Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1758232: NetworkPolicy performance fixes [4.2] #45

Merged
merged 6 commits into from Oct 22, 2019
Merged

Bug 1758232: NetworkPolicy performance fixes [4.2] #45

merged 6 commits into from Oct 22, 2019

Conversation

danwinship
Copy link
Contributor

Backport of #36 and #42 to 4.2. (Clean backport; no changes were needed.)

@danwinship
networkpolicy: add a unit test
cbd3c3b
@danwinship
networkpolicy: minor fixups
e1206d8 
Remove a error message that was only there to help people upgrading
*incorrectly* from 3.5 or earlier.

Fix variable name in selectNamespaces

Fix a comment "file" -> "function".

We need to validate port.Protocol even though validation also checks
it, because in theory we could be out of sync with upstream.

We don't need a FIXME for named ports because there's a bug open about
it.

We don't need to validate that ports are in range because that got
fixed upstream a long time ago.
@danwinship
networkpolicy: add a namespaceSelector cache
64bda44
@danwinship
Merge NetworkPolicy Namespace/NetNamespace tracking
e6cd5fe 
The previous code was not entirely correct in the event that Namespace
and NetNamespace events got processed out of order. Fix that by
tracking the events in a more unified way. (This is also needed for
the upcoming cache rewrite.)

Also, get rid of some unnecessary cache flushes:

  - We don't need to flush the cache on a Namespace update where the
    labels didn't change.

  - We only need to flush the cache on either AddNamespace or
    AddNetNamespace, whichever comes last.

  - We don't need to flush the cache (or regenerate OVS flows) on
    DeleteNamespace or DeleteNetNamespace, because the extra entries
    are harmless until the name/VNID is reused, and the cache will be
    flushed if that happens.

Add a new subtest to confirm that we handle Namespace deletion
correctly.
@danwinship
Improve NetworkPolicy cache
7609771 
Rather than flushing the entire cache every time a Namespace is added,
just add or remove cache entries as needed for the new Namespace.

To ensure that the cache doesn't grow without bounds, flush the cache
entry for a particular LabelSelector if *any* policy including that
LabelSelector is deleted.

Add tests for the new behavior.
@danwinship
Add a NetworkPolicy cache unit test
1b64205
@openshift-ci-robot openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Oct 3, 2019
@openshift-ci-robot
Copy link
Contributor

@danwinship: This pull request references Bugzilla bug 1758232, which is invalid:

  • expected the bug to target the "4.2.0" release, but it targets "4.2.z" instead
  • expected dependent Bugzilla bug 1752636 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is MODIFIED instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1758232: NetworkPolicy performance fixes [4.2]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Oct 3, 2019
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 3, 2019
@danwinship
Copy link
Contributor Author

/bugzilla refresh

@openshift-ci-robot
Copy link
Contributor

@danwinship: This pull request references Bugzilla bug 1758232, which is invalid:

  • expected the bug to target the "4.2.0" release, but it targets "4.2.z" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sridhargaddam sridhargaddam mentioned this pull request Oct 5, 2019
Merged
@squeed
Copy link
Contributor

squeed commented Oct 8, 2019

I haven't picked over this, but since the 4.3 and 4.2 codebases are basically identical,

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 8, 2019
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, squeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@danwinship
Copy link
Contributor Author

hm... has the bot been updated to look for 4.2.z instead of 4.2.0 yet?
/bugzilla refresh

@openshift-ci-robot
Copy link
Contributor

@danwinship: This pull request references Bugzilla bug 1758232, which is invalid:

  • expected the bug to target the "4.2.0" release, but it targets "4.2.z" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

hm... has the bot been updated to look for 4.2.z instead of 4.2.0 yet?
/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dcbw
Copy link
Contributor

dcbw commented Oct 15, 2019

/bugzilla refresh

@openshift-ci-robot
Copy link
Contributor

@dcbw: This pull request references Bugzilla bug 1758232, which is invalid:

  • expected the bug to target the "4.2.0" release, but it targets "4.2.z" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@danwinship
Copy link
Contributor Author

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Oct 17, 2019
@openshift-ci-robot
Copy link
Contributor

@danwinship: This pull request references Bugzilla bug 1758232, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jwforres jwforres added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 22, 2019
@openshift-merge-robot openshift-merge-robot merged commit a8140cc into openshift:release-4.2 Oct 22, 2019
@openshift-ci-robot
Copy link
Contributor

@danwinship: All pull requests linked via external trackers have merged. Bugzilla bug 1758232 has been moved to the MODIFIED state.

In response to this:

Bug 1758232: NetworkPolicy performance fixes [4.2]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@danwinship danwinship deleted the networkpolicy-performance-4.2 branch March 25, 2020 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcbw dcbw Awaiting requested review from dcbw

@squeed squeed Awaiting requested review from squeed

Assignees

@squeed squeed

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@danwinship @openshift-ci-robot @squeed @dcbw @jwforres @openshift-merge-robot