Skip to content

Commit

Permalink
gc for security group (#4559)
Browse files Browse the repository at this point in the history
Signed-off-by: fanriming <[email protected]>
  • Loading branch information
fanriming authored and bobz965 committed Oct 25, 2024
1 parent cc83077 commit 3669872
Show file tree
Hide file tree
Showing 5 changed files with 124 additions and 29 deletions.
8 changes: 4 additions & 4 deletions mocks/pkg/ovs/interface.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

81 changes: 79 additions & 2 deletions pkg/controller/gc.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ func (c *Controller) gc() error {
c.gcCustomLogicalRouter,
c.gcLogicalSwitchPort,
c.gcLoadBalancer,
c.gcPortGroup,
c.gcNetworkPolicy,
c.gcSecurityGroup,
c.gcAddressSet,
c.gcRoutePolicy,
c.gcStaticRoute,
c.gcVpcNatGateway,
Expand Down Expand Up @@ -625,7 +627,82 @@ func (c *Controller) gcLoadBalancer() error {
return nil
}

func (c *Controller) gcPortGroup() error {
func (c *Controller) gcAddressSet() error {
klog.Infof("start to gc address set")
// get all address
addressSets, err := c.OVNNbClient.ListAddressSets(nil)
if err != nil {
klog.Errorf("failed to list address set,%v", err)
return err
}

asList := make([]string, 0)
for _, as := range addressSets {
sg := as.ExternalIDs[sgKey]
if sg == "" {
continue
}
// if address set not found associated port group, delete it
if pg, err := c.OVNNbClient.GetPortGroup(ovs.GetSgPortGroupName(sg), true); err == nil && pg == nil {
klog.Infof("ready to gc address set %s", as.Name)
asList = append(asList, as.Name)
}
}
if len(asList) == 0 {
return nil
}

if err = c.OVNNbClient.DeleteAddressSet(asList...); err != nil {
klog.Errorf("failed to delete address set %v,%v", asList, err)
return err
}

return nil
}

func (c *Controller) gcSecurityGroup() error {
klog.Infof("start to gc security group residual port groups")
// get security group
sgs, err := c.config.KubeOvnClient.KubeovnV1().SecurityGroups().List(context.Background(), metav1.ListOptions{})
if err != nil {
klog.Errorf("failed to list security group,%v", err)
return err
}
sgSet := strset.NewWithSize(len(sgs.Items))
for _, sg := range sgs.Items {
sgSet.Add(sg.Name)
}

pgs, err := c.OVNNbClient.ListPortGroups(nil)
if err != nil {
klog.Errorf("failed to list port group,%v", err)
return err
}

needToDelPgs := make([]string, 0)
denyAllPg := ovs.GetSgPortGroupName(util.DenyAllSecurityGroup)
defaultPg := ovs.GetSgPortGroupName(util.DefaultSecurityGroupName)
for _, pg := range pgs {
if pg.Name == denyAllPg || pg.Name == defaultPg || pg.ExternalIDs[networkPolicyKey] != "" {
continue
}
// if port group not exist in security group, delete it
if !sgSet.Has(pg.ExternalIDs["sg"]) {
klog.Infof("ready to gc port group %s", pg.Name)
needToDelPgs = append(needToDelPgs, pg.Name)
}
}
if len(needToDelPgs) == 0 {
return nil
}
if err = c.OVNNbClient.DeletePortGroup(needToDelPgs...); err != nil {
klog.Errorf("failed to gc port group list,%v", err)
return err
}
return nil
}

func (c *Controller) gcNetworkPolicy() error {
klog.Infof("start to gc network policy")

npNames := strset.New()
Expand Down
4 changes: 2 additions & 2 deletions pkg/ovs/interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ type PortGroup interface {
PortGroupAddPorts(pgName string, lspNames ...string) error
PortGroupRemovePorts(pgName string, lspNames ...string) error
PortGroupSetPorts(pgName string, ports []string) error
DeletePortGroup(pgName string) error
DeletePortGroup(pgName ...string) error
ListPortGroups(externalIDs map[string]string) ([]ovnnb.PortGroup, error)
GetPortGroup(pgName string, ignoreNotFound bool) (*ovnnb.PortGroup, error)
PortGroupExists(pgName string) (bool, error)
Expand All @@ -153,7 +153,7 @@ type ACL interface {
type AddressSet interface {
CreateAddressSet(asName string, externalIDs map[string]string) error
AddressSetUpdateAddress(asName string, addresses ...string) error
DeleteAddressSet(asName string) error
DeleteAddressSet(asName ...string) error
DeleteAddressSets(externalIDs map[string]string) error
ListAddressSets(externalIDs map[string]string) ([]ovnnb.AddressSet, error)
}
Expand Down
30 changes: 20 additions & 10 deletions pkg/ovs/ovn-nb-address_set.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"strings"

"github.com/ovn-org/libovsdb/client"
"github.com/ovn-org/libovsdb/model"
"github.com/scylladb/go-set/strset"
"k8s.io/klog/v2"

Expand Down Expand Up @@ -106,21 +107,30 @@ func (c *OVNNbClient) UpdateAddressSet(as *ovnnb.AddressSet, fields ...interface
return nil
}

func (c *OVNNbClient) DeleteAddressSet(asName string) error {
as, err := c.GetAddressSet(asName, true)
if err != nil {
klog.Error(err)
return fmt.Errorf("get address set %s: %w", asName, err)
func (c *OVNNbClient) DeleteAddressSet(asName ...string) error {
delList := make([]*ovnnb.AddressSet, 0, len(asName))
for _, name := range asName {
// get address set
as, err := c.GetAddressSet(name, true)
if err != nil {
return fmt.Errorf("get address set %s when delete: %w", name, err)
}
// not found, skip
if as == nil {
continue
}
delList = append(delList, as)
}

// not found, skip
if as == nil {
if len(delList) == 0 {
return nil
}

op, err := c.Where(as).Delete()
var modelList []model.Model = make([]model.Model, len(delList))
for i, as := range delList {
modelList[i] = as
}
op, err := c.Where(modelList...).Delete()
if err != nil {
klog.Error(err)
return err
}

Expand Down
30 changes: 19 additions & 11 deletions pkg/ovs/ovn-nb-port_group.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,24 +152,32 @@ func (c *OVNNbClient) PortGroupUpdatePorts(pgName string, op ovsdb.Mutator, lspN
return nil
}

func (c *OVNNbClient) DeletePortGroup(pgName string) error {
pg, err := c.GetPortGroup(pgName, true)
if err != nil {
klog.Error(err)
return fmt.Errorf("get port group %s when delete: %w", pgName, err)
func (c *OVNNbClient) DeletePortGroup(pgName ...string) error {
delList := make([]*ovnnb.PortGroup, 0, len(pgName))
for _, name := range pgName {
// get port group
pg, err := c.GetPortGroup(name, true)
if err != nil {
return fmt.Errorf("get port group %s when delete: %w", name, err)
}
// not found, skip
if pg == nil {
continue
}
delList = append(delList, pg)
}

// not found, skip
if pg == nil {
if len(delList) == 0 {
return nil
}

op, err := c.Where(pg).Delete()
var modelList []model.Model = make([]model.Model, len(delList))
for i, pg := range delList {
modelList[i] = pg
}
op, err := c.Where(modelList...).Delete()
if err != nil {
klog.Error(err)
return err
}

if err := c.Transact("pg-del", op); err != nil {
klog.Error(err)
return fmt.Errorf("delete port group %s: %w", pgName, err)
Expand Down

0 comments on commit 3669872

Please sign in to comment.