Fetch MTU from the nodeIP interface

[manuelbuil]

The detected MTU is always the one belonging to the interface that acts
as gateway. That interface does not necessarily need to be the one that
holds nodeIP and thus the one that Cilium will use to send traffic
inside the k8s cluster. This patch fixes this and detects the mtu of the
interface used for cluster communications

Fixes: #10309
Signed-off-by: Manuel Buil mbuil@suse.com

Please ensure your pull request adheres to the following guidelines:

• For first time contributors, read Submitting a pull request
• All code is covered by unit and/or runtime tests where feasible.
• All commits contain a well written commit description including a title,
  description and a Fixes: #XXX line if the commit addresses a particular
  GitHub issue.
• All commits are signed off. See the section Developer’s Certificate of Origin
• Provide a title or release-note blurb suitable for the release notes.
• Thanks for contributing!

The detected MTU is always the one belonging to the interface that acts
as gateway. That interface does not necessarily need to be the one that
holds nodeIP and thus the one that Cilium will use to send traffic
inside the k8s cluster. This patch fixes this and detects the mtu of the
interface used for cluster communications

Fixes: #10309

Autodetection of the mtu correctly detects the mtu of the interface used for the kubernetes cluster communication. The mtu was incorrectly detected in cases where multiple interfaces were present and the gateway interface was not the one used for kubernetes cluster communication

[maintainer-s-little-helper]

Please set the appropriate release note label.

[joestringer]

Travis failure seems relevant:

# github.com/cilium/cilium/daemon/cmd
vet: daemon/cmd/status_test.go:83:96: too few arguments in call to mtu.NewConfiguration
make[1]: *** [govet] Error 2
make[1]: Leaving directory `/home/travis/gopath/src/github.com/cilium/cilium'
make: *** [unit-tests] Error 2

[vadorovsky]

test-me-please

[coveralls]

Coverage increased (+0.03%) to 36.931% when pulling 9d985f1 on manuelbuil:mtuSolution into 601852b on cilium:master.

[vadorovsky]

One nit. Otherwise looks good.

[aanm]

@jrfastab PTAL as well

[manuelbuil]

test-me-please

[aanm]

test-me-please

[vadorovsky]

test-me-please

[vadorovsky]

Travis hit the flake #10615. we can ignore it

[vadorovsky]

test-me-please

[vadorovsky]

test-me-please

[vadorovsky]

Hitting the flake #10882

[vadorovsky]

test-me-please

[vadorovsky]

Looks good, thanks!

[vadorovsky]

@tgraf PTAL

[vadorovsky]

restart-ginkgo

[joestringer]

@mrostecki Be aware there are at least three different types of issues with some of the services /nodeports tests , make sure you check the exit code and ensure it matches the corresponding issue. I can't tell if the failure seen before was #10882 because there's no link any more, but that one saw exit code 7 and was only seen in PRs that updated the cilium-runtime image so I suspect this saw a different issue, such as #10942 .

[joestringer]

Yes, this looks to be the case:
https://jenkins.cilium.io/job/Cilium-PR-K8s-oldest-net-next/295/

Timeout has been exceeded

I'm aware there has been some provider issues combined with this particular job having more tests than the others which can lead to this situation. Given the code changes here I think it's fairly unlikely to actually introduce a kernel-specific regression on net-next; it's also passed all the other jobs so as long as we're fine with the latest code changes then this should be good to merge.

[joestringer]

@manuelbuil are you still making any changes? If not, please mark "ready to review".

[manuelbuil]

@manuelbuil are you still making any changes? If not, please mark "ready to review".

No, patch is ready to review. I can't add or remove any label, so not sure how to mark it as ready to review or change the draft status. Can you help me?

[maintainer-s-little-helper]

Commit ac4bb90ab113c26e642764890e7d8522d75c70a1 does not contain "Signed-off-by".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

[vadorovsky]

test-me-please

[vadorovsky]

https://jenkins.cilium.io/job/Cilium-PR-K8s-newest-kernel-4.9/358 failed with

12:38:10  • Failure [298.763 seconds]
12:38:10  K8sDatapathConfig
12:38:10  /home/jenkins/workspace/Cilium-PR-K8s-newest-kernel-4.9/k8s-1.18-gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:436
12:38:10    Etcd
12:38:10    /home/jenkins/workspace/Cilium-PR-K8s-newest-kernel-4.9/k8s-1.18-gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:436
12:38:10      Check connectivity [It]
12:38:10      /home/jenkins/workspace/Cilium-PR-K8s-newest-kernel-4.9/k8s-1.18-gopath/src/github.com/cilium/cilium/test/ginkgo-ext/scopes.go:471
12:38:10  
12:38:10      cilium pre-flight checks failed
[2020-05-25T10:38:10.986Z]     Expected
[2020-05-25T10:38:10.986Z]         <*errors.errorString | 0xc00025e130>: {
[2020-05-25T10:38:10.986Z]             s: "Cilium validation failed: 4m0s timeout expired: Last polled error: connectivity health is failing: Cluster connectivity is unhealthy on 'cilium-s7rdp': Exitcode: 255 \nStdout:\n \t \nStderr:\n \t Error: Cannot get status/probe: Put \"http://%2Fvar%2Frun%2Fcilium%2Fhealth.sock/v1beta/status/probe\": context deadline exceeded\n\t \n\t command terminated with exit code 255\n\t \n",
[2020-05-25T10:38:10.986Z]         }
[2020-05-25T10:38:10.986Z]     to be nil
12:38:10  
12:38:10      /home/jenkins/workspace/Cilium-PR-K8s-newest-kernel-4.9/k8s-1.18-gopath/src/github.com/cilium/cilium/test/helpers/manifest.go:313

[joestringer]

Overall the idea of taking the externalIP from k8s and using that to determine which device provides 'external' connectivity (and hence governs MTU) seems like a reasonable approach. I wish there were a better way to figure this out than iterating all IPs associated with all devices, but I'm not sure the kernel gives us any better APIs.

I have a bunch of minor nits that should be easy to address below.

[manuelbuil]

Thanks for the review @joestringer

[vadorovsky]

test-me-please

[vadorovsky]

test-me-please

[vadorovsky]

test-me-please

[vadorovsky]

I guess that the GKE test failure can be ignored.