feat: add hostPort support and optional wait-for-scheduler#493
Open
bumarcell wants to merge 2 commits into
Open
feat: add hostPort support and optional wait-for-scheduler#493bumarcell wants to merge 2 commits into
bumarcell wants to merge 2 commits into
Conversation
Author
|
This is also already deployed and running. Please let me know if you find any problem! |
There was a problem hiding this comment.
Pull request overview
This PR updates the Dragonfly Helm chart to better support Cilium VXLAN tunnel mode by allowing the client DaemonSet to run without hostNetwork (using hostPort mappings for key ports) and by making the scheduler wait init container optional.
Changes:
- Add conditional
hostPortmappings for client upload/proxy/storage ports whenclient.hostNetwork: false. - Gate the
wait-for-schedulerinitContainer behind a newclient.waitForSchedulervalue (defaulttrue). - Bump chart version and update generated documentation accordingly.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| charts/dragonfly/values.yaml | Introduces client.waitForScheduler with documentation comments. |
| charts/dragonfly/templates/client/client-daemonset.yaml | Adds conditional hostPort entries and makes wait-for-scheduler conditional. |
| charts/dragonfly/README.md | Documents the new client.waitForScheduler value in the values table. |
| charts/dragonfly/Chart.yaml | Bumps chart version and updates Artifact Hub change notes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
In Cilium VXLAN tunnel mode, hostNetwork pods cannot reach pod IPs on remote nodes. The client DaemonSet uses hostNetwork by default but discovers scheduler pod IPs from the manager and connects directly. With hostNetwork, only local-node schedulers are reachable. This adds: - Conditional hostPort on client ports (upload, proxy, storage) when hostNetwork is false, allowing the client to use pod networking while containerd still reaches dfdaemon at 127.0.0.1:4001 via Cilium's hostPort DNAT - client.waitForScheduler toggle (default true) to make the wait-for-scheduler init container optional This is the same approach used by spegel for P2P image caching. Signed-off-by: Jamal Allogie <jamal.allogie@gmail.com> Signed-off-by: Jamal Allogie <jamal.allogie@deepl.com>
When client.hostNetwork is false, the proxy hostPort previously bound to 0.0.0.0, exposing the HTTP proxy on every node interface. Bind it to 127.0.0.1 by default so the proxy is only reachable from on-node runtimes (e.g. containerd), matching how dfinit configures clients to reach the proxy. Expose client.proxy.server.ip for operators who need to bind a different address (e.g. 0.0.0.0 for cross-node access). Signed-off-by: Jamal Allogie <jamal.allogie@deepl.com>
bumarcell
force-pushed
the
feat/hostport-and-wait-toggle
branch
from
a682fa8 to
6001777
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
In Cilium VXLAN tunnel mode,
hostNetworkpods cannot reach pod IPs on remote nodes. The client DaemonSet useshostNetwork: trueby default, but discovers scheduler pod IPs from the manager and connects directly. Only local-node schedulers are reachable, breaking P2P distribution.Changes
templates/client/client-daemonset.yamlhostPortto upload (4000), proxy (4001), storage TCP (4005), and storage QUIC (4006) ports whenhostNetworkisfalsewait-for-schedulerinit container conditional onclient.waitForScheduler(defaulttrue)values.yamlclient.waitForScheduler: trueHow to use
Set
client.hostNetwork: falsein values. The client gets a pod IP so VXLAN encapsulation works for cross-node communication. Containerd still reaches dfdaemon at127.0.0.1:4001via the hostPort DNAT rule.This is the same approach used by spegel for P2P image caching in Cilium environments.