Add subnetCount to pod_ip_metrics.go

[yiningou]

No description provided.

[yiningou]

Add ipv4 & ipv6 subnet Count and Utilization metrics to pod_ip_metrics.go
Please review my codes. Thanks!
/assign jingyuanliang
/assign MrHohn

[MrHohn]

Hey Yining, thanks for the PR! The approach generally looks good to me, leaving a few comments on the details.

[MrHohn]

I would suggest follow the same pattern as what we did in init container and derive the actual CNI config name from CNI_SPEC_NAME:

netd/scripts/install-cni.sh

Line 251 in a937568

output_file="/host/etc/cni/net.d/${CNI_SPEC_NAME}"

In that way we have a lower chance of hitting any mismatch problem.

[jingyuanliang]

This one is tricky. How will we handle the Calico case?

[MrHohn]

Good catch - with Calico there are a few more things to consider:

• CNI file may not be available on netd startup.
• Need to pipe through the Calico CNI name.
• Parsing is a bit different as Calico puts { "subnet": "usePodCidr" } instead of a plain CIDR.

Thought about parsing the CNI template file instead but that may not work as the template file will be removed by Calico pod promptly.

It may be fine to start without supporting this case though.

[jingyuanliang]

CNI file may not be available on netd startup.

Not really. install-cni.sh waits for calico's conflist before moving ahead.

[jingyuanliang]

For reference, Calico's regular conf:

{
   "name":"k8s-pod-network",
   "cniVersion":"0.3.1",
   "plugins":[
      {
         "type":"calico",
         "mtu":1460,
         "log_level":"info",
         "log_file_path":"/var/log/calico/cni/cni.log",
         "datastore_type":"kubernetes",
         "nodename":"gke-calico-netd-default-pool-8ce288fc-wb07",
         "ipam":{
            "type":"host-local",
            "subnet":"usePodCidr"
         },
         "policy":{
            "type":"k8s"
         },
         "kubernetes":{
            "kubeconfig":"/etc/cni/net.d/calico-kubeconfig"
         }
      },
      {
         "type":"portmap",
         "capabilities":{
            "portMappings":true
         },
         "snat":true
      },
      {
         "type":"bandwidth",
         "capabilities":{
            "bandwidth":true
         }
      }
   ]
}

Direct path conf:

{
   "name":"gke-pod-network",
   "cniVersion":"0.3.1",
   "plugins":[
      {
         "type":"calico",
         "mtu":1460,
         "log_level":"warning",
         "log_file_path":"/var/log/calico/cni/cni.log",
         "datastore_type":"kubernetes",
         "nodename":"gke-calico-netd-v6-default-pool-fc507ad4-vmx2",
         "ipam":{
            "type":"host-local",
            "ranges":[
               [
                  {
                     "subnet":"usePodCidr"
                  }
               ],
               [
                  {
                     "subnet":"2600:2d00:4005:c4e0:a80:3a:0:0/112"
                  }
               ]
            ],
            "routes":[
               {
                  "dst":"0.0.0.0/0"
               },
               {
                  "dst":"2001:4860:8040::/42"
               }
            ]
         },
         "policy":{
            "type":"k8s"
         },
         "kubernetes":{
            "kubeconfig":"/etc/cni/net.d/calico-kubeconfig"
         }
      },
      {
         "type":"portmap",
         "capabilities":{
            "portMappings":true
         },
         "snat":true
      },
      {
         "type":"bandwidth",
         "capabilities":{
            "bandwidth":true
         }
      }
   ]
}

/etc/cni/net.d/10-calico.conflist

[MrHohn]

Given the complexity aroundusePodCidr I'm not going to block this PR on calico support - that may come afterward if needed.

[jingyuanliang]

Didn't review tests because they may be changed based on how other parts change.

[jingyuanliang]

This one is tricky. How will we handle the Calico case?

[MrHohn]

Thanks Yining, adding second around of comments - this looks good overall.

[MrHohn]

Thanks Yining, two minor comments. Could you fix the commit message to remove the redundant message from the fix-ups?

[MrHohn]

This should match the method name - // countIPsFromRange returns ...

[yiningou]

I'm now thinking, why are we doing it by parsing the CNI config file from the beginning?

I previously thought, by doing this we can probably handle more different scenarios where the CNI is configured by some different party or in a different layout, but in the current implementation, what it can handle is pretty limited to the CNI config written by install-cni.sh using the default cni_spec_template (which is even not a part of this repo), and it currently just populates with .spec.podCIDR.

Given this, what about repeating what install-cni.sh does here and read .spec.podCIDR here then export the range size? This will happen to work well with calico's config too. By the way, is the control plane currently populating podCIDRs correctly for IPv6 and what about directpath?

I apologize for not addressing your comment earlier, as I was focusing on fixing the above-mentioned comments. I'd be more than happy to discuss this issue further and explore possible solutions together. How about we schedule a quick meeting or have a discussion session?

[MrHohn]

Let's make "/host/etc/cni/net.d/" a constant.

[jingyuanliang]

maybe keep this all lowercase for consistency

[jingyuanliang]

do we consider full RangeStart/End support, instead of just the default values?

[jingyuanliang]

looks like we'll never run into this case?

[jingyuanliang]

this condition looks hacky

[jingyuanliang]

can we extract all these into a separate function?

[jingyuanliang]

we probably want to put these inside struct podIPMetricsCollector.

[jingyuanliang]

I'm now thinking, why are we doing it by parsing the CNI config file from the beginning?

I previously thought, by doing this we can probably handle more different scenarios where the CNI is configured by some different party or in a different layout, but in the current implementation, what it can handle is pretty limited to the CNI config written by install-cni.sh using the default cni_spec_template (which is even not a part of this repo), and it currently just populates with .spec.podCIDR.

Given this, what about repeating what install-cni.sh does here and read .spec.podCIDR here then export the range size? This will happen to work well with calico's config too. By the way, is the control plane currently populating podCIDRs correctly for IPv6 and what about directpath?

[MrHohn]

Yining, Jingyuan and myself did a quick sync on this and agreed going with .spec.podCIDR and .spec.podCIDRs seems like a cleaner and more consistent way to go with less dependencies to be added.

Regarding directpath - since it doesn't have an angle into IP allocation it should be fine to put it aside (it won't show up in podCIDR).

[MrHohn]

Thanks Yining! One minor comment and LGTM.
/approve

[MrHohn]

What about something like:

	for _, podCIDR := range node.Spec.PodCIDRs {
		allCIDRs = append(allCIDRs, podCIDR)
	}
        if len(allCIDRs) == 0 {
                 if node.Spec.PodCIDR != "" {
		        allCIDRs = append(allCIDRs, node.Spec.PodCIDR)
                 }
        }

[MrHohn]

/hold

[MrHohn]

Will keep the hold in case Jingyuan wants to take a final look.
/lgtm

[google-oss-prow]

New changes are detected. LGTM label has been removed.

[google-oss-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: MrHohn, yiningou

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment