-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
operator/ciliumidentity: Operator Managing CIDs #33204
Draft
ovidiutirla
wants to merge
17
commits into
cilium:main
Choose a base branch
from
ovidiutirla:feature/op-id-cid-controller
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
operator/ciliumidentity: Operator Managing CIDs #33204
ovidiutirla
wants to merge
17
commits into
cilium:main
from
ovidiutirla:feature/op-id-cid-controller
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3f3012d
to
79deba6
Compare
4e1ef07
to
001fd4d
Compare
This was referenced Jun 25, 2024
Basic identity allocator will be used by operator to manage global identities CID and agent to manage locally created identities that do not require complex features like `pkg/allocator/allocator.go`. Related: cilium#30356 Signed-off-by: Ovidiu Tirla <otirla@google.com>
The field will be used mainly by operator managing CIDs. Related cilium#27752 Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add EnqueueTimeTracker and CIDDeletionTracker structures to manage enqueuing times and track CID deletion marks. Related cilium#27752 Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add indexer for CiliumIdentity objects based on security labels to enable efficient lookup of existing CIDs for reuse during allocation when Cilium Operator manages Cilium Identities. Related cilium#27752 Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add helper function HasCEWithIdentity to check if CiliumEndpoint store contains an endpoint with a given identity. Signed-off-by: Ovidiu Tirla <otirla@google.com>
The Namespace resource will be used by Operator Managing CIDs to fetch relevant labels to create CIDs. Related cilium#27752 Signed-off-by: Ovidiu Tirla <otirla@google.com>
The Pod resource will be used by Operator Manaing CIDs to reconcile all the pods in a namespace when the namespace labels are added or removed. Related cilium#27752 Signed-off-by: Ovidiu Tirla <otirla@google.com>
EnableOperatorManageCIDs enables operator to manage CID by running a CID controller. If enabled, Identity GC cell is then disabled because CID controller takes care of garbage collection. Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add the CID cell for operator with a standard empty controller Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add the reconciler logic for reconciling CIDs, Pods, Namespaces. Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add the pod event listener and handler to enqueue pod reconciliation Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add the namespace event listener and handler to reconcile namespace Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add the CID event listener and handler to reconcile CID Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add the CES event listener and handler to reconcile CID Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add the controller for handling the Operator managing CIDs. The Cilium Identity (CID) controller running in cilium-operator and is responsible only for managing CID API objects. * Pod events are added to Pod work queue * Namespace events are processed immediately and added to Pod work queue * CID events are added to CID work queue * Processing Pod work queue items are adding items to CID work queue * Processed CID work queue items result in mutations to CID API objects Signed-off-by: Ovidiu Tirla <otirla@google.com>
Add metrics for the Operator managing CIDs. Add cid_controller_work_queue_event_count which counts processed events by CID controller work queues labeled by outcome Add cid_controller_work_queue_latency which meters the duration of CID controller work queues enqueuing and processing latencies in seconds Signed-off-by: Ovidiu Tirla <otirla@google.com>
Initialize the labels filter to limit identity-relevant labels Signed-off-by: Ovidiu Tirla <otirla@google.com>
001fd4d
to
05e0ebe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dont-merge/needs-release-note-label
The author needs to describe the release impact of these changes.
sig/policy
Impacts whether traffic is allowed or denied based on user-defined policies.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.
Fixes: #issue-number