IP ranges cleanup #118
IP ranges cleanup #118
Conversation
Pull Request Test Coverage Report for Build 1056425921
💛 - Coveralls |
|
Sorry! reviewing this while mobile |
| BeforeEach(func() { | ||
| Expect(k8sClientSet.CoreV1().Pods(namespace).Delete(pod.Name, &metav1.DeleteOptions{})).NotTo(HaveOccurred()) | ||
| }) |
There was a problem hiding this comment.
Now that I think about it, I probably shouldn't even start up the pod; just the pool pointing at it.
|
Hey; any clue on what went wrong generating the openshift image, @dougbtv ? https://github.com/k8snetworkplumbingwg/whereabouts/pull/118/checks?check_run_id=2992364690 |
maiqueb
force-pushed
the
ip-ranges-cleanup
branch
from
4b2db21
to
731e1ff
Compare
|
This pull request introduces 1 alert when merging 731e1ff into f1047ee - view on LGTM.com new alerts:
|
maiqueb
force-pushed
the
ip-ranges-cleanup
branch
from
731e1ff
to
d9361ad
Compare
| RunSpecs(t, "Reconcile IP address allocation in the system") | ||
| } | ||
|
|
||
| // mock the pool |
There was a problem hiding this comment.
Nice, I like the mock pool technique, great one.
|
|
||
| func (rl ReconcileLooper) isPodAlive(podRef string) bool { | ||
| for _, livePodRef := range rl.livePodRefs { | ||
| if podRef == livePodRef { |
There was a problem hiding this comment.
Need to check whether the running Pod really owns the reserved IP.
StatefulSet Pods keep their names whenever they are recreated, so it might happen that a StatefulSet Pod got new IP in the meantime, while previous IP is still reserved in IPPool pointing to the same running Pod, so the previous IP is unused, but won't be released by this logic.
There was a problem hiding this comment.
StatefulSet Pods keep their names whenever they are recreated, so it might happen that a StatefulSet Pod got new IP in the meantime, while previous IP is still reserved in IPPool pointing to the same running Pod, so the previous IP is unused, but won't be released by this logic.
Really good point, I hadn't considered that scenario - at all. Thanks for raising it.
I've added a couple of commits to handle this particular scenario - the implementation I'm proposing only tackles secondary interfaces (plugged by multus).
Hope this limitation is not a deal breaker for you.
I'll account for @dougbtv 's comments next, and also document the reconciler's limitations described above.
EDIT: nudging for attention @TothFerenc
maiqueb
force-pushed
the
ip-ranges-cleanup
branch
from
84966c3
to
0b2d5c2
Compare
To preserve the existing code base, we embed the new type within the KubernetesIPAM (old type). In a follow-up commit, this new struct will be used on a separate golang binary (which doesn't require the KubernetesIPAM configuration), to provide a simple connection to the Kubernetes backend (does not support etcd). Signed-off-by: Miguel Duarte Barroso <[email protected]>
Fow now, we only read the kubeconfig file, which is specified via the cmd line - as its only argument. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Introduce a dedicated constructor in the storage pkg to create the newly created `KubernetesClient` struct. The existing `KubernetesIPAM` struct will re-use this new constructor. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Follow-up commits will use this new method for debugging, which makes it simpler to track the IP to pod assignments. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Currently, matching the owner of the IP when deallocating the address happens only based on the containerID. In follow-up commits we will require this behavior to happen based on the pod reference attribute. This commit prepares the code base for that, by enabling the caller to inject the criteria for identifying the owner of an IP into the IP address de-allocation function. Signed-off-by: Miguel Duarte Barroso <[email protected]>
maiqueb
force-pushed
the
ip-ranges-cleanup
branch
4 times, most recently
from
385e34e
to
fa3455d
Compare
This behavior will be encapsulated in a new struct named
`ReconcileLooper`, which features methods for:
- CancelContext; cancels the current execution context
- FindOrphanedIPsPerPool; returns a list of the orphaned
IP addresses, indexed by pool
- ReconcileIPPool; receives a list of orphaned IP
addresses, and cleans them up from the respective pools
where they are currently allocated.
Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
The service account for whereabouts requires the ability of listing the pods on all namespaces, so it can check which ones feature orphaned IPs. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
Only mark a pod as "alive" when the pod's annotations feature the IP being de-allocated. This makes the reconciler binary *dependent* on multus, which adds these `network-status` annotations into the pod. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
By not returning an `IPReservation` entry - we now return an IP address instead - we simplify the code. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
This commit changes the reconciler logic to only parse the network-status annotations of whereabouts pods - e.g. pods whose pod referecences (<namespace>/<pod name>) feature in any of the whereabouts IPPools. Signed-off-by: Miguel Duarte Barroso <[email protected]>
maiqueb
force-pushed
the
ip-ranges-cleanup
branch
from
fa3455d
to
d1b0bf0
Compare
This PR adds a cronjob that runs every 5 minutes, and checks the consistency of the IP addresses currently assigned by the pools.
Depends-on: #113
TODO:
retrieve a list ofPodsonce instead of checking N times if pods existip-reconcilerruns at most a little bit less that the provided cron expression(I'd have to mock the datastore, and I didn't want to establish that precedent...)but it is tested e2eI'll rework the public API I'm proposing so I can unit test this without requiring mocking. I've got a fairly good idea on how to do it