Remove Resource[Service] and Resource[Endpoints]#42440
Merged
joamaki merged 8 commits intocilium:mainfrom Dec 4, 2025
Merged
Conversation
0a783a8 to
b5575dd
Compare
Contributor
Author
|
/test |
joamaki
commented
Oct 29, 2025
b5575dd to
93d7974
Compare
Contributor
Author
|
/test |
93d7974 to
c51f478
Compare
c51f478 to
891a203
Compare
Contributor
Author
|
/test |
891a203 to
64f6946
Compare
64f6946 to
a5e8d20
Compare
Contributor
Author
|
/test |
a5e8d20 to
7939ca0
Compare
Contributor
Author
|
/test |
7939ca0 to
bb543fe
Compare
Contributor
Author
|
/test |
Use the [k8s.ListerWatcherToObservable] to reflect endpoints directly without relying on Resource[Endpoints]. Signed-off-by: Jussi Maki <jussi@isovalent.com>
Signed-off-by: Jussi Maki <jussi@isovalent.com>
EndpointsWatcher and Resource[Endpoints] is no longer needed by the cilium-agent as usages of it have migrated to Table[Backend]. Signed-off-by: Jussi Maki <jussi@isovalent.com>
As the Resource[*Service] is being removed refactor pkg/dial to instead look up the ClusterIP address for a service from the frontends table. Signed-off-by: Jussi Maki <jussi@isovalent.com>
Stop using Resource[*Service] and reflect services directly into the tables with [k8s.ListerWatcherToObservable]. Drop the now unused Resource[*Service]. Signed-off-by: Jussi Maki <jussi@isovalent.com>
Switching to directly reflecting services and endpoint slices and not using an informer made things converge a little bit faster and revealed couple flaky tests: - reuse.txtar was deleting and inserting in quick succession 'test' and 'test2' services which lead to upsert of test and test2 back to back causing a conflict. This was because a prior delete of 'test2' was replaced by a future upsert and this was processed before upsert of 'test' due to preserving the ordering. The implementation is correct as it has the same semantics as normal informer + workqueue setup. Fixed the test to sync after each sequence of deletes and updates. - redirectpolicy's service.txtar didn't check that frontends were reconciled causing sometimes the reconciler to not process the deletion and thus reusing the frontend IDs when they were added back. Signed-off-by: Jussi Maki <jussi@isovalent.com>
Refactor to use Table[*Service] and Table[*Frontend] instead of the Resource[*slim_corev1.Service]. The Table[*Service] is always updated when frontends change so we're relying on that to trigger the processing. Signed-off-by: Jussi Maki <jussi@isovalent.com>
The TCP and UDP services were added at the same time which sometimes caused the IDs to be allocated in an unexpected order. Fix this by adding the TCP service first and waiting for it to get reconciled and only then add the UDP service. Signed-off-by: Jussi Maki <jussi@isovalent.com>
e4bd781 to
12a5eaf
Compare
dylandreimerink
approved these changes
Dec 2, 2025
marseel
approved these changes
Dec 2, 2025
Contributor
Author
|
/test |
tklauser
approved these changes
Dec 3, 2025
Member
tklauser
left a comment
There was a problem hiding this comment.
operator changes look good. Didn't review for my other codeowners (thus re-requesting review from @cilium/ipcache)
gandro
reviewed
Dec 3, 2025
Member
gandro
left a comment
There was a problem hiding this comment.
IPCache looks good to me, but a minor concern regarding DNSUnloadOnShutdown
gandro
approved these changes
Dec 3, 2025
Member
gandro
left a comment
There was a problem hiding this comment.
Apparently my concerns regarding DNSUnloadOnShutdown were not correct (c.f. https://github.com/cilium/cilium/pull/42440/files#r2584707929)
jrajahalme
approved these changes
Dec 3, 2025
nezdolik
pushed a commit
to nezdolik/cilium
that referenced
this pull request
Jan 14, 2026
1. Cherry picked commits from isovalent/cilium#9533 to reduce conflicts. Thanks @julianwiedmann 2. Resolved conflicts in: - install/kubernetes/cilium/README.md - install/kubernetes/cilium/templates/cilium-configmap.yaml - install/kubernetes/cilium/values.yaml.tmpl - pkg/option/config.go - pkg/proxy/proxy_test.go - go.mod - enterprise/pkg/lb/metrics/metrics.go cc: @mhofstetter - enterprise/pkg/hubble/export/timescape.go cc: @joamaki 3. Applied [the patch](https://isovalent.slack.com/archives/C02HCGENRF0/p1765447076513119?thread_ts=1765380293.038119&cid=C02HCGENRF0). Thanks @tklauser 4. Resolved conflicts related to policy changes in upstream: (cc: @jrajahalme, thanks for help!) - pkg/fqdn/dnsproxy/enterprise_getallrules.go - enterprise/fqdn-proxy/watcher.go - enterprise/pkg/ingresspolicy/policy.go - enterprise/pkg/ingresspolicy/mock_test.go - enterprise/pkg/ingresspolicy/ingress_policy.go - enterprise/pkg/fqdnha/tables/proxyconfig.go - enterprise/pkg/fqdnha/remoteproxy/proxy_test.go - enterprise/pkg/fqdnha/doubleproxy/remote_proxy_test.go - enterprise/pkg/fqdnha/doubleproxy/doubleproxy_test.go - enterprise/pkg/encryption/policy/policy.go 5. Run the following commands: - go mod tidy && go mod vendor && go mod verify - make -C images update-builder-image update-runtime-image - make -C install/kubernetes - make -C Documentation update-helm-values - make -C Documentation update-cmdref - cd enterprise/hubble-timescape && go mod tidy && cd ../.. - ./contrib/scripts/enterprise-testowners.sh - make generate-enterprise-apis - make generate-k8s-api && make manifests - make -C pkg/bpf/testdata docker 6. Enterprise fixes to make Go linter happy: - cilium-cli/enterprise/hooks/cli/ilb/lb_http_clientip.go [line: 211] - enterprise/pkg/bgpv1/agent/commands/route_policies.go [lines: 240, 251] - enterprise/operator/pkg/lb/lbservice_translation_t2.go [line: 800] - enterprise/pkg/lb/status/model_lb_status.go [line: 215] 7. Enterprise LB service metric cache commented out (related upstream [PR](cilium#42440)), this needs to be addressed in a separate PR: @joamaki - enterprise/pkg/lb/metrics/cell.go - enterprise/pkg/lb/metrics/metrics.go 8. Enterprise tests fixed with [patch1](https://isovalent.slack.com/archives/C054TA28U78/p1765985477262409?thread_ts=1765980802.058719&cid=C054TA28U78) and [patch2](https://isovalent.slack.com/archives/C054TA28U78/p1765991065279899?thread_ts=1765980802.058719&cid=C054TA28U78) from @rastislavs, thanks!
3 tasks
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Switch over remaining uses of
Resource[*slim_corev1.Service]andResource[*k8s.Endpoints]over toTable[*lb.Service]orTable[*lb.Frontend]in the agent. This avoids indexing and holding onto duplicate services and endpoints and thus reduces memory usage.Results from
github.com/joamaki/cilium-lb-load-testwhich creates 5000 services with 10 backends each and measures memory usage:mainbranch (66a4e8e45187f9e25235113690e0ebf6275a81f4)This PR