support kmesh manage in pod level #414
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov ReportAttention: Patch coverage is ❗ Your organization needs to install the Codecov GitHub app to enable full functionality.
Flags with carried forward coverage won't be shown. Click here to find out more.
|
pkg/controller/kmesh/kmesh_manage.go
Outdated
| `{"metadata":{"annotations":{"%s":null}}}`, | ||
| KmeshAnnotation, | ||
| )) | ||
| annotationAddPatch = []byte(fmt.Sprintf( |
There was a problem hiding this comment.
If this variable is a fixed value, you can use the constant
| ) | ||
|
|
||
| var ( | ||
| FS embed.FS |
There was a problem hiding this comment.
Does this variable have to be a global variable?
pkg/controller/kmesh/kmesh_manage.go
Outdated
There was a problem hiding this comment.
move to controller if this is not shared with other components
weli-l
force-pushed
the
dev/kmesh_manage
branch
2 times, most recently
from
f467e82
to
18eeb4d
Compare
pkg/controller/controller.go
Outdated
| @@ -75,7 +76,17 @@ func (c *Controller) Start() error { | |||
| if c.client.workloadController != nil { | |||
| c.client.workloadController.Processor.Sm = secertManager | |||
| } | |||
| clientset, err := utils.GetK8sclient() | |||
There was a problem hiding this comment.
Can the clientset be reused with bypass? and does the kmesh manager logic need to be moved before the bypass logic.
weli-l
force-pushed
the
dev/kmesh_manage
branch
3 times, most recently
from
74928c3
to
8d6d1ba
Compare
pkg/controller/controller.go
Outdated
| @@ -22,6 +22,7 @@ import ( | |||
| "kmesh.net/kmesh/pkg/bpf" | |||
| "kmesh.net/kmesh/pkg/constants" | |||
| "kmesh.net/kmesh/pkg/controller/bypass" | |||
| kmeshmanage "kmesh.net/kmesh/pkg/controller/kmesh" | |||
There was a problem hiding this comment.
It's weired to name a sub package as kmesh
pkg/controller/kmesh/kmesh_manage.go
Outdated
|
|
||
| if _, ok := namespace.Labels[LabelSelectorKmesh]; ok { | ||
| log.Infof("namespace %s has label 'istio.io/dataplane-mode=Kmesh', skipping further processing", pod.GetNamespace()) | ||
| return |
There was a problem hiding this comment.
Use constant defined above to replace 'istio.io/dataplane-mode=Kmesh'
There was a problem hiding this comment.
Use constant defined above to replace 'istio.io/dataplane-mode=Kmesh'
defined
pkg/controller/kmesh/kmesh_manage.go
Outdated
| nspath, _ := ns.GetNSpath(pod) | ||
|
|
||
| if err := handleKmeshManage(nspath, true); err != nil { | ||
| log.Errorf("failed to enable kmesh manage") |
There was a problem hiding this comment.
Use
Kmeshinstead ofkmesh
Yes, I have modified
pkg/controller/kmesh/kmesh_manage.go
Outdated
|
|
||
| if _, ok := namespace.Labels[LabelSelectorKmesh]; ok { | ||
| log.Infof("namespace %s has label 'istio.io/dataplane-mode=Kmesh', skipping further processing", pod.GetNamespace()) | ||
| return |
pkg/controller/kmesh/kmesh_manage.go
Outdated
| } | ||
|
|
||
| if err := patchKmeshAnnotation(client, pod, false); err != nil { | ||
| log.Errorf("failed to add kmesh annotation, err is %v", err) |
pkg/controller/kmesh/kmesh_manage.go
Outdated
| } | ||
| }, | ||
| }); err != nil { | ||
| return fmt.Errorf("error adding event handler to podInformer: %v", err) |
There was a problem hiding this comment.
| return fmt.Errorf("error adding event handler to podInformer: %v", err) | |
| return fmt.Errorf("failed to add event handler to podInformer: %v", err) |
pkg/controller/kmesh/kmesh_manage.go
Outdated
| return pod.ObjectMeta.DeletionTimestamp != nil | ||
| } | ||
|
|
||
| func patchKmeshAnnotation(client kubernetes.Interface, pod *corev1.Pod, oper bool) error { |
There was a problem hiding this comment.
| func patchKmeshAnnotation(client kubernetes.Interface, pod *corev1.Pod, oper bool) error { | |
| func patchKmeshAnnotation(client kubernetes.Interface, pod *corev1.Pod, op bool) error { |
oper is weired
There was a problem hiding this comment.
operis weired
I have modified
pkg/controller/netns/netns.go
Outdated
| return true | ||
| } | ||
|
|
||
| // copied from istio/cni/pkg/nodeagent/podcgroupns.go |
There was a problem hiding this comment.
It's better to add url
done
weli-l
force-pushed
the
dev/kmesh_manage
branch
3 times, most recently
from
f8d84ee
to
c193e52
Compare
| log.Errorf("expected *corev1.Pod but got %T", obj) | ||
| return | ||
| } | ||
| namespace, err := client.CoreV1().Namespaces().Get(context.TODO(), pod.GetNamespace(), metav1.GetOptions{}) |
There was a problem hiding this comment.
This logic of checking if ns has a label can be abstracted into a common function; used by AddFunc and DeleteFunc
There was a problem hiding this comment.
This logic of checking if ns has a label can be abstracted into a common function; used by AddFunc and DeleteFunc
I have deleted this logic, because it may affect the data in bpf map kmesh_manage when kmesh restart
| * daemon to enable/disable kmesh manage | ||
| */ | ||
| simip := net.ParseIP("0.0.0.1") | ||
| port := 929 |
There was a problem hiding this comment.
magic numbers
I have defined constant
| return err | ||
| } | ||
| errno, ok := err.(syscall.Errno) | ||
| if ok && errno == 115 { // -EINPROGRESS, Operation now in progress |
There was a problem hiding this comment.
magic numbers
I have defined the constant
| KmeshAnnotation = "kmesh.net/redirection" | ||
| ) | ||
|
|
||
| func StartKmeshManageController(client kubernetes.Interface) error { |
There was a problem hiding this comment.
| func StartKmeshManageController(client kubernetes.Interface) error { | |
| func NewKmeshManageController(client kubernetes.Interface) error { |
| stopChan := make(chan struct{}) | ||
| nodeName := os.Getenv("NODE_NAME") | ||
|
|
||
| informerFactory := informers.NewSharedInformerFactoryWithOptions(client, DefaultInformerSyncPeriod, |
There was a problem hiding this comment.
nit: we can share one factory with bypass
There was a problem hiding this comment.
nit: we can share one factory with bypass
I think it is not necessary to share the factory, because labels selector in factory is different
There was a problem hiding this comment.
I donot think this is a blocking issue, file an issue though after merged, we should optimize, otherwise, it will broing double load to k8s apiserver from all nodes. Keep in mind, in a cluster, the node number can be more than 5000
kmesh-bot
added
do-not-merge/contains-merge-commits
and removed
do-not-merge/contains-merge-commits
labels
weli-l
force-pushed
the
dev/kmesh_manage
branch
3 times, most recently
from
d085c6f
to
f722364
Compare
| SpecialIpForKmesh = "0.0.0.1" | ||
| EnableKmeshPort = 929 | ||
| DisableKmeshPort = 930 | ||
| LabelSelectorKmesh = "istio.io/dataplane-mode=Kmesh" |
There was a problem hiding this comment.
| LabelSelectorKmesh = "istio.io/dataplane-mode=Kmesh" | |
| KmeshManagedLabelSelector = constants.DataPlaneModeLabel + DataPlaneModeKmesh |
| SpecialIpForKmesh = "0.0.0.1" | ||
| EnableKmeshPort = 929 | ||
| DisableKmeshPort = 930 | ||
| LabelSelectorKmesh = "istio.io/dataplane-mode=Kmesh" |
There was a problem hiding this comment.
BTW, i think we not only support Kmesh, but also kmesh. We are case insensitive, so i donot think this label selector suits here
| })) | ||
|
|
||
| informerFactory.Start(wait.NeverStop) | ||
| informerFactory.WaitForCacheSync(wait.NeverStop) |
There was a problem hiding this comment.
