Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unnecessary watch of headless-related EndpointSlice objects #26069

Closed
2 tasks done
tosi3k opened this issue Jun 9, 2023 · 1 comment
Closed
2 tasks done

Unnecessary watch of headless-related EndpointSlice objects #26069

tosi3k opened this issue Jun 9, 2023 · 1 comment
Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps.

Comments

@tosi3k
Copy link
Contributor

tosi3k commented Jun 9, 2023

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

When debugging a heavily loaded cluster with a high churn on pods fronted by the headless services, we found out that cilium-agents watch all EndpointSlice objects rather than the ones that correspond to usual services only, contrary to what kube-proxy does.

In addition, cilium-agent already filters out headless services in its label selector on services watch, so I believe this to be a bug, unless I'm not aware of some special use case the agent has for this 🤷.

Cilium Version

1.12.10

Kernel Version

N/A

Kubernetes Version

1.27.2

Sysdump

No response

Relevant log output

kube-proxy watches initialization logged in kube-apiserver:
`"Starting watch" path="/apis/discovery.k8s.io/v1/endpointslices" resourceVersion="9752340" labels="!service.kubernetes.io/headless,!service.kubernetes.io/service-proxy-name" fields="" timeout="9m29s"`
`"Starting watch" path="/api/v1/services" resourceVersion="9753278" labels="!service.kubernetes.io/headless,!service.kubernetes.io/service-proxy-name" fields="" timeout="7m5s"`

cilium-agent watches initialization logged in kube-apiserver:
`"Starting watch" path="/apis/discovery.k8s.io/v1/endpointslices" resourceVersion="15437961" labels="" fields="" timeout="8m43s"`
`"Starting watch" path="/api/v1/services" resourceVersion="15438967" labels="!service.kubernetes.io/headless,!service.kubernetes.io/service-proxy-name" fields="" timeout="7m5s"`

Anything else?

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@tosi3k tosi3k added kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps. labels Jun 9, 2023
@tosi3k
Copy link
Contributor Author

tosi3k commented Jun 9, 2023
edited

I think that a PR that was merged 4 days ago fixes this on the occasion (

cilium/pkg/k8s/resource_ctors.go

Lines 154 to 158 in d0ab559

func EndpointsResource(lc hive.Lifecycle, cs client.Clientset) (resource.Resource[*Endpoints], error) {
if !cs.IsEnabled() {
return nil, nil
}
optsModifier, err := utils.GetServiceListOptionsModifier(option.Config)
), though.

@tosi3k tosi3k closed this as completed Jun 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tosi3k