Checks k8s metadata for pod before removing IP from ipcache #17161
Conversation
|
Commit fa90d82a6ad4e14c17f8c03b8492ef27bcd215a0 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
dont-merge/needs-sign-off
|
Commit fa90d82a6ad4e14c17f8c03b8492ef27bcd215a0 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
|
Odd, commit has "Signed-off-by"...not sure why bot thinks otherwise... |
Weil0ng
added
release-note/misc
The commit fa90d82 didn't have the Sign-off 😅 |
huh, still confused, yes when I created this PR, I forgot to add a signoff, so bot freaked out first time (and it should :) ), but then I amended the commmit with signoff and pushed, now if I click on "Commits" I can see the signoff in commit, but somehow bot is still unhappy...am I missing something? Also curious, how did you find the previous commit? I somehow couldn't find it... |
|
@Weil0ng if you click here or in the commit the bot had left:
BTW the CI failures are related with the changes made in this PR. |
This is to prevent removing ip cache when a Pod's IP is reused. We will only remove ip cache entry if the k8s metadata associated with the IP is "current", meaning tha the last time we update this entry, it is from the same pod or CEP. Signed-off-by: Weilong Cui <cuiwl@google.com>
Thanks! I guess I was confused why bot keeps complaining an "old" commit :) Fixed typo in code, PTAL. |
|
test-me-please |
rolinh
changed the title
|
ci-awscni |
|
ci-aks |
|
ci-eks |
|
ci-gke |
maintainer-s-little-helper
bot
added
the
ready-to-merge
| k8sMeta := ipcache.IPIdentityCache.GetK8sMetadata(podIP) | ||
| if k8sMeta.Namespace == pod.Namespace && k8sMeta.PodName == pod.Name { | ||
| ipcache.IPIdentityCache.Delete(podIP, source.Kubernetes) |
There was a problem hiding this comment.
This should occur within a single critical section, otherwise other parts of the system could delete, modify or update the IPCache in between the lookup and the delete here.
There was a problem hiding this comment.
Sent a fix in #17909, ptal.
Fixes potential racing condition introduced in PR cilium#17161. Suggested-by: Joe Stringer <joe@cilium.io> Signed-off-by: Weilong Cui <cuiwl@google.com>
Fixes potential racing condition introduced in PR #17161. Suggested-by: Joe Stringer <joe@cilium.io> Signed-off-by: Weilong Cui <cuiwl@google.com>
[ upstream commit 3650544 ] Fixes potential racing condition introduced in PR cilium#17161. Suggested-by: Joe Stringer <joe@cilium.io> Signed-off-by: Weilong Cui <cuiwl@google.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
This is to prevent removing ip cache when a Pod's IP is reused. We will
only remove ip cache entry if the k8s metadata associated with the IP is
"current", meaning tha the last time we update this entry, it is from
the same pod or CEP.
Fixes: #16565