This is blocking, so let;s move this to a Run method, so we can run all the controller's Run async without waiting each other.
weli-l
force-pushed
the
dev/kmesh_manage
branch
3 times, most recently
from
88d1a65
to
ef91742
Compare
| EnableKmeshPort = 929 | ||
| DisableKmeshPort = 930 | ||
| LabelSelectorKmesh = constants.DataPlaneModeLabel + "=" + constants.DataPlaneModeKmesh | ||
| KmeshAnnotation = "kmesh.net/redirection" |
There was a problem hiding this comment.
KmeshRedirectionAnnotation
done
| return pod.ObjectMeta.DeletionTimestamp != nil | ||
| } | ||
|
|
||
| func patchKmeshAnnotation(client kubernetes.Interface, pod *corev1.Pod, op bool) error { |
There was a problem hiding this comment.
Nit: donot use op, i would rather split into two functions
There was a problem hiding this comment.
Nit: donot use
op, i would rather split into two functions
splited
weli-l
force-pushed
the
dev/kmesh_manage
branch
3 times, most recently
from
2365a44
to
98a37f8
Compare
Signed-off-by: weli-l <[email protected]>
Signed-off-by: weli-l <[email protected]>
Signed-off-by: weli-l <[email protected]>
| @@ -88,7 +79,7 @@ func StartByPassController(client kubernetes.Interface) error { | |||
| return | |||
| } | |||
|
|
|||
| nspath, _ := getnspath(pod) | |||
| nspath, _ := ns.GetNSpath(pod) | |||
There was a problem hiding this comment.
nit: replace GetNSpath with GetPodNsPath
| SpecialIpForKmesh = "0.0.0.1" | ||
| EnableKmeshPort = 929 | ||
| DisableKmeshPort = 930 | ||
| LabelSelectorKmesh = constants.DataPlaneModeLabel + "=" + constants.DataPlaneModeKmesh |
There was a problem hiding this comment.
As i said, we must support both kmesh and Kmesh, should be case insensitive to be consistent with previous behavior
|
|
||
| const ( | ||
| DefaultInformerSyncPeriod = 30 * time.Second | ||
| SpecialIpForKmesh = "0.0.0.1" |
There was a problem hiding this comment.
Please check with that from CNI, we use 0.0.0.2 now for ipv4 and for v6 ::2
We can reuse TriggerControlCommand function
|
|
||
| done := make(chan struct{}) | ||
| go func() { | ||
| wg.Wait() |
There was a problem hiding this comment.
I think you should not wait in a go routine
| select { | ||
| case <-done: | ||
| mu.Lock() | ||
| assert.True(t, enabled, "expected handleKmeshManage to be called for enabling Kmesh manage") | ||
| assert.False(t, disabled, "expected handleKmeshManage not to be called for disabling Kmesh manage") | ||
| mu.Unlock() | ||
| case <-time.After(1 * time.Second): | ||
| t.Fatalf("timed out waiting for handleKmeshManage to be called") | ||
| } |
There was a problem hiding this comment.
wrap this with a checker function, so you canreuse it below
| podLister := controller.informerFactory.Core().V1().Pods().Lister() | ||
| pods, err := podLister.Pods(pod.Namespace).List(labels.Everything()) | ||
| assert.NoError(t, err) | ||
| assert.Equal(t, 1, len(pods), "expected One Pod in the lister after addition") |
There was a problem hiding this comment.
This can be not tested in out case, this is the implement detail of k8s
| mu.Lock() | ||
| enabled = false | ||
| disabled = false | ||
| mu.Unlock() |
There was a problem hiding this comment.
Not sure i understand why you need to lock them. Any race?
| mu.Unlock() | ||
|
|
||
| wg.Add(1) | ||
| err = client.CoreV1().Pods("default").Delete(context.TODO(), "test-pod", metav1.DeleteOptions{}) |
There was a problem hiding this comment.
can you add a case of removing the label first
What type of PR is this?
What this PR does / why we need it:
support Kmesh manage in pod level
Which issue(s) this PR fixes:
Fixes #325
Special notes for your reviewer:
How to enable kmesh management at pod level
How to judge whether pod is managed by Kmesh
Due to the feature of the bypass, the impact of the bypass needs to be considered comprehensively
Label priority(From high to low)
Annotation priority(From high to low,and it is only be used for user to judge whether pod is managed by kmesh)
Does this PR introduce a user-facing change?: