reuse a VIP named by subnet to health check

Signed-off-by: 夜微澜 <[email protected]>

.github/workflows/build-windows.yaml

@@ -115,7 +115,7 @@ jobs:
           # python: Rename build related code to ovs_build_helpers.
           Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/9d961aec6fd7ef3e3002bc34e285833279e989c2.patch" -OutFile ..\ovn-00.patch
           # change hash type from dp_hash to hash with field src_ip
-          Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/5a04402c01df1463b9e1edcbc1c5634793687140.patch" -OutFile ..\ovn-01.patch
+          Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/75876f75203bbf06a8f5ffb5628eca98bef03407.patch" -OutFile ..\ovn-01.patch
           # add support for windows
           Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/2be843b9fc7cba253fb27fc57c384034e97db148.patch" -OutFile ..\ovn-02.patch
           # set br-int controller to TCP 127.0.0.1:6653

charts/README.md

@@ -5,16 +5,16 @@ Currently supported version: 1.9
 Installation :
 
 ```bash
-$ kubectl label no -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite
-$ kubectl label no -lnode-role.kubernetes.io/control-plane  kube-ovn/role=master --overwrite
-$ kubectl label no -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel  --overwrite
+$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite
+$ kubectl label node -lnode-role.kubernetes.io/control-plane  kube-ovn/role=master --overwrite
+$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel  --overwrite
 
 # standard install 
-$ helm install --debug kubeovn ./kubeovn-helm --set MASTER_NODES=${Node0},
+$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},
 
 # high availability install
-$ helm install --debug kubeovn ./kubeovn-helm --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
+$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
 
 # upgrade to this version
-$ helm upgrade --debug kubeovn ./kubeovn-helm --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
+$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
 ```

cmd/cmdmain.go

@@ -1,8 +1,15 @@
 package main
 
 import (
+	"fmt"
 	"os"
+	"os/signal"
 	"path/filepath"
+	"runtime/pprof"
+	"syscall"
+	"time"
+
+	"k8s.io/klog/v2"
 
 	"github.com/kubeovn/kube-ovn/cmd/controller"
 	"github.com/kubeovn/kube-ovn/cmd/controller_health_check"
@@ -24,18 +31,65 @@ const (
 	CmdOvnLeaderChecker      = "kube-ovn-leader-checker"
 )
 
+const timeFormat = "2006-01-02_15:04:05"
+
+func dumpProfile() {
+	ch1 := make(chan os.Signal, 1)
+	ch2 := make(chan os.Signal, 1)
+	signal.Notify(ch1, syscall.SIGUSR1)
+	signal.Notify(ch2, syscall.SIGUSR2)
+	go func() {
+		for {
+			<-ch1
+			name := fmt.Sprintf("cpu-profile-%s.pprof", time.Now().Format(timeFormat))
+			f, err := os.Create(filepath.Join(os.TempDir(), name)) // #nosec G303,G304
+			if err != nil {
+				klog.Errorf("failed to create cpu profile file: %v", err)
+				return
+			}
+			defer f.Close()
+			if err = pprof.StartCPUProfile(f); err != nil {
+				klog.Errorf("failed to start cpu profile: %v", err)
+				return
+			}
+			time.Sleep(30 * time.Second)
+			pprof.StopCPUProfile()
+		}
+	}()
+	go func() {
+		for {
+			<-ch2
+			name := fmt.Sprintf("mem-profile-%s.pprof", time.Now().Format(timeFormat))
+			f, err := os.Create(filepath.Join(os.TempDir(), name)) // #nosec G303,G304
+			if err != nil {
+				klog.Errorf("failed to create memory profile file: %v", err)
+				return
+			}
+			defer f.Close()
+			if err = pprof.WriteHeapProfile(f); err != nil {
+				klog.Errorf("failed to write memory profile file: %v", err)
+			}
+		}
+	}()
+}
+
 func main() {
 	cmd := filepath.Base(os.Args[0])
 	switch cmd {
 	case CmdController:
+		dumpProfile()
 		controller.CmdMain()
 	case CmdDaemon:
+		dumpProfile()
 		daemon.CmdMain()
 	case CmdMonitor:
+		dumpProfile()
 		ovn_monitor.CmdMain()
 	case CmdPinger:
+		dumpProfile()
 		pinger.CmdMain()
 	case CmdSpeaker:
+		dumpProfile()
 		speaker.CmdMain()
 	case CmdControllerHealthCheck:
 		controller_health_check.CmdMain()

