Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gc for security group #4559

Merged
merged 2 commits into from
Oct 8, 2024
Merged

gc for security group #4559

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
20e3d61
gc for security group
fanriming Sep 24, 2024
367a243
Merge branch 'master' into optgc
fanriming Sep 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions mocks/pkg/ovs/interface.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

81 changes: 79 additions & 2 deletions pkg/controller/gc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ func (c *Controller) gc() error {
c.gcCustomLogicalRouter,
// The lsp gc is processed periodically by markAndCleanLSP, will not gc lsp when init
c.gcLoadBalancer,
c.gcPortGroup,
c.gcNetworkPolicy,
c.gcSecurityGroup,
c.gcAddressSet,
c.gcRoutePolicy,
c.gcStaticRoute,
c.gcVpcNatGateway,
Expand Down Expand Up @@ -618,7 +620,82 @@ func (c *Controller) gcLoadBalancer() error {
return nil
}

func (c *Controller) gcPortGroup() error {
func (c *Controller) gcAddressSet() error {
klog.Infof("start to gc address set")
// get all address
addressSets, err := c.OVNNbClient.ListAddressSets(nil)
if err != nil {
klog.Errorf("failed to list address set,%v", err)
return err
}

asList := make([]string, 0)
for _, as := range addressSets {
sg := as.ExternalIDs[sgKey]
if sg == "" {
continue
}
// if address set not found associated port group, delete it
if pg, err := c.OVNNbClient.GetPortGroup(ovs.GetSgPortGroupName(sg), true); err == nil && pg == nil {
klog.Infof("ready to gc address set %s", as.Name)
asList = append(asList, as.Name)
}
}
if len(asList) == 0 {
return nil
}

if err = c.OVNNbClient.DeleteAddressSet(asList...); err != nil {
klog.Errorf("failed to delete address set %v,%v", asList, err)
return err
}

return nil
}

func (c *Controller) gcSecurityGroup() error {
klog.Infof("start to gc security group residual port groups")
// get security group
sgs, err := c.config.KubeOvnClient.KubeovnV1().SecurityGroups().List(context.Background(), metav1.ListOptions{})
if err != nil {
klog.Errorf("failed to list security group,%v", err)
return err
}
sgSet := strset.NewWithSize(len(sgs.Items))
for _, sg := range sgs.Items {
sgSet.Add(sg.Name)
}

pgs, err := c.OVNNbClient.ListPortGroups(nil)
if err != nil {
klog.Errorf("failed to list port group,%v", err)
return err
}

needToDelPgs := make([]string, 0)
denyAllPg := ovs.GetSgPortGroupName(util.DenyAllSecurityGroup)
defaultPg := ovs.GetSgPortGroupName(util.DefaultSecurityGroupName)
for _, pg := range pgs {
if pg.Name == denyAllPg || pg.Name == defaultPg || pg.ExternalIDs[networkPolicyKey] != "" {
continue
}
// if port group not exist in security group, delete it
if !sgSet.Has(pg.ExternalIDs["sg"]) {
klog.Infof("ready to gc port group %s", pg.Name)
needToDelPgs = append(needToDelPgs, pg.Name)
}
}
if len(needToDelPgs) == 0 {
return nil
}
if err = c.OVNNbClient.DeletePortGroup(needToDelPgs...); err != nil {
klog.Errorf("failed to gc port group list,%v", err)
return err
}
return nil
}

func (c *Controller) gcNetworkPolicy() error {
klog.Infof("start to gc network policy")

npNames := strset.New()
Expand Down
4 changes: 2 additions & 2 deletions pkg/ovs/interface.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ type PortGroup interface {
PortGroupAddPorts(pgName string, lspNames ...string) error
PortGroupRemovePorts(pgName string, lspNames ...string) error
PortGroupSetPorts(pgName string, ports []string) error
DeletePortGroup(pgName string) error
DeletePortGroup(pgName ...string) error
ListPortGroups(externalIDs map[string]string) ([]ovnnb.PortGroup, error)
GetPortGroup(pgName string, ignoreNotFound bool) (*ovnnb.PortGroup, error)
PortGroupExists(pgName string) (bool, error)
Expand All @@ -159,7 +159,7 @@ type ACL interface {
type AddressSet interface {
CreateAddressSet(asName string, externalIDs map[string]string) error
AddressSetUpdateAddress(asName string, addresses ...string) error
DeleteAddressSet(asName string) error
DeleteAddressSet(asName ...string) error
DeleteAddressSets(externalIDs map[string]string) error
ListAddressSets(externalIDs map[string]string) ([]ovnnb.AddressSet, error)
}
Expand Down
30 changes: 20 additions & 10 deletions pkg/ovs/ovn-nb-address_set.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"strings"

"github.com/ovn-org/libovsdb/client"
"github.com/ovn-org/libovsdb/model"
"github.com/scylladb/go-set/strset"
"k8s.io/klog/v2"

Expand Down Expand Up @@ -106,21 +107,30 @@ func (c *OVNNbClient) UpdateAddressSet(as *ovnnb.AddressSet, fields ...interface
return nil
}

func (c *OVNNbClient) DeleteAddressSet(asName string) error {
as, err := c.GetAddressSet(asName, true)
if err != nil {
klog.Error(err)
return fmt.Errorf("get address set %s: %w", asName, err)
func (c *OVNNbClient) DeleteAddressSet(asName ...string) error {
delList := make([]*ovnnb.AddressSet, 0, len(asName))
for _, name := range asName {
// get address set
as, err := c.GetAddressSet(name, true)
if err != nil {
return fmt.Errorf("get address set %s when delete: %w", name, err)
}
// not found, skip
if as == nil {
continue
}
delList = append(delList, as)
}

// not found, skip
if as == nil {
if len(delList) == 0 {
return nil
}

op, err := c.Where(as).Delete()
var modelList []model.Model = make([]model.Model, len(delList))
for i, as := range delList {
modelList[i] = as
}
op, err := c.Where(modelList...).Delete()
if err != nil {
klog.Error(err)
return err
}

Expand Down
30 changes: 19 additions & 11 deletions pkg/ovs/ovn-nb-port_group.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,24 +152,32 @@ func (c *OVNNbClient) PortGroupUpdatePorts(pgName string, op ovsdb.Mutator, lspN
return nil
}

func (c *OVNNbClient) DeletePortGroup(pgName string) error {
pg, err := c.GetPortGroup(pgName, true)
if err != nil {
klog.Error(err)
return fmt.Errorf("get port group %s when delete: %w", pgName, err)
func (c *OVNNbClient) DeletePortGroup(pgName ...string) error {
delList := make([]*ovnnb.PortGroup, 0, len(pgName))
for _, name := range pgName {
// get port group
pg, err := c.GetPortGroup(name, true)
if err != nil {
return fmt.Errorf("get port group %s when delete: %w", name, err)
}
// not found, skip
if pg == nil {
continue
}
delList = append(delList, pg)
}

// not found, skip
if pg == nil {
if len(delList) == 0 {
return nil
}

op, err := c.Where(pg).Delete()
var modelList []model.Model = make([]model.Model, len(delList))
for i, pg := range delList {
modelList[i] = pg
}
op, err := c.Where(modelList...).Delete()
if err != nil {
klog.Error(err)
return err
}

if err := c.Transact("pg-del", op); err != nil {
klog.Error(err)
return fmt.Errorf("delete port group %s: %w", pgName, err)
Expand Down
Loading