Integration test for reinitialize-pods #309
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes linkerd/linkerd2#11073 This fixes the issue of injected pods that cannot acquire proper network config because `linkerd-cni` and/or the cluster's network CNI haven't fully started. They are left in a permanent crash loop and once CNI is ready, they need to be restarted externally, which is what this controller does. This controller "`linkerd-reinitialize-pods`" watches over events on pods in the current node, which have been injected but are in a terminated state and whose `linkerd-network-validator` container exited with code 95, and proceeds to evict them so they can restart with a proper network config. The controller is to be deployed as an additional container in the `linkerd-cni` DaemonSet (addressed in linkerd/linkerd2#xxx). ## TO-DOs - Figure why `/metrics` is returning a 404 (should show process metrics) - Integration test
…y on reinitialize-pods
alpeb
force-pushed
the
alpeb/linkerd-reinitialize-pods-integration
branch
from
2f34615
to
eae377d
Compare
(Note this will fail until linkerd/linkerd2#11699 lands) The `integration-cni-plugin.yml` workflow (formerly known as `cni-plugin-integration.yml`) has been expanded to run the new recipe `reinitialize-pods-integration`, which performs the following steps: - Rebuilds the `linkerd-reinitialize-pods` crate and `cni-plugin`. The `Dockerfile-cni-plugin` file has been refactored to have two main targets `runtime` and `runtime-test`, the latter picking the `linkerd-reinitialize-pods` that has just been built locally. - Creates a new cluster at version `v1.27.6-k3s1` (version required for Calico to work) - Triggers a new `./reinitialize-pods/integration/run.sh` script which: - Installs Calico - Installs the latest linkerd-edge CLI - Installs `linkerd-cni` and wait for it to become ready - Install the linkerd control plane in CNI mode - Install a `pause` DaemonSet The `linkerd-cni` instance has been configured to include an extra initContainer that will delay its start for 15s. Since we waited for it to become ready, this doesn't affect the initial install. But then a new node is added to the cluster, and this delay allows for the new `pause` DaemonSet replica to start before the full CNI config is ready, so we can observe its failure to come up. Once the new `linkerd-cni` replica becomes ready we observe how the `pause` failed replica is replaced by a new healthy one.
alpeb
force-pushed
the
alpeb/linkerd-reinitialize-pods-integration
branch
from
eae377d
to
82aa524
Compare
alpeb
force-pushed
the
alpeb/linkerd-reinitialize-pods
branch
from
e74450f
to
c7d9a91
Compare
|
Superseded by #316 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(Note this will fail until linkerd/linkerd2#11699 lands)
The
integration-cni-plugin.ymlworkflow (formerly known ascni-plugin-integration.yml) has been expanded to run the new recipereinitialize-pods-integration, which performs the following steps:linkerd-reinitialize-podscrate andcni-plugin. TheDockerfile-cni-pluginfile has been refactored to have two main targetsruntimeandruntime-test, the latter picking thelinkerd-reinitialize-podsthat has just been built locally.v1.27.6-k3s1(version required for Calico to work)./reinitialize-pods/integration/run.shscript which:linkerd-cniand wait for it to become readypauseDaemonSetThe
linkerd-cniinstance has been configured to include an extra initContainer that will delay its start for 15s. Since we waited for it to become ready, this doesn't affect the initial install. But then a new node is added to the cluster, and this delay allows for the newpauseDaemonSet replica to start before the full CNI config is ready, so we can observe its failure to come up. Once the newlinkerd-cnireplica becomes ready we observe how thepausefailed replica is replaced by a new healthy one.