[3.6] sdn: only sync HostPorts when we need to (backport)

Which is the first time a pod is started, when there will be active hostports, or when there are current active hostports. Otherwise the syncer runs iptables-restore for no good reason. Backport of openshift#16692 to 3.6 branch
sjenning · Oct 12, 2017 · 1d74735 · 1d74735
1 parent 4140fb8
commit 1d74735
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 10 deletions.
diff --git a/pkg/sdn/plugin/pod.go b/pkg/sdn/plugin/pod.go
@@ -45,6 +45,11 @@ type podManager struct {
 	mtu     uint32
 	ovs     *ovsController
 
+	// true if hostports have been synced at least once
+	hostportsSynced bool
+	// true if at least one running pod has a hostport mapping
+	activeHostports bool
+
 	// Things only accessed through the processCNIRequests() goroutine
 	// and thus can be set from Start()
 	ipamConfig     []byte
@@ -151,12 +156,33 @@ func (m *podManager) getPod(request *cniserver.PodRequest) *kubehostport.PodPort
 }
 
 // Return a list of Kubernetes RunningPod objects for hostport operations
-func (m *podManager) getRunningPods() []*kubehostport.PodPortMapping {
-	pods := make([]*kubehostport.PodPortMapping, 0)
+func (m *podManager) shouldSyncHostports(newPod *kubehostport.PodPortMapping) []*kubehostport.PodPortMapping {
+	if m.hostportSyncer == nil {
+		return nil
+	}
+
+	newActiveHostports := false
+	mappings := make([]*kubehostport.PodPortMapping, 0)
 	for _, runningPod := range m.runningPods {
-		pods = append(pods, runningPod.podPortMapping)
+		mappings = append(mappings, runningPod.podPortMapping)
+		if !newActiveHostports && len(runningPod.podPortMapping.PortMappings) > 0 {
+			newActiveHostports = true
+		}
+	}
+	if newPod != nil && len(newPod.PortMappings) > 0 {
+		newActiveHostports = true
 	}
-	return pods
+
+	// Sync the first time a pod is started (to clear out stale mappings
+	// if kubelet crashed), or when there are any/will be active hostports.
+	// Otherwise don't bother.
+	if !m.hostportsSynced || m.activeHostports || newActiveHostports {
+		m.hostportsSynced = true
+		m.activeHostports = newActiveHostports
+		return mappings
+	}
+
+	return nil
 }
 
 // Add a request to the podManager CNI request queue

diff --git a/pkg/sdn/plugin/pod_linux.go b/pkg/sdn/plugin/pod_linux.go
@@ -246,8 +246,10 @@ func (m *podManager) setup(req *cniserver.PodRequest) (*cnitypes.Result, *runnin
 	defer func() {
 		if !success {
 			m.ipamDel(req.SandboxID)
-			if err := m.hostportSyncer.SyncHostports(TUN, m.getRunningPods()); err != nil {
-				glog.Warningf("failed syncing hostports: %v", err)
+			if mappings := m.shouldSyncHostports(nil); mappings != nil {
+				if err := m.hostportSyncer.SyncHostports(TUN, mappings); err != nil {
+					glog.Warningf("failed syncing hostports: %v", err)
+				}
 			}
 		}
 	}()
@@ -258,8 +260,10 @@ func (m *podManager) setup(req *cniserver.PodRequest) (*cnitypes.Result, *runnin
 		return nil, nil, err
 	}
 	podPortMapping := hostport.ConstructPodPortMapping(&v1Pod, podIP)
-	if err := m.hostportSyncer.OpenPodHostportsAndSync(podPortMapping, TUN, m.getRunningPods()); err != nil {
-		return nil, nil, err
+	if mappings := m.shouldSyncHostports(podPortMapping); mappings != nil {
+		if err := m.hostportSyncer.OpenPodHostportsAndSync(podPortMapping, TUN, mappings); err != nil {
+			return nil, nil, err
+		}
 	}
 
 	var hostVethName, contVethMac string
@@ -362,8 +366,10 @@ func (m *podManager) teardown(req *cniserver.PodRequest) error {
 		errList = append(errList, err)
 	}
 
-	if err := m.hostportSyncer.SyncHostports(TUN, m.getRunningPods()); err != nil {
-		errList = append(errList, err)
+	if mappings := m.shouldSyncHostports(nil); mappings != nil {
+		if err := m.hostportSyncer.SyncHostports(TUN, mappings); err != nil {
+			errList = append(errList, err)
+		}
 	}
 
 	return kerrors.NewAggregate(errList)