New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipam: Add ability to automatically create CiliumPodIPPool
resources in multi-pool IPAM mode
#25991
ipam: Add ability to automatically create CiliumPodIPPool
resources in multi-pool IPAM mode
#25991
Conversation
CiliumPodIPPool
resources in multi-pool IPAM mode
5abec83
to
61c2ec4
Compare
61c2ec4
to
738b612
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good as far as I'm concerned, there's one report to address below
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work!
Very minor comments and a suggestion for a follow-up change inline.
for _, cidr := range strings.Split(value, ",") { | ||
_, err := netip.ParsePrefix(cidr) | ||
if err != nil { | ||
return cilium_v2alpha1.IPPoolSpec{}, fmt.Errorf("invalid value for key %q: %w", poolKeyIPv4CIDRs, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For errors such as this one (and similar below), it might be helpful for someone reading logs if you specify what kind of validation failed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what you mean by that. It currently prints the following error if this line is hit, what do you think is missing?
level=fatal msg="Failed to parse IP pool spec in \"auto-create-cilium-pod-ip-pools\" flag" error="invalid value for key \"ipv4-cidrs\": netip.ParsePrefix(\"172.300.0.0/16\"): ParseAddr(\"172.300.0.0\"): IPv4 field has value >255" poolName=broken poolSpec="ipv4-cidrs:172.300.0.0/16,172.17.0.0/16;ipv4-mask-size:24" subsys=watchers
This commit fixes the name of the logging subsystem used by the multi-pool allocator. The multi-pool allocator was previously named cluster-pool-v2beta2 during development, but has since been renamed. Fixes: 3bffa18 ("operator: Add core logic for IPAM pools") Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This changes the Golang definition of the CilumPodIPPool type to use pointers instead of values for the IPv4/IPv6 fields. This is required because those fields are marked as optional in our kubebuilder annotations, but the fields of the structs themselves are required. This caused an issue that it was not possible to create or update CiliumPodIPPool resources from Golang, because Golang uses a zero-valued default struct for the IPv4 or IPv6 fields, which in turn causes validation errors because the required fields within the IPv4/IPv6 struct where now zero/empty. For example, if one created an IPv4 only pool: ``` error: CiliumPodIPPool.cilium.io "default" is invalid: [ spec.ipv6.maskSize: Invalid value:0: spec.ipv6.maskSize in body should be greater than or equal to 1, spec.ipv6.cidrs: Required value ] ``` This commit also changes the integer size of the mask size field to a more appropriate width. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Before this commit, we populated the multi-pool allocator from pre-defined pools based on the `multi-pool-map` flag. Since we added a custom `CiliumPodIPPool` resource however, there was a mismatch between those pre-defined pools (which are static and not backed up by a resource) and pools defined via CRD. This commit addresses this mismatch by creating a `CiliumPodIPPool` resource for every pre-defined pool present in `multi-pool-map`. This means that those pre-defined pools are now regular pools that are automatically created upon operator startup. Having the option to pre-define pools at installation time is important, because cilium-agent requires pod CIDRs at least from the default pool before it becomes ready. By providing an option to have cilium-operator auto-create some pre-defined pools, we solve this bootstrapping problem in an easy way. The alternative would require users to manually create default pools after running `helm install`, which increases operational complexity. Note that if the pre-defined pools already exist, the operator will not modify re-create or update them. This behavior is intentional, to avoid overwriting potential changes made by the user. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit renames the `multi-pool-map` to `auto-create-cilium-pod-ip-pools` to better reflect it's new functionality. The name is taken from the `auto-create-cilium-node-resource` flag which also creates resources upon startup. In addition, the flag is also now unhidden and its Helm value syntax is changed to be more similar to the schema of the CiliumPodIPPool resource. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit removes the `AddPool` function which is no longer used now that all call sites use `UpsertPool` instead. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
738b612
to
1b22d25
Compare
I believe I addressed all nits. Rebased and restarting CI |
/test |
/test-1.26-net-next Job 'Cilium-PR-K8s-1.26-kernel-net-next' hit: #25958 (87.92% similarity) |
/ci-aks |
CI-net-next hit #25958 |
/test-1.26-net-next |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the multiPoolMap attribute in helm is added as part of the 1.14 dev cycle, so we can skip the deprecation step for renaming.
Helm changes lgtm ✔️
In (*PoolAllocator).updateCIDRSets the CIDRs are currently parsed twice, once using netip.ParsePrefix and once using net.ParseCIDR. Avoid this and pass the CIDRs as []netip.Prefix and at the same time also convert downstream functions in ipam/cidrset to take a netip.Prefix instead of *net.IPNet. Ref. #25824 (comment) Ref. #25991 (comment) Signed-off-by: Tobias Klauser <tobias@cilium.io>
In (*PoolAllocator).updateCIDRSets the CIDRs are currently parsed twice, once using netip.ParsePrefix and once using net.ParseCIDR. Avoid this and pass the CIDRs as []netip.Prefix and at the same time also convert downstream functions in ipam/cidrset to take a netip.Prefix instead of *net.IPNet. Ref. #25824 (comment) Ref. #25991 (comment) Signed-off-by: Tobias Klauser <tobias@cilium.io>
In (*PoolAllocator).updateCIDRSets the CIDRs are currently parsed twice, once using netip.ParsePrefix and once using net.ParseCIDR. Avoid this and pass the CIDRs as []netip.Prefix and at the same time also convert downstream functions in ipam/cidrset to take a netip.Prefix instead of *net.IPNet. Ref. cilium#25824 (comment) Ref. cilium#25991 (comment) Signed-off-by: Tobias Klauser <tobias@cilium.io>
Before this PR, we populated the multi-pool allocator from pre-defined pools based on the
multi-pool-map
flag. Since we added a customCiliumPodIPPool
resource however (c.f. #25824), there was a mismatch between those pre-defined pools (which are static and not backed up by a resource) and pools defined via CRD.This PR addresses this mismatch by instead creating a
CiliumPodIPPool
resource for every pre-defined pool present inauto-create-cilium-pod-ip-pools
. This means that those pre-defined pools are now regular pools that are automatically created upon operator startup. The name of the new flag is taken from theauto-create-cilium-node-resource
flag which also creates resources upon startup.Having the option to pre-define pools at installation time is important, because cilium-agent requires pod CIDRs at least from the default pool before it becomes ready. By providing an option to have cilium-operator auto-create some pre-defined pools, we solve this bootstrapping problem in an easy way. The alternative would require users to manually create
default pools after running
helm install
, which increases operational complexity.Note that if the pre-defined pools already exist, the operator will not modify re-create or update them. This behavior is intentional, to avoid overwriting potential changes made by the user.
Meta: #25470
ℹ️ Review per commit
Example values.yaml:
Will create three IP pools (default, mars and other), as can be seen with:
Proper CI and documentation will be added in a follow-up PR.