azure-container-networking/npm/profiles/v2-background.yaml

24 строки
717 B
YAML
Исходник Постоянная ссылка Обычный вид История

perf: [NPM] [LINUX] add NetPols in background (#1969) * wip: apply dirty NetPols every 500ms in Linux * only build npm linux image * fix: check for empty cache * feat: toggle for netpol interval. default 500 ms * ci: remove stages "build binaries" and "run windows tests" * wip: max batched netpols (toggle-specified) * ci: remove manifest build/push for win npm * wip: handle ipset deletion properly and max batch for delete too * fix: correct remove policy * fix: only remove policy if it was in kernel * finalize toggles, allowing ability to turn off iptablesInBackground * ci: conf + cyc use PR's configmaps * fix: lints * fix dp toggle: iptablesInBackground * fix lock typo and config logging * fix background thread. add comments. only add tmp ref when enabled * copy pod selector list * fix: removepolicy needs namespace too * rename opInfo to event * fix: fix references and prevent concurrent map read/write * tmp: debug logging * fix: missing set references by swap keys and values * Revert "tmp: debug logging" This reverts commit 70ed34c714ea4a6d009a1fe90a7168be4bedd5bf. * fix: add podSelectorList to fake NetPol * log: do not print error when failing to delete non-existent nft rule * log: verbose iptables bootup * log: use fmt.Errorf for clean logging * log: never return error for iptables in background and fix some lints * fix: activate/deactivate azure chain rules * fix: correctly decrement netpols in kernel * ci: run UTs again * ci: update profiles. default to placefirst=false * address comment: rename batch to pendingPolicy * refactor: make dirty cache OS-specific * test: UTs * test: put UT cfg back to placefirst to not break things * ci: update cyclonus workflows * fmt: address comment & lint * fmt: rename numInKernel to policiesInKernel * log: switch to fmt.Errorf * fmt: whitespace * feat: resiliency to errors while reconciling dirty netpols * log: temporarily print everything for ipset restore * fix: remove nomatch from ipset -D for cidr blocks * test: UTs for non-happy path * test: fix hns fake * fix: don't change windows. let it delete ipsets when removing policies * fix windows lint * fix: ignore chain doesn't exist errors for iptables -D * feat: latency and failure metrics * test: update exit code for UT * metrics: new metrics should go in node-metrics path * style: simplify nesting * style: move identical windows & linux code to shared file * ci: remove v1 conformance and cyclonus * feat: add NetPols in background from the DP (revert background code in pMgr) * style: remove "background" from iptables metrics * revert changes in ipsetmanager, const.go, and dp.Remove/UpdatePolicy * style: whitespace * perf: use len() instead of creating slice from map * remove verbosity for iptables bootup * build: add return statement * style: whitespace * build: fix variable shadowing * build: fix more import shadowing * build: windows pointer issue and UT issue * test: fix UT for iptables error code 2 * ci: enable linux scale test * ci: revert to master pipeline.yaml * revert changes to chain-management. do changes in PR #2012 * log: change wording * test: UTs for netpol in background * log: wording * feat: apply ipsets for each netpol individually * config: rearrange ConfigMap & update capz yaml * fix: windows bootup phase logic for addpolicy * feat: restrict netpol in background to linux + nftables * test: skip nftables check for UT * style: netpols[0] instead of loop * log: address log comments * style: lint for long line --------- Co-authored-by: Vamsi Kalapala <vakr@microsoft.com>
2023-07-19 19:13:52 +03:00
apiVersion: v1
kind: ConfigMap
metadata:
name: azure-npm-config
namespace: kube-system
data:
azure-npm.json: |
{
"ResyncPeriodInMinutes": 15,
"ListeningPort": 10091,
"ListeningAddress": "0.0.0.0",
"NetPolInvervalInMilliseconds": 500,
"MaxPendingNetPols": 100,
"Toggles": {
"EnablePrometheusMetrics": true,
"EnablePprof": true,
"EnableHTTPDebugAPI": true,
"EnableV2NPM": true,
"PlaceAzureChainFirst": true,
"ApplyIPSetsOnNeed": false,
"NetPolInBackground": true
}
}