Skip to content

Single source of truth about cilium endpoint information regardless if CES or CEP is used. #37562

New issue
New issue
Open
Open
Single source of truth about cilium endpoint information regardless if CES or CEP is used.#37562
Assignees
jshr-w
Labels
area/agentCilium agent related.feature/cesImpacts the Cilium Endpoint Slice logic.sig/scalabilityImpacts how well Cilium handles a high rate of events or churn.
@marseel

Description

@marseel
marseel
opened on Feb 11, 2025

Currently, there are two separate way we are handling CiliumEndpoints (CEP) and CiliumEndpointSlices (CES) events:

cilium/daemon/k8s/resources.go

Lines 96 to 97 in 6a4fe9c

CiliumSlimEndpoint resource.Resource[*types.CiliumEndpoint]
CiliumEndpointSlice resource.Resource[*cilium_api_v2alpha1.CiliumEndpointSlice]

but we only start one of informers depending on CES being enabled or not:

cilium/pkg/k8s/watchers/cilium_endpoint.go

Lines 77 to 81 in 0addb32

if option.Config.EnableCiliumEndpointSlice {
go k.ciliumEndpointSliceInit(ctx, asyncControllers)
} else {
go k.ciliumEndpointsInit(ctx, asyncControllers)
}

This results in some of the downstream subscribers to subscribe to only CiliumEndpoints and results in incompatibility with CiliumEndpointSlices. Example of this is EGW:

cilium/pkg/egressgateway/manager.go

Line 162 in 0addb32

Endpoints resource.Resource[*k8sTypes.CiliumEndpoint]

related issue: #24833
The only place where we would like to distinguish between CEP and CES is operator that needs to manage CES.

We should make handling of CiliumEndpoints/CiliumEndpointSlices transparent for downstream subscribers regardless if CES is enabled or not.

This can be achieved similar to how we transparently handle k8s Endpoints and EndpointSlices:
where it's transparently handled here:

cilium/pkg/k8s/resource_ctors.go

Line 298 in cbe2c81

func EndpointsResource(lc cell.Lifecycle, cfg Config, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*Endpoints], error) {

cilium/pkg/k8s/resource_ctors.go

Line 348 in cbe2c81

if lw.enableK8sEndpointSlice && version.Capabilities().EndpointSlice {

and transformation between types is done here:

cilium/pkg/k8s/resource_ctors.go

Line 383 in cbe2c81

func transformEndpoint(obj any) (any, error) {

as a result, we should have a single instance of Resource[T] similar to k8s Endpoints:

cilium/daemon/k8s/resources.go

Line 88 in 6a4fe9c

Endpoints resource.Resource[*k8s.Endpoints]

that can be subscribed to by anyone transparently.

Metadata

Metadata

Assignees

Labels

area/agentCilium agent related.feature/cesImpacts the Cilium Endpoint Slice logic.sig/scalabilityImpacts how well Cilium handles a high rate of events or churn.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions