New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checks k8s metadata for pod before removing IP from ipcache #17161
Conversation
Commit fa90d82a6ad4e14c17f8c03b8492ef27bcd215a0 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Commit fa90d82a6ad4e14c17f8c03b8492ef27bcd215a0 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Odd, commit has "Signed-off-by"...not sure why bot thinks otherwise... |
The commit fa90d82 didn't have the Sign-off 😅 |
huh, still confused, yes when I created this PR, I forgot to add a signoff, so bot freaked out first time (and it should :) ), but then I amended the commmit with signoff and pushed, now if I click on "Commits" I can see the signoff in commit, but somehow bot is still unhappy...am I missing something? Also curious, how did you find the previous commit? I somehow couldn't find it... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like there is a typo, as reported by the CI... Overall the change LGTM.
@Weil0ng if you click here or in the commit the bot had left: BTW the CI failures are related with the changes made in this PR. |
This is to prevent removing ip cache when a Pod's IP is reused. We will only remove ip cache entry if the k8s metadata associated with the IP is "current", meaning tha the last time we update this entry, it is from the same pod or CEP. Signed-off-by: Weilong Cui <cuiwl@google.com>
Thanks! I guess I was confused why bot keeps complaining an "old" commit :) Fixed typo in code, PTAL. |
test-me-please |
ci-awscni |
ci-aks |
ci-eks |
ci-gke |
k8sMeta := ipcache.IPIdentityCache.GetK8sMetadata(podIP) | ||
if k8sMeta.Namespace == pod.Namespace && k8sMeta.PodName == pod.Name { | ||
ipcache.IPIdentityCache.Delete(podIP, source.Kubernetes) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should occur within a single critical section, otherwise other parts of the system could delete, modify or update the IPCache in between the lookup and the delete here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sent a fix in #17909, ptal.
Fixes potential racing condition introduced in PR cilium#17161. Suggested-by: Joe Stringer <joe@cilium.io> Signed-off-by: Weilong Cui <cuiwl@google.com>
Fixes potential racing condition introduced in PR #17161. Suggested-by: Joe Stringer <joe@cilium.io> Signed-off-by: Weilong Cui <cuiwl@google.com>
[ upstream commit 3650544 ] Fixes potential racing condition introduced in PR cilium#17161. Suggested-by: Joe Stringer <joe@cilium.io> Signed-off-by: Weilong Cui <cuiwl@google.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
This is to prevent removing ip cache when a Pod's IP is reused. We will
only remove ip cache entry if the k8s metadata associated with the IP is
"current", meaning tha the last time we update this entry, it is from
the same pod or CEP.
Fixes: #16565