Improve Cilium integration with managed Kubernetes providers #16631
Commits on Jul 1, 2021
-
pkg/k8s: replace GetNode instances with a k8s store
Polling the k8s node from kube-apiserver to retrieve its state has some scalability concerns, specially in large clutser. To avoid these concerns we will start using a k8s node cache which will receive the node events as they come and will have the most up to date node resource in its local cache. As the slim Node structure does not contain all the fields from Core V1 Node, which are essential in case we want to perform an Update of this retrieved Node into kube-apiserver, this commit switches the usage of slim Node to kubernetes' core v1.Node. It is safe to perform this switch since the K8s Node watcher is only watching for a single node, itself. Signed-off-by: André Martins <andre@cilium.io>
-
pkg/k8s: remove node.cilium.io/agent-not-ready taint from nodes
In some environments, usually in cloud providers, Cilium is deployed on a cluster that has a pre-installed CNI plugin installed. This default installation can cause Pods to have their network managed by that CNI plugin. This results in certain Pods from being unmanaged by Cilium which are often undetected by users. To guarantee that Pods are only scheduled when Cilium has configured the node, Cilium will remove an existing taint used for this purpose: 'node.cilium.io/agent-not-ready'. This taint should be created on cluster creation for users that want to use this functionality. Suggested-by: Timo Beckers <timo@isovalent.com> Signed-off-by: André Martins <andre@cilium.io>
-
docs: re-write docs to create clusters with tainted nodes
As Cilium will remove the node taint 'node.cilium.io/agent-not-ready=true:NoSchedule' once it is up and ready, the documentation has all the necessary steps for users to create clusters using that taint. Having nodes created with this taint will prevent pods from being scheduled into those nodes until Cilium had configured the node where it's being deployed. Signed-off-by: André Martins <andre@cilium.io>
-
.github/workflows: create cloud clusters with node taints
To replicate the same steps as users do, GH workflows will now create clusters with node taints for which Cilium will remove them once it's ready in that node. Signed-off-by: André Martins <andre@cilium.io>
-
docs: remove restartPods option from node init
With a node taint setup on node creation, users will no longer be required to restart application pods since application pods will only start when Cilium is deployed and running in the cluster. Signed-off-by: André Martins <andre@cilium.io>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.