Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator; enable sequential conduit updates #556

Merged
merged 5 commits into from
Mar 26, 2025
Merged

operator; enable sequential conduit updates #556

merged 5 commits into from
Mar 26, 2025

Conversation

zolug
Copy link
Collaborator

@zolug zolug commented Feb 20, 2025
edited
Loading

Description

Users can group Conduits into update groups by annotating Conduit Custom Resources with the update-sync-group key. Within an update group, Conduit updates are executed sequentially rather than in parallel.

The default annotation key can be changed via the operator environment variable CONDUIT_UPDATE_SYNC_GROUP_KEY when deploying the operator.

Locking is achieved using in-memory locks, which are fast and provide a sufficiently good solution. However, this approach is not effective in case of operator crashes during ongoing updates. Such crashes would be considered a bug to be fixed and should not occur in general.

The feature has support for changing the annotation value of a Conduit Custom Resource on the fly. (Including removing it completely.)
However, no immediate control can be expected when changing the update group of a Conduit whose Proxy's Status subresource still indicates underlying changes (e.g. in POD readiness) while the DaemonSet otherwise reflects the desired state. This is because the logic relies on the Status subresource to accurately track the progress of updates and ensure consistency.

Also, existing Conduit Custom Resources can be annotated before upgrading to a Meridio version that supports serialized Conduit updates. In this case, the new operator will respect the update groups of the "old" Conduits from the start.

Note: There is no benefit to having a single Conduit in an update group.

Issue link

#555

Checklist

  • Purpose
    • Bug fix
    • New functionality
    • Documentation
    • Refactoring
    • CI
  • Test
    • Unit test
    • E2E Test
    • Tested manually
  • Introduce a breaking change
    • Yes (description required)
    • No

@zolug
Copy link
Collaborator Author

zolug commented Feb 20, 2025
edited
Loading

Example where two conduits belong to the same update group team-a:

cat <<EOF | kubectl apply -f -
apiVersion: meridio.nordix.org/v1
kind: Conduit
metadata:
  name: load-balancer-b1
  namespace: default
  annotations:
    update-sync-group: "team-a"
    resource-template: "small"
  labels:
    trench: trench-a
spec:
  type: stateless-lb
---
apiVersion: meridio.nordix.org/v1
kind: Conduit
metadata:
  name: load-balancer-a1
  namespace: default
  annotations:
    update-sync-group: "team-a"
    resource-template: "medium"
  labels:
    trench: trench-a
spec:
  type: stateless-lb
EOF

@zolug zolug changed the title operator; allow serialized conduit updates operator; enable serialized conduit updates Feb 21, 2025
@zolug zolug force-pushed the operator-conduit-sync branch from a26e23d to 2349c9b Compare February 21, 2025 08:35
@zolug zolug added the size/M label Feb 21, 2025
@zolug zolug force-pushed the operator-conduit-sync branch from 2349c9b to 51dfb7c Compare February 21, 2025 09:19
@zolug zolug changed the title operator; enable serialized conduit updates operator; enable sequential conduit updates Feb 21, 2025
@zolug
operator; enable sequential conduit updates
4dcf01b 
Users can group Conduits into update groups by annotating
Conduit Custom Resources with the update-sync-group key.
Within an update group, Conduit updates are executed
sequentially rather than in parallel.

The annotation value of a Conduit Custom Resource can be
added/changed/removed on the fly.

The default annotation key can be changed via the operator
environment variable CONDUIT_UPDATE_SYNC_GROUP_KEY when
deploying the operator.

Locking is achieved using in-memory locks, which are fast
and provide a sufficiently good solution. However, this
approach is not effective in case of operator crashes
during ongoing updates. Such crashes would be considered a
bug to be fixed and should not occur in general.
@zolug zolug force-pushed the operator-conduit-sync branch from 51dfb7c to 4dcf01b Compare February 21, 2025 09:22
@zolug zolug added area/configuration component/operator kind/documentation Improvements or additions to documentation labels Feb 21, 2025
@zolug zolug requested a review from LionelJouin February 21, 2025 14:53
@zolug zolug force-pushed the operator-conduit-sync branch 3 times, most recently from b3b5f89 to 133a8c3 Compare March 7, 2025 13:27
@zolug zolug force-pushed the operator-conduit-sync branch from 133a8c3 to dc32080 Compare March 12, 2025 12:52
@zolug zolug merged commit 2055974 into master Mar 26, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LionelJouin LionelJouin Awaiting requested review from LionelJouin

Assignees
No one assigned
Labels
area/configuration component/operator concept/conduit kind/documentation Improvements or additions to documentation kind/enhancement New feature or request priority/medium size/M
Projects
Meridio
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zolug