Skip to content

feat: [NPM] lazy delete ipsets #1252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 1, 2022
Merged

feat: [NPM] lazy delete ipsets #1252

merged 7 commits into from
Mar 1, 2022

Conversation

@huntergregory
Copy link
Contributor

@huntergregory huntergregory commented Feb 18, 2022
edited
Loading

Place the burden of cleaning up empty/unreferenced ipsets on the dataplane. The ipset manager will remove all deletable sets from the main cache, and for ApplyAllIPSets mode, will add those sets to the toDeleteCache, ready to be removed on the next ApplyIPSets call.

This PR does the following:

  • removes DeleteIPSet calls from the controllers:
    • previously, we would only delete Namespace ipsets in namespace controller
  • creates an ipset manager reconcile function, and moves the reconcile go thread out of policy manager into DP

Minor updates:

  • fixes integration testing structs (some NPMNetPols didn't have RuleIPSets prior)
  • adds thorough UTs for Add/Delete Reference in ipset manager
  • moves some windows-specific ipset manager code to the windows file

@huntergregory huntergregory added the npm Related to NPM. label Feb 18, 2022
vakalapa
vakalapa reviewed Feb 24, 2022
View reviewed changes
npm/pkg/dataplane/ipsets/ipsetmanager.go
// NOTE: in ApplyAllIPSets mode, if this ipset has never been created in the kernel, it would be added to the deleteCache, and then the OS would fail to delete it
iMgr.modifyCacheForKernelRemoval(set.Name)
}
// if mode is ApplyOnNeed, the set will not be in the kernel (or will be in the delete cache already) since there are no references
Copy link
Contributor

@vakalapa vakalapa Feb 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even in applyONNeed we might end in situation where a set is needed with members and then we delete the referenced netpol/list. We can end up with empty sets in kernel right ?

Copy link
Contributor Author

@huntergregory huntergregory Feb 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

anytime the set is modified, we see if it should be in the kernel now, and it to the deleteCache if needed

vakalapa
vakalapa reviewed Feb 25, 2022
View reviewed changes
@huntergregory huntergregory enabled auto-merge (squash) March 1, 2022 17:33
@vakalapa vakalapa disabled auto-merge March 1, 2022 21:30
@vakalapa vakalapa merged commit 06f2619 into master Mar 1, 2022
@vakalapa vakalapa deleted the npm-lazy-delete branch March 1, 2022 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vakalapa vakalapa vakalapa approved these changes

Assignees

No one assigned

Labels

npm Related to NPM.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@huntergregory @vakalapa