Revision - e48a32e - endpoint: Fix proxy port leak on endpoint delete - origin: https://github.com/cilium/cilium

visit type:

https://github.com/cilium/cilium

17 August 2024, 22:12:05 UTC

Revision e48a32e94043e426a5bde315031e66c3f419f0b2 authored by Joe Stringer on 15 August 2019, 20:11:27 UTC, committed by Ian Vernon on 16 August 2019, 05:18:36 UTC

endpoint: Fix proxy port leak on endpoint delete

[ upstream commit 0c7f066529815f4d51f64b709d6a52fba8ee8b25 ]

Deep in the proxy.removeRedirect() logic, a finalize function is created
to defer proxy port release to allow a port to be reused by the proxy
after a grace period. The port is not actually released when the
removeRedirect() function is returned, instead the finalize function is
passed all the way up to the caller.

In the endpoint leave case, this finalize function was being ignored,
meaning that the proxy port used by this endpoint is never released.
After 10,000 endpoint deletions of endpoints that have L7 policy
applied, the endpoint regeneration begins to fail for new endpoints that
are subject to L7 policy. As a result, the CNI times out:

  Failed create pod sandbox: rpc error:
  code = Unknown
  desc = failed to set up sandbox container "xxx" network for pod "yyy":
  NetworkPlugin cni failed to set up pod "yyy" network:
  Unable to create endpoint:
  Put http:///var/run/cilium/cilium.sock/v1/endpoint/cilium-local:0:
  context deadline exceeded

Fix this by running the finalize function upon endpoint leave.

Signed-off-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Ian Vernon <ian@cilium.io>

1 parent 14262cc

Files
Changes

Permalinks

Tip revision: e48a32e94043e426a5bde315031e66c3f419f0b2 authored by Joe Stringer on 15 August 2019, 20:11:27 UTC
endpoint: Fix proxy port leak on endpoint delete

Tip revision: e48a32e

File	Mode	Size
.github
.travis
Documentation
api
bpf
bugtool
cilium
cilium-health
common
contrib
daemon
envoy
examples
hack
monitor
operator
pkg
plugins
proxylib
test
tests
tools
vendor
.authors.aux	-rw-r--r--	416 bytes
.gitignore	-rw-r--r--	857 bytes
.gitmodules	-rw-r--r--	0 bytes
.mailmap	-rw-r--r--	737 bytes
.travis.yml	-rw-r--r--	365 bytes
AUTHORS	-rw-r--r--	5.9 KB
CODEOWNERS	-rw-r--r--	1.1 KB
CONTRIBUTING.md	-rw-r--r--	193 bytes
Dockerfile	-rw-r--r--	2.0 KB
Dockerfile.builder	-rw-r--r--	1.1 KB
Gopkg.lock	-rw-r--r--	53.2 KB
Gopkg.toml	-rw-r--r--	12.6 KB
Jenkinsfile.nightly	-rw-r--r--	5.3 KB
LICENSE	-rw-r--r--	11.1 KB
Makefile	-rw-r--r--	13.5 KB
Makefile.defs	-rw-r--r--	1.5 KB
Makefile.quiet	-rw-r--r--	456 bytes
NEWS.rst	-rw-r--r--	16.4 KB
README.rst	-rw-r--r--	14.7 KB
VERSION	-rw-r--r--	6 bytes
Vagrantfile	-rw-r--r--	12.3 KB
cilium-docker-plugin.Dockerfile	-rw-r--r--	518 bytes
cilium-operator.Dockerfile	-rw-r--r--	673 bytes
docs.Jenkinsfile	-rw-r--r--	2.6 KB
flannel.Jenkinsfile	-rw-r--r--	4.3 KB
ginkgo-kubernetes-all.Jenkinsfile	-rw-r--r--	18.5 KB
ginkgo.Jenkinsfile	-rw-r--r--	11.0 KB
kubernetes-upstream.Jenkinsfile	-rw-r--r--	4.9 KB
vagrant_box_defaults.rb	-rw-r--r--	204 bytes

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...

https://github.com/cilium/cilium

endpoint: Fix proxy port leak on endpoint delete

README.rst