From 1bc65f939ee672be569771546955e46a0037406d Mon Sep 17 00:00:00 2001 From: bobz965 Date: Fri, 2 Feb 2024 10:59:25 +0800 Subject: [PATCH] remove fip controller (#3684) Signed-off-by: bobz965 --- pkg/controller/controller.go | 21 -- pkg/controller/pod_iptables_eip.go | 368 ----------------------------- pkg/controller/pod_iptables_fip.go | 360 ---------------------------- pkg/controller/vpc_nat_gateway.go | 16 -- pkg/controller/vpc_nat_gw_nat.go | 39 --- pkg/util/const.go | 3 - 6 files changed, 807 deletions(-) delete mode 100644 pkg/controller/pod_iptables_eip.go delete mode 100644 pkg/controller/pod_iptables_fip.go diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 5bdc098c22d..9f21ed9c91e 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -716,21 +716,6 @@ func Run(ctx context.Context, config *Configuration) { util.LogFatalAndExit(err, "failed to add ovn dnat rule event handler") } - if _, err = podAnnotatedIptablesEipInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: controller.enqueueAddPodAnnotatedIptablesEip, - UpdateFunc: controller.enqueueUpdatePodAnnotatedIptablesEip, - DeleteFunc: controller.enqueueDeletePodAnnotatedIptablesEip, - }); err != nil { - util.LogFatalAndExit(err, "failed to add pod iptables eip event handler") - } - if _, err = podAnnotatedIptablesFipInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: controller.enqueueAddPodAnnotatedIptablesFip, - UpdateFunc: controller.enqueueUpdatePodAnnotatedIptablesFip, - DeleteFunc: controller.enqueueDeletePodAnnotatedIptablesFip, - }); err != nil { - util.LogFatalAndExit(err, "failed to add pod iptables fip event handler") - } - if _, err = qosPolicyInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: controller.enqueueAddQoSPolicy, UpdateFunc: controller.enqueueUpdateQoSPolicy, @@ -1137,12 +1122,6 @@ func (c *Controller) startWorkers(ctx context.Context) { go wait.Until(c.runAddQoSPolicyWorker, time.Second, ctx.Done()) go wait.Until(c.runUpdateQoSPolicyWorker, time.Second, ctx.Done()) go wait.Until(c.runDelQoSPolicyWorker, time.Second, ctx.Done()) - - go wait.Until(c.runAddPodAnnotatedIptablesEipWorker, time.Second, ctx.Done()) - go wait.Until(c.runDelPodAnnotatedIptablesEipWorker, time.Second, ctx.Done()) - - go wait.Until(c.runAddPodAnnotatedIptablesFipWorker, time.Second, ctx.Done()) - go wait.Until(c.runDelPodAnnotatedIptablesFipWorker, time.Second, ctx.Done()) } func (c *Controller) allSubnetReady(subnets ...string) (bool, error) { diff --git a/pkg/controller/pod_iptables_eip.go b/pkg/controller/pod_iptables_eip.go deleted file mode 100644 index 1c67edce47c..00000000000 --- a/pkg/controller/pod_iptables_eip.go +++ /dev/null @@ -1,368 +0,0 @@ -package controller - -import ( - "context" - "fmt" - "strings" - - v1 "k8s.io/api/core/v1" - k8serrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/tools/cache" - "k8s.io/klog/v2" - - kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1" - "github.com/kubeovn/kube-ovn/pkg/util" -) - -func (c *Controller) enqueueAddPodAnnotatedIptablesEip(obj interface{}) { - var key string - var err error - if key, err = cache.MetaNamespaceKeyFunc(obj); err != nil { - utilruntime.HandleError(err) - return - } - p := obj.(*v1.Pod) - if p.Spec.HostNetwork { - return - } - if p.Annotations[util.FipEnableAnnotation] != "true" { - return - } - eipName := PodNameToEipName(p.Name, p.Namespace) - if v, ok := p.Annotations[util.EipNameAnnotation]; ok { - v = strings.Trim(v, " ") - if v != "" { - eipName = v - } - } - // delete eip if pod not alive - if !isPodAlive(p) { - isStateful, statefulSetName := isStatefulSetPod(p) - isVMPod, vmName := isVMPod(p) - if isStateful || (isVMPod && c.config.EnableKeepVMIP) { - if isStateful && isStatefulSetDeleted(c.config.KubeClient, p, statefulSetName) { - klog.V(3).Infof("enqueue delete pod annotated iptables eip %s", eipName) - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } - if isVMPod && c.isVMToDel(p, vmName) { - klog.V(3).Infof("enqueue delete pod annotated iptables eip %s", eipName) - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } - } else { - klog.V(3).Infof("enqueue delete pod annotated iptables eip %s", eipName) - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } - return - } - klog.V(3).Infof("enqueue add pod annotated iptables eip %s", eipName) - c.addPodAnnotatedIptablesEipQueue.Add(key) -} - -func (c *Controller) enqueueUpdatePodAnnotatedIptablesEip(oldObj, newObj interface{}) { - oldPod := oldObj.(*v1.Pod) - newPod := newObj.(*v1.Pod) - if oldPod.ResourceVersion == newPod.ResourceVersion { - return - } - if oldPod.Spec.HostNetwork { - return - } - var key string - var err error - if key, err = cache.MetaNamespaceKeyFunc(newObj); err != nil { - utilruntime.HandleError(err) - return - } - if oldPod.Annotations[util.FipEnableAnnotation] != "true" && newPod.Annotations[util.FipEnableAnnotation] == "true" { - // pod need eip after add fip annotation - klog.V(3).Infof("enqueue add annotated iptables eip for pod %s/%s", newPod.Namespace, newPod.Name) - c.addPodAnnotatedIptablesEipQueue.Add(key) - return - } - if oldPod.Annotations[util.FipEnableAnnotation] == "true" && newPod.Annotations[util.FipEnableAnnotation] != "true" { - // pod not need eip after remove fip annotation - klog.V(3).Infof("enqueue delete annotated iptables eip for pod %s/%s", newPod.Namespace, newPod.Name) - c.delPodAnnotatedIptablesEipQueue.Add(newObj) - return - } - if newPod.DeletionTimestamp != nil && len(newPod.Finalizers) == 0 { - // avoid delete eip twice - return - } - isStateful, _ := isStatefulSetPod(newPod) - isVMPod, vmName := isVMPod(newPod) - if newPod.DeletionTimestamp != nil && isStateful { - c.delPodAnnotatedIptablesEipQueue.Add(newObj) - return - } - if !isPodAlive(newPod) && !isStateful && !isVMPod { - c.delPodAnnotatedIptablesEipQueue.Add(newObj) - return - } - if c.config.EnableKeepVMIP && isVMPod && c.isVMToDel(newPod, vmName) { - c.delPodAnnotatedIptablesEipQueue.Add(newObj) - return - } -} - -func (c *Controller) enqueueDeletePodAnnotatedIptablesEip(obj interface{}) { - var err error - if _, err = cache.MetaNamespaceKeyFunc(obj); err != nil { - utilruntime.HandleError(err) - return - } - p := obj.(*v1.Pod) - if p.Spec.HostNetwork { - return - } - if p.Annotations[util.FipEnableAnnotation] != "true" { - return - } - isStateful, statefulSetName := isStatefulSetPod(p) - isVMPod, vmName := isVMPod(p) - switch { - case isStateful: - if isStatefulSetDeleted(c.config.KubeClient, p, statefulSetName) { - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } - if isDelete, err := appendCheckPodToDel(c, p, statefulSetName, util.StatefulSet); isDelete && err == nil { - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } - case c.config.EnableKeepVMIP && isVMPod: - if c.isVMToDel(p, vmName) { - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } - if isDelete, err := appendCheckPodToDel(c, p, vmName, util.VMInstance); isDelete && err == nil { - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } - default: - c.delPodAnnotatedIptablesEipQueue.Add(obj) - return - } -} - -func (c *Controller) runAddPodAnnotatedIptablesEipWorker() { - for c.processNextAddPodAnnotatedIptablesEipWorkItem() { - } -} - -func (c *Controller) runDelPodAnnotatedIptablesEipWorker() { - for c.processNextDeletePodAnnotatedIptablesEipWorkItem() { - } -} - -func (c *Controller) processNextAddPodAnnotatedIptablesEipWorkItem() bool { - obj, shutdown := c.addPodAnnotatedIptablesEipQueue.Get() - if shutdown { - return false - } - - if c.config.PodDefaultFipType != util.IptablesFip { - c.addPodAnnotatedIptablesEipQueue.Forget(obj) - c.addPodAnnotatedIptablesEipQueue.Done(obj) - return true - } - - err := func(obj interface{}) error { - defer c.addPodAnnotatedIptablesEipQueue.Done(obj) - var key string - var ok bool - if key, ok = obj.(string); !ok { - c.addPodAnnotatedIptablesEipQueue.Forget(obj) - utilruntime.HandleError(fmt.Errorf("expected string in workqueue but got %#v", obj)) - return nil - } - if err := c.handleAddPodAnnotatedIptablesEip(key); err != nil { - c.addPodAnnotatedIptablesEipQueue.AddRateLimited(key) - return fmt.Errorf("error syncing '%s': %s, requeuing", key, err.Error()) - } - c.addPodAnnotatedIptablesEipQueue.Forget(obj) - return nil - }(obj) - if err != nil { - utilruntime.HandleError(err) - return true - } - return true -} - -func (c *Controller) processNextDeletePodAnnotatedIptablesEipWorkItem() bool { - obj, shutdown := c.delPodAnnotatedIptablesEipQueue.Get() - if shutdown { - return false - } - - if c.config.PodDefaultFipType != util.IptablesFip { - c.delPodAnnotatedIptablesEipQueue.Forget(obj) - c.delPodAnnotatedIptablesEipQueue.Done(obj) - return true - } - - err := func(obj interface{}) error { - defer c.delPodAnnotatedIptablesEipQueue.Done(obj) - var pod *v1.Pod - var ok bool - if pod, ok = obj.(*v1.Pod); !ok { - c.delPodAnnotatedIptablesEipQueue.Forget(obj) - utilruntime.HandleError(fmt.Errorf("expected pod in workqueue but got %#v", obj)) - return nil - } - if err := c.handleDeletePodAnnotatedIptablesEip(pod); err != nil { - c.delPodAnnotatedIptablesEipQueue.AddRateLimited(obj) - return fmt.Errorf("error syncing '%s': %s, requeuing", pod.Name, err.Error()) - } - c.delPodAnnotatedIptablesEipQueue.Forget(obj) - return nil - }(obj) - if err != nil { - utilruntime.HandleError(err) - return true - } - return true -} - -func (c *Controller) handleAddPodAnnotatedIptablesEip(key string) error { - namespace, name, err := cache.SplitMetaNamespaceKey(key) - if err != nil { - klog.Error(err) - return nil - } - cachedPod, err := c.podsLister.Pods(namespace).Get(name) - if err != nil { - if k8serrors.IsNotFound(err) { - return nil - } - klog.Error(err) - return err - } - if cachedPod.Annotations[util.FipEnableAnnotation] != "true" { - // not enable fip - return nil - } - if cachedPod.Annotations[util.EipAnnotation] != "" { - // eip aleady ok - return nil - } - eipName := PodNameToEipName(cachedPod.Name, cachedPod.Namespace) - if v, ok := cachedPod.Annotations[util.EipNameAnnotation]; ok { - v = strings.Trim(v, " ") - if v != "" { - eipName = v - } - } - newPod := cachedPod.DeepCopy() - if newPod.Annotations[util.AllocatedAnnotation] != "true" { - err = fmt.Errorf("pod network not allocated, failed to create iptables eip %s", eipName) - klog.Error(err) - return err - } - if eip, err := c.iptablesEipsLister.Get(eipName); err != nil { - if !k8serrors.IsNotFound(err) { - return err - } - klog.V(3).Infof("handle add pod annotated iptables eip %s", eipName) - subnet := newPod.Annotations[util.LogicalSwitchAnnotation] - router := newPod.Annotations[util.LogicalRouterAnnotation] - natGw, err := c.getNatGw(router, subnet) - if err != nil { - klog.Errorf("failed to get vpc nat gw eip: %v", eipName, err) - return err - } - externalNetwork := util.GetExternalNetwork(eip.Spec.ExternalSubnet) - if err := c.createOrUpdateEipCR(eipName, "", "", "", "", natGw, externalNetwork); err != nil { - klog.Errorf("failed to create eip %s: %v", eipName, err) - return err - } - } - // check eip if ready and update pod eip annotation - var eip *kubeovnv1.IptablesEIP - if eip, err = c.iptablesEipsLister.Get(eipName); err != nil { - return err - } - // update pod eip annotation - if eip.Status.IP != "" { - newPod.Annotations[util.EipAnnotation] = eip.Status.IP - patch, err := util.GenerateStrategicMergePatchPayload(cachedPod, newPod) - if err != nil { - klog.Error(err) - return err - } - if _, err := c.config.KubeClient.CoreV1().Pods(namespace).Patch(context.Background(), name, - types.StrategicMergePatchType, patch, metav1.PatchOptions{}, ""); err != nil { - if k8serrors.IsNotFound(err) { - return nil - } - klog.Errorf("patch pod %s/%s annotation eip failed: %v", name, namespace, err) - return err - } - } else { - return fmt.Errorf("eip %s not ready", eipName) - } - return nil -} - -func (c *Controller) handleDeletePodAnnotatedIptablesEip(pod *v1.Pod) error { - var err error - var keepEipCR bool - klog.V(3).Infof("handle delete annotated iptables eip for pod %s/%s", pod.Namespace, pod.Name) - - // keep statefulset eip cr - if isStateful, statefulSetName := isStatefulSetPod(pod); isStateful { - if !isStatefulSetDeleted(c.config.KubeClient, pod, statefulSetName) { - keepEipCR = true - } - } - eipName := PodNameToEipName(pod.Name, pod.Namespace) - if v, ok := pod.Annotations[util.EipNameAnnotation]; ok { - // keep named eip cr - v = strings.Trim(v, " ") - if v != "" { - keepEipCR = true - eipName = v - } - } - if keepEipCR { - return nil - } - klog.V(3).Infof("delete pod annotated iptables eip cr %s", eipName) - if err = c.config.KubeOvnClient.KubeovnV1().IptablesEIPs().Delete(context.Background(), eipName, metav1.DeleteOptions{}); err != nil { - if !k8serrors.IsNotFound(err) { - klog.Errorf("failed to delete iptables eip %s: %v", eipName, err) - return err - } - } - return nil -} - -func PodNameToEipName(name, namespace string) string { - return fmt.Sprintf("%s.%s", name, namespace) -} - -func isStatefulSetDeleted(c kubernetes.Interface, pod *v1.Pod, statefulSetName string) bool { - // return true if statefulset is deleted or in deleting - ss, err := c.AppsV1().StatefulSets(pod.Namespace).Get(context.Background(), statefulSetName, metav1.GetOptions{}) - if err != nil { - if k8serrors.IsNotFound(err) { - // statefulset is deleted - return true - } - klog.Errorf("failed to get statefulset %v", err) - return false - } - // statefulset is deleting - if ss.DeletionTimestamp != nil { - return true - } - return false -} diff --git a/pkg/controller/pod_iptables_fip.go b/pkg/controller/pod_iptables_fip.go deleted file mode 100644 index e87216f3042..00000000000 --- a/pkg/controller/pod_iptables_fip.go +++ /dev/null @@ -1,360 +0,0 @@ -package controller - -import ( - "context" - "fmt" - "strings" - "time" - - v1 "k8s.io/api/core/v1" - k8serrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/client-go/tools/cache" - "k8s.io/klog/v2" - "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - - "github.com/kubeovn/kube-ovn/pkg/util" -) - -func (c *Controller) enqueueAddPodAnnotatedIptablesFip(obj interface{}) { - var key string - var err error - if key, err = cache.MetaNamespaceKeyFunc(obj); err != nil { - utilruntime.HandleError(err) - return - } - p := obj.