allocator

package
v1.17.0-pre.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2024 License: Apache-2.0 Imports: 17 Imported by: 25

Documentation

Overview

Package allocator provides a kvstore based ID allocator

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Allocator

type Allocator struct {
	// contains filtered or unexported fields
}

Allocator is a distributed ID allocator backed by a KVstore. It maps arbitrary keys to identifiers. Multiple users on different cluster nodes can in parallel request the ID for keys and are guaranteed to retrieve the same ID for an identical key.

While the details of how keys are stored is delegated to Backend implementations, some expectations exist. See pkg/kvstore/allocator for details about the kvstore implementation.

A node takes a reference to an identity when it is in-use on that node, and the identity remains in-use if there is any node reference to it. When an identity no longer has any node references, it may be garbage collected. No guarantees are made at that point and the numeric identity may be reused. Note that the numeric IDs are selected locally and verified with the Backend.

Lookup ID by key:

  1. Return ID from local cache updated by watcher (no Backend interactions)
  2. Do ListPrefix() on slave key excluding node suffix, return the first result that matches the exact prefix.

Lookup key by ID:

  1. Return key from local cache updated by watcher (no Backend interactions)
  2. Do Get() on master key, return result

Allocate:

  1. Check local key cache, increment, and return if key is already in use locally (no Backend interactions)
  2. Check local cache updated by watcher, if...

... match found:

2.1 Create a new slave key. This operation is potentially racy as the master
    key can be removed in the meantime.
    - etcd: Create is made conditional on existence of master key
    - consul: locking

... match not found:

2.1 Select new unused id from local cache
2.2 Create a new master key with the condition that it may not exist
2.3 Create a new slave key

1.1. If found, increment and return (no Backend interactions) 2. Lookup ID by key in local cache or via first slave key found in Backend

Release:

  1. Reduce local reference count until last use (no Backend interactions)
  2. Delete slave key (basePath/value/key1/node1) This automatically guarantees that when the last node has released the key, the key is no longer found by Get()
  3. If the node goes down, all slave keys of that node are removed after the TTL expires (auto release).

func NewAllocator

func NewAllocator(typ AllocatorKey, backend Backend, opts ...AllocatorOption) (*Allocator, error)

NewAllocator creates a new Allocator. Any type can be used as key as long as the type implements the AllocatorKey interface. A variable of the type has to be passed into NewAllocator() to make the type known. The specified base path is used to prefix all keys in the kvstore. The provided path must be unique.

The allocator can be configured by passing in additional options:

  • WithEvents() - enable Events channel
  • WithMin(id) - minimum ID to allocate (default: 1)
  • WithMax(id) - maximum ID to allocate (default max(uint64))

After creation, IDs can be allocated with Allocate() and released with Release()

func NewAllocatorForGC

func NewAllocatorForGC(backend Backend, opts ...AllocatorOption) *Allocator

NewAllocatorForGC returns an allocator that can be used to run RunGC()

The allocator can be configured by passing in additional options:

  • WithMin(id) - minimum ID to allocate (default: 1)
  • WithMax(id) - maximum ID to allocate (default max(uint64))

func (*Allocator) Allocate

func (a *Allocator) Allocate(ctx context.Context, key AllocatorKey) (idpool.ID, bool, bool, error)

Allocate will retrieve the ID for the provided key. If no ID has been allocated for this key yet, a key will be allocated. If allocation fails, most likely due to a parallel allocation of the same ID by another user, allocation is re-attempted for maxAllocAttempts times.

Return values:

  1. allocated ID
  2. whether the ID is newly allocated from kvstore
  3. whether this is the first owner that holds a reference to the key in localkeys store
  4. error in case of failure

func (*Allocator) Delete

func (a *Allocator) Delete()

Delete deletes an allocator and stops the garbage collector

func (*Allocator) DeleteAllKeys

func (a *Allocator) DeleteAllKeys()

DeleteAllKeys will delete all keys. It is expected to be used in tests.

func (*Allocator) ForeachCache

func (a *Allocator) ForeachCache(cb RangeFunc)

ForeachCache iterates over the allocator cache and calls RangeFunc on each cached entry

func (*Allocator) Get

func (a *Allocator) Get(ctx context.Context, key AllocatorKey) (idpool.ID, error)

Get returns the ID which is allocated to a key. Returns an ID of NoID if no ID has been allocated to this key yet.

func (*Allocator) GetByID

func (a *Allocator) GetByID(ctx context.Context, id idpool.ID) (AllocatorKey, error)

GetByID returns the key associated with an ID. Returns nil if no key is associated with the ID.

