Improve Pod launch time
I would like to extend the topic of
https:/
Also it related to
https:/
Since pod launch is a complex process it consists of many stages when many components are involved.
There are could be following direction in pod launch time optimization:
1. rework kuryr/k8s interconnection and extend it by direct RPC (kuryr-daemon <-> kuryr-controller),
also keep k8s api to store state in it.
2. rework kuryr/neutron interconnection.
We already tried to receive neutron port status immediately
(https:/
is doing a lot of jobs to give port an active status.
a. Skip that time, just return cni output as soon as binding process was Succeed. But, probably, it requires
special tweakable mode, because some of users expect connectivity inside container as soos as it launches.
Cons:
- Neutron-openvswitch can fail to configure ovs port, in this case we'll get
inconsistent pod (with broken connectivity)
- Port could have SG (in case of openvswitch agent), but if pod will be launched before SG applied for additional VIF,
it could be a security breach, because for a while pod will be not ander security rules.
b. Do not wait for all VIFs in pod, just wait for the main VIF.
Cons:
- disadvantages here is the same as above, but is additional VIF is SR-IOV
security groups doesn't make sense now, due to SR-IOV NIC agent still doesn't support non noop firewall driver (Stein release).
c. Profile and improve neutron-
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Alexey Perevalov
- Direction:
- Needs approval
- Assignee:
- Alexey Perevalov
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
