netd: GKE Networking Daemonset
License: Apache License 2.0
netd is a Daemon designed to provide networking related features on GCP. The initial version is to generate CNI Spec for PTP plugin based on PodCIDR from Kubernetes API server.
Please refer to netd/RELEASE.md.
netd is deployed at cluster/addons/netd, it's guarded by KUBE_ENABLE_NETD.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![google-oss-prow[bot] avatar](https://avatars.githubusercontent.com/in/143327?v=4 "google-oss-prow[bot]")
The behavior introduced in #78 overrides ENABLE_CALICO_NETWORK_POLICY if netd does not detect Calico's CNI config file:
Lines 17 to 33 in fef8459
If Calico CNI fails to install, why would we allow netd to proceed with GKE?
If the user intentionally set ENABLE_CALICO_NETWORK_POLICY to true, then silently changing this variable to false might make it difficult for the user to detect that the node is not using Calico as intended. This behavior seems "silent" because it just logs in a passive way (no error logs or alerts).
I can see why we may not want to exit with error since Kubernetes would repeatedly restart the Pod until the init container succeeds. However, would it be better to wait indefinitely until netd detects Calico's CNI config file since the user had to intentionally set ENABLE_CALICO_NETWORK_POLICY to true?
At least in this case, if Calico CNI fails to install, we can see that the init container is still running and no application pods would be scheduled since kubelet cannot detect a vaild CNI config file. This would be more visible to the user to see that no application pods are running and they should fix Calico CNI's deployment so that the node uses Calico CNI as intended by the user.
so we can capture things like #125 right away.
Also potentially for https://github.com/GoogleCloudPlatform/k8s-cloud-provider
When ENABLE_PRIVATE_IPV6_ACCESS is set along with ENABLE_CALICO_NETWORK_POLICY, the netd install-cni.sh script is used to initially generate the template that the calico install-cni container will use to generate the complete cni config.
In such cases (ie, both ENABLE_PRIVATE_IPV6_ACCESS and ENABLE_CALICO_NETWORK_POLICY are true, we should not wait for the config file to be written.
The field noSnat doesn't exist in portmap.
https://github.com/GoogleCloudPlatform/netd/blob/master/netd.yaml#L90
There is only snat, and the default value is true. https://github.com/containernetworking/plugins/blob/696b1f9ab1022c34e1514e0e29bf84bb9179899f/plugins/meta/portmap/README.md#usage
What is the intended behavior? Will this cause any issue?
Running into unexpected failure: https://github.com/GoogleCloudPlatform/netd/actions/runs/3295187810/attempts/1
2022-10-21T06:14:45.3348645Z === RUN TestSetupDirectoryWatcher
2022-10-21T06:14:45.3349043Z pod_ip_metrics_test.go:260: reused ip: bucket with le==10. want: 1, got 2
2022-10-21T06:14:45.3349548Z --- FAIL: TestSetupDirectoryWatcher (4.00s)
Log files: logs_47.zip
jingyuanliang@jingyuanliang:~/github/netd$ go test ./pkg/metrics/collector -count=100 -failfast
ERROR: logging before flag.Parse: I1022 05:17:25.468190 644158 netlink_metrics.go:88] Initializing netlink metrics
E1022 05:17:25.469162 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:29.473553 644158 pod_ip_metrics.go:193] Error reading file /tmp/dir12465032197/10.0.0.2: open /tmp/dir12465032197/10.0.0.2: no such file or directory
E1022 05:17:29.473628 644158 pod_ip_metrics.go:165] Error opening directory /tmp/dir12465032197, open /tmp/dir12465032197: no such file or directory
E1022 05:17:29.474611 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:33.476707 644158 pod_ip_metrics.go:170] Error while reading files in directory readdirent /tmp/dir11139402894: no such file or directory
E1022 05:17:33.477804 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:37.481421 644158 pod_ip_metrics.go:170] Error while reading files in directory readdirent /tmp/dir1135520947: no such file or directory
E1022 05:17:37.482317 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:41.485502 644158 pod_ip_metrics.go:170] Error while reading files in directory readdirent /tmp/dir13223256129: no such file or directory
E1022 05:17:41.486548 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:45.489237 644158 pod_ip_metrics.go:165] Error opening directory /tmp/dir1477826396, open /tmp/dir1477826396: no such file or directory
E1022 05:17:45.490625 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:49.492819 644158 pod_ip_metrics.go:193] Error reading file /tmp/dir11082800460/10.0.0.2: open /tmp/dir11082800460/10.0.0.2: no such file or directory
E1022 05:17:49.492885 644158 pod_ip_metrics.go:165] Error opening directory /tmp/dir11082800460, open /tmp/dir11082800460: no such file or directory
E1022 05:17:49.493562 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:53.495644 644158 pod_ip_metrics.go:170] Error while reading files in directory readdirent /tmp/dir11123781404: no such file or directory
E1022 05:17:53.496633 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:17:57.499495 644158 pod_ip_metrics.go:170] Error while reading files in directory readdirent /tmp/dir1841723154: no such file or directory
E1022 05:17:57.500709 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:18:01.503820 644158 pod_ip_metrics.go:165] Error opening directory /tmp/dir1463044104, open /tmp/dir1463044104: no such file or directory
E1022 05:18:01.504641 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
E1022 05:18:05.507622 644158 pod_ip_metrics.go:170] Error while reading files in directory readdirent /tmp/dir14280622433: no such file or directory
E1022 05:18:05.508696 644158 pod_ip_metrics.go:165] Error opening directory bogus, open bogus: no such file or directory
--- FAIL: TestSetupDirectoryWatcher (4.00s)
pod_ip_metrics_test.go:258: reused ip: bucket with le==10. want: 1, got 2
E1022 05:18:09.511190 644158 pod_ip_metrics.go:165] Error opening directory /tmp/dir11029283220, open /tmp/dir11029283220: no such file or directory
FAIL
FAIL github.com/GoogleCloudPlatform/netd/pkg/metrics/collector 44.100s
FAIL
This happened after #124 is merged.
Try building locally and hit the below error:
...
=> CACHED [2/5] RUN apt-get -y update 0.0s
=> ERROR [3/5] RUN apt-get -y install curl jq bash iproute2 1.0s
------
> [3/5] RUN apt-get -y install curl jq bash iproute2:
#7 0.261 Reading package lists...
#7 0.713 Building dependency tree...
#7 0.820 Reading state information...
#7 0.871 Some packages could not be installed. This may mean that you have
#7 0.871 requested an impossible situation or if you are using the unstable
#7 0.871 distribution that some required packages have not yet been created
#7 0.871 or been moved out of Incoming.
#7 0.871 The following information may help to resolve the situation:
#7 0.871
#7 0.871 The following packages have unmet dependencies:
#7 0.926 iproute2 : Depends: libcap2 (>= 1:2.10) but it is not going to be installed
#7 0.926 libcap2-bin : Depends: libcap2 (>= 1:2.33) but it is not going to be installed
#7 0.926 Recommends: libpam-cap but it is not installable
#7 0.938 E: Unable to correct problems, you have held broken packages.
------
.dockerfile-amd64:20
--------------------
18 |
19 | RUN apt-get -y update
20 | >>> RUN apt-get -y install curl jq bash iproute2
21 | ADD scripts/install-cni.sh /install-cni.sh
22 | ADD bin/amd64/netd /netd
--------------------
error: failed to solve: rpc error: code = Unknown desc = process "/bin/sh -c apt-get -y install curl jq bash iproute2" did not complete successfully: exit code: 100
make: *** [Makefile:157: .container-gcr.io_gke-release-staging_netd-amd64-v0.4.1-dirty] Error 1
Calico Network Policy is enabled
Filling IPv4 subnet "10.64.1.0/24"
Found nic0 IPv6 address Filling IPv6 subnet and route...
