Adding obligatory cleanup to the beginning of every CNI ADD operation.

Before a CNI ADD is performed we unfortunetaly have to checkk if any DanmEps were already created for the exact same Pod. This is because Kubelet can double invoke CNI ADDs without ever invoking CNI DEL in certain cases. This results in unfortunate extra REST traffic, but is the only way to guarantee correct cluster state.
nokia · May 12, 2020 · caaf9b5 · caaf9b5
1 parent ea8f0a9
commit caaf9b5
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/pkg/metacni/metacni.go b/pkg/metacni/metacni.go
@@ -219,6 +219,7 @@ func setupNetworking(args *datastructs.CniArgs) (*current.Result, error) {
   if err != nil {
     return nil, err
   }
+  cleanOutdatedAllocations(danmClient, args)
   if args.DefaultNetwork != nil {
     syncher.ExpectedNumOfResults++
     defParam := datastructs.Interface{SequenceId: 0, Ip: "dynamic",}
@@ -492,3 +493,17 @@ func deleteNic(netInfo *danmtypes.DanmNet, ep *danmtypes.DanmEp) error {
 func GetInterfaces(args *skel.CmdArgs) error {
   return nil
 }
+
+// I'm tired of cleaning up after Kubelet, but what can we do? :)
+// After a full cluster restart Kubelet invokes a CNI_ADD for the same Pod, with the same UID.
+// We need to take care of clearing old, invalid allocations for the same UID ourselves during ADD.
+func cleanOutdatedAllocations(danmClient danmclientset.Interface, args *datastructs.CniArgs){
+  deps, _ := danmep.FindByPodName(danmClient, args.Pod.ObjectMeta.Name, args.Pod.ObjectMeta.Namespace)
+  for _, dep := range deps {
+    if dep.Spec.PodUID == args.Pod.ObjectMeta.UID {
+      dnet, _ := netcontrol.GetNetworkFromEp(danmClient, &dep)
+      danmep.DeleteDanmEp(danmClient, &dep, dnet)
+      log.Println("WARNING: DANM needed to reconcile inconsistent cluster state during CNI ADD, as DanmEps already existed for Pod:" + args.Pod.ObjectMeta.Name + " in namespace:" + args.Pod.ObjectMeta.Namespace)
+    }
+  }
+}