func (*Allocator) GetByIDIncludeRemoteCaches

func (a *Allocator) GetByIDIncludeRemoteCaches(ctx context.Context, id idpool.ID) (AllocatorKey, error)

GetByIDIncludeRemoteCaches returns the key associated with an ID. Includes the caches of watched remote kvstores in the query. Returns nil if no key is associated with the ID.

func (*Allocator) GetEvents

func (a *Allocator) GetEvents() AllocatorEventSendChan

GetEvents returns the events channel given to the allocator when constructed. Note: This channel is not owned by the allocator!

func (*Allocator) GetIfLocked

func (a *Allocator) GetIfLocked(ctx context.Context, key AllocatorKey, lock kvstore.KVLocker) (idpool.ID, error)

GetIfLocked returns the ID which is allocated to a key. Returns an ID of NoID if no ID has been allocated to this key yet if the client is still holding the given lock.

func (*Allocator) GetIncludeRemoteCaches

func (a *Allocator) GetIncludeRemoteCaches(ctx context.Context, key AllocatorKey) (idpool.ID, error)

GetIncludeRemoteCaches returns the ID which is allocated to a key. Includes the caches of watched remote kvstores in the query. Returns an ID of NoID if no ID has been allocated in any remote kvstore to this key yet.

func (*Allocator) GetNoCache

func (a *Allocator) GetNoCache(ctx context.Context, key AllocatorKey) (idpool.ID, error)

GetNoCache returns the ID which is allocated to a key in the kvstore, bypassing the local copy of allocated keys.

func (*Allocator) GetWithRetry

func (a *Allocator) GetWithRetry(ctx context.Context, key AllocatorKey) (idpool.ID, error)

func (*Allocator) NewRemoteCache

func (a *Allocator) NewRemoteCache(remoteName string, remoteAlloc *Allocator) RemoteIDCache

func (*Allocator) Observe

func (a *Allocator) Observe(ctx context.Context, next func(AllocatorChange), complete func(error))

Observe the identity changes. Conforms to stream.Observable. Replays the current state of the cache when subscribing.

func (*Allocator) Release

func (a *Allocator) Release(ctx context.Context, key AllocatorKey) (lastUse bool, err error)

Release releases the use of an ID associated with the provided key. After the last user has released the ID, the key is removed in the KVstore and the returned lastUse value is true.

func (*Allocator) RemoveRemoteKVStore

func (a *Allocator) RemoveRemoteKVStore(remoteName string)

RemoveRemoteKVStore removes any reference to a remote allocator / kvstore, emitting a deletion event for all previously known identities.

func (*Allocator) RunGC

func (a *Allocator) RunGC(ctx context.Context, rateLimit *rate.Limiter, staleKeysPrevRound map[string]uint64) (map[string]uint64, *GCStats, error)

RunGC scans the kvstore for unused master keys and removes them

func (*Allocator) RunLocksGC

func (a *Allocator) RunLocksGC(ctx context.Context, staleLocksPrevRound map[string]kvstore.Value) (map[string]kvstore.Value, error)

RunLocksGC scans the kvstore for stale locks and removes them

func (*Allocator) WaitForInitialSync

func (a *Allocator) WaitForInitialSync(ctx context.Context) error

WaitForInitialSync waits until the initial sync is complete

type AllocatorChange

type AllocatorChange struct {
	Kind AllocatorChangeKind
	ID   idpool.ID
	Key  AllocatorKey
}

type AllocatorChangeKind

type AllocatorChangeKind string
const (
	AllocatorChangeSync   AllocatorChangeKind = "sync"
	AllocatorChangeUpsert AllocatorChangeKind = "upsert"
	AllocatorChangeDelete AllocatorChangeKind = "delete"
)

type AllocatorEvent

type AllocatorEvent struct {
	// Typ is the type of event (upsert / delete)
	Typ AllocatorChangeKind

	// ID is the allocated ID
	ID idpool.ID

	// Key is the key associated with the ID
	Key AllocatorKey
}

AllocatorEvent is an event sent over AllocatorEventChan

type AllocatorEventChan

type AllocatorEventChan chan AllocatorEvent

AllocatorEventChan is a channel to receive allocator events on

type AllocatorEventRecvChan

type AllocatorEventRecvChan = <-chan AllocatorEvent

Send- and receive-only versions of the above.

type AllocatorEventSendChan

type AllocatorEventSendChan = chan<- AllocatorEvent

type AllocatorKey

type AllocatorKey interface {
	fmt.Stringer

	// GetKey returns the canonical string representation of the key
	GetKey() string

	// PutKey stores the information in v into the key. This is the inverse
	// operation to GetKey
	PutKey(v string) AllocatorKey

	// GetAsMap returns the key as a collection of "labels" with a key and value.
	// This is the inverse operation to PutKeyFromMap.
	GetAsMap() map[string]string

	// PutKeyFromMap stores the labels in v into the key to be used later. This
	// is the inverse operation to GetAsMap.
	PutKeyFromMap(v map[string]string) AllocatorKey

	// PutValue puts metadata inside the global identity for the given 'key' with
	// the given 'value'.
	PutValue(key any, value any) AllocatorKey

	// Value returns the value stored in the metadata map.
	Value(key any) any
}

AllocatorKey is the interface to implement in order for a type to be used as key for the allocator. The key's data is assumed to be a collection of pkg/label.Label, and the functions reflect this somewhat.

type AllocatorOption

type AllocatorOption func(*Allocator)

AllocatorOption is the base type for allocator options

func WithBackend

func WithBackend(backend Backend) AllocatorOption

WithBackend sets this allocator to use backend. It is expected to be used at initialization.

func WithCacheValidator added in v1.16.0

func WithCacheValidator(validator CacheValidator) AllocatorOption

WithCacheValidator registers a validator triggered for each identity notification event to filter out invalid IDs and keys.

func WithEvents

func WithEvents(events AllocatorEventSendChan) AllocatorOption

WithEvents enables receiving of events.

CAUTION: When using this function. The provided channel must be continuously read while NewAllocator() is being called to ensure that the channel does not block indefinitely while NewAllocator() emits events on it while populating the initial cache.

func WithMasterKeyProtection

func WithMasterKeyProtection() AllocatorOption

WithMasterKeyProtection will watch for delete events on master keys and re-created them if local usage suggests that the key is still in use

func WithMax

func WithMax(id idpool.ID) AllocatorOption

WithMax sets the maximum identifier to be allocated

func WithMaxAllocAttempts

func WithMaxAllocAttempts(maxAttempts int) AllocatorOption

WithMaxAllocAttempts sets the maxAllocAttempts. If not set, new Allocator will use defaultMaxAllocAttempts.

func WithMin

func WithMin(id idpool.ID) AllocatorOption

WithMin sets the minimum identifier to be allocated

func WithOperatorIDManagement

func WithOperatorIDManagement() AllocatorOption

WithOperatorIDManagement enables the mode with cilium-operator managing Cilium Identities.

func WithPrefixMask

func WithPrefixMask(mask idpool.ID) AllocatorOption

WithPrefixMask sets the prefix used for all ID allocations. If set, the mask will be ORed to all selected IDs prior to allocation. It is the responsibility of the caller to ensure that the mask is not conflicting with min..max.

func WithoutAutostart

func WithoutAutostart() AllocatorOption

WithoutAutostart prevents starting the allocator when it is initialized

func WithoutGC

func WithoutGC() AllocatorOption

WithoutGC disables the use of the garbage collector

type Backend

type Backend interface {
	// DeleteAllKeys will delete all keys. It is used in tests.
	DeleteAllKeys(ctx context.Context)

	// DeleteID deletes the identity with the given ID
	DeleteID(ctx context.Context, id idpool.ID) error

	// AllocateID creates a new key->ID association. This is expected to be a
	// create-only operation, and the ID may be allocated by another node. An
	// error in that case is not expected to be fatal. The actual ID is obtained
	// by Allocator from the local idPool, which is updated with used-IDs as the
	// Backend makes calls to the handler in ListAndWatch.
	// The implementation of the backend might return an AllocatorKey that is
	// a copy of 'key' with an internal reference of the backend key or, if it
	// doesn't use the internal reference of the backend key it simply returns
	// 'key'. In case of an error the returned 'AllocatorKey' should be nil.
	AllocateID(ctx context.Context, id idpool.ID, key AllocatorKey) (AllocatorKey, error)

	// AllocateIDIfLocked behaves like AllocateID but when lock is non-nil the
	// operation proceeds only if it is still valid.
	// The implementation of the backend might return an AllocatorKey that is
	// a copy of 'key' with an internal reference of the backend key or, if it
	// doesn't use the internal reference of the backend key it simply returns
	// 'key'. In case of an error the returned 'AllocatorKey' should be nil.
	AllocateIDIfLocked(ctx context.Context, id idpool.ID, key AllocatorKey, lock kvstore.KVLocker) (AllocatorKey, error)

	// AcquireReference records that this node is using this key->ID mapping.
	// This is distinct from any reference counting within this agent; only one
	// reference exists for this node for any number of managed endpoints using
	// it.
	// The semantics of cleaning up stale references is delegated to the Backend
	// implementation. RunGC may need to be invoked.
	// This can race, and so lock can be provided (via a Lock call, below).
	AcquireReference(ctx context.Context, id idpool.ID, key AllocatorKey, lock kvstore.KVLocker) error

	// Release releases the use of an ID associated with the provided key. It
	// does not guard against concurrent calls to
	// releases.Release(ctx context.Context, key AllocatorKey) (err error)
	Release(ctx context.Context, id idpool.ID, key AllocatorKey) (err error)

	// UpdateKey refreshes the record that this node is using this key -> id
	// mapping. When reliablyMissing is set it will also recreate missing master or
	// slave keys.
	UpdateKey(ctx context.Context, id idpool.ID, key AllocatorKey, reliablyMissing bool) error

	// UpdateKeyIfLocked behaves like UpdateKey but when lock is non-nil the operation proceeds only if it is still valid.
	UpdateKeyIfLocked(ctx context.Context, id idpool.ID, key AllocatorKey, reliablyMissing bool, lock kvstore.KVLocker) error

	// Get returns the allocated ID for this key as seen by the Backend. This may
	// have been created by other agents.
	Get(ctx context.Context, key AllocatorKey) (idpool.ID, error)

	// GetIfLocked behaves like Get, but but when lock is non-nil the
	// operation proceeds only if it is still valid.
	GetIfLocked(ctx context.Context, key AllocatorKey, lock kvstore.KVLocker) (idpool.ID, error)

	// GetByID returns the key associated with this ID, as seen by the Backend.
	// This may have been created by other agents.
	GetByID(ctx context.Context, id idpool.ID) (AllocatorKey, error)

	// Lock provides an opaque lock object that can be used, later, to ensure
	// that the key has not changed since the lock was created. This can be done
	// with GetIfLocked.
	Lock(ctx context.Context, key AllocatorKey) (kvstore.KVLocker, error)

	// ListIDs returns the IDs of all identities currently stored in the backend
	ListIDs(ctx context.Context) (identityIDs []idpool.ID, err error)

	// ListAndWatch begins synchronizing the local Backend instance with its
	// remote.
	ListAndWatch(ctx context.Context, handler CacheMutations, stopChan chan struct{})

	// RunGC reaps stale or unused identities within the Backend and makes them
	// available for reuse. It is used by the cilium-operator and is not invoked
	// by cilium-agent.
	// Note: not all Backend implemenations rely on this, such as the kvstore
	// backends, and may use leases to expire keys.
	RunGC(ctx context.Context, rateLimit *rate.Limiter, staleKeysPrevRound map[string]uint64, minID idpool.ID, maxID idpool.ID) (map[string]uint64, *GCStats, error)

	// RunLocksGC reaps stale or unused locks within the Backend. It is used by
	// the cilium-operator and is not invoked by cilium-agent. Returns
	// a map of locks currently being held in the KVStore including the ones
	// that failed to be GCed.
	// Note: not all Backend implementations rely on this, such as the kvstore
	// backends, and may use leases to expire keys.
	RunLocksGC(ctx context.Context, staleKeysPrevRound map[string]kvstore.Value) (map[string]kvstore.Value, error)
}

Backend represents clients to remote ID allocation systems, such as KV Stores. These are used to coordinate key->ID allocation between cilium nodes.

type CacheMutations

type CacheMutations interface {
	// OnListDone is called when the initial full-sync is complete.
	OnListDone()

	// OnUpsert is called when either a new key->ID mapping appears or an existing
	// one is modified. The latter case may occur e.g., when leases are updated,
	// and does not mean that the actual mapping had changed.
	OnUpsert(id idpool.ID, key AllocatorKey)

	// OnDelete is called when a key->ID mapping is removed. This may trigger
	// master-key protection, if enabled, where the local allocator will recreate
	// the key->ID association is recreated because the local node is still using
	// it.
	OnDelete(id idpool.ID, key AllocatorKey)
}

CacheMutations are the operations given to a Backend's ListAndWatch command. They are called on changes to identities.

type CacheValidator added in v1.16.0

type CacheValidator func(kind AllocatorChangeKind, id idpool.ID, key AllocatorKey) error

CacheValidator is the type of the validation functions triggered to filter out invalid notification events.

type GCStats

type GCStats struct {
	// Alive is the number of identities alive
	Alive int

	// Deleted is the number of identities deleted
	Deleted int
}

type RangeFunc

type RangeFunc func(idpool.ID, AllocatorKey)

RangeFunc is the function called by RangeCache

type RemoteIDCache

type RemoteIDCache interface {
	NumEntries() int
	Synced() bool
	Watch(ctx context.Context, onSync func(context.Context))
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL