CNI File watcher and pre applying rules setup #1345
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
e6b21d4 to
f9c2da9
Compare
t-eckert
reviewed
Jul 15, 2022
curtbushko
commented
Jul 15, 2022
curtbushko
commented
Jul 15, 2022
curtbushko
commented
Jul 15, 2022
t-eckert
reviewed
Jul 15, 2022
ishustava
reviewed
Jul 19, 2022
control-plane/cni/main.go
Outdated
| return fmt.Errorf("annotation %s does not exist yet", annotation) | ||
| } | ||
| return err | ||
| }, backoff.WithMaxRetries(backoff.NewConstantBackOff(1*time.Second), retries)) |
There was a problem hiding this comment.
This function will wait for 10 seconds for the annotation if I'm reading this correctly. Is this enough? I think on some clouds and depending on your pod, it might definitely take more than that to provision a pod and for endpoints controller to add this annotation.
There was a problem hiding this comment.
You were correct. The backoff is constant and would last 10 seconds total. I have set this to 30 retries (ie 30 seconds). We could do an ExponentialBackoff (it is a cool package) to slow down the retries but I think being responsive is better.
There was a problem hiding this comment.
Removed retries.
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
ad2d7e9 to
6fa5393
Compare
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
c876bb7 to
480a3f2
Compare
curtbushko
changed the title
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
3 times, most recently
from
89105d7 to
760f472
Compare
ishustava
reviewed
Aug 9, 2022
control-plane/cni/main.go
Outdated
| return types.PrintResult(result, cfg.CNIVersion) | ||
| } | ||
|
|
||
| pod.Annotations[keyTransparentProxyStatus] = waiting |
There was a problem hiding this comment.
why do we change it to waiting?
There was a problem hiding this comment.
This is a simple way to show some sort of status that the CNI plugin is working. I have added a simple updateTransparentProxyStatusAnnotation function to clean it up a bit so that we can have:
consul.hashicorp.com/transparent-proxy-status = waiting and consul.hashicorp.com/transparent-proxy-status = complete
annotations on the pod.
Please let me know if you have better or more consistent status names.
control-plane/cni/main.go
Outdated
| return fmt.Errorf("annotation %s does not exist yet", annotation) | ||
| } | ||
| return err | ||
| }, backoff.WithMaxRetries(backoff.NewConstantBackOff(1*time.Second), retries)) |
Comment on lines
90
to
93
| time.Sleep(50 * time.Millisecond) | ||
| // Filewatcher should have detected change, fixed and appended to the config file. Make sure | ||
| // files match. | ||
| require.Equal(t, string(expected), string(actual)) |
There was a problem hiding this comment.
Suggested change
| time.Sleep(50 * time.Millisecond) | |
| // Filewatcher should have detected change, fixed and appended to the config file. Make sure | |
| // files match. | |
| require.Equal(t, string(expected), string(actual)) | |
| // Filewatcher should have detected change, fixed and appended to the config file. Make sure | |
| // files match. | |
| retry.Run(t, func(r *retry.R) { | |
| require.Equal(r, string(expected), string(actual)) | |
| }) |
There was a problem hiding this comment.
I added this to a few places that I thought were relevant.
ishustava
approved these changes
Aug 15, 2022
* Get structure in place and CNI installer & plugin building
Add helm charts for CNI installer
* Get structure in place and CNI installer & plugin building
increase limits for CNI plugin so that it runs on GKE
add annotations for transparent proxy status (enabled, waiting)
Initial setup (CNI_ARGS) for getting information to the CNI plugin
file watcher for config file changes and for when the config file does not exists
added wait for annotation to be used before applying ipconfig traffic redirection
Co-Authored-By: Thomas Eckert <[email protected]>
Co-authored-by: Iryna Shustava <[email protected]>
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
59dab7c to
2a6759f
Compare
curtbushko
added a commit
that referenced
this pull request
Aug 19, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 19, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 23, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 24, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 24, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 24, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 25, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 26, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR:
How I've tested this PR:
How I expect reviewers to test this PR:
Or you can clone my cni-demo repo and run:
cd consul-cni-on-kind; make create-cluster deploy-calico deploy-consul hashicupsNote: the consul-cni will crashloop as I need to add the file watcher to it.
Checklist: