Service / LoadBalancer synchronization fixes #1352
Conversation
ianvernon
force-pushed
the
fix-service-delete
branch
3 times, most recently
from
f26798a
to
5197676
Compare
ianvernon
changed the title
cilium service delete
ianvernon
force-pushed
the
fix-service-delete
branch
from
5197676
to
42fd6fb
Compare
|
Hitting an issue in the K8s multinode tests which I haven't seen before, so I'm removing this from pending-review until I can get those tests passing. |
ianvernon
force-pushed
the
fix-service-delete
branch
4 times, most recently
from
cd07c03
to
2ae19fc
Compare
| @@ -47,6 +48,10 @@ type LBBackEnd struct { | |||
| Weight uint16 | |||
| } | |||
|
|
|||
| func (lbbe *LBBackEnd) String() string { | |||
| return fmt.Sprintf("%s, weight: %d", lbbe.L3n4Addr.String(), lbbe.Weight) | |||
There was a problem hiding this comment.
Isn't there a String() already for this? I was 80% sure there was.
There was a problem hiding this comment.
Since LBBackEnd is embedded with an L3n4Addr, I guess we could call String() on it, and it would use the L3n4Addr.String() function, but we wouldn't get the value for the weight for the LBBackEnd.
There was a problem hiding this comment.
I mean for LBBackend. It's fine now
daemon/loadbalancer.go
Outdated
| log.Debugf("adding service %d to BPF maps", feCilium.ID) | ||
|
|
||
| // Try to delete service before adding it and ignore errors as it might not exist. | ||
| _ = d.svcDeleteByFrontendLocked(&feCilium.L3n4Addr) |
There was a problem hiding this comment.
at least run the erros in debug mode.
| numBackends := uint16(vval.GetCount()) | ||
|
|
||
| // ServiceKeys are unique by their slave number, which corresponds to the number of backends. Delete each of these. | ||
| for i := numBackends; i > 0; i-- { |
There was a problem hiding this comment.
Do you need to delete all map entries?
There was a problem hiding this comment.
If we're deleting the service, we should clean all of the entries out of the BPF map. Why would we not want to delete all of the entries?
daemon/loadbalancer.go
Outdated
| if err := lbmap.DeleteService(svcKey); err != nil { | ||
| // Clean services and rev nats from BPF maps that failed to be restored. | ||
| for _, svc := range failedSyncSVC { | ||
| log.Debugf("Unable to restore, so rmoving service: %s", svc.FE) |
pkg/maps/lbmap/lbmap.go
Outdated
| @@ -19,6 +19,7 @@ import ( | |||
| "net" | |||
| "unsafe" | |||
|
|
|||
| log "github.com/Sirupsen/logrus" | |||
| @@ -361,17 +368,18 @@ func AddSVC2BPFMap(fe ServiceKey, besValues []ServiceValue, addRevNAT bool, revN | |||
|
|
|||
| // L3n4Addr2ServiceKey converts the given l3n4Addr to a ServiceKey with the slave ID | |||
| // set to 0. | |||
ianvernon
force-pushed
the
fix-service-delete
branch
from
2ae19fc
to
7c2e074
Compare
ianvernon
force-pushed
the
fix-service-delete
branch
2 times, most recently
from
51bf723
to
1a45982
Compare
ianvernon
dismissed
aanm’s stale review
Dismissing review - I have addressed the comments and have requested another review.
common/types/loadbalancer.go
Outdated
| @@ -372,7 +391,12 @@ func (a *L3n4Addr) IsIPv6() bool { | |||
| // KVStore. | |||
| type L3n4AddrID struct { | |||
| L3n4Addr | |||
| ID ServiceID | |||
| ID ServiceID | |||
| Slave uint16 // Number of slaves associated with this L3n4AddrID | |||
There was a problem hiding this comment.
This changes the structure used in the kvstore. Is this safe? What will happen if we upgrade Cilium and the kvstore contains old services entries?
There was a problem hiding this comment.
You're right. This actually isn't used anywhere in the cilium-agent code, so I'm going to revert it. I figured it would be nice to have to add it now and then actually implement it at a later date, but if it's going to mess with the kv-store, I don't think it's worth it at this time. I'll have this removed in the next upload.
| // Deletes a service by the frontend address | ||
| func (d *Daemon) svcDeleteByFrontend(frontend *types.L3n4Addr) error { | ||
| d.loadBalancer.BPFMapMU.Lock() | ||
| defer d.loadBalancer.BPFMapMU.Unlock() |
There was a problem hiding this comment.
This is confusing, can't we take this lock in the loadbalancer itself? Is this lock protecting the data structures in the daemon as well?
There was a problem hiding this comment.
I made this function to give flexibility when we need to delete a service by its L3n4Addr depending on if we have already acquired BPFMapMU. This is similar to other functions throughout the daemon. Can we sync up over video chat about this? It would be easier to explain that way.
ianvernon
force-pushed
the
fix-service-delete
branch
2 times, most recently
from
891aa36
to
d0fd73e
Compare
ianvernon
force-pushed
the
fix-service-delete
branch
from
d0fd73e
to
81df82f
Compare
ianvernon
force-pushed
the
fix-service-delete
branch
8 times, most recently
from
ee2d9e6
to
4e964c5
Compare
* common/types: add String() function for LBBackend, add debug logs throughout, and update LBSVC object with its SHA256 hash. * daemon: clean all LB, RevNAT maps on host when restore mode is not enabled. Add debug logs in the service-related code. When a service is updated or deleted, clean BPF LB maps of old map entries for the given service. Fix logic for syncing Cilium's LB maps with the BPF maps on disk when Cilium is restarted and restore mode is enabled. * pkg/maps/lbmap: add logs when services or RevNAT entries change state. * tests: refactor 06-lb.sh into functions to reduce duplicate code, and add test that ensures restore mode works appropriately for LB Maps when Cilium is restarted. Signed-off by: Ian Vernon <[email protected]>
ianvernon
force-pushed
the
fix-service-delete
branch
from
4e964c5
to
216d5a6
Compare
|
Please review. |
ianvernon
dismissed
tgraf’s stale review
I have addressed comments and have added more changes to the code since the previous review.
| @@ -47,6 +48,10 @@ type LBBackEnd struct { | |||
| Weight uint16 | |||
| } | |||
|
|
|||
| func (lbbe *LBBackEnd) String() string { | |||
| return fmt.Sprintf("%s, weight: %d", lbbe.L3n4Addr.String(), lbbe.Weight) | |||
There was a problem hiding this comment.
I mean for LBBackend. It's fine now
| delete(lb.SVCMap, oldSvc.Sha256) | ||
| } | ||
| log.Debugf("adding service %s with SHA %s to lb.SVCMap", svc.FE.String(), svc.Sha256) |
There was a problem hiding this comment.
Do we still need all this debug messages?
There was a problem hiding this comment.
I found that the debug messages I added were useful in determining what was going on in this code. There were very few logs when I started out with this branch in the service code. I don't see a downside to having this log - it provides important information about the state managed in Cilium.
| return &L3n4Addr{IP: ip, L4Addr: *lbport}, nil | ||
|
|
||
| addr := L3n4Addr{IP: ip, L4Addr: *lbport} | ||
| log.Debugf("created new L3n4Addr %s", addr) |
There was a problem hiding this comment.
I don't see the disadvantage of having more debug logs - see my comments above.
Global NodePort services are not supported when they are managed by iptables/ipvs, since they do not know about remote endpoints. Hence, let's skip the related connectivity tests when running in multicluster mode and KPR NodePort support is disabled, to prevent spurious failures. Related: cilium#23128 Related: cilium#23266 Fixes: cilium#1352 Signed-off-by: Marco Iorio <[email protected]>
member to L3n4AddrID, add debug logs throughout, and update LBSVC object
with its SHA256 hash.
Add debug logs in the service-related code. When a service is updated or
deleted, clean BPF LB maps of old map entries for the given service. Fix
logic for syncing Cilium's LB maps with the BPF maps on disk when Cilium is
restarted and restore mode is enabled.
test that ensures restore mode works appropriately for LB Maps when Cilium
is restarted.
Signed-off by: Ian Vernon [email protected]
Fixes #1295