Skip to content

Handle partial ZDS adds between ztunnel and CNI #1609

New issue
New issue
Open
Open
Handle partial ZDS adds between ztunnel and CNI#1609
Labels
windowsExperimental Windows support
@grnmeira

Description

@grnmeira
grnmeira
opened on Aug 7, 2025

At the moment we have to mitigate a problem on Windows nodes as described by #1608.

It'd be great if we could add an intermediate step between the ADD and the ACK in the ZDS communication:

  1. CNI sends ADD to ztunnel.
  2. ztunnel replies to the CNI with an intermediate response.
  3. CNI acks the container creation to the CRI (not sure if they talk directly though).
  4. ztunnel ACKS or NACKs the creation of the new workload.

Between steps 2 and 4, when ztunnel tries to add the workload, if the attempt is unsuccessful, we need to distinguish between retriable and non-retriable reasons for the failure. For retriable ones, we need to set jitter and a cap to the limit of retries and timeouts. For non-retriable reasons, we simply reply with a NACK to the CNI.

Metadata

Metadata

Assignees

No one assigned

    Labels

    windowsExperimental Windows support

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions