search

kmesh-net / kmesh

High Performance ServiceMesh Data Plane Based on eBPF and Programmable Kernel
https://kmesh.net
Apache License 2.0
467 stars 70 forks source link

Kmesh workload update bpf map order maybe not correct #1042

Open hzxuzhonghu opened 1 week ago

hzxuzhonghu commented 1 week ago

Please provide an in-depth description of the question you have:

What do you think about this question?:

In the case a pod is created for a service, istio will push the workload to kmesh daemon.

In handleWorkload, it will first check workload related services. And then in handleWorkloadNewBoundServices, it update

endpoint map -> service map

Then at last, it update the backendmap -> frontend map.

In cgroup/connect, it first check the frontend map -> service map-> endpoint map-> backend map.

As the bpf map update is not atomic, so if backend map has not been updated, but the bpf prog has selected this backendUID, we can get no backend. Then kmesh lb policy does not work now, it will fallback to k8s clusterIP direct access.

Environment:

hzxuzhonghu commented 1 week ago

We should revist other scenarios as well, like workload delete, service update/delete