[release-1.20] network: pass pod UID to ocicni when performing network operations #5029
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To allow passing pod UID to plugins. Signed-off-by: Dan Williams <[email protected]> (cherry picked from commit 860edbe)
This allows plugins to more correctly cancel long-running sandbox operations when the pod is deleted/re-created in the Kube API while the call is ongoing. Signed-off-by: Dan Williams <[email protected]> (cherry picked from commit 6e8d370) (cherry picked from commit c512346)
Codecov Report
@@ Coverage Diff @@
## release-1.20 #5029 +/- ##
=============================================
Coverage 41.21% 41.22%
=============================================
Files 117 117
Lines 9489 9490 +1
=============================================
+ Hits 3911 3912 +1
Misses 5126 5126
Partials 452 452 |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dcbw, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Member
|
/test e2e-aws |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ongoing sandbox requests cannot be (or are not) canceled by kubelet, leading to a situation where short-lived pods (especially Kubernetes e2e tests for stateful sets) cause overlapping sandbox requests. If the CNI plugin needs to wait for network state to converge, it's pointless to wait for a sandbox who's pod has been deleted so the plugin should cancel the request and return to the runtime. However, it's impossible to do that race-free without the pod UID the sandbox was created for, since the there is a gap between when kubelet requests the sandbox creation and when the plugin gets the pod object from the apiserver when the pod could have been deleted and recreated, and the CNI plugin would retrieve information for the new pod, not the pod the sandbox was created for.
Passing the pod UID to the plugin allows the plugin to cancel the operation when the pod UID retrieved from the apiserver during plugin operation does not match the one the sandbox was created for.
@trozet @haircommander @mrunalp
Cherry-pick of #5026
/kind feature