Fixup eni allocation with warm targets #1512
Conversation
| // no prefixes used. Hence better to handle it. | ||
| // [ENI allocates/frees in loop with custom networking and WARM_ENI_TARGET=0 #1451] | ||
| // But Will sync up internally with the team and see if need to even support WARM_ENI_TARGET = 0 and WARM_PREFIX_TARGET = 0 | ||
| if over > 0 && ((available - (over * numIPsPerPrefix)) <= 0) && c.warmPrefixTarget == 0 { |
There was a problem hiding this comment.
I have discussed this internally and having WARM_{PREFIX,ENI}TARGET = 0 and WARM_IP_TARGET = 0 will not help adding IPs to datastore. So in the follow up PR, this section will be removed and also (c.warmENITarget == 0 && available == 0) in isDataStoreLow(). Also will be adding documentation on the recommended configuration setting. WARM_IP_TARGET will override WARM{PREFIX,ENI}TARGET as expected but if there is WARM{PREFIX,ENI}_TARGET then it has to be non-zero. This will fix #1451 which will cause unwanted churn with ENI creates and deletes. In code default value of warm_eni_target is 1 so will make warm_prefix_target to 1 by default too.
There was a problem hiding this comment.
Since, we're introducing WARM_PREFIX_TARGET for the very first time we can avoid this scenario by not allowing 0 for this env variable. Our default is going to be 1 anyways and we will be able to do away with this additional check. As discussed offline, we can take it up in a follow up PR.
There was a problem hiding this comment.
Yes Apurup, For warm_prefix_target, lets default it to 1. But for warm_eni_target there might be some Cx using it so lets discuss more and see how we can decommission the support since it has few issues where IPAMD silently keeps adding and removing the ENI.
| return | ||
| if !warmIPTargetDefined { | ||
| shortPrefix, warmTargetDefined := c.datastorePrefixTargetState() | ||
| if warmTargetDefined && shortPrefix == 0 { |
There was a problem hiding this comment.
How about when WARM_PREFIX_TARGET is not defined (i.e.,) when warmTargetDefined is false? Shouldn't we return in that scenario as well? It appears that we're going to continue further if that is the case with the current logic.
There was a problem hiding this comment.
This is added to give WARM_IP_TARGET precedence over WARM_PREFIX_TARGET. If WARM_PREFIX_TARGET is not defined then tryAssignCidr will allocate just one prefix.
| return false, nil | ||
| if !warmIPTargetDefined { | ||
| shortPrefix, warmTargetDefined := c.datastorePrefixTargetState() | ||
| if warmTargetDefined && shortPrefix == 0 { |
There was a problem hiding this comment.
TryAssignCidr is called from nodeInit and reconciler(previous commented function), hence we need to add the check in both places. Also the reasoning is same, we need to give priority to WARM_IP_TARGET and then check WARM_PREFIX_TARGET since in the manifest we can have both defined.
…ter (#1516) * [Preview] Prefix delegation feature development (#1434) * ENABLE_PREFIX_DELEGATION knob WARM_PREFIX_TARGET knob cr https://code.amazon.com/reviews/CR-40610031 * PD changes - dev only * Cooldown prefix IP * minor fixes to support prefix count * Code cleanup * Handle few corner cases * Nitro based check * With custom networking, do not get prefix for primary ENI * Code refactor * Handle graceful upgrade/enable PD from disable PD * code refactoring * Code refactoring * fix computing too low IPs * UT for prefix store * Fix UTs and handle CR comments * Clean up SDK code and fix model code generation * fix format and merge induced error * Merge broke the code * Fix Dockerfile.test * Added IPAMD UTs and fixed removeENI total count * Couple more IPAMD UTs for PD * UTs for awsutils/imds * Handle graceful PD enable to disable knob * get prefix list for non-pd case * Prevent reconcile of prefix IPs in IP datastore * Handle disable scenario * fix formatting * clean up comment * Remove unnecessary debugs * Handle PR comments * formatting fix * Remodelled PD datastore * Fix up UTs and fix Prefix nil * formatting * PR comments - minor cosmetic changes * removed the sdk override from makefile * Internal repo merge added these lines * Update config file * Handle wrapper of DescribeNetworkInterfacesWithContext to take one eni * RemoveUnusedENIFromStore was not accounting for prefixes deleted * Removed hardcoding of 16 * Code refactor - merge ENI's secondary and prefix store into single store of CIDRs (#1471) * Code refactor - merge to single DB * remove few debugs * remove prefix store files * PR comments * Fix up CR comments * formatting * Updated UT cases * UT and formatting * Minor fixes * Minor comments * Updated /32 store term * remove unused code * Multi-prefix and WARM/MIN IP targets support with PD (#1477) * Multi-pd and WARM targets support * cleanup * Updated variable names * Default prefix count to -1 * Get stats should be computed on the fly since CIDR pool can have /32 or /28 * Support for warm prefix 0 * code review comments * PD test cases and readme update (#1478) * Traffic test case and readme update * Added testcases for warm ip/min ip with PD * Testcases for prefix count * Testcase for warm prefix along with warm ip/min ip * Updated traffic test case while PD mode is flipped * Fix minor comments * pr comments * added pods per eni * fix up count * Support mixed instances with PD (#1483) * Support mixed instances with PD * fix up the log * Optimization for prefixes allocation (#1500) * optimization for prefixes Prefix store optimization * pr comment * Fixup eni allocation with warm targets (#1512) * Fixup eni allocation with warm targets * fixup cidr count * code comments and warm prefix 0 * Default WARM_PREFIX_TARGET to 1 (#1515) * Handle prefix target 0 * pr commets * Fix up UTs, was failing because of vendor * No need to commit this * make format * needed for UT workflow * IMDS code refactor * PR comments - v1 Error with merge * PR comments v2 * PR comments - v3 * Update logs * PR comments - v4
What type of PR is this?
bug
Which issue does this PR fix:
ENI has max 14 prefixes and WARM_IP_TARGET is 240. This would need 2 ENIs. Say 1st ENI is attached with 14 prefixes and no prefixes are used. Then we would need one more, so reconciler will try attach more prefixes for ENI1 and the call would come herehttps://github.com/aws/amazon-vpc-cni-k8s/blob/prefix-delegation-preview/pkg/ipamd/ipamd.go#L794-L812 but here we will compute
toAllocate = 1[https://github.com/aws/amazon-vpc-cni-k8s/blob/prefix-delegation-preview/pkg/ipamd/ipamd.go#L800] andtoAllocate <= freePrefixesInStore[https://github.com/aws/amazon-vpc-cni-k8s/blob/prefix-delegation-preview/pkg/ipamd/ipamd.go#L807] hence return will betrueand we won't allocate another ENI -amazon-vpc-cni-k8s/pkg/ipamd/ipamd.go
Line 663 in 03f2375
Also
isRequiredForWarmIPTargetandisRequiredForMinimumIPTargetshould not take Len of availableIP4Cidrs since we can have a mix of /28 and /32s, so need to walk and compute the correct value.What does this PR do / Why do we need it:
tryAssignPrefixessimilar totryAssignIPsshould always allocate prefixes based on the number of CIDRSshortcomputed in terms of WARM_IP_TARGET/MINIMUM_IP_TARGET or WARM_PREFIX_TARGET. InsteadtryAssignCidrsshould not calltryAssignPrefixif the number of prefixes is sufficient to reach the WARM_IP_TARGET or WARM_PREFIX_TARGET.getPrefixesNeededreturns either 1 prefix or number of prefixes needed to reach the warm target.datastorePrefixTargetStatereturns the number of prefixes short to reach WARM_PREFIX_TARGET.Post GA, I will see how to combine
datastorePrefixTargetStateanddatastoreTargetStatesince already there is lot of logic indatastoreTargetStateand it will be a disruptive change to achieve in the current timeline.If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
Testing done on this change:
Automation added to e2e:
Yes
Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No
Does this change require updates to the CNI daemonset config files to work?:
No
Does this PR introduce any user-facing change?:
No
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.