occm: implement a support for atomic routes update

[kayrus]

What this PR does / why we need it:

An extra improvement for the route reconciliation logic. This PR allows to use a single API call to add or remove routes instead of fetching existing routes and combining them with new or removing old routes with a further update. This change allows concurrent calls without consistency issues.

Which issue this PR fixes(if applicable):
fixes #2089
based on #2090

Special notes for reviewers:

Release note:

Implement a support for concurrent atomic routes updates.

[k8s-ci-robot]

Hi @kayrus. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jichenjc]

/ok-to-test

[k8s-ci-robot]

@kayrus: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
openstack-cloud-csi-manila-e2e-test	362b0cc	link	true	/test openstack-cloud-csi-manila-e2e-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[zetaab]

in my opinion this required should be removed because its not really required. Like mentioned in another PR - we have been using OCCM for 7 years without using this at all.

[zetaab]

please rebase this after that another PR is merged

[kayrus]

This is still WIP. I'm in contact with our neutron team. I'd like to remove the manual config toggle, based on extensions API. So there should be no need for an extra option.
I'll also remove the required mark from the struct member.

[zetaab]

@kayrus if you have time could you explain why this routes feature is needed? Our architecture has always been that we have router in (project) network with dhcp and router will handle the traffic automatically, no need to add routes. Could we get some benefits of using it?

[kayrus]

@zetaab if you have time could you explain why this routes feature is needed?

k8s has a global PODs CIDR, and each node serves its own segment, e.g. 10.16.0.0/16 will be served by multiple nodes with 10.16.1.0/24, 10.16.2.0/24, 10.16.3.0/24, etc... Routes interface tells to a cloud provider router which POD CIDR segment should be served by which node and adds static routes to a router.

Therefore VMs or Loadbalancers from the same private network can access a pod's network using static routes:

• 10.16.1.0/24 is routed to node1
• 10.16.2.0/24 is routed to node2
• etc...

This approach is used in GCP, AWS, Azure and other providers as well. Basically it adds an ability for loadbalancers to access PODs network directly avoiding nodePorts.

Initially there was no atomic routes update, and routes were updated with the following logic: get all routes from a router, append a new route to the list of existing routes, update the router. And this logic worked in concurrent manner, thus there were a lot of inconsistent updates, which overwrote routes, submitted by parallel threads.

With an atomic update it should be possible to update routes in concurrent manner and reduce an amount of API calls. Which should significantly reduce the already improved route update logic.

Currently I'm trying to figure out whether it's possible to get extraroute-atomic extension info from the neutron API to avoid config option toggle, therefore the PR is still WIP.

[kayrus]

@zetaab I updated my comment above. See the bold text.

[jichenjc]

maybe in the future we can check through neutron ext-list to detect whether it's enabled or not ?

[kayrus]

that's what I'm investigating right now.

[kayrus]

done. my tests show overall routes reconciliation latency improvements from 2-5 minutes down to 10 seconds for a cluster of 16 nodes.

ready for review.

[kayrus]

@zetaab @jichenjc ready for review

[kayrus]

@zetaab @jichenjc kindly ping
see also #2150 and #2152.

[zetaab]

/approve
/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: zetaab

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [zetaab]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment