ipam: Add ability to automatically create CiliumPodIPPool resources in multi-pool IPAM mode
#25991
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gandro
added
release-note/minor
gandro
changed the title
CiliumPodIPPool resources in multi-pool IPAM mode
gandro
force-pushed
the
pr/gandro/multi-pool-auto-create-cpip
branch
from
5abec83
to
61c2ec4
Compare
gandro
force-pushed
the
pr/gandro/multi-pool-auto-create-cpip
branch
from
61c2ec4
to
738b612
Compare
qmonnet
approved these changes
Jun 7, 2023
|
/test |
tklauser
approved these changes
Jun 8, 2023
tommyp1ckles
reviewed
Jun 8, 2023
| for _, cidr := range strings.Split(value, ",") { | ||
| _, err := netip.ParsePrefix(cidr) | ||
| if err != nil { | ||
| return cilium_v2alpha1.IPPoolSpec{}, fmt.Errorf("invalid value for key %q: %w", poolKeyIPv4CIDRs, err) |
There was a problem hiding this comment.
For errors such as this one (and similar below), it might be helpful for someone reading logs if you specify what kind of validation failed.
There was a problem hiding this comment.
Not sure what you mean by that. It currently prints the following error if this line is hit, what do you think is missing?
level=fatal msg="Failed to parse IP pool spec in \"auto-create-cilium-pod-ip-pools\" flag" error="invalid value for key \"ipv4-cidrs\": netip.ParsePrefix(\"172.300.0.0/16\"): ParseAddr(\"172.300.0.0\"): IPv4 field has value >255" poolName=broken poolSpec="ipv4-cidrs:172.300.0.0/16,172.17.0.0/16;ipv4-mask-size:24" subsys=watchers
christarazi
approved these changes
Jun 9, 2023
This commit fixes the name of the logging subsystem used by the multi-pool allocator. The multi-pool allocator was previously named cluster-pool-v2beta2 during development, but has since been renamed. Fixes: 3bffa18 ("operator: Add core logic for IPAM pools") Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This changes the Golang definition of the CilumPodIPPool type to use
pointers instead of values for the IPv4/IPv6 fields. This is required
because those fields are marked as optional in our kubebuilder
annotations, but the fields of the structs themselves are required.
This caused an issue that it was not possible to create or update
CiliumPodIPPool resources from Golang, because Golang uses a zero-valued
default struct for the IPv4 or IPv6 fields, which in turn causes
validation errors because the required fields within the IPv4/IPv6
struct where now zero/empty.
For example, if one created an IPv4 only pool:
```
error: CiliumPodIPPool.cilium.io "default" is invalid: [
spec.ipv6.maskSize: Invalid value:0: spec.ipv6.maskSize in body should be greater than or equal to 1,
spec.ipv6.cidrs: Required value
]
```
This commit also changes the integer size of the mask size field to a
more appropriate width.
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Before this commit, we populated the multi-pool allocator from pre-defined pools based on the `multi-pool-map` flag. Since we added a custom `CiliumPodIPPool` resource however, there was a mismatch between those pre-defined pools (which are static and not backed up by a resource) and pools defined via CRD. This commit addresses this mismatch by creating a `CiliumPodIPPool` resource for every pre-defined pool present in `multi-pool-map`. This means that those pre-defined pools are now regular pools that are automatically created upon operator startup. Having the option to pre-define pools at installation time is important, because cilium-agent requires pod CIDRs at least from the default pool before it becomes ready. By providing an option to have cilium-operator auto-create some pre-defined pools, we solve this bootstrapping problem in an easy way. The alternative would require users to manually create default pools after running `helm install`, which increases operational complexity. Note that if the pre-defined pools already exist, the operator will not modify re-create or update them. This behavior is intentional, to avoid overwriting potential changes made by the user. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit renames the `multi-pool-map` to `auto-create-cilium-pod-ip-pools` to better reflect it's new functionality. The name is taken from the `auto-create-cilium-node-resource` flag which also creates resources upon startup. In addition, the flag is also now unhidden and its Helm value syntax is changed to be more similar to the schema of the CiliumPodIPPool resource. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
This commit removes the `AddPool` function which is no longer used now that all call sites use `UpsertPool` instead. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
gandro
force-pushed
the
pr/gandro/multi-pool-auto-create-cpip
branch
from
738b612
to
1b22d25
Compare
|
I believe I addressed all nits. Rebased and restarting CI |
|
/test |
|
/test-1.26-net-next Job 'Cilium-PR-K8s-1.26-kernel-net-next' hit: #25958 (87.92% similarity) |
|
/ci-aks |
|
CI-net-next hit #25958 |
|
/test-1.26-net-next |
sayboras
approved these changes
Jun 13, 2023
maintainer-s-little-helper
bot
added
the
ready-to-merge
tklauser
added a commit
that referenced
this pull request
Jun 14, 2023
In (*PoolAllocator).updateCIDRSets the CIDRs are currently parsed twice, once using netip.ParsePrefix and once using net.ParseCIDR. Avoid this and pass the CIDRs as []netip.Prefix and at the same time also convert downstream functions in ipam/cidrset to take a netip.Prefix instead of *net.IPNet. Ref. #25824 (comment) Ref. #25991 (comment) Signed-off-by: Tobias Klauser <tobias@cilium.io>
tklauser
added a commit
that referenced
this pull request
Jun 14, 2023
In (*PoolAllocator).updateCIDRSets the CIDRs are currently parsed twice, once using netip.ParsePrefix and once using net.ParseCIDR. Avoid this and pass the CIDRs as []netip.Prefix and at the same time also convert downstream functions in ipam/cidrset to take a netip.Prefix instead of *net.IPNet. Ref. #25824 (comment) Ref. #25991 (comment) Signed-off-by: Tobias Klauser <tobias@cilium.io>
romanspb80
pushed a commit
to romanspb80/cilium
that referenced
this pull request
Jun 22, 2023
In (*PoolAllocator).updateCIDRSets the CIDRs are currently parsed twice, once using netip.ParsePrefix and once using net.ParseCIDR. Avoid this and pass the CIDRs as []netip.Prefix and at the same time also convert downstream functions in ipam/cidrset to take a netip.Prefix instead of *net.IPNet. Ref. cilium#25824 (comment) Ref. cilium#25991 (comment) Signed-off-by: Tobias Klauser <tobias@cilium.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before this PR, we populated the multi-pool allocator from pre-defined pools based on the
multi-pool-mapflag. Since we added a customCiliumPodIPPoolresource however (c.f. #25824), there was a mismatch between those pre-defined pools (which are static and not backed up by a resource) and pools defined via CRD.This PR addresses this mismatch by instead creating a
CiliumPodIPPoolresource for every pre-defined pool present inauto-create-cilium-pod-ip-pools. This means that those pre-defined pools are now regular pools that are automatically created upon operator startup. The name of the new flag is taken from theauto-create-cilium-node-resourceflag which also creates resources upon startup.Having the option to pre-define pools at installation time is important, because cilium-agent requires pod CIDRs at least from the default pool before it becomes ready. By providing an option to have cilium-operator auto-create some pre-defined pools, we solve this bootstrapping problem in an easy way. The alternative would require users to manually create
default pools after running
helm install, which increases operational complexity.Note that if the pre-defined pools already exist, the operator will not modify re-create or update them. This behavior is intentional, to avoid overwriting potential changes made by the user.
Meta: #25470
ℹ️ Review per commit
Example values.yaml:
Will create three IP pools (default, mars and other), as can be seen with:
Proper CI and documentation will be added in a follow-up PR.