New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-1.21] network: pass pod UID to ocicni when performing network operations #5028
[release-1.21] network: pass pod UID to ocicni when performing network operations #5028
Conversation
To allow passing pod UID to plugins. Signed-off-by: Dan Williams <dcbw@redhat.com> (cherry picked from commit 860edbe)
This allows plugins to more correctly cancel long-running sandbox operations when the pod is deleted/re-created in the Kube API while the call is ongoing. Signed-off-by: Dan Williams <dcbw@redhat.com> (cherry picked from commit 6e8d370)
Codecov Report
@@ Coverage Diff @@
## release-1.21 #5028 +/- ##
=============================================
Coverage 43.26% 43.27%
=============================================
Files 107 107
Lines 9839 9840 +1
=============================================
+ Hits 4257 4258 +1
Misses 5128 5128
Partials 454 454 |
@dcbw: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/test e2e_rhel |
@saschagrunert you approved the 1.22 and 1.20 backports, I assume this one for 1.21 is OK too? :) Thanks! |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dcbw, haircommander The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Ongoing sandbox requests cannot be (or are not) canceled by kubelet, leading to a situation where short-lived pods (especially Kubernetes e2e tests for stateful sets) cause overlapping sandbox requests. If the CNI plugin needs to wait for network state to converge, it's pointless to wait for a sandbox who's pod has been deleted so the plugin should cancel the request and return to the runtime. However, it's impossible to do that race-free without the pod UID the sandbox was created for, since the there is a gap between when kubelet requests the sandbox creation and when the plugin gets the pod object from the apiserver when the pod could have been deleted and recreated, and the CNI plugin would retrieve information for the new pod, not the pod the sandbox was created for.
Passing the pod UID to the plugin allows the plugin to cancel the operation when the pod UID retrieved from the apiserver during plugin operation does not match the one the sandbox was created for.
@trozet @haircommander @mrunalp
Cherry-pick of #5026
/kind feature