/install-cni.sh: line 97: ip6tables: not found
/install-cni.sh: line 97: ip6tables: not found
Lines 75 to 79 in 6cd97fd
we are using curl -k which is insecure. We should use --cacert with the ca cert in the same folder as token file.
The repo current has a bunch of golint errors that should be fixed.
https://github.com/GoogleCloudPlatform/netd/blob/master/pkg/config/config_policy_routing.go
https://github.com/GoogleCloudPlatform/netd/blob/master/pkg/config/config_masquerade.go
Configs are hard coded in go which is inconvenient to update/hack the rules. We should move them to ConfigMap.
While testing Calico with intra-node visibility enabled, we spotted a subtle incompatibility:
Calico uses mark bits to communicate between the various iptables chains. For example, if "pre-DNAT" policy accepts a packet then a flag bit is set in the mangle-PREROUTING chain to tell the downstream "normal" policy that the packet was pre-approved by the earlier policy.
netd stores and retrieves mark bits in the connection tracking mark. While it only seems to use one or two bits of the connmark, it uses a --restore -mark operation with no mask to copy the connmark to the fw mark. Since Calico's mark bits are per-packet and we don't store them in the connmark, this restore operation can clobber Calico's flag bits.
So, if the user uses certain combinations of Calico policy and intra-node visibility, they can get unexpected results. Calico's eBPF dataplane also uses mark bits per-packet and these can also be clobbered.
I suggest using a mask on the restore operation so that Calico and netd can each manage their own ranges of bits.
Hi, can we please add an option enable_cilium to cni-install.sh for the purpose of using netd along with cilium?
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Dockerfile.in
scripts/Dockerfile.in
alpine 3.20alpine 3.20alpine 3.20alpine 3.20alpine 3.20
.github/workflows/build.yaml
actions/checkout v3.github/workflows/fastbuild.yaml
actions/checkout v3.github/workflows/lint.yaml
actions/checkout v3.github/workflows/test.yaml
actions/checkout v3
go.mod
github.com/containernetworking/plugins v1.3.0github.com/coreos/go-iptables v0.7.0github.com/fsnotify/fsnotify v1.6.0github.com/golang/glog v1.1.2github.com/prometheus/client_golang v1.17.0github.com/spf13/pflag v1.0.5github.com/vishvananda/netlink v1.2.1-beta.2github.com/vishvananda/netns v0.0.4golang.org/x/sys v0.19.0k8s.io/api v0.30.1k8s.io/apimachinery v0.30.1k8s.io/client-go v0.30.1
Running golangci-lint: FAIL
level=warning msg="[runner] The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner. Replaced by revive."
level=warning msg="[linters context] structcheck is disabled because of go1.18. You can track the evolution of the go1.18 support by following the https://github.com/golangci/golangci-lint/issues/2649."
pkg/metrics/metrics.go:35: File is not `gofmt`-ed with `-s` (gofmt)
stackType string
pkg/metrics/collector/pod_ip_metrics.go:70:2: var `duplicateIpCountDesc` should be `duplicateIPCountDesc` (golint)
duplicateIpCountDesc = prometheus.NewDesc(
^
pkg/metrics/collector/pod_ip_metrics.go:94:2: var `podIpMetricsWatcherSetup` should be `podIPMetricsWatcherSetup` (golint)
podIpMetricsWatcherSetup = false
^
pkg/metrics/collector/pod_ip_metrics.go:97:6: type `podIpMetricsCollector` should be `podIPMetricsCollector` (golint)
type podIpMetricsCollector struct {
^
pkg/metrics/collector/pod_ip_metrics.go:102:2: struct field `duplicateIpCount` should be `duplicateIPCount` (golint)
duplicateIpCount uint64
^
pkg/metrics/collector/pod_ip_metrics.go:141:6: func NewPodIpMetricsCollector should be NewPodIPMetricsCollector (golint)
func NewPodIpMetricsCollector() (Collector, error) {
^
pkg/metrics/collector/pod_ip_metrics.go:162:33: method listIpAddresses should be listIPAddresses (golint)
func (c *podIpMetricsCollector) listIpAddresses(dir string) error {
^
pkg/metrics/collector/pod_ip_metrics.go:175:28: var `dupIpCount` should be `dupIPCount` (golint)
var ipv4Count, ipv6Count, dupIpCount, dualCount, dualErrCount uint64
^
pkg/metrics/collector/pod_ip_metrics.go:[191](https://github.com/GoogleCloudPlatform/netd/actions/runs/3301658861/jobs/5447391570#step:3:192):3: var `podId` should be `podID` (golint)
podId, err := readLine(fileName)
^
pkg/metrics/collector/pod_ip_metrics.go:235:33: method updateReuseIpStats should be updateReuseIPStats (golint)
func (c *podIpMetricsCollector) updateReuseIpStats(e fsnotify.Event, f string) {
^
pkg/metrics/collector/pod_ip_metrics.go:236:2: var `reuseIp` should be `reuseIP` (golint)
reuseIp, ok := c.reuseMap[f]
^
pkg/metrics/collector/pod_ip_metrics.go:250:5: should replace `c.reuseIps.count += 1` with `c.reuseIps.count++` (golint)
c.reuseIps.count += 1
^
pkg/metrics/collector/pod_ip_metrics_test.go:44:6: func mustCreateIpAddrDir should be mustCreateIPAddrDir (golint)
func mustCreateIpAddrDir(t *testing.T, dir string) string {
^
pkg/metrics/collector/pod_ip_metrics_test.go:87:3: struct field `wantDuplicateIpCount` should be `wantDuplicateIPCount` (golint)
wantDuplicateIpCount uint64
^
pkg/metrics/collector/pod_ip_metrics.go:339:84: unnecessary conversion (unconvert)
ch <- prometheus.MustNewConstMetric(ipReuseAvgDesc, prometheus.GaugeValue, float64((c.reuseIps.sum / float64(c.reuseIps.count))))
^
pkg/metrics/collector/pod_ip_metrics_test.go:22:2: S1023: redundant `return` statement (gosimple)
return
^
pkg/metrics/collector/helper.go:20:2: SA1019: "io/ioutil" has been deprecated since Go 1.16: As of Go 1.16, the same functionality is now provided by package io or package os, and those implementations should be preferred in new code. See the specific function documentation for details. (staticcheck)
"io/ioutil"
^
pkg/metrics/collector/kernel_metrics.go:21:2: SA1019: "io/ioutil" has been deprecated since Go 1.16: As of Go 1.16, the same functionality is now provided by package io or package os, and those implementations should be preferred in new code. See the specific function documentation for details. (staticcheck)
"io/ioutil"
^
pkg/metrics/collector/netlink_metrics.go:21:2: SA1019: "io/ioutil" has been deprecated since Go 1.16: As of Go 1.16, the same functionality is now provided by package io or package os, and those implementations should be preferred in new code. See the specific function documentation for details. (staticcheck)
"io/ioutil"
^
pkg/metrics/collector/pod_ip_metrics_test.go:4:2: SA1019: "io/ioutil" has been deprecated since Go 1.16: As of Go 1.16, the same functionality is now provided by package io or package os, and those implementations should be preferred in new code. See the specific function documentation for details. (staticcheck)
"io/ioutil"
^
This might help debugging.
I used to be able to use netd in a GKE cluster by simply using the "rapid" release channel. Lately, however, this does not install netd but still sticks around with kubenet instead of using CNI+netd.
Is there any consistent way on forcing a GKE cluster to use netd? I've been reading documentation everywhere and went through settings everywhere but I cannot find any way to get a GKE cluster running with netd anymore. Any hints/help on this are much appreciated.
I apologize if this is not exactly the right forum to ask this question.
xref: kubernetes/test-infra#12863
It would be great if we could move this project to use https://github.com/GoogleCloudPlatform/oss-test-infra instead of https://github.com/kubernetes/test-infra since it is a Google project and not part of the Kubernetes project.
In the long term, we are migrating Kubernetes's CI to community managed infrastructure and those resources are allocated for the Kubernetes project.
A few projects have moved already, as you can see in kubernetes/test-infra#12863
For googlers: see go/oss-prow-onboard
https://github.com/GoogleCloudPlatform/netd/blob/master/scripts/install-cni.sh declares shebang line #!/bin/bash and sporadically uses bash-specific syntax not available in POSIX sh.
https://github.com/GoogleCloudPlatform/netd/blob/master/netd.yaml calls it using command: ["sh", "/install-cni.sh"] which doesn't work as expected when this sh is not bash.
I don't know why it works at startup (I guess it's running directly there called by someone else so the shebang line takes effect, but I didn't trace to the place where it's started at startup), but when netd is being restarted, this begins to hurt. I captured the following error messages ("Not using Cilium plug-in." is from my uncommitted changes and it actually shouldn't go into that branch) from kubectl logs netd-m5277 -n kube-system -c install-cni:
/install-cni.sh: 23: /install-cni.sh: [[: not found
/install-cni.sh: 42: [: false: unexpected operator
Calico network policy config: false
Not using Cilium plug-in.
/install-cni.sh: 64: [: true: unexpected operator
/install-cni.sh: 71: [: true: unexpected operator
PodCIDR validation succeeded: "10.76.0.0/24"
Filling IPv4 subnet "10.76.0.0/24"
/install-cni.sh: 105: [: true: unexpected operator
/install-cni.sh: 133: [: false: unexpected operator
/install-cni.sh: 133: [: false: unexpected operator
Clearing IPv6 subnet and route given private IPv6 access is disabled...
Set the default mtu to 1460, inherited from dev eth0
Creating CNI spec...
Basically the way we collect netlink metrics makes it necessary to turn on hostPID, which we are not ready to do yet.
See #113 (comment) for the context - adding an issue so that we don't lose track.
I think we can do two things - always collect metrics for the root ns (and label it by the node IP I guess) and optionally if the pod watch is enabled, also collect metrics for the pod namespaces.
I think this will require some additional work to figure out how to export the root ns metrics into a K8sContainer schema. So for now, I think just create an issue so we don't lose track and we can merge this PR.
We need to have prow enabled on this repo.
Also, basic tests need to be run on submit:
This may be a breaking change, so fix this on the next major release. The reconcile-interval-seconds flag has a misleading name and description for time.Duration type, remove "seconds" from flag name and description and update netd.yaml as well.
Note: #86 fixes the default value for the reconcile-interval-seconds flag.
Lines 40 to 41 in fef8459
Line 100 in fef8459
Line 204 in fef8459
Line 213 in fef8459
Line 217 in fef8459
It is hard to unit test CNI generator by scripts/install-cni.sh. We want to convert to golang to make it unit testable.
#31
Calico is not looking for the existing .conflist.
maybe the config should go to g3/calico-node-daemonset-template.yaml.in instead?
Linting install-cni.sh:
In install-cni.sh line 89:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@cniType#gke#g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@cniType#gke#g")
In install-cni.sh line 91:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@cniType#ptp#g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@cniType#ptp#g")
In install-cni.sh line 96:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@cniBandwidthPlugin#,{\"type\": \"bandwidth\",\"capabilities\": {\"bandwidth\": true}}#g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@cniBandwidthPlugin#,{\"type\": \"bandwidth\",\"capabilities\": {\"bandwidth\": true}}#g")
In install-cni.sh line 98:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@cniBandwidthPlugin##g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@cniBandwidthPlugin##g")
In install-cni.sh line 103:
response=$(curl -k -s -H "Authorization: Bearer $token" $node_url)
^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
response=$(curl -k -s -H "Authorization: Bearer $token" "$node_url")
In install-cni.sh line 118:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@cniCiliumPlugin#,{\"type\": \"cilium-cni\"}#g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@cniCiliumPlugin#,{\"type\": \"cilium-cni\"}#g")
In install-cni.sh line 124:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@cniCiliumPlugin##g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@cniCiliumPlugin##g")
In install-cni.sh line 128:
ipv4_subnet=$(echo $response | jq '.spec.podCIDR')
^-------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
ipv4_subnet=$(echo "$response" | jq '.spec.podCIDR')
In install-cni.sh line 140:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@ipv4Subnet#[{\"subnet\": ${ipv4_subnet:-}}]#g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@ipv4Subnet#[{\"subnet\": ${ipv4_subnet:-}}]#g")
In install-cni.sh line 179:
cni_spec=$(echo ${cni_spec:-} | sed -e \
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e \
In install-cni.sh line 210:
cni_spec=$(echo ${cni_spec:-} | \
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | \
In install-cni.sh line 215:
cni_spec=$(echo ${cni_spec:-} | \
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | \
In install-cni.sh line 232:
MTU=$(cat /sys/class/net/$default_nic/mtu)
^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
MTU=$(cat /sys/class/net/"$default_nic"/mtu)
In install-cni.sh line 233:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@mtu#$MTU#g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@mtu#$MTU#g")
In install-cni.sh line 236:
cni_spec=$(echo ${cni_spec:-} | sed -e "s#@mtu#1460#g")
^-- SC2001 (style): See if you can use ${variable//search/replace} instead.
^-----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cni_spec=$(echo "${cni_spec:-}" | sed -e "s#@mtu#1460#g")
In install-cni.sh line 251:
temp_file=$(mktemp ${output_file}.tmp.XXXXXX)
^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
temp_file=$(mktemp "${output_file}".tmp.XXXXXX)
In install-cni.sh line 252:
if [ $? -ne 0 ]; then
^-- SC2181 (style): Check exit code directly with e.g. 'if ! mycmd;', not indirectly with $?.
In install-cni.sh line 256:
trap "rm -f ${temp_file}" EXIT
^----------^ SC2064 (warning): Use single quotes, otherwise this expands now rather than when signalled.
In install-cni.sh line 257:
cat > ${temp_file} <<EOF
^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
cat > "${temp_file}" <<EOF
In install-cni.sh line 260:
mv ${temp_file} ${output_file}
^----------^ SC2086 (info): Double quote to prevent globbing and word splitting.
^------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
mv "${temp_file}" "${output_file}"
For more information:
https://www.shellcheck.net/wiki/SC2064 -- Use single quotes, otherwise this...
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
https://www.shellcheck.net/wiki/SC2001 -- See if you can use ${variable//se...
pkg/metrics/collector/kernel_metrics.go:99 should be updated so the parsing of metrics doesn't assume that the values are separated from the keys by just a newline.
From an unrelated debugging I found out the rules added in #114 are not cleaned up properly when the DNS exempt flag is turned off.
e.g. We would still see these two rules (29999 and 30000) dangling:
root@gke-XXX:~# ip rule
9: from all fwmark 0x200/0xf00 lookup 2004
100: from all lookup local
29999: from all dport 53 lookup main
30000: from all sport 53 lookup main
32766: from all lookup main
32767: from all lookup default
Right now, the config reconcile interval is hard coded as 10s in https://github.com/GoogleCloudPlatform/netd/blob/master/pkg/controllers/netconf/network_config_controller.go#L58. We should make it configurable via ConfigMap.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.