Skip to content

Modularise MTU discovery #28964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 30, 2023
Merged

Modularise MTU discovery #28964

merged 7 commits into from
Nov 30, 2023

Conversation

bimmlerd
Copy link
Member

@bimmlerd bimmlerd commented Nov 3, 2023

This series is a preparation for loader modularisation, by pulling a little bit of IPsec key setup and MTU into hive, so that the future loader cell can consume it.

@bimmlerd bimmlerd added release-note/misc This PR makes changes that have no direct user impact. area/agent Cilium agent related. area/modularization Relates to code modularization and maintenance. labels Nov 3, 2023
@bimmlerd bimmlerd changed the title Modularise mtu discovery Modularise MTU discovery Nov 3, 2023
@bimmlerd bimmlerd force-pushed the pr/bimmlerd/modularise-mtu-discovery branch 5 times, most recently from e6c8835 to b5c11d1 Compare November 6, 2023 15:02
@bimmlerd bimmlerd force-pushed the pr/bimmlerd/modularise-mtu-discovery branch 2 times, most recently from f58d61f to f067651 Compare November 15, 2023 14:22
@bimmlerd
Copy link
Member Author

/test

@bimmlerd bimmlerd force-pushed the pr/bimmlerd/modularise-mtu-discovery branch 3 times, most recently from 343e7c6 to 3e30edb Compare November 17, 2023 09:30
@bimmlerd
Copy link
Member Author

/test

@bimmlerd bimmlerd force-pushed the pr/bimmlerd/modularise-mtu-discovery branch 2 times, most recently from eeadf33 to c3fc92f Compare November 17, 2023 14:44
@bimmlerd
Copy link
Member Author

/test

@bimmlerd bimmlerd force-pushed the pr/bimmlerd/modularise-mtu-discovery branch from c3fc92f to afcd983 Compare November 21, 2023 12:41
@bimmlerd
Copy link
Member Author

/test

@bimmlerd bimmlerd force-pushed the pr/bimmlerd/modularise-mtu-discovery branch from afcd983 to f934622 Compare November 22, 2023 08:48
@bimmlerd
Copy link
Member Author

/test

@bimmlerd bimmlerd marked this pull request as ready for review November 22, 2023 16:06
@bimmlerd bimmlerd requested review from a team as code owners November 22, 2023 16:06
@bimmlerd bimmlerd requested a review from brb November 22, 2023 16:06
@bimmlerd bimmlerd requested review from ldelossa and rgo3 November 22, 2023 16:06
brb
brb approved these changes Nov 23, 2023
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 WireGuard changes.

@bimmlerd
Copy link
Member Author

👍 WireGuard changes.

CODEOWNERs took that as WG, IPsec and DP in general, though 😁

Going to pull in @pchaigno for IPsec in that case, I'm under the impression he has patches he wants to get in which may conflict.

@pchaigno pchaigno self-requested a review November 23, 2023 17:09
pchaigno
pchaigno requested changes Nov 24, 2023
View reviewed changes
Copy link
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the ping David!

The second commit seems the most likely to conflict with other ongoing IPsec work. Could we split it into smaller, easier-to-handle commits? Or alternatively, skip it if that seems easier (IIUC, it's not needed by the third commit)?

@pchaigno pchaigno mentioned this pull request Nov 28, 2023
Merged
@bimmlerd
ipsec/daemon: pull ipsec setup from dmn startup
54b8553 
Introduces the IPsec key custodian which encompasses the small part of
IPsec initialization logic which was in daemon, with the goal of
preparing MTU modularization. MTU depends on knowing the IPsec key
size (though, notably, it seemingly assumes the size doesn't change),
hence we start here with the modularisation.

This doesn't modularise a significant part of the IPsec subsystem, but
it's a incremental step in the direction. It would be conceivable to
also pull the key file watcher into the custodian, but I've opted for
the smallest diff here.

In terms of initialization ordering, this puts the IPsec key setup
_before_ the daemon startup, but after the local node store. As a
result, the SPI is guaranteed to be set earlier than before this patch.

Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
@bimmlerd
ipsec: wrap NodeDiscovery dependency in interface
bc6e9fa 
In preparation of changing the key file watcher functionality into hive jobs,
weaken the explicit dependency on NodeDiscovery and replace it with
the (newly introduced) NodeUpdater interface, as this is the only functionality
the KeyfileWatcher needs from NodeDiscovery.

Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
@bimmlerd
ipsec: move starting jobs into IPsecKeyCustodian
67129b8 
With the introduction of this new IPsecKeyCustodian cell, it makes sense
to move the responsibility of starting the background workers to the
cell's interface. This move additionally prepares the code for
conversion to the hive/job framework.

Ideally, this would not still live in cmd/daemon, but in the start hook
of the key custodian, but I'm unsure of the ordering dependencies that
exist, and don't want to rock the boat too badly at this stage.

Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
@bimmlerd
ipsec: convert goroutines to hive jobs
c8121c8 
Instead of launching raw goroutines, we can employ the hive job
mechanism. As is, this doesn't give an immediate benefit (except for
aligning with project direction), but enables health reporting in a
follow-up commit.

The (minor) functional difference is that instead of waiting for a
minute in between the stale key reclamation, we now start the job every
minute, as long as it completes within that minute.

Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
@bimmlerd
ipsec: add health reporting to keyfile watcher
282fc48 
Use the job health reporting API to add visibility to the health of the
keyfile watcher.

Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
@bimmlerd
ipsec: drop now-unused daemon context
20d7aab 
Previous refactoring removed the dependency on the daemon context, hence
we can drop it from the interface and implementations.

Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
@bimmlerd
mtu: create MTU discovery cell
c768e89 
Create a minimal MTU discovery cell which exposes an MTU interface
capable of fulfilling the MTU queries present in current-day code. This
is a pre-requisite to modularise the loader, and itself depends on the
initial modularisation of the IPsec key setup steps.

Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
@bimmlerd bimmlerd force-pushed the pr/bimmlerd/modularise-mtu-discovery branch from f934622 to c768e89 Compare November 29, 2023 10:18
pchaigno
pchaigno approved these changes Nov 29, 2023
View reviewed changes
Copy link
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect! Thanks a lot David 🙏

@brb brb mentioned this pull request Nov 29, 2023
Open
@bimmlerd
Copy link
Member Author

/test

@bimmlerd
Copy link
Member Author

bimmlerd commented Nov 29, 2023
edited
Loading

/ci-runtime (failed with Error response from daemon: Get "https://quay.io/v2/": dial tcp: lookup quay.io on 127.0.0.53:53: read udp 127.0.0.1:39328->127.0.0.53:53: read: connection refused fetching from quay)

@bimmlerd
Copy link
Member Author

bimmlerd commented Nov 29, 2023
edited
Loading

/ci-external-workloads (failed with #29312 - ip: need at least destination address)

@joamaki joamaki added this pull request to the merge queue Nov 30, 2023
Merged via the queue into cilium:main with commit 9dca138 Nov 30, 2023
@bimmlerd bimmlerd deleted the pr/bimmlerd/modularise-mtu-discovery branch November 30, 2023 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

@joamaki joamaki joamaki approved these changes

@pchaigno pchaigno pchaigno approved these changes

@rgo3 rgo3 rgo3 approved these changes

@ldelossa ldelossa Awaiting requested review from ldelossa ldelossa is a code owner automatically assigned from cilium/sig-agent

Assignees
No one assigned
Labels
area/agent Cilium agent related. area/modularization Relates to code modularization and maintenance. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bimmlerd @brb @joamaki @pchaigno @rgo3