-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clustermesh: Add an infrastructure for connect time parameter exchange and capability negotiation #22553
clustermesh: Add an infrastructure for connect time parameter exchange and capability negotiation #22553
Conversation
49c7848
to
7292a6f
Compare
7692323
to
eff723a
Compare
bc48cb1
to
4c75c5b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM @YutaroHayakawa just a heads-up that since we have branched v1.13, this PR will not be part of the 1.13 unless it is set with the needs-backport/1.13 label.
Ok, let me put it. Thanks for the heads up. |
/test |
Add a new type CiliumClusterConfig which represents a cluster configuration. This will be serialized and stored into kvstore during the clustermesh-apiserver startup time. Later on, cilium-agent on each node reads it when connecting to new clusters. The current use case of this is getting ClusterID at connect time, but by exposing the cluster configuration, we can also do some useful validation such as - Make sure the cluster id is not conflicting with existing clusters. - Make sure the new cluster doesn't have any capability mismatch. Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
Add hepler functions to set/get cluster information on kvstore. Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
Implement a basic connect-time validation using CiliumClusterConfig. clustermesh-apiserver is modified to set local CiliumClusterConfig on start-up time and cilium-agent is modified to get CiliumClusterConfig of remote clusters and validates it. Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
For compatibility with an old Cilium that doesn't support cluster configuration feature, we should be able to connect to the remote cluster even if the configuration is missing. Test it. Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
4c75c5b
to
d95f03f
Compare
/test |
Failed tests |
/ci-aks |
All tests have passed. Making this ready-to-merge. |
Should @aanm become a member of @cilium/sig-clustermesh? |
Add a new kvstore object
CiliumClusterConfig
with pathcilium/cluster-config/<cluster name>
. The object is created per cluster by clustermesh-apiserver and obtained by cilium-agent at start-up time. The use cases of the objects areGetting per-cluster parameter
ClusterMesh with overlapping PodCIDR support needs this for getting ClusterID on connect time and setup kvstore observers to annotate incoming objects with remote ClusterID. We can put such parameters to
CiliumClusterConfig
.Capability negotiation and configuration validation
When there's a capability mismatch or configuration mismatch between clusters, we may not be able to connect those clusters correctly. Currently, we don't have any mechanism to check such a mismatch. With
CiliumClusterConfig
, we can check that on connect time. Currently, we only check ClusterID duplication but can add any capabilities/configuration in the future.