Implement NodeAddressing on top of Table[NodeAddress] #29033
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fbae7b5 to
c23775a
Compare
|
/test |
joamaki
commented
Nov 8, 2023
c23775a to
9a29a49
Compare
|
/test |
|
Assigning to @bimmlerd to push this forward while I'm on vacation. |
9a29a49 to
7f0a827
Compare
|
/test (rebased to fix conflicts) |
7f0a827 to
917df73
Compare
|
/test (legitimate failures in ci-runtime) |
17418f9 to
a7ff7df
Compare
|
/ci-runtime (rebased to fix conflicts, and fixed another test in ci-runtime) |
a7ff7df to
c56ef0f
Compare
|
/test |
As a step towards removing the global address maps in pkg/node (ipv4NodeportAddrs, ipv4MasqAddrs etc.), reimplement NodeAddressing as queries against the Table[NodeAddress]. The goal is to eventually remove NodeAddressing and have modules query the Table[NodeAddress] directly and to react to changes, but as an intermediary step without having to refactor whole bunch of uses of NodeAddressing, this still serves the purpose of allowing removal of some global variables and removing the other ways of extracting the device and address information from the system. Signed-off-by: Jussi Maki <jussi@isovalent.com> Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
Use a single set of methods for both IPv4 and IPv6 to remove code duplication. Add DirectRouting() method for looking up the direct routing device and IP address. Signed-off-by: Jussi Maki <jussi@isovalent.com> Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
Remove the ipv{4,6}NodePortAddrs global variables and associated
getters and inits from pkg/node and replace their uses with Table[NodeAddress]
and NodeAddressing (which queries from the former).
This paves the path towards being able to react to the local node's address
changes.
Signed-off-by: Jussi Maki <jussi@isovalent.com>
Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
79f9939 to
1cc056d
Compare
|
/test |
ti-mo
approved these changes
Nov 27, 2023
aditighag
approved these changes
Nov 27, 2023
ysksuzuki
reviewed
Nov 28, 2023
3 tasks
pippolo84
added a commit
to pippolo84/cilium
that referenced
this pull request
Jun 20, 2025
This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in cilium#29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see cilium#34861). The same unintended consequence became more frequent after cilium#32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: cilium#28953 Related: cilium#34861 Related: cilium#29033 Related: cilium#32381 Fixes: cilium#37817 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
pippolo84
added a commit
to pippolo84/cilium
that referenced
this pull request
Jun 23, 2025
This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in cilium#29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see cilium#34861). The same unintended consequence became more frequent after cilium#32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: cilium#28953 Related: cilium#34861 Related: cilium#29033 Related: cilium#32381 Fixes: cilium#37817 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 23, 2025
This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in #29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see #34861). The same unintended consequence became more frequent after #32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: #28953 Related: #34861 Related: #29033 Related: #32381 Fixes: #37817 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 23, 2025
This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in #29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see #34861). The same unintended consequence became more frequent after #32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: #28953 Related: #34861 Related: #29033 Related: #32381 Fixes: #37817 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
viktor-kurchenko
pushed a commit
that referenced
this pull request
Jun 25, 2025
[ upstream commit dfd8f93 ] This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in #29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see #34861). The same unintended consequence became more frequent after #32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: #28953 Related: #34861 Related: #29033 Related: #32381 Fixes: #37817 [ Backporter's notes: - resolved conflict in: daemon/k8s/init.go ] Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com> Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>
wanglei4687
pushed a commit
to wanglei4687/cilium
that referenced
this pull request
Jun 26, 2025
This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in cilium#29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see cilium#34861). The same unintended consequence became more frequent after cilium#32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: cilium#28953 Related: cilium#34861 Related: cilium#29033 Related: cilium#32381 Fixes: cilium#37817 Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
viktor-kurchenko
pushed a commit
that referenced
this pull request
Jun 26, 2025
[ upstream commit dfd8f93 ] This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in #29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see #34861). The same unintended consequence became more frequent after #32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: #28953 Related: #34861 Related: #29033 Related: #32381 Fixes: #37817 [ Backporter's notes: - resolved conflict in: daemon/k8s/init.go ] Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com> Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 26, 2025
[ upstream commit dfd8f93 ] This reverts commit 2fc52eb. The commit was added with the intent to have an uniform behavior when Cilium is started on a single stack cluster with ipv6 support enabled, despite the KPR setting being enabled or disabled. Specifically, the added check was stopping the agent startup in case of a missing IPv6 address on the node, even when KPR was disabled. However, the IPv6 detection for NodePort, responsible for the startup error in case of missing IPv6 address with KPR enabled, has been removed in #29033. Therefore, there is no reason anymore to stop the agent at startup when the IPv6 support is enabled and the node is missing an IPv6 address. Moreover, the commit above led to some unintended consequences in environments where KPR is disabled and the IPv6 address is set on the node after the Cilium agent is started (see #34861). The same unintended consequence became more frequent after #32381, where we moved later in the daemon startup process the first call to SetDefaultPrefix. That function, among other things, was in charge of setting up a temporary IPv6 Unique Local Address in case the node does not have one yet. Since now the agent does this later (specifically, while configuring IPAM), the check introduced in 2fc52eb sees the IPv6 node address as nil and stops the agent. Therefore, revert the check to avoid the unintended regressions. Related: #28953 Related: #34861 Related: #29033 Related: #32381 Fixes: #37817 [ Backporter's notes: - resolved conflict in: daemon/k8s/init.go ] Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com> Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This works towards making the cilium-agent responsive to node address changes by moving from global variables and direct use of
netlink.AddrListto using statedb tables that can be queried and watched for changes.Reimplement
NodeAddressingto query againstTable[NodeAddress](derived fromTable[*Device]which is populated from netlink subscriptions to links, addresses and routes) andLocalNodeStoreinstead of using the pkg/node globals or doing anetlink.AddrList. Eventual goal is to removeNodeAddressingand instead have the modules queryTable[NodeAddress]directly and reconcile if it changes.Remove the
ipv{4,6}NodePortAddrsglobals and the related getters and init, replacing uses of them with eitherNodeAddressingor queries toTable[NodeAddress].See commit messages for more details.