-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
node: Use new asynchronous IPCache API for Manager (v2) #23208
Commits on May 16, 2023
-
ipcache: Exclude ingress reserved identity from CIDR identity
Similar to the health reserved identity, the ingress identity shouldn't have CIDR labels associated with it, so exclude it from the identity resolution logic. The ingress IPs comes from the CiliumNode object. Without this commit, ingress IPs will have a CIDR labels and therefore a CIDR identity, instead of having the reserved ingress identity. Related: #21142 Signed-off-by: Chris Tarazi <chris@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 79874ba - Browse repository at this point
Copy the full SHA 79874baView commit details -
ipcache: Add TunnelPeer/EncryptKey metadata types
This commit adds new types for specifying encrypt key and tunnel peer as IPCache metadata in the new asynchronous API. In contrast to other metadata such as labels, the tunnel IP or encryption key cannot be merged from other sources. It is assumed that only one source provides this information. If multiple sources provide a tunnel peer or encryption key, a log warning is emitted and only one of the provided peers/keys is picked. This will allow us to move the node/manager package to use this new API in a subsequent commit, as previously the only way to associate this data with a node IP was using the old synchronous API. Co-authored-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Chris Tarazi <chris@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 4c6acc1 - Browse repository at this point
Copy the full SHA 4c6acc1View commit details -
node: Extract tunnel IP and encrypt key conditions
This commit does not contain any functional changes. It will be used in a subsequent commit to invoke the same logic when removing the tunnel IP and encrypt key. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 9b9f83c - Browse repository at this point
Copy the full SHA 9b9f83cView commit details -
node: Simplify IPToNetPrefix conversion
Since #21183 it is no longer necessary to call `To4` before invoking `IPToNetPrefix`. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 9258379 - Browse repository at this point
Copy the full SHA 9258379View commit details -
ipcache: Rename GetIDMetadataByIP to GetMetadataLabelsByIP
The new name better represents what the function is. This commit has no functional impact. Signed-off-by: Chris Tarazi <chris@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 46cca2d - Browse repository at this point
Copy the full SHA 46cca2dView commit details -
ipcache: Define new GetMetadataByPrefix
This will be useful for fetching the metadata for particular entries in the ipcache. Signed-off-by: Chris Tarazi <chris@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 41df7fd - Browse repository at this point
Copy the full SHA 41df7fdView commit details -
Signed-off-by: Chris Tarazi <chris@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 890b340 - Browse repository at this point
Copy the full SHA 890b340View commit details -
node/manager: Refactor skip ipcache helper function
This pulls out logic that is used in both NodeUpdated() and NodeDeleted() for proper code reuse. Signed-off-by: Chris Tarazi <chris@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 4cf882a - Browse repository at this point
Copy the full SHA 4cf882aView commit details -
nodemanager: Move to async IPCache API
This commit moves the node/manager package to use the new asynchronous IPCache API. Instead of directly performing Upserts and Delete on the various node IPs (InternalIP, ExternalIP, HealthIPs etc), we now associate each node IP with the corresponding labels. The CEW identity is now also determined by the node's labels, rather than its numeric identity. This also fixes an issue where concurrent use of the synchronous and asynchronous API would lead to the encryption key for the kube-apiserver node being lost (c.f. #19318). While we are at it, change the test to use netip types instead of net.IP. Co-authored-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Chris Tarazi <chris@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 6a364a4 - Browse repository at this point
Copy the full SHA 6a364a4View commit details