pkg/k8s: re-add CiliumIsUp Node condition even if removed

If the CiliumIsUp Node condition is removed either by accident or due a concurrency issue when updating the node from different entities, Cilium is now able to re-add the node condition back to the node again. Fixes: bd34b95 ("pkg/k8s: remove node.cilium.io/agent-not-ready taint from nodes") Signed-off-by: André Martins <andre@cilium.io>
cilium · Jul 14, 2021 · 54ae42b · 54ae42b
1 parent fc6ef4d
commit 54ae42b
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 14 deletions.
diff --git a/pkg/k8s/node.go b/pkg/k8s/node.go
@@ -38,6 +38,12 @@ import (
 	"k8s.io/client-go/kubernetes"
 )
 
+const (
+	// ciliumNodeConditionReason is the condition name used by Cilium to set
+	// when the Network is setup in the node.
+	ciliumNodeConditionReason = "CiliumIsUp"
+)
+
 // ParseNodeAddressType converts a Kubernetes NodeAddressType to a Cilium
 // NodeAddressType. If the Kubernetes NodeAddressType does not have a
 // corresponding Cilium AddressType, returns an error.
@@ -219,23 +225,14 @@ func setNodeNetworkUnavailableFalse(ctx context.Context, c kubernetes.Interface,
 		return err
 	}
 
-	const reason = "CiliumIsUp"
-
-	for _, condition := range n.Status.Conditions {
-		if condition.Type == corev1.NodeNetworkUnavailable &&
-			condition.Status == corev1.ConditionFalse &&
-			condition.Reason == reason {
-
-			// No need to update node condition as it is already available in
-			// the node status.
-			return nil
-		}
+	if HasCiliumIsUpCondition(n) {
+		return nil
 	}
 
 	condition := corev1.NodeCondition{
 		Type:               corev1.NodeNetworkUnavailable,
 		Status:             corev1.ConditionFalse,
-		Reason:             reason,
+		Reason:             ciliumNodeConditionReason,
 		Message:            "Cilium is running on this node",
 		LastTransitionTime: metav1.Now(),
 		LastHeartbeatTime:  metav1.Now(),
@@ -249,6 +246,19 @@ func setNodeNetworkUnavailableFalse(ctx context.Context, c kubernetes.Interface,
 	return err
 }
 
+// HasCiliumIsUpCondition returns true if the given k8s node has the cilium node
+// condition set.
+func HasCiliumIsUpCondition(n *corev1.Node) bool {
+	for _, condition := range n.Status.Conditions {
+		if condition.Type == corev1.NodeNetworkUnavailable &&
+			condition.Status == corev1.ConditionFalse &&
+			condition.Reason == ciliumNodeConditionReason {
+			return true
+		}
+	}
+	return false
+}
+
 // removeNodeTaint removes the AgentNotReadyNodeTaint allowing for pods to be
 // scheduled once Cilium is setup. Mostly used in cloud providers to prevent
 // existing CNI plugins from managing pods.

diff --git a/pkg/k8s/watchers/node.go b/pkg/k8s/watchers/node.go
@@ -55,7 +55,7 @@ func (k *K8sWatcher) NodesInit(k8sClient *k8s.K8sClient) {
 					var valid bool
 					if node := k8s.ObjToV1Node(obj); node != nil {
 						valid = true
-						if hasAgentNotReadyTaint(node) {
+						if hasAgentNotReadyTaint(node) || !k8s.HasCiliumIsUpCondition(node) {
 							k8sClient.ReMarkNodeReady()
 						}
 						err := k.updateK8sNodeV1(nil, node)
@@ -68,7 +68,7 @@ func (k *K8sWatcher) NodesInit(k8sClient *k8s.K8sClient) {
 					if oldNode := k8s.ObjToV1Node(oldObj); oldNode != nil {
 						valid = true
 						if newNode := k8s.ObjToV1Node(newObj); newNode != nil {
-							if hasAgentNotReadyTaint(newNode) {
+							if hasAgentNotReadyTaint(newNode) || !k8s.HasCiliumIsUpCondition(newNode) {
 								k8sClient.ReMarkNodeReady()
 							}