New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg/allocator: Improve 'Key allocation attempt failed' handling for C… #28810
pkg/allocator: Improve 'Key allocation attempt failed' handling for C… #28810
Conversation
/test |
fb3a9f8
to
c271b4b
Compare
/test |
c271b4b
to
7a3f044
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of nits inline.
About "Instead of storing the entire CiliumIdentities object, it should be sufficient to have a Created flag (or something similar) only.", do you think it could be make sense or not being worthy?
…RD mode In CRD mode, the Cilium agent uses CRD to create identities. After an identity is created, the agent acquires a reference for that key. This involves fetching the CRD from the local Kubernetes cache and checking for an annotation applied by cilium-operator to mark the identity for deletion. However, there may be a delay before the Cilium Identity is cached locally, leading to the 'Key allocation attempt failed' error. This patch ensures that we fallback to the newly allocated Cilium Identity if it's not found in the Kubernetes cache. Signed-off-by: André Martins <andre@cilium.io>
We don't need to always DeepCopy Cilium Identity. We just need to perform that operation if we are going perform writes. Signed-off-by: André Martins <andre@cilium.io>
Renamed 'slave' to 'secondary' in the error messages that are presented to users. Signed-off-by: André Martins <andre@cilium.io>
7a3f044
to
ee9ce2c
Compare
Idk TBH, the "created" flag doesn't provide the state which is also what I was going for. Have in mind that although it's storing the entire CI object, that Key will be GC since it's only used here. |
/test |
Yeah, I saw that it is currently not stored anywhere. I was just a bit concerned that at a certain point we start storing it for other reasons, and we end up with bloated objects. Mostly curiosity though, makes sense as approach to me given the current structure. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks ✅
…RD mode
In CRD mode, the Cilium agent uses CRD to create identities. After an identity is created, the agent acquires a reference for that key. This involves fetching the CRD from the local Kubernetes cache and checking for an annotation applied by cilium-operator to mark the identity for deletion. However, there may be a delay before the Cilium Identity is cached locally, leading to the 'Key allocation attempt failed' error. This patch ensures that we fallback to the newly allocated Cilium Identity if it's not found in the Kubernetes cache.
Fixes #11487