New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
node_ids: introduce GetNodeID #26155
node_ids: introduce GetNodeID #26155
Conversation
/test several manual re-runs of ci-ginkgo succeeded without an issue! :) |
@@ -77,8 +72,28 @@ func (n *linuxNodeHandler) GetNodeIP(nodeID uint16) string { | |||
return n.nodeIPsByIDs[nodeID] | |||
} | |||
|
|||
func (n *linuxNodeHandler) GetNodeID(nodeIP net.IP) (uint16, bool) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we want to go with an error
instead of the bool
in the "public" facing API? my thoughts were that a bool
fulfills the purpose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree a bool will be fine as it mimics the map "interface" just fine
@@ -82,7 +83,7 @@ func containsIP(allowedIPs []net.IPNet, ipnet *net.IPNet) bool { | |||
func newTestAgent(ctx context.Context) (*Agent, *ipcache.IPCache) { | |||
ipCache := ipcache.NewIPCache(&ipcache.Configuration{ | |||
Context: ctx, | |||
NodeIDHandler: &mockNodeHandler{}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
idea: re-using the "duplicate" from ipcache kind of reduces the blast radius (e.g. wireguard) when changing the nodeidhandler interface
6121ffb
to
04f4723
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for me
04f4723
to
709da60
Compare
rebased to |
/test Job 'Cilium-PR-K8s-1.25-kernel-4.19' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.25-kernel-4.19/742/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
709da60
to
58982c2
Compare
rebased to |
/test |
replaced |
5539688
to
f516ec1
Compare
Added support for IPv6 in |
f516ec1
to
1b03776
Compare
hit some strange error in rebasing to |
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
removed review-request from @aditighag. @jrajahalme already reviewed in behalf of team ipcache. |
This commit introduces the possibility to retrieve the node id for a given node IP without having to use `AllocateNodeID` which comes with the drawback of actually allocating a new node id if it doesn't exist yet. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Currently, when retrieving the node id for an IP, the local node id 0 is only returned if the given IP matches the nodes IPv4 - but not IPv6. This commit adds support for IPv6. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Until now, a `lock.Mutex` was securing all fields of the linuxnodehandler. With the introduction ready-only methods GetNodeIP & GetNodeID, it became useful to replace it with an RWMutex and only lock it for read in these two functions. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Using `ipcache.ALlocateNodeID` to lookup the node id for a node IP during auth gc initialisation results in unintended node id allocations if the nodeids aren't yet created for the cilium nodes. By using the new method `GetNodeID` we remove this unwanted side-effect. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
This commit re-enables the node-based auth map garbage collection which have been temporarily disabled with cilium#26073. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
1b03776
to
d21032d
Compare
addressed @jibi's input |
/test |
This PR introduces the possibility to retrieve the node id for a given node IP without having to use
AllocateNodeID
which comes with the drawback of actually allocating a new node id if one doesn't exist yet for the given IP.Example: Using
ipcache.AllocateNodeID
to lookup the node ID for a node IP during auth gc initialisation results in unintended node ID allocations if the nodeids doesn't exist yet for the cilium nodes.By using the new method
GetNodeID
we remove this unintended side-effect.Therefore, the temporarily disabled auth map GC functionality has been re-enabled!
Related to: #26073 & #25964