Skip to content

Rework IPcache reconcilation controller #28004

New issue
New issue
Open
Task
Open
Rework IPcache reconcilation controller#28004
Task
Labels
area/kvstoreImpacts the KVStore package interactions.kind/bugThis is a bug in the Cilium logic.kind/tech-debtTechnical debtpinnedThese issues are not marked stale by our issue bot.priority/lowThis is considered nice to have.sig/policyImpacts whether traffic is allowed or denied based on user-defined policies.
@christarazi

Description

@christarazi
christarazi
opened on Sep 7, 2023

Currently, there is what's supposed to be a reconciliation controller for ipcache defined here.

There are a couple of problems with the current implementation:

  • It is only executed in kvstore mode and not in CRD mode
  • Even in kvstore mode, the logic doesn't make sense and likely renders the controller useless. (If the entry doesn't exist, check the source. But the entry doesn't exist...)

It is useful to have this controller running in both modes and to fix the logic. While it's not something that we should rely on, it could mitigate the impact of bugs regarding entries in the ipcache map. Additionally, the surrounding code seems like it could use some rethinking as the interfaces are quite clunky. Inside IPIdentityMappingListener, 3/4 implementation of the OnIPIdentityCacheGC() method are empty. This is a sign of a design that's not quite fitting what's needed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/kvstoreImpacts the KVStore package interactions.kind/bugThis is a bug in the Cilium logic.kind/tech-debtTechnical debtpinnedThese issues are not marked stale by our issue bot.priority/lowThis is considered nice to have.sig/policyImpacts whether traffic is allowed or denied based on user-defined policies.

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions