Remove the dormant container during intercept with --replace. #3761
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When the traffic-manager shuts down, it must uninstall agents unconditionally, without concerns about the "inject" annotation. Signed-off-by: Thomas Hallgren <thomas@tada.se>
Signed-off-by: Thomas Hallgren <thomas@tada.se>
There's no need to have a dormant container because the traffic-agent can serve as the replacement itself. That way, there's no need to redirect ports either, which means that there's no need to rename ports or use an init-container. An annotation is added to the pod to cater for when multiple injections happen due to replace-policy, so that injections that follow the one when an app-container is removed can reproduce the traffic-agent container, taking its ports, mounts, and environment into account. Closes #3758 Signed-off-by: Thomas Hallgren <thomas@tada.se>
The `tunnel.ConnID` still used the `net.IP`. This commit changes the constructor to use `netip.AddrPort` for host and destination instead of separate combos of `net.IP` and `uint16`. Signed-off-by: Thomas Hallgren <thomas@tada.se>
Signed-off-by: Thomas Hallgren <thomas@tada.se>
thallgren
added
the
ok to test
github-actions
bot
removed
the
ok to test
P0lip
approved these changes
Jan 6, 2025
| // skips contain defaults assigned by Kubernetes that are not zero values | ||
| if dlog.MaxLogLevel(ctx) >= dlog.LogLevelDebug { | ||
| diff := cmp.Diff(a, b, | ||
| cmp.Comparer(compareProbes), |
There was a problem hiding this comment.
a minor one too, but we already have options below, so could dedupe it a bit
func containerEqual(ctx context.Context, a, b *core.Container) bool {
// skips contain defaults assigned by Kubernetes that are not zero values
options := cmp.Options{
cmp.Comparer(compareProbes),
cmp.Comparer(compareVolumeMounts),
cmpopts.IgnoreFields(core.Container{}, "ImagePullPolicy", "Resources", "TerminationMessagePath", "TerminationMessagePolicy"),
}
if dlog.MaxLogLevel(ctx) >= dlog.LogLevelDebug {
diff := cmp.Diff(a, b, options...)
if diff != "" {
dlog.Debug(ctx, diff)
}
return diff == ""
}
return cmp.Equal(a, b, options...)
}
pkg/agentconfig/container.go
Outdated
|
|
||
| func eachConfiguredContainer(configureContainers []*core.Container, config *Sidecar, f func(*core.Container, *Container)) { | ||
| for i, cn := range configureContainers { | ||
| f(cn, config.Containers[i]) |
There was a problem hiding this comment.
is it possible that a container will be nil at runtime?
Technically from the perspective of ConfiguredContainers function that might be the case if we're unable to find the configured container.
If so, we may want to filter out nil values here as the callbacks we pass to eachConfiguredContainer will panic due to them expecting a non-nil value.
There was a problem hiding this comment.
Good point, A nil entry in the configContainers should never be possible, but looking at the ConfiguredContainers function, I realize that if the pod.Spec.Containers for some reason is out of sync with the config.Containers, and no longer contain all the containers that were present at the time when the config.Containers was generated, then that could actually happen.
Co-authored-by: Jakub Rożek <jrozek@datawire.io> Signed-off-by: Thomas Hallgren <thomas@tada.se>
- Dedup compare options. - Add nil-check in `eachConfiguredContainer` Signed-off-by: Thomas Hallgren <thomas@tada.se>
thallgren
added
the
ok to test
github-actions
bot
removed
the
ok to test
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There's no need to have a dormant container because the traffic-agent
can serve as the replacement itself. That way, there's no need to
redirect ports either, which means that there's no need to rename ports
or use an init-container.
An annotation is added to the pod to cater for when multiple injections
happen due to replace-policy, so that injections that follow the one
when an app-container is removed can reproduce the traffic-agent
container, taking its ports, mounts, and environment into account.