[DRAFT]: Generic reconciler by joamaki · Pull Request #28276 · cilium/cilium

joamaki · 2023-09-26T08:23:21Z

Builds on top of #28140.

This implements a "generic reconciler" which takes the desired state as a StateDB table
and a "reconciliation target" that defines the reconciliation operations. It performs
fast incremental reconciliation of changes and periodic full reconciliation. Metrics
and health reporting are included.

pkg/reconciler/example has some rough early examples for sysctl and iptables.

By wrapping the reconciliation into a reusable generic utility we gain:

Single well-tested implementation for mission critical code
Uniform metrics, health and status reporting
Significant reduction in code duplication
The "concept" of reconciler that can be understood and inspected from outside

Summary of the API:

package reconciler

// Reconcilable objects carry status
type Reconcilable[Obj comparable] interface {
  comparable
  GetStatus() Status
  WithStatus(Status) Obj
}

// Reconciliation target defines the operations for reconciling a single
// object.
type Target[Obj Reconcilable[Obj]] interface {
  Init(context.Context) error
  Update(context.Context, Obj) error
  Delete(context.Context, Obj) error
  Sync(context.Context, statedb.Iterator[Obj]) (outOfSync bool, err error)
}

type params[Obj Reconcilable[Obj]] struct {
  cell.In

  // ... other dependencies ...

  // Dependencies that parametrize the reconciler for the concrete
  // use case:
  Config
  Target Target[Obj]
  StatusIndex statedb.Index[Obj, StatusKind]
}

// Register creates a reconciler and adds it to the application lifecycle.
// "cell.Invoke(reconciler.Register[MyObject])".
func Register[Obj Reconcilable[Obj]](p params[Obj]) { ... }

Usage:

package example

// Define the object that presents the desired state.
type MyObject struct { ... }
func (m *MyObject) GetStatus() reconciler.Status { ... }
func (m *MyObject) WithStatus(s reconciler.Status) *MyObject { /* copy and set status */ }
var statusIndex = reconciler.NewStatusIndex[*MyObject]()
var idIndex = statedb.Index[*MyObject, UUID]{...}

// Define a safe API for managing the desired state. Alternatively if it's obvious
// the RWTable[*MyObject] could be directly exposed.
// (TODO: Not sure at all if we want to call these sort of things managers)
type MyObjectManager struct {...}
func (m *MyObjectManager) Set(...) error {}
func (m *MyObjectManager) Get(...) error {}
func (m *MyObjectManager) Wait(context.Context) error { 
  // see example/sysctl.go for how we can wait for reconciliation.
}
func newMyObjectManager(db *statedb.DB, table statedb.RWTable[*MyObject) *MyObjectManager { ... }

var Cell = cell.Module(
  "my-module", 
  "There are many like it, but this one is mine",

  // Create the table for the desired state. Keep write access protected to this module.
  statedb.NewProtectedTableCell[*MyObject]("my-objects", idIndex, statusIndex),

  // Provide a public API for managing the desired state to the rest of the application.
  cell.Provide(newMyObjectManager),

  // Provide the reconciler dependencies, but scoped to just this module.
  cell.ProvidePrivate(
    func() reconciler.Target[*MyObject] { return &myObjectTarget{} },
    func() reconciler.Config { ...},
    func() statedb.Index[*MyObject, reconciler.StatusKind] { return statusIndex },
  ),

  // Create and register the reconciler to the application lifecycle. 
  cell.Invoke(reconciler.Register[*MyObject]),
)

type myObjectTarget struct { ... }
func (r *myObjectTarget) Init(context.Context) error { ... }
func (r *myObjectTarget) Update(context.Context, Obj) error { ... }
func (r *myObjectTarget) Delete(context.Context, Obj) error { ... }
func (r *myObjectTarget) Sync(context.Context, statedb.Iterator[Obj]) (outOfSync bool, err error) { .. }

Health reporting:

Status{ModuleID: iptables, Level: Degraded, Since: 3.000499163s ago, Message: Incremental reconciliation failure, Err: oops iptables error}

Metrics:

