Skip to content

Add policies_last_updated endpoint to internal policy server #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 26, 2023
Merged

Add policies_last_updated endpoint to internal policy server #231

merged 4 commits into from
Jul 26, 2023

Conversation

mariash
Copy link
Member

@mariash mariash commented Jul 21, 2023
edited
Loading

policies_last_updated endpoint can be used by policy agents to determine if they need to pull new policies.

This will help with resource consumption on database VM and overall traffic going through the system. Since policy agents default to polling policies every 5s this is especially visible as a problem in environments with hundreds of Diego cells and thousands of policies.

In this PR:

  • new table is added to policy server database policies_info with the field last_updated. Field id is added as primary key because mysql percona complains that table must have a primary key.
  • the table is updated in the same transaction as creating and deleting policies.

@mariash mariash requested a review from a team as a code owner July 21, 2023 17:42
@mariash mariash mentioned this pull request Jul 21, 2023
Merged
@mariash mariash mentioned this pull request Jul 25, 2023
Merged
jrussett
jrussett suggested changes Jul 25, 2023
View reviewed changes
Copy link
Contributor

@jrussett jrussett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was a test that appears to be missing an assertion. Can you please double check if it should be there?

jrussett
jrussett approved these changes Jul 26, 2023
View reviewed changes
Copy link
Contributor

@jrussett jrussett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, after two rounds of approval, I'm so happy to accept this!

@jrussett jrussett merged commit 499313b into develop Jul 26, 2023
@jrussett jrussett deleted the last-updated branch July 26, 2023 23:18
jrussett pushed a commit to cloudfoundry/silk-release that referenced this pull request Jul 26, 2023
@mariash
Check last updated endpoint before polling policies (#88)
a0bda97 
This PR accompanies cloudfoundry/cf-networking-release#231

Vxlan policy agent first checks the last updated endpoint of policy server and if there was an update (new policy created or deleted) it will run the poll cycle and poll all policies for containers on Diego cell. It will also run poll cycle if getting policies returns an error for backwards compatibility with old policy servers.

It only does this in the converger and not when forcing poll cycle during container creation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrussett jrussett jrussett approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mariash @jrussett