support to reload CNI configs real-time if defaultNetName is not assigned in initialization #31
Conversation
openshift-ci-robot
added
the
dco-signoff: yes
|
Hi @mars1024. Thanks for your PR. I'm waiting for a cri-o member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
needs-ok-to-test
|
@rajatchopra @dcbw @mrunalp PTAL, thx~ |
|
I have a same demand with you. If the defaultNetName isn't specified, dynamically choose the newest one. |
Yes, I also think most of CRIs will use ocicni by setting defaultNetName to empty string. And in this scenario, real-time reload is necessary. |
|
The PR seems reasonable to me. @dcbw ptal. |
|
@mccv1r0 ptal. |
|
I agree with the overall purpose of this PR. However, before that can be done there is a problem that needs to be solved. And that problem is caching any existing pod attachments on-disk so that if/when the default network is updated, the existing pods are deleted using their original network and not the new one that was just detected. That's basically a pre-requisite for changing CNI configs while things are running. That would look something like renaming the |
I agree with this, and I can help to store runtimeConfig and network JSON config persistently on disk in another PR to ensure the consistency between ADD and DEL. But this PR focus on reloading CNI config real-time during initialization if defaultName is not set by CRI. For example, if we start CRI with a initial CNI config called net1, after that we generate a new CNI config called net2 by Calico daemonset, we expect CRI will know and change to the new config if it comes first in file sorting, this will help us to avoid restarting CRI. In the current ocicni,even defaultNetworkName is set, your concerns above are still possible happening,because default cni network's content can change even if its name stays the same when default cni config file changes and a new config file is added, in this situation, the consistency between ADD and DEL has already been broken. So I think we can focus on this PR firstly, after that, I can help to resolve the consistency problem between ADD and DEL. Do you agree with this? @dcbw |
reasonable |
@mars1024 I understand that this is the purpose of the PR, and I agree with the purpose :) But the case that is not covered here is if container A starts up after net1 but before net2, then net2 is created and container A no longer can be torn down correctly.
Yes, but it is much less likely that the contents of the network config file will change completely, than it is an additional file is dropped on-disk from an independent component that may sort higher. Usually when daemonsets drop files on-disk, they want to sort higher than the existing files (or else they would not have been started). libcni currently has some caching operations but needs to be extended to handle config caching, which could then be used here. |
I've got your point.
OK, I think I can help to resolve the config caching problem before approving this PR. Do you think we need a bigger discussion about config caching ? And I have something to add that the cniNetworkPlugin for dockershim in kubernetes also have the same risk of default network changing because the sync goroutine, should I fix it? @dcbw |
|
@mars1024 something like containernetworking/cni#661 would do most of the work, leaving ocicni to simply retrieve the cached config/args/capabilityargs on DEL rather than having to cache that stuff internally itself. |
OK, seems a better way, I'll take a look at your PR ~ |
|
@dcbw A simple question :), why do you let ocicni retrieve cached configs on DEL but not let libcni do this directly? If we retrieve cached configs in DEL of libcni, there maybe no code changes in ocicni. |
|
hi, @dcbw @mrunalp I think config caching in cni containernetworking/cni#661 may be hanging for a while, can we promote this firstly before merging that? Because we really meet a problem about reloading CNI config as I described above. |
mars1024
force-pushed
the
support_config_load_realtime
branch
from
91b8c66 to
a25aee0
Compare
|
Status update: upstream CNI config caching support is still moving forward |
Thanks for your reply, we're working on a forked repo temporarily with vendor alias, after CNI config caching is merged, we will go back to this. Thanks again for your efforts in upstream. |
openshift-ci-robot
added
the
needs-rebase
…ialized Signed-off-by: Bruce Ma <[email protected]>
mars1024
force-pushed
the
support_config_load_realtime
branch
from
a25aee0 to
5b3831c
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mars1024 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
removed
the
needs-rebase
|
Updated to resolve conflict |
|
/assign @dcbw |
|
Since CNI config caching has been merged in upstream, we can promote this PR, either. @dcbw |
| binDirs = []string{DefaultBinDir} | ||
| } | ||
| // Mark whether defaultNetName is specified | ||
| isDefaultNetNameSpecified := defaultNetName != "" |
There was a problem hiding this comment.
Why make this a variable? It's only used once below
| if plugin.defaultNetName == "" { | ||
|
|
||
| // update default CNI network is defaultNetName is not specified during initialization | ||
| if plugin.isDefaultNetNameSpecified { |
There was a problem hiding this comment.
@haircommander Func syncNetworkConfig will be called when config files change, so isDefaultNetNameSpecified will be used not only once.
| exec: exec, | ||
| cacheDir: cacheDir, | ||
| defaultNetName: defaultNetName, | ||
| isDefaultNetNameSpecified: isDefaultNetNameSpecified, |
There was a problem hiding this comment.
@mars1024 yeah I get that, but if you change this line to:
isDefaultNetNameSpecified: defaultNetName != ""
you avoid the needless allocation of a local variable
There was a problem hiding this comment.
@haircommander DefaultNetName can be assigned through user init or first-time load, if it is assigned by user init, I don't think we want it is changed no matter how cni config files change, but if it is assigned by first-time load, I think it should reload real-time.
So we can't make sure defaultNetName != "" is equal to isDefaultNetNameSpecified==true, because defaultNetName is always non-empty by user init or first-time load, and we only want to make some changes when defaultNetName is assigned by first-time load.
|
BTW, I'm waiting for #52 merged, then we can promote this PR. @haircommander @dcbw |
@haircommander |
mars1024
changed the title
|
Let's go to the new party, see #58 , @dcbw @mrunalp @haircommander , thanks ~ |
|
obsoleted by #58 |
6 participants
When we use ocicni in our CRI (pouch), we found that CNI configs can not be reloaded real-time because the first ASCIIbetically network config's name will be defaultNetName forever after initialization , a new CNI config with new name and high-sort-order will not be updated to defaultNetName unless we restarts CRI. I don't think it's a proper behavior we expect.
And I think what we expect is that if defaultNetName is not empty, a CNI config with that network name will be used as the default CNI network, and container network operations will fail until that network config with specific defaultNetName is present and valid. But if defaultNetName is empty, CNI config should be loaded real-time and defaultNetName should be determined by file sorting, just like kubernetes cniNetworkPlugin, this will avoid CRI restarts when we want to import a new CNI config.
I hope this pr will have some help for above.