Skip to content

Commit

Permalink
add np prefix to networkpolicy name when networkpolicy's name starts …
Browse files Browse the repository at this point in the history 
…with number (#3551)

Signed-off-by: 马洪贞 <hzma@alauda.io>
  • Loading branch information
@hongzhen-ma
hongzhen-ma authored Dec 20, 2023
1 parent 4850f0a commit a454554
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 21 deletions.
9 changes: 8 additions & 1 deletion pkg/controller/gc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"
"strings"
"unicode"

"github.com/ovn-org/libovsdb/ovsdb"
"github.com/scylladb/go-set/strset"
Expand Down Expand Up @@ -604,7 +605,13 @@ func (c *Controller) gcPortGroup() error {
}

for _, np := range nps {
npNames.Add(fmt.Sprintf("%s/%s", np.Namespace, np.Name))
npName := np.Name
nameArray := []rune(np.Name)
if !unicode.IsLetter(nameArray[0]) {
npName = "np" + np.Name
}

npNames.Add(fmt.Sprintf("%s/%s", np.Namespace, npName))
}

// append node port group to npNames to avoid gc node port group
Expand Down
46 changes: 26 additions & 20 deletions pkg/controller/network_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,16 +175,22 @@ func (c *Controller) handleUpdateNp(key string) error {
logEnable = true
}

npName := np.Name
nameArray := []rune(np.Name)
if !unicode.IsLetter(nameArray[0]) {
npName = "np" + np.Name
}

// TODO: ovn acl doesn't support address_set name with '-', now we replace '-' by '.'.
// This may cause conflict if two np with name test-np and test.np. Maybe hash is a better solution,
// but we do not want to lost the readability now.
pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", np.Name, np.Namespace), "-", ".")
ingressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.allow", np.Name, np.Namespace), "-", ".")
ingressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.except", np.Name, np.Namespace), "-", ".")
egressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.allow", np.Name, np.Namespace), "-", ".")
egressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.except", np.Name, np.Namespace), "-", ".")
pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", npName, np.Namespace), "-", ".")
ingressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.allow", npName, np.Namespace), "-", ".")
ingressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.except", npName, np.Namespace), "-", ".")
egressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.allow", npName, np.Namespace), "-", ".")
egressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.except", npName, np.Namespace), "-", ".")

if err = c.OVNNbClient.CreatePortGroup(pgName, map[string]string{networkPolicyKey: np.Namespace + "/" + np.Name}); err != nil {
if err = c.OVNNbClient.CreatePortGroup(pgName, map[string]string{networkPolicyKey: np.Namespace + "/" + npName}); err != nil {
klog.Errorf("create port group for np %s: %v", key, err)
return err
}
Expand Down Expand Up @@ -245,12 +251,12 @@ func (c *Controller) handleUpdateNp(key string) error {
excepts = append(excepts, except...)
}
}
klog.Infof("UpdateNp Ingress, allows is %v, excepts is %v, log %v", allows, excepts, logEnable)
klog.Infof("UpdateNp Ingress, allows is %v, excepts is %v, log %v, protocol %v", allows, excepts, logEnable, protocol)

if err = c.createAsForNetpol(np.Namespace, np.Name, "ingress", ingressAllowAsName, allows); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "ingress", ingressAllowAsName, allows); err != nil {
return err
}
if err = c.createAsForNetpol(np.Namespace, np.Name, "ingress", ingressExceptAsName, excepts); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "ingress", ingressExceptAsName, excepts); err != nil {
return err
}

Expand All @@ -271,10 +277,10 @@ func (c *Controller) handleUpdateNp(key string) error {
ingressAllowAsName := fmt.Sprintf("%s.%s.all", ingressAllowAsNamePrefix, protocol)
ingressExceptAsName := fmt.Sprintf("%s.%s.all", ingressExceptAsNamePrefix, protocol)

if err = c.createAsForNetpol(np.Namespace, np.Name, "ingress", ingressAllowAsName, nil); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "ingress", ingressAllowAsName, nil); err != nil {
return err
}
if err = c.createAsForNetpol(np.Namespace, np.Name, "ingress", ingressExceptAsName, nil); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "ingress", ingressExceptAsName, nil); err != nil {
return err
}

Expand All @@ -299,7 +305,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

ass, err := c.OVNNbClient.ListAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
})
if err != nil {
klog.Errorf("list np %s address sets: %v", key, err)
Expand Down Expand Up @@ -331,7 +337,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

if err := c.OVNNbClient.DeleteAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
}); err != nil {
klog.Errorf("delete np %s ingress address set: %v", key, err)
return err
Expand Down Expand Up @@ -374,10 +380,10 @@ func (c *Controller) handleUpdateNp(key string) error {
}
klog.Infof("UpdateNp Egress, allows is %v, excepts is %v, log %v", allows, excepts, logEnable)

if err = c.createAsForNetpol(np.Namespace, np.Name, "egress", egressAllowAsName, allows); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "egress", egressAllowAsName, allows); err != nil {
return err
}
if err = c.createAsForNetpol(np.Namespace, np.Name, "egress", egressExceptAsName, excepts); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "egress", egressExceptAsName, excepts); err != nil {
return err
}

Expand All @@ -395,10 +401,10 @@ func (c *Controller) handleUpdateNp(key string) error {
egressAllowAsName := fmt.Sprintf("%s.%s.all", egressAllowAsNamePrefix, protocol)
egressExceptAsName := fmt.Sprintf("%s.%s.all", egressExceptAsNamePrefix, protocol)

if err = c.createAsForNetpol(np.Namespace, np.Name, "egress", egressAllowAsName, nil); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "egress", egressAllowAsName, nil); err != nil {
return err
}
if err = c.createAsForNetpol(np.Namespace, np.Name, "egress", egressExceptAsName, nil); err != nil {
if err = c.createAsForNetpol(np.Namespace, npName, "egress", egressExceptAsName, nil); err != nil {
return err
}

Expand All @@ -423,7 +429,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

ass, err := c.OVNNbClient.ListAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
})
if err != nil {
klog.Errorf("list np %s address sets: %v", key, err)
Expand Down Expand Up @@ -456,7 +462,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

if err := c.OVNNbClient.DeleteAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
}); err != nil {
klog.Errorf("delete np %s egress address set: %v", key, err)
return err
Expand Down Expand Up @@ -489,7 +495,7 @@ func (c *Controller) handleDeleteNp(key string) error {
npName = "np" + name
}

pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", name, namespace), "-", ".")
pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", npName, namespace), "-", ".")
if err = c.OVNNbClient.DeletePortGroup(pgName); err != nil {
klog.Errorf("delete np %s port group: %v", key, err)
}
Expand Down

0 comments on commit a454554

Please sign in to comment.