Egress gateway modularization #23046
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dylandreimerink
added
kind/cleanup
github-actions
bot
added
the
kind/community-contribution
dylandreimerink
removed
the
kind/community-contribution
joamaki
reviewed
Jan 11, 2023
| ) | ||
|
|
||
| type Manager interface { | ||
| OnAddEgressPolicy(config PolicyConfig) |
There was a problem hiding this comment.
Are there interface definitions for these we can just embed here? e.g. subscriber.Node? Would make the purpose clear.
pkg/ipcache/cell.go
Outdated
|
|
||
| import "github.com/cilium/cilium/pkg/hive/cell" | ||
|
|
||
| var Cell = cell.Provide(NewIPCache) |
There was a problem hiding this comment.
Consider extracting the interface here. go doc ipcache.IPCache gives a good starting point. Also see if you can split the interface up by functionality (e.g. one for lookups, one for modifying etc.).
There was a problem hiding this comment.
I gave this a shot, we can significantly simplify the public API of the ipcache but it results in quite a significant diff, so I would prefer to do that in a separate PR.
dylandreimerink
force-pushed
the
feature/egressgw-modularization
branch
2 times, most recently
from
fce8d96
to
18d20c0
Compare
This commit added a Cell for the certificate manager. The cell exposes two new interfaces `CertificateManager` and `SecretManager` instead of the manager directly. The configuration/flags for the manager has been moved into the Cell. Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
To also allow rejecting a promise in promise.Map add the error return value to it. Signed-off-by: Jussi Maki <jussi@isovalent.com>
This commit turns three circularly dependent components into Cells, those being `ipcache.IPCache`, `daemon.CachingIdentityAllocator`, and `policy.Repository`. The main objective was to modularize the caching identity allocator but its dependent on IPCache, which is dependent on the policy repo which in turn is dependent on the identity allocator, thus making a cycle. Promises are used to wire the CachingIdentityAllocator and policy repo since import cycles aren't allowed in Hive. Daemon was refactored to deal with the increase in passed parameters and use daemon context for promise awaits (cancelled if start times out) Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com> Co-authored-by: Jussi Maki <jussi@isovalent.com>
This commit turns the egress gateway manager into a Cell. This builds on the modularization of the CachingIdentityAllocator. Until now the egress gateway would busy-poll the daemon to see if the k8s caches are synced. This is now done via a channel on a new object called `k8s.CacheSyncedChecker` which is shared via Hive to both the daemon which will modify it and the egress gateway which will subscribe to it. This commit also abstracts the egress gateway manager behind an interface to make it loosely coupled. Threshold for too many arguments to newDaemon has been passed, so just use daemonParams directly. Also respect the start context by cancelling the daemon context if it times out before start has finished. Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com> Co-authored-by: Jussi Maki <jussi@isovalent.com>
dylandreimerink
force-pushed
the
feature/egressgw-modularization
branch
from
54de13d
to
8dcc045
Compare
|
This pull request has been automatically marked as stale because it |
github-actions
bot
added
the
stale
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR converts the egress gateway into a Hive cell. To facilitate this change the
ipcache.IPCache,daemon.CachingIdentityAllocator,policy.Repository, andcertificatemanagerhave been modularized as well.