New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1758232: NetworkPolicy performance fixes [4.2] #45
Bug 1758232: NetworkPolicy performance fixes [4.2] #45
Conversation
Remove a error message that was only there to help people upgrading *incorrectly* from 3.5 or earlier. Fix variable name in selectNamespaces Fix a comment "file" -> "function". We need to validate port.Protocol even though validation also checks it, because in theory we could be out of sync with upstream. We don't need a FIXME for named ports because there's a bug open about it. We don't need to validate that ports are in range because that got fixed upstream a long time ago.
The previous code was not entirely correct in the event that Namespace and NetNamespace events got processed out of order. Fix that by tracking the events in a more unified way. (This is also needed for the upcoming cache rewrite.) Also, get rid of some unnecessary cache flushes: - We don't need to flush the cache on a Namespace update where the labels didn't change. - We only need to flush the cache on either AddNamespace or AddNetNamespace, whichever comes last. - We don't need to flush the cache (or regenerate OVS flows) on DeleteNamespace or DeleteNetNamespace, because the extra entries are harmless until the name/VNID is reused, and the cache will be flushed if that happens. Add a new subtest to confirm that we handle Namespace deletion correctly.
Rather than flushing the entire cache every time a Namespace is added, just add or remove cache entries as needed for the new Namespace. To ensure that the cache doesn't grow without bounds, flush the cache entry for a particular LabelSelector if *any* policy including that LabelSelector is deleted. Add tests for the new behavior.
@danwinship: This pull request references Bugzilla bug 1758232, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@danwinship: This pull request references Bugzilla bug 1758232, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I haven't picked over this, but since the 4.3 and 4.2 codebases are basically identical, /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: danwinship, squeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
hm... has the bot been updated to look for 4.2.z instead of 4.2.0 yet? |
@danwinship: This pull request references Bugzilla bug 1758232, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@dcbw: This pull request references Bugzilla bug 1758232, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@danwinship: This pull request references Bugzilla bug 1758232, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@danwinship: All pull requests linked via external trackers have merged. Bugzilla bug 1758232 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Backport of #36 and #42 to 4.2. (Clean backport; no changes were needed.)