CNI File watcher and pre applying rules setup#1345
Merged
curtbushko merged 9 commits intocnifrom Aug 16, 2022
Merged
Conversation
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
e6b21d4 to
f9c2da9
Compare
t-eckert
reviewed
Jul 15, 2022
curtbushko
commented
Jul 15, 2022
curtbushko
commented
Jul 15, 2022
curtbushko
commented
Jul 15, 2022
t-eckert
reviewed
Jul 15, 2022
Contributor
t-eckert
left a comment
t-eckert
left a comment
There was a problem hiding this comment.
First pass with some initial comments! More for me to read and do!
ishustava
reviewed
Jul 19, 2022
Contributor
ishustava
left a comment
ishustava
left a comment
There was a problem hiding this comment.
Leaving my comments so far. I didn't get to review the tests yet! Will continue reviewing later today.
control-plane/cni/main.go
Outdated
| return fmt.Errorf("annotation %s does not exist yet", annotation) | ||
| } | ||
| return err | ||
| }, backoff.WithMaxRetries(backoff.NewConstantBackOff(1*time.Second), retries)) |
Contributor
There was a problem hiding this comment.
This function will wait for 10 seconds for the annotation if I'm reading this correctly. Is this enough? I think on some clouds and depending on your pod, it might definitely take more than that to provision a pod and for endpoints controller to add this annotation.
Contributor
Author
There was a problem hiding this comment.
You were correct. The backoff is constant and would last 10 seconds total. I have set this to 30 retries (ie 30 seconds). We could do an ExponentialBackoff (it is a cool package) to slow down the retries but I think being responsive is better.
Contributor
Author
There was a problem hiding this comment.
Removed retries.
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
t-eckert
reviewed
Jul 20, 2022
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
ad2d7e9 to
6fa5393
Compare
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
c876bb7 to
480a3f2
Compare
curtbushko
changed the title
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
3 times, most recently
from
89105d7 to
760f472
Compare
ishustava
reviewed
Aug 9, 2022
Contributor
ishustava
left a comment
ishustava
left a comment
There was a problem hiding this comment.
Amazing work Curt!! You did such a great job on testing! I had a few suggestions in-line
control-plane/cni/main.go
Outdated
| return types.PrintResult(result, cfg.CNIVersion) | ||
| } | ||
|
|
||
| pod.Annotations[keyTransparentProxyStatus] = waiting |
Contributor
There was a problem hiding this comment.
why do we change it to waiting?
Contributor
Author
There was a problem hiding this comment.
This is a simple way to show some sort of status that the CNI plugin is working. I have added a simple updateTransparentProxyStatusAnnotation function to clean it up a bit so that we can have:
consul.hashicorp.com/transparent-proxy-status = waiting and consul.hashicorp.com/transparent-proxy-status = complete
annotations on the pod.
Please let me know if you have better or more consistent status names.
control-plane/cni/main.go
Outdated
| return fmt.Errorf("annotation %s does not exist yet", annotation) | ||
| } | ||
| return err | ||
| }, backoff.WithMaxRetries(backoff.NewConstantBackOff(1*time.Second), retries)) |
Comment on lines
+90
to
+93
| time.Sleep(50 * time.Millisecond) | ||
| // Filewatcher should have detected change, fixed and appended to the config file. Make sure | ||
| // files match. | ||
| require.Equal(t, string(expected), string(actual)) |
Contributor
There was a problem hiding this comment.
Suggested change
| time.Sleep(50 * time.Millisecond) | |
| // Filewatcher should have detected change, fixed and appended to the config file. Make sure | |
| // files match. | |
| require.Equal(t, string(expected), string(actual)) | |
| // Filewatcher should have detected change, fixed and appended to the config file. Make sure | |
| // files match. | |
| retry.Run(t, func(r *retry.R) { | |
| require.Equal(r, string(expected), string(actual)) | |
| }) |
Contributor
Author
There was a problem hiding this comment.
I added this to a few places that I thought were relevant.
ishustava
approved these changes
Aug 15, 2022
Contributor
ishustava
left a comment
ishustava
left a comment
There was a problem hiding this comment.
Looks good!! Just one minor suggestion.
Approving, assuming unit and acceptance tests are fixed before merge. For acceptance, you might need to rebase to get latest peering fixes.
* Get structure in place and CNI installer & plugin building
Add helm charts for CNI installer
* Get structure in place and CNI installer & plugin building
increase limits for CNI plugin so that it runs on GKE
add annotations for transparent proxy status (enabled, waiting)
Initial setup (CNI_ARGS) for getting information to the CNI plugin
file watcher for config file changes and for when the config file does not exists
added wait for annotation to be used before applying ipconfig traffic redirection
Co-Authored-By: Thomas Eckert <teckert@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
curtbushko
force-pushed
the
curtbushko/proxyconfig
branch
from
59dab7c to
2a6759f
Compare
curtbushko
added a commit
that referenced
this pull request
Aug 19, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 19, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 23, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 24, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 24, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 24, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 25, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
curtbushko
added a commit
that referenced
this pull request
Aug 26, 2022
* Add file watcher to CNI installer to watch for config file changes and repair breakages. * Wait for CNI config file to show up on the host file system before attempting to install consul-cni configuration. * Add some code to get ready for the next PR that applying iptables rules * Unit tests for installer and plugin scenarios
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR:
How I've tested this PR:
How I expect reviewers to test this PR:
Or you can clone my cni-demo repo and run:
cd consul-cni-on-kind; make create-cluster deploy-calico deploy-consul hashicupsNote: the consul-cni will crashloop as I need to add the file watcher to it.
Checklist: