New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
endpoint: create endpoint without labels #30170
Conversation
/test |
/test |
I'm not familiar with this API as I was only aware of the custom health endpoint being created within the agent, so I'm removing my review assignment. /cc @cilium/sig-agent and @christarazi from the linked issue for review. |
I'm not sure this is the right solution. Wouldn't it just make more sense to unconditionally start the identity resolver? I don't know why we skip it when |
tbh I have no idea, very good point |
when I am looking closely at the |
|
/test |
This pull request has been automatically marked as stale because it |
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR. Sorry for taking so much time to review this but now I understood the full picture. I think this patch would be more appropriate. We should prevent executing runIdentityResolver
unnecessarily.
diff --git a/daemon/cmd/endpoint.go b/daemon/cmd/endpoint.go
index d995eda77f..ed064bec20 100644
--- a/daemon/cmd/endpoint.go
+++ b/daemon/cmd/endpoint.go
@@ -376,6 +376,16 @@ func (d *Daemon) createEndpoint(ctx context.Context, owner regeneration.Owner, e
"sync-build": epTemplate.SyncBuildEndpoint,
}).Info("Create endpoint request")
+ // We don't need to create the endpoint with the labels. This might cause
+ // the endpoint regeneration to not be triggered further down, with the
+ // ep.UpdateLabels or the ep.RunMetadataResolver, because the regeneration
+ // is only triggered in case the labels are changed, which they might not
+ // change because NewEndpointFromChangeModel would contain the
+ // epTemplate.Labels, the same labels we would be calling ep.UpdateLabels or
+ // the ep.RunMetadataResolver.
+ apiLabels := labels.NewLabelsFromModel(epTemplate.Labels)
+ epTemplate.Labels = nil
+
ep, err := endpoint.NewEndpointFromChangeModel(d.ctx, owner, d, d.ipcache, d.l7Proxy, d.identityAllocator, epTemplate)
if err != nil {
return invalidDataError(ep, fmt.Errorf("unable to parse endpoint parameters: %s", err))
@@ -414,7 +424,6 @@ func (d *Daemon) createEndpoint(ctx context.Context, owner regeneration.Owner, e
return invalidDataError(ep, err)
}
- apiLabels := labels.NewLabelsFromModel(epTemplate.Labels)
infoLabels := labels.NewLabelsFromModel([]string{})
if len(apiLabels) > 0 {
When endpoint is created and `EndpointChangeRequest` contains labels, it might cause the endpoint regeneration to not be triggered as it is only triggered when labels are changed. Unfortunately this does not happen when epTemplate.Labels are set with the same labels as `EndpointChangeRequest`. This commit fixes the above issue by not setting epTemplate.Labels. Fixes: cilium#29776 Signed-off-by: Ondrej Blazek <ondrej.blazek@firma.seznam.cz>
yeah that totally works!! |
When endpoint API is used to create an endpoint and
EndpointChangeRequest
contains labels, it will not allocate an identity to the endpoint.During
NewEndpointFromChangeModel()
labels are stored in the endpoint model, causing the followup callep.UpdateLabels()
to not bump revision during this singlecreateEndpoint()
call. This means the folloup call toe.runIdentityResolver()
never happens and the endpoint ends up without identity and with state waiting-for-identity.This should not happen, otherwise user can only not set the labels during
createEndpoint()
call and do a followup callpatchEndpoint()
where labels will be set which then triggers regeneration to be triggered and identity allocated.Instead epTemplate.Labels don't need to be set which means the above issue never happens as
updateLabels()
will now bump revision -> i.e. the regeneration is triggered.With these changes one can
createEndpoint()
with labels in a single call:Fixes: #29776
Signed-off-by: Ondrej Blazek ondrej.blazek@firma.seznam.cz