Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Pod network status annotation to make Pod SecondaryNetwork IP visible #7069

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add Pod network status annotation to make Pod SecondaryNetwork IP visible #7069

wants to merge 3 commits into from

Conversation

wenqiq
Copy link
Contributor

@wenqiq wenqiq commented Mar 19, 2025
edited
Loading

related #7048

Add Network Status Annotations for Pod to make Pod SecondaryNetwork IP visible. For example:

Annotations:        k8s.v1.cni.cncf.io/networks: macvlan-conf
                    k8s.v1.cni.cncf.io/network-status:
                      [{
                          "name": "cbr0",
                          "ips": [
                              "10.244.1.73"
                          ],
                          "default": true,
                          "dns": {}
                      },{
                          "name": "macvlan-conf",
                          "interface": "net1",
                          "ips": [
                              "192.168.1.205"
                          ],
                          "mac": "86:1d:96:ff:55:0d",
                          "dns": {}
                      }]

TestDone:
kubectl get pods sriov-pod1 -n testsriovnetwork-uu5azxvs -oyaml

apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "sriov-net1",
          "interface": "eth1",
          "ips": [
              "172.31.16.199"
          ],
          "mac": "02:1d:78:31:6f:c7",
          "dns": {}
      }]
    k8s.v1.cni.cncf.io/networks: '[{"name": "sriov-net1", "namespace": "default",
      "interface": "eth1"}]'
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"k8s.v1.cni.cncf.io/networks":"[{\"name\": \"sriov-net1\", \"namespace\": \"default\", \"interface\": \"eth1\"}]"},"labels":{"App":"secondaryTest","antrea-e2e":"sriov-pod1","app":"toolbox"},"name":"sriov-pod1","namespace":"testsriovnetwork-uu5azxvs"},"spec":{"containers":[{"image":"antrea/toolbox:1.5-1","imagePullPolicy":"IfNotPresent","name":"toolbox","resources":{"limits":{"intel.com/intel_sriov_netdevice":"1"},"requests":{"intel.com/intel_sriov_netdevice":"1"}},"securityContext":{"privileged":false},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"kube-api-access-rllmk","readOnly":true}]}],"dnsPolicy":"ClusterFirst","enableServiceLinks":true,"nodeName":"ip-172-31-19-106","nodeSelector":{"kubernetes.io/hostname":"ip-172-31-19-106"},"preemptionPolicy":"PreemptLowerPriority","priority":0,"restartPolicy":"Never","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":1,"tolerations":[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoExecute","key":"node.kubernetes.io/not-ready","operator":"Exists","tolerationSeconds":300},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":300}],"volumes":[{"name":"kube-api-access-rllmk","projected":{"defaultMode":420,"sources":[{"serviceAccountToken":{"expirationSeconds":3607,"path":"token"}},{"configMap":{"items":[{"key":"ca.crt","path":"ca.crt"}],"name":"kube-root-ca.crt"}},{"downwardAPI":{"items":[{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"},"path":"namespace"}]}}]}}]}}
  creationTimestamp: "2025-03-25T15:23:07Z"
  labels:
    App: secondaryTest
    antrea-e2e: sriov-pod1
    app: toolbox
  name: sriov-pod1
  namespace: testsriovnetwork-uu5azxvs
  resourceVersion: "41832"
  uid: a1930238-342d-47e4-b15c-33c1e706800d

@wenqiq wenqiq force-pushed the improve-pod-secondary-ip branch 2 times, most recently from fa52370 to 5177eef Compare March 24, 2025 16:23
@wenqiq wenqiq marked this pull request as ready for review March 24, 2025 16:24
jianjuns
jianjuns reviewed Mar 25, 2025
View reviewed changes
pkg/agent/secondarynetwork/podwatch/controller.go Outdated
if err := netdefutils.SetNetworkStatus(pc.kubeClient, pod, netStatus); err != nil {
klog.ErrorS(err, "Update Pod annotation failed", "Pod", klog.KRef(pod.Namespace, pod.Name))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error is not logged in the caller?

If already logged in the caller, probably just append the extra context to the error and return.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error was ultimately returned to the syncPod function without being logged. The final call was made in processNextWorkItem. I think a log for recording the error should be added in processNextWorkItem, similar to how other controllers handle it.
https://github.com/antrea-io/antrea/blob/main/pkg/agent/secondarynetwork/podwatch/controller.go#L310

	if err := pc.syncPod(key); err == nil {
		pc.queue.Forget(key)
	} else {
		pc.queue.AddRateLimited(key)
	}

pkg/agent/secondarynetwork/podwatch/controller.go Outdated
if netStatus != nil {
if err := netdefutils.SetNetworkStatus(pc.kubeClient, pod, netStatus); err != nil {
klog.ErrorS(err, "Update Pod annotation failed", "Pod", klog.KRef(pod.Namespace, pod.Name))
return err
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will the error trigger a retry? But that will not really retry updating the status? If true, probably just log and do not return an error.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Returning an error here will trigger a retry, it seems pointless since SetNetworkStatus already has retry logic. Thanks for your advice. It's reasonable to just log the error without returning it.

wenqiq added 3 commits March 26, 2025 10:05
@wenqiq
Add Pod annotation for Pod network status
641ea04 
Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>
@wenqiq
Update antrea-agent ClusterRole manifest to update Pod annotation
82667dc 
Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>
@wenqiq
Address comments
a05aa0e 
Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>
@wenqiq wenqiq force-pushed the improve-pod-secondary-ip branch from dea0950 to a05aa0e Compare March 26, 2025 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jianjuns jianjuns

@antoninbas antoninbas

@tnqn tnqn

@luolanzone luolanzone

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wenqiq @jianjuns