Feat: add kmesh-daemon upgrades traffic without disruption

[072020127]

What type of PR is this?

/kind feature

What this PR does / why we need it:

• Implemented logic for storing and reading persistent MapSpecs
• Added retrieval of the current MapSpec
• Implemented comparison logic for Map structure
• Added unit tests and e2e test programs

Which issue(s) this PR fixes:

Fixes #1409

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

[gemini-code-assist]

Summary of Changes

Hello @072020127, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant feature enabling seamless, traffic-undisrupted upgrades for the kmesh-daemon. It achieves this by persisting BPF map specifications, comparing them during daemon restarts, and intelligently migrating map data to new versions. This ensures that ongoing network traffic is not interrupted when the daemon is updated.

Highlights

• Persistent BPF MapSpecs: Implemented logic for storing and reading persistent BPF MapSpecs, which are crucial for maintaining state across kmesh-daemon upgrades.
• MapSpec Comparison Logic: Added retrieval of the current MapSpec and implemented robust comparison logic for BPF Map structures to detect changes between versions.
• Seamless Daemon Upgrades: Introduced an 'Update' mode for kmesh-daemon, allowing BPF programs and maps to be updated without traffic disruption by migrating existing map data.
• Comprehensive Testing: Included new unit tests for MapSpec loading and comparison, as well as an end-to-end test to validate the traffic-undisrupted upgrade process.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

BPF maps persist, Upgrades flow, no traffic lost, Code ensures smooth ride.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant feature for non-disruptive upgrades of the kmesh-daemon. The core logic involves persisting BPF map specifications (MapSpecs), comparing them across versions, and migrating maps when their structure changes. The implementation adds new files for handling BPF updates and loading MapSpecs, along with extensive unit and e2e tests.

My review focuses on the new update logic. I've found a few critical issues related to error handling that could lead to panics, and a bug where changes in struct bitfield sizes are not detected, potentially causing data corruption. I've also identified areas with unhandled errors and code duplication that should be addressed to improve robustness and maintainability. The suggestions provided aim to fix these issues and refactor the code for better clarity.

[gemini-code-assist]

The BitfieldSize of a struct member is not being compared. This is a critical bug, as a change in bitfield size alters the struct layout and should trigger a map migration to avoid data corruption. The existing log.Info call should be replaced with a proper comparison.

  if map_old.Offset != uint32(map_new.Offset) || map_old.BitfieldSize != uint32(map_new.BitfieldSize) {
   diff.OffsetChanged = true
   break
  }

[gemini-code-assist]

The error returned by restart.LoadCompileTimeSpecs is ignored. This could lead to restart.SnapshotSpecsByPkg being called with a nil mapspec, which might cause a panic. The error should be checked and handled to prevent this.

Suggested change

	mapspec, _ := restart.LoadCompileTimeSpecs(config)
	restart.SnapshotSpecsByPkg(mapspec)
	mapspec, err := restart.LoadCompileTimeSpecs(config)
	if err != nil {
	log.Errorf("failed to load compile time specs: %v", err)
	return nil
	}
	restart.SnapshotSpecsByPkg(mapspec)

[gemini-code-assist]

The error returned by LoadCompileTimeSpecs is not handled. If an error occurs, specsByPkg could be nil and the function might proceed, potentially causing a panic later. It's crucial to check and handle this error. Also, the log message on line 68 refers to oldSpecsByPkg which seems to be a typo.

Suggested change

	specsByPkg, err := LoadCompileTimeSpecs(config)
	if specsByPkg == nil {
	log.Errorf("load oldSpecsByPkg failed")
	return nil
	}
	specsByPkg, err := LoadCompileTimeSpecs(config)
	if err != nil {
	log.Errorf("load compile-time map specs failed: %v", err)
	return nil
	}

[gemini-code-assist]

The migrateMap function has high complexity and significant code duplication. The logic to decide whether to recreate a map is repeated in multiple branches. This makes the code hard to read and maintain. Consider refactoring this function to extract the map recreation logic into a helper function and simplify the conditional checks.

[codecov]

Codecov Report

❌ Patch coverage is 0.43573% with 457 lines in your changes missing coverage. Please review.
✅ Project coverage is 36.84%. Comparing base (5951594) to head (e907308).
⚠️ Report is 28 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/bpf/restart/bpf_update.go	0.00%	325 Missing ⚠️
pkg/bpf/restart/new_version_mapspec_loader.go	0.00%	116 Missing ⚠️
pkg/bpf/bpf.go	15.38%	9 Missing and 2 partials ⚠️
pkg/bpf/ads/sock_connection.go	0.00%	1 Missing ⚠️
pkg/bpf/ads/sock_ops.go	0.00%	1 Missing ⚠️
pkg/bpf/workload/skb.go	0.00%	1 Missing ⚠️
pkg/bpf/workload/sock_connection.go	0.00%	1 Missing ⚠️
pkg/bpf/workload/sock_ops.go	0.00%	1 Missing ⚠️

❌ Your patch check has failed because the patch coverage (0.43%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Files with missing lines	Coverage Δ
pkg/bpf/ads/sock_connection.go	0.00% <0.00%> (ø)
pkg/bpf/ads/sock_ops.go	0.00% <0.00%> (ø)
pkg/bpf/workload/skb.go	0.00% <0.00%> (ø)
pkg/bpf/workload/sock_connection.go	0.00% <0.00%> (ø)
pkg/bpf/workload/sock_ops.go	0.00% <0.00%> (ø)
pkg/bpf/bpf.go	39.63% <15.38%> (-0.79%)	⬇️
pkg/bpf/restart/new_version_mapspec_loader.go	0.00% <0.00%> (ø)
pkg/bpf/restart/bpf_update.go	0.00% <0.00%> (ø)

... and 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3d9cfcd...e907308. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[hzxuzhonghu]

I am concerned this is a very big change, could introduce regression. Can you please add a feature flag, we can turn on until we have enough tests and documents

[hzxuzhonghu]

what do you mean by CompileTime

[072020127]

My intention is to describe that these specs are fixed when the binary is compiled (via bpf2go), as opposed to the specs loaded from the persisted on-disk snapshot. Maybe LoadEmbeddedSpecs will be clearer to reflect its role?

[hzxuzhonghu]

we should only call either LoadKmeshCgroupSockWorkload or LoadKmeshCgroupSockWorkloadCompat

please check

	if helper.KernelVersionLowerThan5_13() {
		spec, err = bpf2go.LoadKmeshSockopsCompat()
	} else {
		spec, err = bpf2go.LoadKmeshSockops()
	}

[hzxuzhonghu]

I am wondering how we can not miss one map, even after we add a new map later.

[072020127]

I wrote a go file for gen-bpf_stpecs.go in the/back directory, which can automatically generate LoadCompileTimeSpecs by analyzing the bpf2Go.go file. If there are new maps or progs in the future, it can be easily kept synchronized.

[hzxuzhonghu]

With the tag //go:build enhanced, it is for kernel native mode, so we donot need the below else branch

[hzxuzhonghu]

Suggested change

	mapspec, err := restart.LoadCompileTimeSpecs(config)
	mapSpecs, err := restart.LoadCompileTimeSpecs(config)

[hzxuzhonghu]

persistedSpecs can be nil, which cause panic later, please check all

[hzxuzhonghu]

Would prefer directly use call the map create function

[hzxuzhonghu]

we can share with that one storeVersionInfo in pkg/bpf/bpf.go

[072020127]

I need to import package restart in pkg/bpf/bpf.go. If i call storeVersionInfo in pkg/bpf/bpf.go, this will result in recursive import.

[hzxuzhonghu]

typo upgrade

[hzxuzhonghu]

isnot this same image with old daemonset?

[072020127]

I attached a new image which is build in run_test.sh set_daemonupgarde_testcase_image() to KMESH_UPGRADE_IMAGE. But E2e test istio 1.23~1.25 report no space left in device. I think the reason is there are two images existing ((localhost:5000/kmesh) and localhost:5000/kmesh/test-upgrade-map-change)

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kevin-wangzefeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[LiZhenCheng9527]

We update configuration of e2e to fix this errors. Please rebase and then resubmit the code.