Merge pull request #404 from hhyasdf/release/v0.8.7

[CHERRY PICK] release for v0.8.7

Author: mars1024

charts/hybridnet/crds/multicluster.alibaba.com_remoteclusters.yaml

@@ -83,13 +83,14 @@ spec:
                   description: "Condition contains details for one aspect of the current
                     state of this API Resource. --- This struct is intended for direct
                     use as an array at the field path .status.conditions.  For example,
-                    type FooStatus struct{     // Represents the observations of a
-                    foo's current state.     // Known .status.conditions.type are:
-                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
-                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
-                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
-                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
-                    \n     // other fields }"
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition

charts/hybridnet/crds/multicluster.alibaba.com_remoteendpointslice.yaml

@@ -67,11 +67,13 @@ spec:
                     a service.
                   properties:
                     addresses:
-                      description: addresses of this endpoint. The contents of this
+                      description: 'addresses of this endpoint. The contents of this
                         field are interpreted according to the corresponding EndpointSlice
                         addressType field. Consumers must handle different types of
                         addresses in the context of their own capabilities. This must
-                        contain at least one address but no more than 100.
+                        contain at least one address but no more than 100. These are
+                        all assumed to be fungible and clients may choose to only
+                        use the first element. Refer to: https://issue.k8s.io/106267'
                       items:
                         type: string
                       type: array
@@ -136,8 +138,7 @@ spec:
                     nodeName:
                       description: nodeName represents the name of the Node hosting
                         this endpoint. This can be used to determine endpoints local
-                        to a Node. This field can be enabled with the EndpointSliceNodeName
-                        feature gate.
+                        to a Node.
                       type: string
                     targetRef:
                       description: targetRef is a reference to a Kubernetes object
@@ -212,7 +213,7 @@ spec:
                       description: The application protocol for this port. This field
                         follows standard Kubernetes label syntax. Un-prefixed names
                         are reserved for IANA standard service names (as per RFC-6335
-                        and http://www.iana.org/assignments/service-names). Non-standard
+                        and https://www.iana.org/assignments/service-names). Non-standard
                         protocols should use prefixed names such as mycompany.com/my-custom-protocol.
                       type: string
                     name:

charts/hybridnet/crds/networking.alibaba.com_ipinstances.yaml

@@ -125,9 +125,6 @@ spec:
             properties:
               nodeName:
                 type: string
-              phase:
-                description: DEPRECATED. Planned to remove in v0.6
-                type: string
               podName:
                 type: string
               podNamespace:

charts/hybridnet/templates/daemonsets.yaml

@@ -82,6 +82,7 @@ spec:
             - --check-pod-connectivity-from-host={{ .Values.daemon.checkPodConnectivityFromHost }}
             - --enable-vlan-arp-enhancement={{ .Values.daemon.enableVlanARPEnhancement }}
             - --feature-gates=MultiCluster={{ .Values.multiCluster }}
+            - --update-ipinstance-status={{ .Values.daemon.updateIPInstanceStatus }}
           securityContext:
             runAsUser: 0
             privileged: true

charts/hybridnet/values.yaml

@@ -90,7 +90,7 @@ daemon:
 
   ## If it is empty, daemon on each node will take one of the valid address of the vxlan interface's parent
   ## (try ipv4 addresses first and then ipv6 addresses if no valid ipv4 address exists) as node's VTEP address
-  ## randomly. If is is not empty, the first result matches any of the CIDRs will be chose as VTEP address.
+  ## randomly. If it is not empty, the first result matches any of the CIDRs will be chosen as VTEP address.
   vtepAddressCIDRs: "0.0.0.0/0,::/0"
 
   # -- The community CNI plugins needed to be copied by hybridnet from inside container to the /opt/cni/bin/ directory of host
@@ -102,6 +102,9 @@ daemon:
   # -- Whether will daemon check the connectivity of local pod before staring it
   checkPodConnectivityFromHost: true
 
+  # -- Whether will daemon update the status of IPInstance while create pod sandbox
+  updateIPInstanceStatus: true
+
   # -- Specifies the resources for the cni-daemon containers
   resources: {}
     # limits:

pkg/apis/networking/v1/ipinstance_types.go

@@ -70,9 +70,6 @@ type StatefulInfo struct {
 type IPInstanceStatus struct {
 	// +kubebuilder:validation:Optional
 	NodeName string `json:"nodeName,omitempty"`
-	// DEPRECATED. Planned to remove in v0.6
-	// +kubebuilder:validation:Optional
-	Phase IPPhase `json:"phase,omitempty"`
 	// +kubebuilder:validation:Optional
 	PodName string `json:"podName,omitempty"`
 	// +kubebuilder:validation:Optional

pkg/apis/networking/v1/types.go

@@ -124,8 +124,6 @@ type VTEPInfo struct {
 	LocalIPs []string `json:"localIPs,omitempty"`
 }
 
-type IPPhase string
-
 // The conversion process from IPInstance v1.1 to v1.2 has been removed after hybridnet v0.6.0.
 const (
 	IPInstanceV12           = "v1.2"

pkg/controllers/multicluster/remotevtep_controller.go

@@ -285,9 +285,6 @@ func (r *RemoteVtepReconciler) SetupWithManager(mgr ctrl.Manager) (err error) {
 							constants.LabelNode,
 						},
 					},
-					// TODO: phase change means nothing in new IPInstance model,
-					// to be removed in next major version
-					&utils.IPInstancePhaseChangePredicate{},
 				),
 			),
 		).

pkg/controllers/networking/pod_controller.go

@@ -144,6 +144,11 @@ func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result
 		}
 
 		if strategy.OwnByStatefulWorkload(ownedObj) {
+			// Before pod terminated, should not reserve ip instance because of pre-stop
+			if !utils.PodIsTerminated(pod) {
+				return ctrl.Result{}, nil
+			}
+
 			if err = r.reserve(ctx, pod); err != nil {
 				return ctrl.Result{}, wrapError("unable to reserve pod", err)
 			}
@@ -166,6 +171,11 @@ func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result
 					return ctrl.Result{}, wrapError("unable to remove finalizer", r.removeFinalizer(ctx, pod))
 				}
 
+				// Before pod terminated, should not reserve ip instance because of pre-stop
+				if !utils.PodIsTerminated(pod) {
+					return ctrl.Result{}, nil
+				}
+
 				log.V(1).Info("reserve ip for VM pod")
 				if err = r.reserve(ctx, pod, types.DropPodName(true)); err != nil {
 					return ctrl.Result{}, wrapError("unable to reserve pod", err)
@@ -692,7 +702,7 @@ func (r *PodReconciler) checkMACAddressCollision(pod *corev1.Pod, networkName st
 		if !ipInstance.DeletionTimestamp.IsZero() {
 			continue
 		}
-		if ipInstance.Status.PodNamespace != pod.GetNamespace() || ipInstance.Status.PodName != pod.GetName() {
+		if ipInstance.Namespace != pod.GetNamespace() || ipInstance.Spec.Binding.PodName != pod.GetName() {
 			return fmt.Errorf("specified mac address %s is in conflict with existing ip instance %s/%s", macAddr, ipInstance.Namespace, ipInstance.Name)
 		}
 	}

pkg/controllers/networking/pod_controller_test.go

@@ -701,6 +701,176 @@ var _ = Describe("Pod controller integration test suite", func() {
 			Expect(k8sClient.Delete(context.Background(), pod, client.GracePeriodSeconds(0))).NotTo(HaveOccurred())
 		})
 
+		It("Check ip reserved only after pod terminated", func() {
+			By("create a stateful pod requiring IPv4 address")
+			var ipInstanceName string
+			pod := simplePodRender(podName, node1Name)
+			pod.OwnerReferences = []metav1.OwnerReference{ownerReference}
+			Expect(k8sClient.Create(context.Background(), pod)).Should(Succeed())
+
+			By("check the first allocated IPv4 address")
+			Eventually(
+				func(g Gomega) {
+					ipInstances, err := utils.ListAllocatedIPInstancesOfPod(context.Background(), k8sClient, pod)
+					g.Expect(err).NotTo(HaveOccurred())
+					g.Expect(ipInstances).To(HaveLen(1))
+
+					ipInstance := ipInstances[0]
+					ipInstanceName = ipInstance.Name
+					g.Expect(ipInstance.Spec.Address.Version).To(Equal(networkingv1.IPv4))
+					g.Expect(ipInstance.Spec.Binding.PodUID).To(Equal(pod.UID))
+					g.Expect(ipInstance.Spec.Binding.PodName).To(Equal(pod.Name))
+					g.Expect(ipInstance.Spec.Binding.NodeName).To(Equal(node1Name))
+					g.Expect(ipInstance.Spec.Binding.ReferredObject).To(Equal(networkingv1.ObjectMeta{
+						Kind: ownerReference.Kind,
+						Name: ownerReference.Name,
+						UID:  ownerReference.UID,
+					}))
+
+					g.Expect(ipInstance.Spec.Binding.Stateful).NotTo(BeNil())
+					g.Expect(ipInstance.Spec.Binding.Stateful.Index).NotTo(BeNil())
+
+					idx := *ipInstance.Spec.Binding.Stateful.Index
+					g.Expect(pod.Name).To(Equal(fmt.Sprintf("pod-%d", idx)))
+
+					g.Expect(ipInstance.Spec.Network).To(Equal(underlayNetworkName))
+					g.Expect(ipInstance.Spec.Subnet).To(BeElementOf(underlaySubnetName))
+				}).
+				WithTimeout(30 * time.Second).
+				WithPolling(time.Second).
+				Should(Succeed())
+
+			By("update to make sure pod not terminated")
+			patch := client.MergeFrom(pod.DeepCopy())
+			pod.Status.ContainerStatuses = []corev1.ContainerStatus{
+				{
+					Name: "test",
+					State: corev1.ContainerState{
+						Terminated: nil,
+					},
+				},
+			}
+			Expect(k8sClient.Status().Patch(context.Background(), pod, patch)).NotTo(HaveOccurred())
+
+			By("try to delete stateful pod into terminating state")
+			Expect(k8sClient.Delete(context.Background(), pod, client.GracePeriodSeconds(0))).NotTo(HaveOccurred())
+
+			By("check allocated IPv4 address still not reserved after 30s")
+			Consistently(
+				func(g Gomega) {
+					ipInstances, err := utils.ListAllocatedIPInstancesOfPod(context.Background(), k8sClient, pod)
+					g.Expect(err).NotTo(HaveOccurred())
+					g.Expect(ipInstances).To(HaveLen(1))
+
+					ipInstance := ipInstances[0]
+					g.Expect(ipInstance.Spec.Binding.NodeName).NotTo(BeEmpty())
+
+				}).
+				WithTimeout(30 * time.Second).
+				WithPolling(5 * time.Second).
+				Should(Succeed())
+
+			By("update to make sure pod terminated")
+			patch = client.MergeFrom(pod.DeepCopy())
+			pod.Status.ContainerStatuses = []corev1.ContainerStatus{
+				{
+					Name: "test",
+					State: corev1.ContainerState{
+						Terminated: &corev1.ContainerStateTerminated{},
+					},
+				},
+			}
+			Expect(k8sClient.Status().Patch(context.Background(), pod, patch)).NotTo(HaveOccurred())
+
+			By("check the allocated IPv4 address is reserved")
+			Eventually(
+				func(g Gomega) {
+					ipInstances, err := utils.ListAllocatedIPInstancesOfPod(context.Background(), k8sClient, pod)
+					g.Expect(err).NotTo(HaveOccurred())
+					g.Expect(ipInstances).To(HaveLen(1))
+
+					ipInstance := ipInstances[0]
+					g.Expect(ipInstance.Name).To(Equal(ipInstanceName))
+					g.Expect(ipInstance.Spec.Address.Version).To(Equal(networkingv1.IPv4))
+					g.Expect(ipInstance.Spec.Binding.PodUID).To(BeEmpty())
+					g.Expect(ipInstance.Spec.Binding.PodName).To(Equal(pod.Name))
+					g.Expect(ipInstance.Spec.Binding.NodeName).To(BeEmpty())
+					g.Expect(ipInstance.Spec.Binding.ReferredObject).To(Equal(networkingv1.ObjectMeta{
+						Kind: ownerReference.Kind,
+						Name: ownerReference.Name,
+						UID:  ownerReference.UID,
+					}))
+
+					g.Expect(ipInstance.Spec.Binding.Stateful).NotTo(BeNil())
+					g.Expect(ipInstance.Spec.Binding.Stateful.Index).NotTo(BeNil())
+
+					idx := *ipInstance.Spec.Binding.Stateful.Index
+					g.Expect(pod.Name).To(Equal(fmt.Sprintf("pod-%d", idx)))
+
+					g.Expect(ipInstance.Spec.Network).To(Equal(underlayNetworkName))
+					g.Expect(ipInstance.Spec.Subnet).To(BeElementOf(underlaySubnetName))
+				}).
+				WithTimeout(30 * time.Second).
+				WithPolling(time.Second).
+				Should(Succeed())
+
+			By("make sure pod deleted")
+			Eventually(
+				func(g Gomega) {
+					err := k8sClient.Get(context.Background(),
+						types.NamespacedName{
+							Namespace: pod.Namespace,
+							Name:      podName,
+						},
+						&corev1.Pod{})
+					g.Expect(err).NotTo(BeNil())
+					g.Expect(errors.IsNotFound(err)).To(BeTrue())
+				}).
+				WithTimeout(30 * time.Second).
+				WithPolling(time.Second).
+				Should(Succeed())
+
+			By("recreate the stateful pod")
+			pod = simplePodRender(podName, node1Name)
+			pod.OwnerReferences = []metav1.OwnerReference{ownerReference}
+			Expect(k8sClient.Create(context.Background(), pod)).NotTo(HaveOccurred())
+
+			By("check the allocated IPv4 address is retained and reused")
+			Eventually(
+				func(g Gomega) {
+					ipInstances, err := utils.ListAllocatedIPInstancesOfPod(context.Background(), k8sClient, pod)
+					g.Expect(err).NotTo(HaveOccurred())
+					g.Expect(ipInstances).To(HaveLen(1))
+
+					ipInstance := ipInstances[0]
+					g.Expect(ipInstance.Name).To(Equal(ipInstanceName))
+					g.Expect(ipInstance.Spec.Address.Version).To(Equal(networkingv1.IPv4))
+					g.Expect(ipInstance.Spec.Binding.PodUID).To(Equal(pod.UID))
+					g.Expect(ipInstance.Spec.Binding.PodName).To(Equal(pod.Name))
+					g.Expect(ipInstance.Spec.Binding.NodeName).To(Equal(node1Name))
+					g.Expect(ipInstance.Spec.Binding.ReferredObject).To(Equal(networkingv1.ObjectMeta{
+						Kind: ownerReference.Kind,
+						Name: ownerReference.Name,
+						UID:  ownerReference.UID,
+					}))
+
+					g.Expect(ipInstance.Spec.Binding.Stateful).NotTo(BeNil())
+					g.Expect(ipInstance.Spec.Binding.Stateful.Index).NotTo(BeNil())
+
+					idx := *ipInstance.Spec.Binding.Stateful.Index
+					g.Expect(pod.Name).To(Equal(fmt.Sprintf("pod-%d", idx)))
+
+					g.Expect(ipInstance.Spec.Network).To(Equal(underlayNetworkName))
+					g.Expect(ipInstance.Spec.Subnet).To(BeElementOf(underlaySubnetName))
+				}).
+				WithTimeout(30 * time.Second).
+				WithPolling(time.Second).
+				Should(Succeed())
+
+			By("remove the test pod")
+			Expect(k8sClient.Delete(context.Background(), pod, client.GracePeriodSeconds(0))).NotTo(HaveOccurred())
+		})
+
 		AfterEach(func() {
 			By("make sure test ip instances cleaned up")
 			Expect(k8sClient.DeleteAllOf(

pkg/controllers/utils/pod.go

@@ -51,4 +51,14 @@ func PodIsScheduled(pod *v1.Pod) bool {
 	return len(pod.Spec.NodeName) > 0
 }
 
+func PodIsTerminated(pod *v1.Pod) bool {
+	for i := range pod.Status.ContainerStatuses {
+		if pod.Status.ContainerStatuses[i].State.Terminated == nil {
+			return false
+		}
+	}
+
+	return true
+}
+
 var ParseNetworkConfigOfPodByPriority = utils.ParseNetworkConfigOfPodByPriority

pkg/controllers/utils/predicates.go

@@ -186,24 +186,6 @@ func (s SpecifiedLabelChangedPredicate) Update(e event.UpdateEvent) bool {
 	return false
 }
 
-type IPInstancePhaseChangePredicate struct {
-	predicate.Funcs
-}
-
-// Update implements default UpdateEvent filter for checking whether IPInstance phase change
-func (IPInstancePhaseChangePredicate) Update(e event.UpdateEvent) bool {
-	oldIPInstance, ok := e.ObjectOld.(*networkingv1.IPInstance)
-	if !ok {
-		return false
-	}
-	newIPInstance, ok := e.ObjectNew.(*networkingv1.IPInstance)
-	if !ok {
-		return false
-	}
-
-	return oldIPInstance.Status.Phase != newIPInstance.Status.Phase
-}
-
 type RemoteClusterUUIDChangePredicate struct {
 	predicate.Funcs
 }

pkg/daemon/config/config.go

@@ -103,6 +103,7 @@ type Configuration struct {
 	EnableVlanArpEnhancement     bool
 	PatchCalicoPodIPsAnnotation  bool
 	CheckPodConnectivityFromHost bool
+	UpdateIPInstanceStatus       bool
 }
 
 // ParseFlags will parse cmd args then init kubeClient and configuration
@@ -134,6 +135,7 @@ func ParseFlags() (*Configuration, error) {
 		argIPv6RouteCacheGCThresh               = pflag.Int("ipv6-route-cache-gc-thresh", DefaultIPv6RouteCacheGCThresh, "Value to set net.ipv6.route.gc_thresh")
 		argPatchCalicoPodIPsAnnotation          = pflag.Bool("patch-calico-pod-ips-annotation", true, "Patch \"cni.projectcalico.org/podIPs\" annotations to pod")
 		argCheckPodConnectivityFromHost         = pflag.Bool("check-pod-connectivity-from-host", true, "Check pod's connectivity from host before start it")
+		argUpdateIPInstanceStatus               = pflag.Bool("update-ipinstance-status", true, "Update ipinstance status while creating pod sandbox")
 	)
 
 	// mute info log for ipset lib
@@ -172,6 +174,7 @@ func ParseFlags() (*Configuration, error) {
 		IPv6RouteCacheGCThresh:               *argIPv6RouteCacheGCThresh,
 		PatchCalicoPodIPsAnnotation:          *argPatchCalicoPodIPsAnnotation,
 		CheckPodConnectivityFromHost:         *argCheckPodConnectivityFromHost,
+		UpdateIPInstanceStatus:               *argUpdateIPInstanceStatus,
 	}
 
 	if *argPreferVlanInterfaces == "" {