eni: Fix unexpected IP release when agent restarts #9888
Conversation
|
@tgraf @aanm @ungureanuvladvictor Please take a look |
|
Release note label not set, please set the appropriate release note. |
|
test-me-please (known flake https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated/16410/) |
aanm
added
the
release-note/bug
|
test-me-please |
pkg/ipam/allocator.go
Outdated
| @@ -44,7 +44,7 @@ var ( | |||
| ) | |||
|
|
|||
| // AllocateIP allocates a IP address. | |||
| func (ipam *IPAM) AllocateIP(ip net.IP, owner string) (err error) { | |||
| func (ipam *IPAM) AllocateIP(ip net.IP, owner string, refresh bool) (err error) { | |||
There was a problem hiding this comment.
Please introduce a new function AllocateIPAndSyncUpstream() instead of adding an argument. It will document the difference between refreshing the node immediately or postponing it. Reading true or false to a function argument makes the code hard to understand without looking up the definition of the function.
pkg/ipam/crd.go
Outdated
|
|
||
| // TriggerRefresh updates the custom resource in the apiserver based on the latest | ||
| // information in the local node store | ||
| func (a *crdAllocator) TriggerRefresh(reason string) error { |
There was a problem hiding this comment.
Let's call this SyncUpstream() to be more generic. The concept of refreshing the node is clear for the CRD IPAM where there is a CiliumNode CRD but it is not clear from a general-purpose IPAM perspective.
daemon/daemon.go
Outdated
| @@ -450,6 +450,20 @@ func NewDaemon(ctx context.Context, dp datapath.Datapath) (*Daemon, *endpointRes | |||
| return nil, nil, err | |||
| } | |||
|
|
|||
| // Trigger refresh and update custom resource in the apiserver with all restored endpoints | |||
There was a problem hiding this comment.
If I understand the intent of this code correctly, then you are adding this code because the following:
store.refreshTrigger.TriggerWithReason("initial sync")
which also triggers a sync of the node is done too early and not blocking. Correct?
Instead of adding this code explicitly, please extend pkg/trigger with a function to wait for the first execution of the trigger and then invoke the existing trigger instead of introducing a parallel way of invoking the sync. That way, the metrics on trigger invocations remain correct.
There was a problem hiding this comment.
Thanks for the comments! I understand and absolutely agree with your idea that we should do all the sync actions from the existing trigger. I don't fully understand
please extend pkg/trigger with a function to wait for the first execution of the trigger and then invoke the existing trigger
Do you mean extending pkg/trigger with a function, say TriggerAfter, which waits for restoration of pods, router and health endpoints and then invoke the existing trigger?
And also replace the following:
store.refreshTrigger.TriggerWithReason("initial sync")
with
store.refreshTrigger.TriggerAfter(checkRestoration)
Is my understanding right?
aanm
added
needs-backport/1.7
dont-merge/needs-rebase
jaffcheng
force-pushed
the
pr/jaffcheng/trigger-refresh-only-once-during-restore
branch
3 times, most recently
from
1860ea7
to
002a5c9
Compare
|
wip, please don't review |
aanm
added
the
dont-merge/needs-rebase
jaffcheng
force-pushed
the
pr/jaffcheng/trigger-refresh-only-once-during-restore
branch
from
8a76f13
to
6640e69
Compare
jaffcheng
force-pushed
the
pr/jaffcheng/trigger-refresh-only-once-during-restore
branch
from
6640e69
to
90841da
Compare
jaffcheng
force-pushed
the
pr/jaffcheng/trigger-refresh-only-once-during-restore
branch
from
90841da
to
af873de
Compare
|
@tgraf comment addressed, please take another look |
|
test-me-please |
When cilium agent in eni mode restarts, ciliumnode custom resource is cleared and refilled by several updates. Specifically, Status.IPAM.Used map which holds all used IPs is first updated to an empty map before endpoints finish restoration. This becomes critical if `--aws-release-excess-ips` is enabled since cilium operator treats empty IPAM.Used map as no address used hence releases addresses arbitraryly, causing restored endpoints disconnected. This patch fixes this by combining per endpoint update requests into one update request after all endpoint restoration finishes so that Status.IPAM.Used keeps the desired state during agent restart. Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com>
jaffcheng
force-pushed
the
pr/jaffcheng/trigger-refresh-only-once-during-restore
branch
from
af873de
to
66e4e47
Compare
|
test-me-please |
|
Last ginkgo tests failed, please help retrigger the tests |
|
test-me-please |
|
test-me-please Sorry folks, the previous test run was on a bogus machine so I needed to restart it. |
tklauser
removed
the
dont-merge/needs-rebase
|
K8s 1.18 vm provisioning fail: https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-Validated/18154/ |
|
test-me-please |
jaffcheng
deleted the
pr/jaffcheng/trigger-refresh-only-once-during-restore
branch
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.7
in 1.7.2
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.7
in 1.7.2
When cilium agent in eni mode restarts, ciliumnode custom resource
is cleared and refilled by several updates. Specifically,
Status.IPAM.Used map which holds all used IPs is first updated
to an empty map before endpoints finish restoration.
This becomes critical if
--aws-release-excess-ipsis enabledsince cilium operator treats empty IPAM.Used map as no address used
hence releases addresses arbitraryly, causing restored endpoints
disconnected.
This patch fixes this by combining per endpoint update requests
into one update request after all endpoint restoration finishes so
that Status.IPAM.Used keeps the desired state during agent restart.
Signed-off-by: Jaff Cheng jaff.cheng.sh@gmail.com
This change is