# HELP cilium_reconciler_full_duration_seconds Histogram over full reconciliation duration
# TYPE cilium_reconciler_full_duration_seconds histogram
cilium_reconciler_full_duration_seconds_bucket{module_id="sysctl",le="0.005"} 1
# ...
cilium_reconciler_full_duration_seconds_sum{module_id="sysctl"} 6.0364e-05
cilium_reconciler_full_duration_seconds_count{module_id="sysctl"} 1
# HELP cilium_reconciler_full_total Number of full reconciliations performed
# TYPE cilium_reconciler_full_total counter
cilium_reconciler_full_total{module_id="sysctl"} 1
# HELP cilium_reconciler_incremental_duration_seconds Histogram of per-operation duration during incremental reconciliation
# TYPE cilium_reconciler_incremental_duration_seconds histogram
cilium_reconciler_incremental_duration_seconds_bucket{module_id="iptables",le="0.005"} 4
# ...
cilium_reconciler_incremental_duration_seconds_sum{module_id="iptables"} 9.6464e-05
cilium_reconciler_incremental_duration_seconds_count{module_id="iptables"} 4
cilium_reconciler_incremental_duration_seconds_bucket{module_id="sysctl",le="0.005"} 14
# ...
cilium_reconciler_incremental_duration_seconds_sum{module_id="sysctl"} 0.0009456850000000001
cilium_reconciler_incremental_duration_seconds_count{module_id="sysctl"} 14
# HELP cilium_reconciler_incremental_errors_current The number of objects currently failing to be reconciled
# TYPE cilium_reconciler_incremental_errors_current gauge
cilium_reconciler_incremental_errors_current{module_id="iptables"} 1
cilium_reconciler_incremental_errors_current{module_id="sysctl"} 0
# HELP cilium_reconciler_incremental_errors_total Total number of errors encountered during incremental reconciliation
# TYPE cilium_reconciler_incremental_errors_total counter
cilium_reconciler_incremental_errors_total{module_id="iptables"} 4
cilium_reconciler_incremental_errors_total{module_id="sysctl"} 4
# HELP cilium_reconciler_incremental_total Number of incremental reconciliations performed
# TYPE cilium_reconciler_incremental_total counter
cilium_reconciler_incremental_total{module_id="iptables"} 4
cilium_reconciler_incremental_total{module_id="sysctl"} 15

maintainer-s-little-helper · 2023-09-26T08:23:24Z

Commit 8372713aeee883bda04ba3e913b30b127b0c1794 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

maintainer-s-little-helper · 2023-09-26T08:23:34Z

Commit 8372713aeee883bda04ba3e913b30b127b0c1794 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

To allow control over where a table can be modified, split the Table[Obj] interface into reader (Table[Obj]) and writer (RWTable[Obj]) parts. RWTable[Obj] is a superset of Table[Obj], and can thus be used everywhere where a Table[Obj] is required. For convenience, implement NewProtectedTableCell() to provide the RWTable[Obj] only in the hive module's scope, and Table[Obj] globally. With this, the cell defining the table can choose to either not allow modifications at all to the table (tests can still go via NewTable() to create a modifiable table), or only allow modifications under very controller and validated ways. Signed-off-by: Jussi Maki <[email protected]>

Make RWTable[*Device] and RWTable[*Route] private to the devices controller to make sure they're not modified by anyone else. The DeviceTableCell and RouteTableCell are still available in the tables package for tests to use. Signed-off-by: Jussi Maki <[email protected]>

These allow efficiently doing optimistic concurrency control in cases where a long-running computation is performed against the data and then results written back to a table, e.g. 1. With ReadTxn compute results for each object (with revision number) 2. With WriteTxn commit the results using CompareAndDelete. If the object has changed, the stale result for that object is ignored. 3. Wait for changes and repeat Signed-off-by: Jussi Maki <[email protected]> Refresh of statedb-split-write-methods

Benchmark the delay and throughput for propagating changes from one table to another. This simulates the expected use-case for statedb where we would be reading from one or more tables and computing desired state that is written to another table. Results on my machine: goos: linux goarch: amd64 pkg: github.com/cilium/cilium/pkg/statedb cpu: AMD Ryzen 9 5950X 16-Core Processor BenchmarkDB_PropagationDelay 224287 5071 ns/op --- BENCH: BenchmarkDB_PropagationDelay benchmarks_test.go:349: Propagation delay (N: 224287) 50p: 37.12µs, 90p: 91.633µs, 99p: 123.924µs On a single core, 197k objects per second with batch size of 10. For batch size of 1 I got 61k objects per second, so even small increase in batch size oversets the cost of waiting for the watch channel to close. Propagating the batch took ~123 microseconds (99 percentile). Signed-off-by: Jussi Maki <[email protected]>

Having access to the module identifier is useful for writing generic cells that are meant to be embedded into a module. This provides the module identifier as 'cell.ModuleId' scoped to the module. Signed-off-by: Jussi Maki <[email protected]>

Signed-off-by: Jussi Maki <[email protected]>

The device name hacks in DesiredRoute makes it impossible to compare actual and desired routes. Instead resolve index in InsertLegacy/DeleteLegacy. Signed-off-by: Jussi Maki <[email protected]>

aanm

I've reviewed on a per-commit basis.

For some of my comments please leave the reply in the source code as well since people that will use the code examples as a base won't have the same questions.

aanm · 2023-10-13T07:45:40Z

pkg/reconciler/example/sysctl.go

+	SysctlKeyIndex = statedb.Index[*SysctlSetting, string]{
+		Name: "key",
+		FromObject: func(s *SysctlSetting) index.KeySet {
+			return index.NewKeySet(index.String(s.Key))
+		},
+		FromKey: index.String,
+		Unique:  true,
+	}


Since this is an example, can we have comments for each field of this struct initialization for better understanding?

Yes! Also made me realize that the Index struct itself needs much better docs.

aanm · 2023-10-13T07:46:52Z

pkg/reconciler/example/sysctl.go

+		FromKey: index.String,
+		Unique:  true,
+	}
+	SysctlStatusIndex = reconciler.NewStatusIndex[*SysctlSetting]()


Can we also have a comment of why we need an "indexer"? Or why do we need this indexer?

Yes definitely! This is still a very messy draft so many things like that missing. I’ll make sure whatever the final ”canonical example” ends up being will include these.

aanm · 2023-10-13T07:52:09Z

pkg/reconciler/reconciler.go

+	// afterwards. If the object has changed in the meanwhile the status update for
+	// the old object is skipped.


The reconciliation status is per object does this mean that if the commit fails it will fail for all objects or just for the object that has changed?

Just for the object. CompareAndSwap does nothing if the revision doesn’t match

aanm · 2023-10-13T07:54:02Z

pkg/reconciler/reconciler.go

+
+		var err error
+		if status.Delete {
+			err = r.Target.Delete(obj)


Please add a comment in this line stating that this is the business logic for "deletes". It was not obvious on a first sight.

aanm · 2023-10-13T07:54:19Z

pkg/reconciler/reconciler.go

+				updateResults[obj] = result{rev, StatusError(true, err)}
+			}
+		} else {
+			err = r.Target.Update(obj)


Please add a comment in this line stating that this is the business logic for "updates". It was not obvious on a first sight.

aanm · 2023-10-13T08:14:52Z

pkg/reconciler/example/main.go

 }

+func modifyIPTables(db *statedb.DB, t statedb.RWTable[*Rule]) {
+	go func() {


why a seperate go routine?

Because one can’t block in Invoke. I’ll make this example proper by using pkg/hive/job for these.

aanm · 2023-10-13T08:16:37Z

pkg/reconciler/example/iptables.go

+	// TODO:
+	// - "iptables-save" and parse? Or "-C" on each rule?
+	// - Check that cilium chains exist
+	// - Find unexpected rules in cilium chains?
+	return false, nil


Ah, I was really curious to see this one 😅

aanm · 2023-10-13T08:19:14Z

pkg/reconciler/example/iptables.go

+//
+// Rule
+//


Do we need to define all types of "rules" "jump"? Can't the state be the full iptables command? For example, the desired state is -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE and the realized state is basically a execution of iptables -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE.

I think I shouldn’t have left this very unfinished example in as there’s too many open questions in it..

aanm · 2023-10-13T08:22:09Z

pkg/reconciler/example/route.go

+	var errs []error
+
+	for desired, _, ok := iter.Next(); ok; desired, _, ok = iter.Next() {
+		actual, _, ok := t.routes.First(txn, tables.RouteIDIndex.Query(desired.RouteID()))


Why "First"?

Because we’re only interested in the first match. StateDB supports both unique and non-unique indexes and doesn’t differentiate the query API for these.

aanm · 2023-10-13T08:26:37Z

pkg/reconciler/example/route.go

@@ -0,0 +1,419 @@
+package main


The routes reconciler seems to be the hardest to understand because I couldn't find the "reconciliation" logic to fetch the realized state and do the comparison between the desired and the realized state. The sysctl example was easier on this aspect.

Look again, it’s looking up the ”actual” route from the route table maintained by the devices controller (which pulls routes over netlink). This way it can efficiently reconcile a lot of routes without having to do individual syscalls to fetch routes one by one.

But indeed, it makes it harder to follow as it depends on this outside realized state table that’s populated elsewhere. The final version will need to document this well. Especially how it deals with acting on potentially stale ”realized state” data (that’s where full reconciliation is needed).

Signed-off-by: Jussi Maki <[email protected]>

- Replace Sync with Update&Prune. This allows reusing Update() so most reconcilers don't have to implement things twice. Prune for most reconcilers is a no-op. - Use string for error in Status as 'error' doesn't serialize. Likely should fix with a custom JSON marshalling instead, so that Status.Error can be used with e.g. errors.Is. - Update desired object status also in full reconciliation Signed-off-by: Jussi Maki <[email protected]>

github-actions · 2023-11-13T01:46:08Z

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

github-actions · 2023-11-27T01:46:23Z

This pull request has not seen any activity since it was marked stale.
Closing.

maintainer-s-little-helper bot added dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Sep 26, 2023

joamaki force-pushed the pr/joamaki/gen-reconciler branch from 0568840 to 73333ae Compare September 26, 2023 08:23

joamaki force-pushed the pr/joamaki/gen-reconciler branch from 73333ae to 7f6c412 Compare September 26, 2023 08:31

maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Sep 26, 2023

joamaki changed the title ~~[DRAFT]: Generic reconcilers~~ [DRAFT]: Generic reconciler Sep 26, 2023

joamaki added 8 commits October 4, 2023 15:54

hive: Provide ModuleId with cell.Module

3ddc1cf

Having access to the module identifier is useful for writing generic cells that are meant to be embedded into a module. This provides the module identifier as 'cell.ModuleId' scoped to the module. Signed-off-by: Jussi Maki <[email protected]>

generic reconciler WIP

fb5c5fa

Signed-off-by: Jussi Maki <[email protected]>

add iptables reconciler

17163ca

Signed-off-by: Jussi Maki <[email protected]>

route reconciliation example

5361786

Signed-off-by: Jussi Maki <[email protected]>

joamaki force-pushed the pr/joamaki/gen-reconciler branch from 9cea8ff to 5361786 Compare October 4, 2023 13:03

Hacky wiring of route reconciler to the loader and node handler

f688b55

Signed-off-by: Jussi Maki <[email protected]>

joamaki force-pushed the pr/joamaki/gen-reconciler branch from c6f3bf7 to 550cfd8 Compare October 4, 2023 17:12

Fix up route syncing

db19c49

The device name hacks in DesiredRoute makes it impossible to compare actual and desired routes. Instead resolve index in InsertLegacy/DeleteLegacy. Signed-off-by: Jussi Maki <[email protected]>

gandro mentioned this pull request Oct 5, 2023

Improve resiliency of auto-direct-node-routes feature #28137

Open

dylandreimerink mentioned this pull request Oct 10, 2023

L2 announcement #25471

Merged

aanm requested changes Oct 13, 2023

View reviewed changes

joamaki added 2 commits October 13, 2023 12:55

devices: Oopsie netlink doesn't send route deletes for deleted link

9ce689e

Signed-off-by: Jussi Maki <[email protected]>

joamaki force-pushed the pr/joamaki/gen-reconciler branch from 550cfd8 to e88757c Compare October 13, 2023 09:57

github-actions bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Nov 13, 2023

github-actions bot closed this Nov 27, 2023

		// afterwards. If the object has changed in the meanwhile the status update for
		// the old object is skipped.

Conversation

joamaki commented Sep 26, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

maintainer-s-little-helper bot commented Sep 26, 2023

Uh oh!

maintainer-s-little-helper bot commented Sep 26, 2023

Uh oh!

aanm left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

joamaki Oct 13, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

joamaki Oct 13, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Nov 13, 2023

Uh oh!

github-actions bot commented Nov 27, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

joamaki commented Sep 26, 2023 •

edited

Loading

joamaki Oct 13, 2023 •

edited

Loading

joamaki Oct 13, 2023 •

edited

Loading