Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRD: fix allocation logic of identities with the same set of labels #11040

Merged
merged 7 commits into from Apr 20, 2020
Merged

CRD: fix allocation logic of identities with the same set of labels #11040

merged 7 commits into from Apr 20, 2020

Conversation

aanm
Copy link
Member

@aanm aanm commented Apr 17, 2020

Please read per commit, the overall idea is that in CRD mode we don't map which node has a particular identity and without this mapping it becomes tricky knowing which identity a particular node should hold or release the reference of.

@aanm aanm added kind/bug This is a bug in the Cilium logic. pending-review priority/high This is considered vital to an upcoming release. release-note/bug This PR fixes an issue in a previous release of Cilium. labels Apr 17, 2020
@aanm aanm requested a review from a team as a code owner April 17, 2020 16:29
@aanm aanm requested a review from a team April 17, 2020 16:29
@aanm aanm requested a review from a team as a code owner April 17, 2020 16:29
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.7.3 Apr 17, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.8.0 Apr 17, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.6.9 Apr 17, 2020
@aanm
Copy link
Member Author

aanm commented Apr 17, 2020

test-me-please

@coveralls
Copy link

coveralls commented Apr 17, 2020
edited

Coverage Status

Coverage increased (+0.01%) to 46.827% when pulling f44ecba on pr/fix-crd-bug into c7b9f3e on master.

@aanm
Copy link
Member Author

aanm commented Apr 17, 2020

test-me-please

@aanm
Copy link
Member Author

aanm commented Apr 20, 2020

test-me-please

christarazi
christarazi reviewed Apr 20, 2020
View reviewed changes
Copy link
Member

@christarazi christarazi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, assuming small comments are addressed

pkg/k8s/identitybackend/identity.go Outdated Show resolved Hide resolved
@aanm
pkg/allocator: remove duplicated code
7923c33 
The same logic was being performed inside the loop so we can execute it
right after each loop and remove the duplicated source code that is
outside the loop.

Signed-off-by: André Martins <andre@cilium.io>
@aanm
k8s/identitybackend: add getByID to retrieve identity from store
9df073a 
The logic to retrieve an identity from an ID can be useful so this
commit adds a dedicated function for this functionality.

Signed-off-by: André Martins <andre@cilium.io>
@aanm
pkg/allocator: return ID stored by the local key
6345fcd 
Signed-off-by: André Martins <andre@cilium.io>
@aanm
crd identity allocator: remove node reference for right identity
9b16112 
When performing an identity release and if 2 or more identities exist
for the same set of labels, after performing a lookup in the local
CRD store, this lookup will return a random identity since its lookup is
done by the set of labels which can be repeated in this local CRD store.

As we don't verify if the ID of this identity is the one that we should
remove the node reference from we can end up removing the node reference
from the wrong Identity.

To avoid this we should perform the local CRD store lookup by the unique
ID and not rely on labels.

The same issue does not happen in KVStore mode since we have a KVStore
key specific for each node so we know exactly which key we can remove
based on the node that is removing the reference from.

Signed-off-by: André Martins <andre@cilium.io>
@aanm
k8s/identitybackend: clarify usage of Get(ctx, key)
e8e3228 
This will help the understanding of the Get function caveats for the CRD
mode.

Signed-off-by: André Martins <andre@cilium.io>
@aanm
k8s/identitybackend: acquire reference based on ID
26d7d2c 
When performing an AcquireReference and if 2 or more identities exist
for the same set of labels, after performing a lookup in the local
CRD store, this lookup will return a random identity since its lookup is
done by the set of labels which can be repeated in this local CRD store.

As we don't verify if the ID of the identity gotten from the local CRD
store we might endup acquiring the reference for the identity that does
not have the ID that we want to acquire the reference with.

To avoid this we should perform the local CRD store lookup by the unique
ID and not rely on the key labels.

The same issue does not happen in KVStore mode since we have a KVStore
key specific for each node so we know exactly which ID belongs to which
node.

Signed-off-by: André Martins <andre@cilium.io>
@aanm
operator: add Info message when a identity is GC in CRD mode
f44ecba 
It is useful to have this information being printed in non-debug mode to
help tracking down potential bugs.

Signed-off-by: André Martins <andre@cilium.io>
@aanm aanm requested a review from christarazi April 20, 2020 18:27
@aanm
Copy link
Member Author

aanm commented Apr 20, 2020

test-me-please

christarazi
christarazi approved these changes Apr 20, 2020
View reviewed changes
Copy link
Member

@christarazi christarazi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Awaiting CI, will merge after.

@christarazi christarazi merged commit 29cf11e into master Apr 20, 2020
1.8.0 automation moved this from In progress to Merged Apr 20, 2020
@christarazi christarazi deleted the pr/fix-crd-bug branch April 20, 2020 22:37
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.7 in 1.7.3 Apr 22, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.7 in 1.7.3 Apr 22, 2020
@jrfastab jrfastab mentioned this pull request Apr 22, 2020
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.7 to Backport done to v1.7 in 1.7.3 Apr 29, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.7 to Backport done to v1.7 in 1.7.3 Apr 29, 2020
@christarazi christarazi mentioned this pull request Apr 30, 2020
Merged
@aanm aanm mentioned this pull request May 7, 2020
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.6 in 1.6.9 May 7, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.6 in 1.6.9 May 7, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.6 to Backport done to v1.6 in 1.6.9 May 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgraf tgraf tgraf approved these changes

@christarazi christarazi christarazi approved these changes

Assignees
No one assigned
Labels
kind/bug This is a bug in the Cilium logic. priority/high This is considered vital to an upcoming release. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
No open projects
1.6.9
Backport done to v1.6
1.7.3
Backport done to v1.7
1.8.0
  
Merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@aanm @coveralls @tgraf @christarazi @joestringer @jrfastab