(*v1.Pod) - if p.Spec.HostNetwork { - return - } - if p.Annotations[util.FipEnableAnnotation] != "true" { - return - } - if !isPodAlive(p) { - isStateful, statefulSetName := isStatefulSetPod(p) - isVMPod, vmName := isVMPod(p) - if isStateful || (isVMPod && c.config.EnableKeepVMIP) { - if isStateful && isStatefulSetPodToDel(c.config.KubeClient, p, statefulSetName) { - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } - if isVMPod && c.isVMToDel(p, vmName) { - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } - } else { - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } - return - } - c.addPodAnnotatedIptablesFipQueue.Add(key) -} - -func (c *Controller) enqueueUpdatePodAnnotatedIptablesFip(oldObj, newObj interface{}) { - oldPod := oldObj.(*v1.Pod) - newPod := newObj.(*v1.Pod) - if oldPod.ResourceVersion == newPod.ResourceVersion { - return - } - if oldPod.Spec.HostNetwork { - return - } - var key string - var err error - if key, err = cache.MetaNamespaceKeyFunc(newObj); err != nil { - utilruntime.HandleError(err) - return - } - if oldPod.Annotations[util.FipEnableAnnotation] != "true" && newPod.Annotations[util.FipEnableAnnotation] == "true" { - // pod need fip after add fip annotation - klog.V(3).Infof("enqueue add annotated iptables eip for pod %s/%s", newPod.Namespace, newPod.Name) - c.addPodAnnotatedIptablesFipQueue.Add(key) - return - } - if oldPod.Annotations[util.FipEnableAnnotation] == "true" && newPod.Annotations[util.FipEnableAnnotation] != "true" { - klog.V(3).Infof("enqueue delete annotated iptables fip for pod %s/%s", newPod.Namespace, newPod.Name) - c.delPodAnnotatedIptablesFipQueue.Add(newObj) - return - } - if newPod.DeletionTimestamp != nil && len(newPod.Finalizers) == 0 { - // avoid delete fip twice - return - } - - isStateful, _ := isStatefulSetPod(newPod) - isVMPod, vmName := isVMPod(newPod) - if !isPodAlive(newPod) && !isStateful && !isVMPod { - c.delPodAnnotatedIptablesFipQueue.Add(newObj) - return - } - if newPod.DeletionTimestamp != nil && isStateful { - c.delPodAnnotatedIptablesFipQueue.Add(newObj) - return - } - if c.config.EnableKeepVMIP && isVMPod && c.isVMToDel(newPod, vmName) { - c.delPodAnnotatedIptablesFipQueue.Add(newObj) - return - } -} - -func (c *Controller) enqueueDeletePodAnnotatedIptablesFip(obj interface{}) { - var err error - if _, err = cache.MetaNamespaceKeyFunc(obj); err != nil { - utilruntime.HandleError(err) - return - } - p := obj.(*v1.Pod) - if p.Spec.HostNetwork { - return - } - if p.Annotations[util.FipEnableAnnotation] != "true" { - return - } - isStateful, statefulSetName := isStatefulSetPod(p) - isVMPod, vmName := isVMPod(p) - switch { - case isStateful: - if isStatefulSetPodToDel(c.config.KubeClient, p, statefulSetName) { - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } - if isDelete, err := appendCheckPodToDel(c, p, statefulSetName, util.StatefulSet); isDelete && err == nil { - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } - case c.config.EnableKeepVMIP && isVMPod: - if c.isVMToDel(p, vmName) { - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } - if isDelete, err := appendCheckPodToDel(c, p, vmName, util.VMInstance); isDelete && err == nil { - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } - default: - c.delPodAnnotatedIptablesFipQueue.Add(obj) - return - } -} - -func (c *Controller) runAddPodAnnotatedIptablesFipWorker() { - for c.processNextAddPodAnnotatedIptablesFipWorkItem() { - } -} - -func (c *Controller) runDelPodAnnotatedIptablesFipWorker() { - for c.processNextDeletePodAnnotatedIptablesFipWorkItem() { - } -} - -func (c *Controller) processNextAddPodAnnotatedIptablesFipWorkItem() bool { - obj, shutdown := c.addPodAnnotatedIptablesFipQueue.Get() - if shutdown { - return false - } - - if c.config.PodDefaultFipType != util.IptablesFip { - c.addPodAnnotatedIptablesFipQueue.Forget(obj) - c.addPodAnnotatedIptablesFipQueue.Done(obj) - return true - } - - err := func(obj interface{}) error { - defer c.addPodAnnotatedIptablesFipQueue.Done(obj) - var key string - var ok bool - if key, ok = obj.(string); !ok { - c.addPodAnnotatedIptablesFipQueue.Forget(obj) - utilruntime.HandleError(fmt.Errorf("expected string in workqueue but got %#v", obj)) - return nil - } - if err := c.handleAddPodAnnotatedIptablesFip(key); err != nil { - c.addPodAnnotatedIptablesFipQueue.AddRateLimited(key) - return fmt.Errorf("error syncing '%s': %s, requeuing", key, err.Error()) - } - c.addPodAnnotatedIptablesFipQueue.Forget(obj) - return nil - }(obj) - if err != nil { - utilruntime.HandleError(err) - return true - } - return true -} - -func (c *Controller) processNextDeletePodAnnotatedIptablesFipWorkItem() bool { - obj, shutdown := c.delPodAnnotatedIptablesFipQueue.Get() - if shutdown { - return false - } - - if c.config.PodDefaultFipType != util.IptablesFip { - c.delPodAnnotatedIptablesFipQueue.Forget(obj) - c.delPodAnnotatedIptablesFipQueue.Done(obj) - return true - } - - err := func(obj interface{}) error { - defer c.delPodAnnotatedIptablesFipQueue.Done(obj) - var pod *v1.Pod - var ok bool - if pod, ok = obj.(*v1.Pod); !ok { - c.delPodAnnotatedIptablesFipQueue.Forget(obj) - utilruntime.HandleError(fmt.Errorf("expected pod in workqueue but got %#v", obj)) - return nil - } - if err := c.handleDeletePodAnnotatedIptablesFip(pod); err != nil { - c.delPodAnnotatedIptablesFipQueue.AddRateLimited(obj) - return fmt.Errorf("error syncing '%s': %s, requeuing", pod.Name, err.Error()) - } - c.delPodAnnotatedIptablesFipQueue.Forget(obj) - return nil - }(obj) - if err != nil { - utilruntime.HandleError(err) - return true - } - return true -} - -func (c *Controller) handleAddPodAnnotatedIptablesFip(key string) error { - namespace, name, err := cache.SplitMetaNamespaceKey(key) - if err != nil { - utilruntime.HandleError(fmt.Errorf("invalid resource key: %s", key)) - return nil - } - cachedPod, err := c.podsLister.Pods(namespace).Get(name) - if err != nil { - if k8serrors.IsNotFound(err) { - return nil - } - klog.Error(err) - return err - } - if cachedPod.Annotations[util.FipEnableAnnotation] != "true" { - // not enable fip - return nil - } - if cachedPod.Annotations[util.FipNameAnnotation] != "" { - // fip aleady ok - return nil - } - fipName := PodNameToEipName(cachedPod.Name, cachedPod.Namespace) - if v, ok := cachedPod.Annotations[util.EipNameAnnotation]; ok { - v = strings.Trim(v, " ") - if v != "" { - fipName = v - } - } - if err = c.handleAddPodAnnotatedIptablesFipFinalizer(cachedPod); err != nil { - return err - } - if cachedPod.Annotations[util.AllocatedAnnotation] != "true" { - err = fmt.Errorf("pod network not allocated, failed to create iptables fip %s", fipName) - return err - } - if _, err = c.iptablesFipsLister.Get(fipName); err != nil { - if !k8serrors.IsNotFound(err) { - return err - } - klog.V(3).Infof("handle add pod annotated iptables fip %s", fipName) - if err := c.createOrUpdateFipCR(fipName, fipName, cachedPod.Annotations[util.IPAddressAnnotation]); err != nil { - klog.Errorf("failed to create fip %s: %v", fipName, err) - return err - } - } - newPod := cachedPod.DeepCopy() - newPod.Annotations[util.FipNameAnnotation] = fipName - patch, err := util.GenerateStrategicMergePatchPayload(cachedPod, newPod) - if err != nil { - klog.Error(err) - return err - } - if _, err := c.config.KubeClient.CoreV1().Pods(namespace).Patch(context.Background(), name, - types.StrategicMergePatchType, patch, metav1.PatchOptions{}, ""); err != nil { - if k8serrors.IsNotFound(err) { - return nil - } - klog.Errorf("patch pod %s/%s annotation eip failed: %v", name, namespace, err) - return err - } - return nil -} - -func (c *Controller) handleDeletePodAnnotatedIptablesFip(pod *v1.Pod) error { - var err error - var keepFipCR bool - klog.V(3).Infof("handle delete annotated iptables fip for pod %s/%s", pod.Namespace, pod.Name) - if ok, sts := isStatefulSetPod(pod); ok { - isDelete, err := appendCheckPodToDel(c, pod, sts, util.StatefulSet) - keepFipCR = !isStatefulSetPodToDel(c.config.KubeClient, pod, sts) && !isDelete && err == nil - } - if !keepFipCR { - fipName := PodNameToEipName(pod.Name, pod.Namespace) - if v, ok := pod.Annotations[util.EipNameAnnotation]; ok { - v = strings.Trim(v, " ") - if v != "" { - fipName = v - } - } - klog.V(3).Infof("delete pod annotated iptables fip cr %s", fipName) - if err = c.config.KubeOvnClient.KubeovnV1().IptablesFIPRules().Delete(context.Background(), fipName, metav1.DeleteOptions{}); err != nil { - if !k8serrors.IsNotFound(err) { - klog.Errorf("failed to delete iptables fip %s: %v", fipName, err) - return err - } - } - } - return c.handleDelPodAnnotatedIptablesFipFinalizer(pod) -} - -func (c *Controller) handleAddPodAnnotatedIptablesFipFinalizer(pod *v1.Pod) error { - if pod.DeletionTimestamp.IsZero() { - if util.ContainsString(pod.Finalizers, util.FipFinalizer) { - return nil - } - newPod := pod.DeepCopy() - controllerutil.AddFinalizer(newPod, util.ControllerName) - patch, err := util.GenerateMergePatchPayload(pod, newPod) - if err != nil { - klog.Errorf("failed to generate patch payload for pod '%s', %v", pod.Name, err) - return err - } - if _, err := c.config.KubeClient.CoreV1().Pods(pod.Namespace).Patch(context.Background(), pod.Name, - types.MergePatchType, patch, metav1.PatchOptions{}, ""); err != nil { - if k8serrors.IsNotFound(err) { - return nil - } - klog.Errorf("failed to add iptables eip finalizer for pod %s: %v", pod.Name, err) - return err - } - // wait local cache ready - time.Sleep(2 * time.Second) - } - return nil -} - -func (c *Controller) handleDelPodAnnotatedIptablesFipFinalizer(pod *v1.Pod) error { - if len(pod.Finalizers) == 0 { - return nil - } - newPod := pod.DeepCopy() - controllerutil.RemoveFinalizer(newPod, util.ControllerName) - patch, err := util.GenerateMergePatchPayload(pod, newPod) - if err != nil { - klog.Errorf("failed to generate patch payload for pod '%s', %v", pod.Name, err) - return err - } - if _, err := c.config.KubeClient.CoreV1().Pods(pod.Namespace).Patch(context.Background(), pod.Name, - types.MergePatchType, patch, metav1.PatchOptions{}, ""); err != nil { - if k8serrors.IsNotFound(err) { - return nil - } - klog.Errorf("failed to add iptables eip finalizer for pod %s: %v", pod.Name, err) - return err - } - return nil -} diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go index 3dce6733dab..dd5ac129618 100644 --- a/pkg/controller/vpc_nat_gateway.go +++ b/pkg/controller/vpc_nat_gateway.go @@ -920,22 +920,6 @@ func (c *Controller) updateCrdNatGwLabels(key, qos string) error { return nil } -func (c *Controller) getNatGw(router, subnet string) (string, error) { - selectors := labels.Set{util.VpcNameLabel: router, util.SubnetNameLabel: subnet}.AsSelector() - gws, err := c.vpcNatGatewayLister.List(selectors) - if err != nil { - klog.Error(err) - return "", err - } - if len(gws) == 1 { - return gws[0].Name, nil - } - if len(gws) == 0 { - return "", fmt.Errorf("no vpc nat gw found by selector %v", selectors) - } - return "", fmt.Errorf("too many nat gw") -} - func (c *Controller) patchNatGwQoSStatus(key, qos string) error { // add qos label to vpc nat gw var changed bool diff --git a/pkg/controller/vpc_nat_gw_nat.go b/pkg/controller/vpc_nat_gw_nat.go index 0ce8b16a560..7808061b58c 100644 --- a/pkg/controller/vpc_nat_gw_nat.go +++ b/pkg/controller/vpc_nat_gw_nat.go @@ -1770,45 +1770,6 @@ func (c *Controller) isDnatDuplicated(gwName, eipName, dnatName, externalPort st return false, nil } -func (c *Controller) createOrUpdateFipCR(key, eipName, internalIP string) error { - cachedFip, err := c.iptablesFipsLister.Get(key) - if err != nil { - klog.V(3).Infof("create fip cr %s", key) - if k8serrors.IsNotFound(err) { - if _, err := c.config.KubeOvnClient.KubeovnV1().IptablesFIPRules().Create(context.Background(), &kubeovnv1.IptablesFIPRule{ - ObjectMeta: metav1.ObjectMeta{ - Name: key, - }, - Spec: kubeovnv1.IptablesFIPRuleSpec{ - EIP: eipName, - InternalIP: internalIP, - }, - }, metav1.CreateOptions{}); err != nil { - errMsg := fmt.Errorf("failed to create fip crd %s, %v", key, err) - klog.Error(errMsg) - return errMsg - } - } else { - errMsg := fmt.Errorf("failed to get fip crd %s, %v", key, err) - klog.Error(errMsg) - return errMsg - } - } else { - klog.V(3).Infof("update fip cr %s", key) - fip := cachedFip.DeepCopy() - if fip.Spec.EIP != eipName || fip.Spec.InternalIP != internalIP { - fip.Spec.EIP = eipName - fip.Spec.InternalIP = internalIP - if _, err := c.config.KubeOvnClient.KubeovnV1().IptablesFIPRules().Update(context.Background(), fip, metav1.UpdateOptions{}); err != nil { - errMsg := fmt.Errorf("failed to update eip crd %s, %v", key, err) - klog.Error(errMsg) - return errMsg - } - } - } - return nil -} - func (c *Controller) updateIptableLabels(name, op, natType string, labels map[string]string) error { patchPayloadTemplate := `[{ "op": "%s", "path": "/metadata/labels", "value": %s }]` raw, _ := json.Marshal(labels) diff --git a/pkg/util/const.go b/pkg/util/const.go index 3ff8f1413fb..30cc990e313 100644 --- a/pkg/util/const.go +++ b/pkg/util/const.go @@ -16,9 +16,6 @@ const ( BgpAnnotation = "ovn.kubernetes.io/bgp" SnatAnnotation = "ovn.kubernetes.io/snat" EipAnnotation = "ovn.kubernetes.io/eip" - EipNameAnnotation = "ovn.kubernetes.io/eip_name" - FipNameAnnotation = "ovn.kubernetes.io/fip_name" - FipEnableAnnotation = "ovn.kubernetes.io/enable_fip" FipFinalizer = "ovn.kubernetes.io/fip" VipAnnotation = "ovn.kubernetes.io/vip" AAPsAnnotation = "ovn.kubernetes.io/aaps"