Use kubernetes shared informers in OpenShift network plugins #14030
Conversation
|
@openshift/networking PTAL |
pkg/sdn/plugin/common.go
Outdated
| var expectedObjType interface{} | ||
|
|
||
| switch resourceName { | ||
| case Nodes: |
There was a problem hiding this comment.
You call this func with 4 different ResourceName values (Namespaces, Services, Pods, Nodes) but only support Nodes?
There was a problem hiding this comment.
oops, missed updating this method for the other resource names. Updated
pravisankar
force-pushed
the
sdn-use-shared-informers
branch
from
3630f4e to
60dfe15
Compare
|
[testextended][extended:networking] |
|
[test] |
pravisankar
force-pushed
the
sdn-use-shared-informers
branch
3 times, most recently
from
9e50cb2 to
4089a7a
Compare
pkg/sdn/plugin/networkpolicy.go
Outdated
| // threads modify this map. | ||
| oldPod, podExisted := np.pods[pod.UID] | ||
| if (podExisted && oldPod.Status.PodIP == pod.Status.PodIP && reflect.DeepEqual(oldPod.Labels, pod.Labels)) || | ||
| (pod.Status.PodIP == "") { |
There was a problem hiding this comment.
Could there ever be a pod Update event where PodIP = ""? Likely not probably, but maybe we should handle that as a pod deletion?
There was a problem hiding this comment.
I realized deleting pod in this case is not a good idea. Pod network plugin setup is only called for pods with HostNetwork=false but watch pods do get pods that has HostNetwork=true and podIP is not set in this case. Since HostNetwork check was missing in watch pods, we could have deleted a valid pod. I will add HostNetwork check in watch pods and will log a warning if podIP is not set.
| log.Errorf("Error creating subnet for node %s, ip %s: %v", node.Name, nodeIP, err) | ||
| return | ||
| } | ||
| master.hostSubnetNodeIPs[node.UID] = usedNodeIP |
There was a problem hiding this comment.
Does this map need locking at all? I guess we're guaranteed that the shared informer will call add/del in the same goroutine, so we probably don't. Right?
There was a problem hiding this comment.
Yes, add/update/del events are serially processed from the shared informer queue. So no additional locking required.
pkg/sdn/plugin/networkpolicy.go
Outdated
| @@ -364,7 +278,7 @@ func (np *networkPolicyPlugin) selectPods(npns *npNamespace, lsel *metav1.LabelS | |||
| glog.Errorf("ValidateNetworkPolicy() failure! Invalid PodSelector: %v", err) | |||
| return ips | |||
| } | |||
| for _, pod := range npns.pods { | |||
| for _, pod := range np.pods { | |||
There was a problem hiding this comment.
Since you're looping over all pods now you need to check pod.Namespace explicitly
pkg/sdn/plugin/subnets.go
Outdated
| } | ||
| nodeInformer := master.informers.InternalKubernetesInformers().Core().InternalVersion().Nodes() | ||
| nodeInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ | ||
| AddFunc: func(obj interface{}) { |
There was a problem hiding this comment.
maybe add a helper function that takes a shared.InformerFactory, a "handleAddOrUpdateFunc" and a "handleDeleteFunc", and creates a cache.ResourceEventHandlerFuncs (doing the DeletedFinalStateUnknown handling) and calls AddEventHandler on it?
pravisankar
force-pushed
the
sdn-use-shared-informers
branch
3 times, most recently
from
b927bde to
6afa0ff
Compare
|
@openshift/networking Updated, PTAL |
This will help sdn watch resources to reuse the existing shared informers instead of creating a new watch routine for the resource.
This will help sdn watch resources to reuse the existing shared informers instead of creating a new watch routine for the resource.
- Create pod watch for all namespaces instead of pod watch for each namespace - Use shared informers for pod watch
…EventQueue() These resources can use shared informers if needed.
If we get a pod with out any IP set then log warning and bail out.
pravisankar
force-pushed
the
sdn-use-shared-informers
branch
from
6afa0ff to
abc81c6
Compare
|
Evaluated for origin testextended up to abc81c6 |
|
continuous-integration/openshift-jenkins/testextended SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin_extended/375/) (Base Commit: 2628c77) (Extended Tests: networking) |
|
@openshift-bot test this issue #13977 |
|
Latest changes LGTM too. |
|
[test] issue #13977 |
|
Evaluated for origin test up to abc81c6 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/1432/) (Base Commit: b38274c) |
|
[merge] |
|
flake #14229 [merge] |
|
flake #14197, [merge] |
|
[merge] flake on #14236
…On Wed, May 17, 2017 at 6:53 PM, OpenShift Bot ***@***.***> wrote:
continuous-integration/openshift-jenkins/merge FAILURE (
https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin/682/)
(Base Commit: 1c9427c
<1c9427c>
)
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#14030 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p3oyZwS4BcgWtOJxNHl2G3OJnBM8ks5r63pygaJpZM4NPv3Y>
.
|
|
Evaluated for origin merge up to abc81c6 |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin/687/) (Base Commit: 2ea9f5a) (Image: devenv-rhel7_6239) |
Changed network policy plugin to do pod watch for all namespaces (one go routine for the cluster) instead of pod watch for each namespace (go routine for each namespace).