dist/images/Dockerfile.base

@@ -32,7 +32,7 @@ RUN cd /usr/src/ && git clone -b branch-22.12 --depth=1 https://github.com/ovn-o
     # python: Rename build related code to ovs_build_helpers.
     curl -s https://github.com/kubeovn/ovn/commit/9d961aec6fd7ef3e3002bc34e285833279e989c2.patch | git apply && \
     # change hash type from dp_hash to hash with field src_ip
-    curl -s https://github.com/kubeovn/ovn/commit/daa09e380eec61620d4ee317e3265c44366d1147.patch | git apply && \
+    curl -s https://github.com/kubeovn/ovn/commit/4ad8763f707ff4088ae61396c7931e8735f71f22.patch | git apply && \
     # set ether dst addr for dnat on logical switch
     curl -s https://github.com/kubeovn/ovn/commit/44875725ad6ce3cb38e4d471d540fe69ed204bff.patch | git apply && \
     # modify src route priority

dist/images/kubectl-ko

@@ -27,11 +27,11 @@ showHelp(){
   echo "  dpctl {nodeName} [ovs-dpctl options ...]   invoke ovs-dpctl on the specified node"
   echo "  appctl {nodeName} [ovs-appctl options ...]   invoke ovs-appctl on the specified node"
   echo "  tcpdump {namespace/podname} [tcpdump options ...]     capture pod traffic"
-  echo "  trace/ovn-trace ...    trace ovn microflow of specific packet"
-  echo "    trace/ovn-trace {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]    trace ICMP/TCP/UDP"
-  echo "    trace/ovn-trace {namespace/podname} {target ip address} [target mac address] arp {request|reply}                     trace ARP request/reply"
-  echo "    trace/ovn-trace {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]       trace ICMP/TCP/UDP"
-  echo "    trace/ovn-trace {node//nodename} {target ip address} [target mac address] arp {request|reply}                        trace ARP request/reply"
+  echo "  {trace|ovn-trace} ...    trace ovn microflow of specific packet"
+  echo "    {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]    trace ICMP/TCP/UDP"
+  echo "    {trace|ovn-trace} {namespace/podname} {target ip address} [target mac address] arp {request|reply}                     trace ARP request/reply"
+  echo "    {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] {icmp|tcp|udp} [target tcp/udp port]       trace ICMP/TCP/UDP"
+  echo "    {trace|ovn-trace} {node//nodename} {target ip address} [target mac address] arp {request|reply}                        trace ARP request/reply"
   echo "  diagnose {all|node|subnet|IPPorts} [nodename|subnetName|{proto1}-{IP1}-{Port1},{proto2}-{IP2}-{Port2}]    diagnose connectivity of all nodes or a specific node or specify subnet's ds pod or IPPorts like 'tcp-172.18.0.2-53,udp-172.18.0.3-53'"
   echo "  env-check    check the environment configuration"
   echo "  tuning {install-fastpath|local-install-fastpath|remove-fastpath|install-stt|local-install-stt|remove-stt} {centos7|centos8}} [kernel-devel-version]    deploy kernel optimisation components to the system"

dist/images/start-ovs.sh

@@ -18,10 +18,11 @@ echo "OVN_REMOTE_OPENFLOW_INTERVAL is set to $OVN_REMOTE_OPENFLOW_INTERVAL"
 # Check required kernel module
 modinfo openvswitch
 modinfo geneve
-modinfo ip_tables
 
 # CentOS 8 might not load iptables module by default, which will hurt nat function
-modprobe ip_tables
+if modinfo ip_tables; then
+  modprobe ip_tables
+fi
 
 # https://bugs.launchpad.net/neutron/+bug/1776778
 if grep -q "3.10.0-862" /proc/version

pkg/controller/endpoint.go

@@ -134,7 +134,10 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 
 	if vip, ok = svc.Annotations[util.SwitchLBRuleVipsAnnotation]; ok {
 		lbVips = []string{vip}
-		ignoreHealthCheck = false
+		// TODO: IPv6
+		if util.CheckProtocol(vip) == kubeovnv1.ProtocolIPv4 {
+			ignoreHealthCheck = false
+		}
 	} else if lbVips = util.ServiceClusterIPs(*svc); len(lbVips) == 0 {
 		return nil
 	}