[DOCS#2082] Documents configurations for CNI policy-setup timeouts #1373
Conversation
✅ Deploy Preview succeeded!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Thanks for this @aaaaaaaalex. A few comments and suggestions for you.
| @@ -248,6 +248,35 @@ you must also run calico/kube-controllers with the policy, profile, and workload | |||
|
|
|||
| When using `type: k8s`, the {{prodname}} CNI plugin requires read-only Kubernetes API access to the `Pods` resource in all namespaces. | |||
|
|
|||
| ### Enabling Policy Setup Timeout | |||
|
|
|||
| If you wish for the CNI to delay a new pod from starting until the pod's policy has been programmed to the dataplane, | |||
There was a problem hiding this comment.
we can ignore this Vale error for now.
| :::note | ||
|
|
||
| A `policy_setup_timeout_seconds` of 0 disables any policy-setup waiting. | ||
|
|
||
| ::: |
There was a problem hiding this comment.
I'm not sure what this note adds that isn't clear from the idea of setting it to 0 seconds. Am I missing something? Can we get rid of this?
There was a problem hiding this comment.
Not missing anything, over verbose on my part 😄
| :::note | ||
|
|
||
| If the pod's policy is not programmed after the number of seconds specified, the CNI will allow the pod to start its containers anyway. | ||
|
|
||
| ::: |
There was a problem hiding this comment.
Let's move this to the intro text, without the note formatting. (I've added to comment above.)
There was a problem hiding this comment.
I think with different phrasing of the intro text, this idea is clear. Let me know what you think.
| @@ -248,6 +248,35 @@ you must also run calico/kube-controllers with the policy, profile, and workload | |||
|
|
|||
| When using `type: k8s`, the {{prodname}} CNI plugin requires read-only Kubernetes API access to the `Pods` resource in all namespaces. | |||
|
|
|||
| ### Enabling Policy Setup Timeout | |||
There was a problem hiding this comment.
| ### Enabling Policy Setup Timeout | |
| ### Enabling policy setup timeout |
- We use sentence case for title and headings.
I'm not 100% clear on the distinction in this document between generic and kubernetes-specific configuration. Just want to check this is in the right place. Is the idea that this doesn't apply, for example, to an OpenStack deployment?
There was a problem hiding this comment.
Correct - this functionality lives in the k8s portion of our CNI 👍
| @@ -248,6 +248,35 @@ you must also run calico/kube-controllers with the policy, profile, and workload | |||
|
|
|||
| When using `type: k8s`, the {{prodname}} CNI plugin requires read-only Kubernetes API access to the `Pods` resource in all namespaces. | |||
|
|
|||
| ### Enabling Policy Setup Timeout | |||
|
|
|||
| If you wish for the CNI to delay a new pod from starting until the pod's policy has been programmed to the dataplane, | |||
There was a problem hiding this comment.
Some new copy, based partly on the previous sections and incorporating the idea of a note you have below:
The `policy_setup_timeout_seconds` option makes the CNI plugin wait to start a new pod until one of the following conditions occurs:
* The pod's policy has finished being programmed.
* A specified amount of time has elapsed.
By setting this option, you can avoid errors that can occur when a pod tries to start before the pod's policy is programmed.
Example CNI config:
There was a problem hiding this comment.
Brilliant, thanks!
aaaaaaaalex
force-pushed
the
cni-wait-docs
branch
from
8d3dd4c
to
eca5361
Compare
|
LGTM! Ready to merge? |
|
Thanks @ctauchen , yes I think we're good to merge 🚀 |
Product Version(s):
OSS 3.28 (EE 3.19 EP2 to come at a later date)
Issue:
https://tigera.atlassian.net/browse/DOCS-2082
Link to docs preview:
https://deploy-preview-1373--calico-docs-preview-next.netlify.app/calico/next/reference/configure-cni-plugins#enabling-policy-setup-timeout
https://deploy-preview-1373--calico-docs-preview-next.netlify.app/calico/next/reference/felix/configuration (See manifest section ->
EndpointStatusPathPrefixfield)https://deploy-preview-1373--calico-docs-preview-next.netlify.app/calico/next/reference/resources/felixconfig similar to previous link
SME review:
DOCS review:
Additional information:
Merge checklist: