diff --git a/cce-network-v2/GO_VERSION b/cce-network-v2/GO_VERSION index ee28141..bfb47ce 100644 --- a/cce-network-v2/GO_VERSION +++ b/cce-network-v2/GO_VERSION @@ -1 +1 @@ -go version go1.21.4 linux/amd64 +go version go1.21.5 linux/amd64 diff --git a/cce-network-v2/VERSION b/cce-network-v2/VERSION index bcd0f91..80803fa 100644 --- a/cce-network-v2/VERSION +++ b/cce-network-v2/VERSION @@ -1 +1 @@ -2.8.7 +2.8.8 diff --git a/cce-network-v2/docs/release.md b/cce-network-v2/docs/release.md index 4c20f72..650edf2 100644 --- a/cce-network-v2/docs/release.md +++ b/cce-network-v2/docs/release.md @@ -2,8 +2,10 @@ v2 版本新架构,支持VPC-ENI 辅助IP和vpc路由。版本发布历史如下: ### 2.8 (2023/08/07) -#### 2.8.7 [暂未发布] -1. [BUG] 修复 cce-network-v2-config 中 --bce-customer-max-eni 及 --bce-customer-max-ip 参数配置不生效 +#### 2.8.8 [20231227] +1. [BUG] VPC-ENI 并发申请和释放IP 时,Pod 可能申请到过期的 IP 地址 +#### 2.8.7 [20231127] +1. [BUG] 修复 cce-network-v2-config 中 --bce-customer-max-eni 及 --bce-customer-max-ip 参数配置不生效;未限制并发创建 ENI ,并发下最大 ENI 数量可能超发 #### 2.8.6 [20231110] 1. [BUG] 优化 EndpointManager 在更新 endpoint 对象时不会超时的逻辑,且由于资源过期等问题会出现死循环的问题 2. [optimize] 优化 operator 工作队列,支持自定义 worker 数量,加速事件处理 diff --git a/cce-network-v2/operator/flags.go b/cce-network-v2/operator/flags.go index 83cad9e..bb59e14 100644 --- a/cce-network-v2/operator/flags.go +++ b/cce-network-v2/operator/flags.go @@ -279,5 +279,7 @@ func init() { flags.Int64(operatorOption.ResourceResyncWorkers, defaults.DefaultResourceResyncWorkers, "Number of workers to process resource event") option.BindEnv(operatorOption.ResourceResyncWorkers) + flags.Int(operatorOption.ExcessIPReleaseDelay, 180, "controls how long operator would wait before an IP previously marked as excess is released. default is 180 seconds") + viper.BindPFlags(flags) } diff --git a/cce-network-v2/pkg/ipam/crd.go b/cce-network-v2/pkg/ipam/crd.go index 57ebd25..44b660b 100644 --- a/cce-network-v2/pkg/ipam/crd.go +++ b/cce-network-v2/pkg/ipam/crd.go @@ -297,8 +297,8 @@ func (n *nodeStore) deleteLocalNodeResource() { // on the custom resource passed into the function. func (n *nodeStore) updateLocalNodeResource(node *ccev2.NetResourceSet) { n.mutex.Lock() - defer n.mutex.Unlock() + var markedToReleaseIPMap = make(map[string]*crdAllocator) n.ownNode = node n.allocationPoolSize[IPv4] = 0 n.allocationPoolSize[IPv6] = 0 @@ -364,7 +364,6 @@ func (n *nodeStore) updateLocalNodeResource(node *ccev2.NetResourceSet) { continue } // Retrieve the appropriate allocator - var allocator *crdAllocator var ipFamily Family if ipAddr := net.ParseIP(ip); ipAddr != nil { ipFamily = DeriveFamily(ipAddr) @@ -374,29 +373,33 @@ func (n *nodeStore) updateLocalNodeResource(node *ccev2.NetResourceSet) { } for _, a := range n.allocators { if a.family == ipFamily { - allocator = a + markedToReleaseIPMap[ip] = a } } - if allocator == nil { + if _, ok := markedToReleaseIPMap[ip]; !ok { continue } + releaseUpstreamSyncNeeded = true + } + n.mutex.Unlock() + + for ip, allocator := range markedToReleaseIPMap { // Some functions like crdAllocator.Allocate() acquire lock on allocator first and then on nodeStore. // So release nodestore lock before acquiring allocator lock to avoid potential deadlocks from inconsistent // lock ordering. - n.mutex.Unlock() - allocator.mutex.Lock() - _, ok := allocator.allocated[ip] - allocator.mutex.Unlock() + allocator.mutex.RLock() n.mutex.Lock() - if ok { + if _, ok := allocator.allocated[ip]; ok { // IP still in use, update the operator to stop releasing the IP. n.ownNode.Status.IPAM.ReleaseIPs[ip] = ipamOption.IPAMDoNotRelease } else { n.ownNode.Status.IPAM.ReleaseIPs[ip] = ipamOption.IPAMReadyForRelease } - releaseUpstreamSyncNeeded = true + + n.mutex.Unlock() + allocator.mutex.RUnlock() } if releaseUpstreamSyncNeeded { diff --git a/go.work.sum b/go.work.sum index 14e5ddc..32b28ad 100644 --- a/go.work.sum +++ b/go.work.sum @@ -30,6 +30,8 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= +github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= @@ -51,7 +53,6 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= @@ -236,11 +237,9 @@ k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB k8s.io/apiserver v0.26.0/go.mod h1:aWhlLD+mU+xRo+zhkvP/gFNbShI4wBDHS33o0+JGI84= k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8= k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w= -k8s.io/code-generator v0.26.0/go.mod h1:OMoJ5Dqx1wgaQzKgc+ZWaZPfGjdRq/Y3WubFrZmeI3I= k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kms v0.26.0/go.mod h1:ReC1IEGuxgfN+PDCIpR6w8+XMmDE7uJhxcCwMZFdIYc= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=