[chore][INF-7193] agentSandbox daemonsets use hostNetwork by default#345
Conversation
|
| Filename | Overview |
|---|---|
| charts/retool/templates/agent_sandbox_device_plugin.yaml | Adds hostNetwork/dnsPolicy inside the pod template spec when rr.agentSandbox.hostNetwork is true; template whitespace trimming ({{- end }}, no right-trim) is correct and renders valid YAML. |
| charts/retool/templates/agent_sandbox_prepuller.yaml | Same hostNetwork/dnsPolicy conditional added inside the pod template spec; {{- end }} (no right-trim) correctly preserves the following newline before terminationGracePeriodSeconds. |
| charts/retool/templates/agent_sandbox_seccomp.yaml | Same hostNetwork/dnsPolicy conditional added inside the pod template spec; {{- end }} correctly preserves the newline before initContainers. |
| charts/retool/values.yaml | Adds hostNetwork: true under rr.agentSandbox, enabling host networking for all three DaemonSets by default; users can opt out by setting the value to false. |
| values.yaml | Mirror of charts/retool/values.yaml change; hostNetwork: true added under rr.agentSandbox consistently. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[agentSandbox DaemonSet Pod Spec] --> B{rr.agentSandbox.hostNetwork}
B -- true default --> C["hostNetwork: true\ndnsPolicy: ClusterFirstWithHostNet"]
B -- false opt-out --> D["hostNetwork omitted\ndnsPolicy: ClusterFirst"]
C --> E[Pod shares node network namespace\nNo new IP allocated per pod]
D --> F[Pod gets its own IP\n3x num_nodes IPs allocated]
E --> G[device-plugin DaemonSet]
E --> H[image-prepuller DaemonSet]
E --> I[node-installer DaemonSet]
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
A[agentSandbox DaemonSet Pod Spec] --> B{rr.agentSandbox.hostNetwork}
B -- true default --> C["hostNetwork: true\ndnsPolicy: ClusterFirstWithHostNet"]
B -- false opt-out --> D["hostNetwork omitted\ndnsPolicy: ClusterFirst"]
C --> E[Pod shares node network namespace\nNo new IP allocated per pod]
D --> F[Pod gets its own IP\n3x num_nodes IPs allocated]
E --> G[device-plugin DaemonSet]
E --> H[image-prepuller DaemonSet]
E --> I[node-installer DaemonSet]
Reviews (4): Last reviewed commit: "[chore][INF-7193] agentSandbox daemonset..." | Re-trigger Greptile
3845816 to
fc093f5
Compare
attempting to allocate
3 * num_nodesnew IPs for the agent-sandbox daemonsets has led to IP exhaustion in some of our MSH clusters. there's no apparent reason to assign each pod its own IP (they have no ports defined), so configuring them to use the host network avoids this issue.