-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api: add support for reading Pod IPs #119
Conversation
/assign @samuelkarp |
Allow NRI plugins to read the allocated IPs to the pod on the PodSandbox hooks. This is specially useful for networking daemons that depend on the Pod IPs assigned via CNI by the container runtime (service mesh, network policies, ... ) to create seamless integrations without having to modify the existing environment. Existing network integrations use techniques like: - CNI chaining (invasive) as the implementation needs to modify the existing deployment and can cause disruption due to mutations on the existing configurations. - Read Pod Status, that is too late in the process, since the pod lifecycle does not update the pod status until the containers are running, but there are applications like network policy implemetnations or service meshes that needs this information before the pod is completely created. - Inspect the host namespaces to gather the information, that is very intrusive and not portable, creating a tighly coupling between. Add a nri plugin that can be used as reference implementations for this integration, the nri plugin just log the interesting networking details of the pod (ips and network namespace) on the different hooks of the pod lifecucle. Change-Id: Idb9605c719903d0df51c9a1947e0f838870b5c0b Signed-off-by: Antonio Ojea <aojea@google.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks as reasonable addition to Pod status struct.
lgtm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
suggested followups:
might want to also consider passing cniresult
might want to also consider passing cni config detail
might want to consider adding a verbose mode on the plugin to show detail for the pod's netns / cni status detail - could check on a timer and/or if there is a delta from the last status check etc..
side note with the listed patch .. https://github.com/containerd/nri/blob/main/plugins/logger/nri-logger.go#L92 should also show the new content albeit not as focused. |
naive question, I'm not familiar with this repository workflow, what is the next step to be able to get this merged? Thanks |
you assigned samuel so wasn't sure if you wanted to wait on his review or not otherwise we can go ahead and merge.. |
I was away for a few days. I can look today. |
Allow NRI plugins to read the allocated IPs to the pod on the PodSandbox hooks. This is specially useful for networking daemons that depend on the Pod IPs assigned via CNI by the container runtime (service mesh, network policies, ... ) to create seamless integrations without having to modify the existing environment.
Existing network integrations use techniques like:
CNI chaining (invasive) as the implementation needs to modify the existing deployment and can cause disruption due to mutations on the existing configurations [Feature] Early podIP notification to better co-operate with Calico in policy-only mode Azure/AKS#4385
Read Pod Status, that is too late in the process, since the pod lifecycle does not update the pod status until the containers are running, but there are applications like network policy implemetnations or service meshes that needs this information before the pod is completely created (ref: Pod.Status.PodIP not updated during postStart lifecycle hook kubernetes/kubernetes#85966)
Inspect the host namespaces to gather the information, that is very intrusive and not portable, creating a tighly coupling between the implementations.
Add a nri plugin that can be used as reference implementations for this integration, the nri plugin just log the interesting networking details of the pod (ips and network namespace) on the different hooks of the pod lifecucle.
Container runtime dependencies
This feature requires the container runtime to pass to the nri plugin the IP information.
Containerd patch
You need to build containerd with this NRI patch. In the meantime, for development you can modify the go.mod file in containerd with a
replace
statement to use the local code and update the vendor folder in containerd.Tested
This was tested with kind but can be tested in any kubernetes cluster just enabling the NRI plugins functionality.
Build a new containerd binary with the patches indicated in the previous section and run it on the nodes:
Build the
network-logger
plugin, copy it into a node and run it, it will output the network parameters of the Pods in each of the lifecycle hooksIf you create now new Pods it will show up in the log output