New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eni: Fix unexpected IP release when agent restarts #9888
eni: Fix unexpected IP release when agent restarts #9888
Conversation
@tgraf @aanm @ungureanuvladvictor Please take a look |
Release note label not set, please set the appropriate release note. |
test-me-please (known flake https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated/16410/) |
test-me-please |
pkg/ipam/allocator.go
Outdated
@@ -44,7 +44,7 @@ var ( | |||
) | |||
|
|||
// AllocateIP allocates a IP address. | |||
func (ipam *IPAM) AllocateIP(ip net.IP, owner string) (err error) { | |||
func (ipam *IPAM) AllocateIP(ip net.IP, owner string, refresh bool) (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please introduce a new function AllocateIPAndSyncUpstream()
instead of adding an argument. It will document the difference between refreshing the node immediately or postponing it. Reading true
or false
to a function argument makes the code hard to understand without looking up the definition of the function.
pkg/ipam/crd.go
Outdated
|
||
// TriggerRefresh updates the custom resource in the apiserver based on the latest | ||
// information in the local node store | ||
func (a *crdAllocator) TriggerRefresh(reason string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's call this SyncUpstream()
to be more generic. The concept of refreshing the node is clear for the CRD IPAM where there is a CiliumNode CRD but it is not clear from a general-purpose IPAM perspective.
daemon/daemon.go
Outdated
@@ -450,6 +450,20 @@ func NewDaemon(ctx context.Context, dp datapath.Datapath) (*Daemon, *endpointRes | |||
return nil, nil, err | |||
} | |||
|
|||
// Trigger refresh and update custom resource in the apiserver with all restored endpoints |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand the intent of this code correctly, then you are adding this code because the following:
store.refreshTrigger.TriggerWithReason("initial sync")
which also triggers a sync of the node is done too early and not blocking. Correct?
Instead of adding this code explicitly, please extend pkg/trigger
with a function to wait for the first execution of the trigger and then invoke the existing trigger instead of introducing a parallel way of invoking the sync. That way, the metrics on trigger invocations remain correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the comments! I understand and absolutely agree with your idea that we should do all the sync actions from the existing trigger. I don't fully understand
please extend pkg/trigger with a function to wait for the first execution of the trigger and then invoke the existing trigger
Do you mean extending pkg/trigger with a function, say TriggerAfter
, which waits for restoration of pods, router
and health
endpoints and then invoke the existing trigger?
And also replace the following:
store.refreshTrigger.TriggerWithReason("initial sync")
with
store.refreshTrigger.TriggerAfter(checkRestoration)
Is my understanding right?
1860ea7
to
002a5c9
Compare
wip, please don't review |
8a76f13
to
6640e69
Compare
6640e69
to
90841da
Compare
90841da
to
af873de
Compare
@tgraf comment addressed, please take another look |
test-me-please |
When cilium agent in eni mode restarts, ciliumnode custom resource is cleared and refilled by several updates. Specifically, Status.IPAM.Used map which holds all used IPs is first updated to an empty map before endpoints finish restoration. This becomes critical if `--aws-release-excess-ips` is enabled since cilium operator treats empty IPAM.Used map as no address used hence releases addresses arbitraryly, causing restored endpoints disconnected. This patch fixes this by combining per endpoint update requests into one update request after all endpoint restoration finishes so that Status.IPAM.Used keeps the desired state during agent restart. Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com>
af873de
to
66e4e47
Compare
test-me-please |
Last ginkgo tests failed, please help retrigger the tests |
test-me-please |
test-me-please Sorry folks, the previous test run was on a bogus machine so I needed to restart it. |
K8s 1.18 vm provisioning fail: https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated/18154/ |
test-me-please |
When cilium agent in eni mode restarts, ciliumnode custom resource
is cleared and refilled by several updates. Specifically,
Status.IPAM.Used map which holds all used IPs is first updated
to an empty map before endpoints finish restoration.
This becomes critical if
--aws-release-excess-ips
is enabledsince cilium operator treats empty IPAM.Used map as no address used
hence releases addresses arbitraryly, causing restored endpoints
disconnected.
This patch fixes this by combining per endpoint update requests
into one update request after all endpoint restoration finishes so
that Status.IPAM.Used keeps the desired state during agent restart.
Signed-off-by: Jaff Cheng jaff.cheng.sh@gmail.com
This change is