-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
agent: rework clustermesh config watcher for increased robustness #24163
Conversation
/test |
verified from our side that this fixes the issue #23273 👍 |
1fdb925
to
7319a5f
Compare
Last push fixed an issue which caused certain update notifications to be missed, and updated tests to check also for this case. |
The agent leverages an fsnotify watcher to detect file changes in the directory containing the etcd configurations for remote clusters (as well as the associated keys/certs), triggering a reconfiguration as appropriate. This commit reworks the above logic to address two main issues: * Due to how Kubernetes mounts ConfigMaps and Secrets within pods, and in particular the usage of symbolic links to handle atomic updates, changes in existing files were not detected (since the watched file itself was a symbolic link, which doesn't change during such operation). Now, an explicit watch operation is started for each configuration file (i.e., watching the actual target), causing a notification to be properly emitted when that is changed. * Prevent possible spurious notifications even if the configuration is not actually modified. This is achieved through hash comparison. Integration tests are updated to cover the above two aspects. Fixes: cilium#23273 Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
7319a5f
to
4d9d02d
Compare
Rebased to retrigger the tests, as images signing previously failed. |
/test Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test Name
Failure Output
If it is a flake and a GitHub issue doesn't already exist to track it, comment |
/test-1.26-net-next |
/test-runtime |
/test-runtime |
@giorio94 Can you add the upstream commit reference to the commit message as documented in https://github.com/cilium/cilium/blob/master/Documentation/contributing/release/backports.rst? |
@jrajahalme Sorry, I added the wrong label. It was intended to be |
/test-runtime |
The agent leverages an fsnotify watcher to detect file changes in the directory containing the etcd configurations for remote clusters (as well as the associated keys/certs), triggering a reconfiguration as appropriate.
This PR reworks the above logic to address two main issues:
Integration tests are updated to cover the above two aspects.
Fixes: #23273