingWebhookConfiguration
with no Namespace filters.
The mutation applies to all Namespaces.
The Webhook watching the system namespaces can create circular dependencies. Where system pods are required for Nodes to be made Ready to have the Webhook scheduled onto them.
We would like to configure this selector to exclude some Namespaces which should never be modified.
For example we could configure the webhook to exclude the namespaces: nsm-system
kube-system
and spire
.
Example of current webhook config:
kind: MutatingWebhookConfiguration
metadata:
name: nsm-admission-webhook-k8s-5dfd78487d-26n5b
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
caBundle: <redacted>
service:
name: admission-webhook-svc
namespace: nsm-system
path: /mutate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
scope: '*'
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
- statefulsets
- daemonsets
- replicasets
scope: '*'
sideEffects: None
timeoutSeconds: 10
Example of desired webhook config:
kind: MutatingWebhookConfiguration
metadata:
name: nsm-admission-webhook-k8s-5dfd78487d-26n5b
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
caBundle: <redacted>
service:
name: admission-webhook-svc
namespace: nsm-system
path: /mutate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: nsm-admission-webhook-k8s-5dfd78487d-26n5b.networkservicemesh.io
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- nsm-system
- kube-system
- spire
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
scope: '*'
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- deployments
- statefulsets
- daemonsets
- replicasets
scope: '*'
sideEffects: None
timeoutSeconds: 10
Allow setting of registration url via env variable
Status: RESOLVED.
“Permission tests” job runs even if there aren’t tests require permission in the repo
Status: RESOLVED.
Log rotated after 5 minutes in NSMgr / Registry
To fix a possible increased latency due to logging in forwarder-vpp we could add a new chain element for min logging if current log level is not equal TRACE
- Log input to server chain
- Return from server chain
- Output from client chain
- Return to client chain
reconnect services dynamically
Status: RESOLVED.
questions: dpdk plugin / VCL / service graph topology
Status: RESOLVED.
Endless retries on error
Status: RESOLVED.
Missed red arrows on community page
Status: RESOLVED.
missing interface in NSE after relocation
Status: RESOLVED.
Healing with two NSEs could keep previous IPContext values
Status: RESOLVED.
Automate updating versing of ‘go’
Updating version of ‘go’ is a very monotonous and most importantly time-consuming task since we need to update all our repositories (https://github.com/networkservicemesh?q=&type=all&language=go&sort= we have 54 repos)
Forwarder sometimes crashes with segmentation fault after restart
Status: RESOLVED.
netsvcmonitor chain element: nse doesn’t match with networkservice
Status: RESOLVED.
Release project board
Table of contents