Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node/manager: Only remove old IPs if they weren't already added #25067

Merged
merged 1 commit into from
Apr 24, 2023
Merged

node/manager: Only remove old IPs if they weren't already added #25067

merged 1 commit into from
Apr 24, 2023

Conversation

christarazi
Copy link
Member

@christarazi christarazi commented Apr 23, 2023
edited

Previously, IPs that were added to the ipset would be removed upon a
node update event.

For example, take the following scenario:

  1. Node add event received, N:{IPs:[X]}
  2. Add IP X to ipset
  3. Node update event received, N:{IPs:[X, Y, Z]}
  4. Add IPs Y and Z to ipset
  5. Remove IP X from ipset

Step (5) would occur because upon a node update event, we iterate
through the old IPs from the previous event (i.e. IPs:[X]) and delete
the IPs from the previous event.

Therefore, we need to add a check before processing an ipset delete to
ensure that the IPs being deleted are not currently present inside the
node event.

Fixes: d5e5bf3 ("node/manager: Remove ipset config from previous node state")

Signed-off-by: Chris Tarazi chris@isovalent.com

@christarazi christarazi added kind/bug This is a bug in the Cilium logic. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. kind/regression This functionality worked fine before, but was broken in a newer release of Cilium. release-note/misc This PR makes changes that have no direct user impact. labels Apr 23, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. and removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Apr 23, 2023
@christarazi christarazi added needs-backport/1.12 affects/v1.11 This issue affects v1.11 branch needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Apr 23, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.12.10 Apr 23, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.13.3 Apr 23, 2023
@christarazi
node/manager: Only remove old IPs if they weren't already added
25eb2d0 
Previously, IPs that were added to the ipset would be removed upon a
node update event.

For example, take the following scenario:

1. Node add event received, N:{IPs:[X]}
2. Add IP X to ipset
3. Node update event received, N:{IPs:[X, Y, Z]}
4. Add IPs Y and Z to ipset
5. Remove IP X from ipset

Step (5) would occur because upon a node update event, we iterate
through the old IPs from the previous event (i.e. IPs:[X]) and delete
the IPs from the previous event.

Therefore, we need to add a check before processing an ipset delete to
ensure that the IPs being deleted are not currently present inside the
node event.

Fixes: d5e5bf3 ("node/manager: Remove ipset config from previous node state")

Signed-off-by: Chris Tarazi <chris@isovalent.com>
@christarazi
Copy link
Member Author

/test

@christarazi christarazi marked this pull request as ready for review April 23, 2023 03:36
@christarazi christarazi requested a review from a team as a code owner April 23, 2023 03:36
@christarazi
Copy link
Member Author

christarazi commented Apr 23, 2023
edited by maintainer-s-little-helper bot

/test

Job 'Cilium-PR-K8s-1.27-kernel-net-next' failed:

Click to show.

Test Name

K8sAgentPolicyTest Multi-node policy test validates ingress CIDR-dependent L4 With host policy Connectivity is restored after importing ingress policy

Failure Output

FAIL: Timed out after 1.001s.

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.27-kernel-net-next/89/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.27-kernel-net-next so I can create one.

@christarazi christarazi mentioned this pull request Apr 23, 2023
Merged
7 tasks
@pchaigno pchaigno added release-blocker/1.12 This issue will prevent the release of the next version of Cilium. release-blocker/1.13 This issue will prevent the release of the next version of Cilium. labels Apr 24, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Apr 24, 2023
@pchaigno pchaigno merged commit e7e4abb into cilium:main Apr 24, 2023
56 checks passed
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.12 in 1.12.10 Apr 24, 2023
@nbusseneau nbusseneau added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Apr 24, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.13 in 1.13.3 Apr 24, 2023
@nbusseneau nbusseneau mentioned this pull request Apr 24, 2023
Merged
15 tasks
@christarazi christarazi deleted the pr/christarazi/fixup-ipset branch April 24, 2023 16:42
@sayboras sayboras added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels Apr 26, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.13 to Backport done to v1.13 in 1.13.3 Apr 26, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.13 to Backport done to v1.13 in 1.13.3 Apr 26, 2023
@sayboras sayboras added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed backport-pending/1.12 labels Apr 26, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.12 to Backport done to v1.12 in 1.12.10 Apr 26, 2023
This was referenced May 16, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pippolo84 pippolo84 pippolo84 approved these changes

@pchaigno pchaigno pchaigno approved these changes

Assignees
No one assigned
Labels
affects/v1.11 This issue affects v1.11 branch backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. kind/bug This is a bug in the Cilium logic. kind/regression This functionality worked fine before, but was broken in a newer release of Cilium. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-blocker/1.12 This issue will prevent the release of the next version of Cilium. release-blocker/1.13 This issue will prevent the release of the next version of Cilium. release-note/misc This PR makes changes that have no direct user impact. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
No open projects
1.12.10
Backport done to v1.12
1.13.3
Backport done to v1.13
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@christarazi @pippolo84 @pchaigno @nbusseneau @sayboras