Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node: Use new asynchronous IPCache API for Manager (v2) #23208

Merged
merged 9 commits into from
May 17, 2023
Merged

node: Use new asynchronous IPCache API for Manager (v2) #23208

merged 9 commits into from
May 17, 2023

Commits on May 16, 2023

  1. ipcache: Exclude ingress reserved identity from CIDR identity 

    Similar to the health reserved identity, the ingress identity shouldn't
have CIDR labels associated with it, so exclude it from the identity
resolution logic. The ingress IPs comes from the CiliumNode object.

Without this commit, ingress IPs will have a CIDR labels and therefore a
CIDR identity, instead of having the reserved ingress identity.

Related: #21142

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    79874ba View commit details
    Browse the repository at this point in the history

  2. ipcache: Add TunnelPeer/EncryptKey metadata types 

    This commit adds new types for specifying encrypt key and tunnel peer as
IPCache metadata in the new asynchronous API. In contrast to other
metadata such as labels, the tunnel IP or encryption key cannot be
merged from other sources. It is assumed that only one source provides
this information. If multiple sources provide a tunnel peer or
encryption key, a log warning is emitted and only one of the provided
peers/keys is picked.

This will allow us to move the node/manager package to use this new API
in a subsequent commit, as previously the only way to associate this
data with a node IP was using the old synchronous API.

Co-authored-by: Chris Tarazi <chris@isovalent.com>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @gandro @christarazi
    gandro and christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    4c6acc1 View commit details
    Browse the repository at this point in the history

  3. node: Extract tunnel IP and encrypt key conditions 

    This commit does not contain any functional changes. It will be used in
a subsequent commit to invoke the same logic when removing the tunnel IP
and encrypt key.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
    @gandro @christarazi
    gandro authored and christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    9b9f83c View commit details
    Browse the repository at this point in the history

  4. node: Simplify IPToNetPrefix conversion 

    Since #21183 it is no longer necessary to call `To4` before
invoking `IPToNetPrefix`.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
    @gandro @christarazi
    gandro authored and christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    9258379 View commit details
    Browse the repository at this point in the history

  5. ipcache: Rename GetIDMetadataByIP to GetMetadataLabelsByIP 

    The new name better represents what the function is. This commit has no
functional impact.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    46cca2d View commit details
    Browse the repository at this point in the history

  6. ipcache: Define new GetMetadataByPrefix 

    This will be useful for fetching the metadata for particular entries in
the ipcache.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    41df7fd View commit details
    Browse the repository at this point in the history

  7. ipcache: Export PrefixInfo 

    Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    890b340 View commit details
    Browse the repository at this point in the history

  8. node/manager: Refactor skip ipcache helper function 

    This pulls out logic that is used in both NodeUpdated() and
NodeDeleted() for proper code reuse.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    4cf882a View commit details
    Browse the repository at this point in the history

  9. nodemanager: Move to async IPCache API 

    This commit moves the node/manager package to use the new asynchronous
IPCache API. Instead of directly performing Upserts and Delete on the
various node IPs (InternalIP, ExternalIP, HealthIPs etc), we now
associate each node IP with the corresponding labels. The CEW identity
is now also determined by the node's labels, rather than its numeric
identity.

This also fixes an issue where concurrent use of the synchronous and
asynchronous API would lead to the encryption key for the kube-apiserver
node being lost (c.f. #19318).

While we are at it, change the test to use netip types instead of
net.IP.

Co-authored-by: Chris Tarazi <chris@isovalent.com>
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @gandro @christarazi
    gandro and christarazi committed May 16, 2023
    Configuration menu
    Copy the full SHA
    6a364a4 View commit details
    Browse the repository at this point in the history