Skip to content

Commit

Permalink
add np prefix to networkpolicy name when networkpolicy's name starts …
Browse files Browse the repository at this point in the history
…with number (#3551)

Signed-off-by: 马洪贞 <[email protected]>
  • Loading branch information
hongzhen-ma committed Dec 20, 2023
1 parent 2249e24 commit 999dc61
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 22 deletions.
9 changes: 8 additions & 1 deletion pkg/controller/gc.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"
"strings"
"unicode"

"github.com/ovn-org/libovsdb/ovsdb"
"github.com/scylladb/go-set/strset"
Expand Down Expand Up @@ -602,7 +603,13 @@ func (c *Controller) gcPortGroup() error {
}

for _, np := range nps {
npNames.Add(fmt.Sprintf("%s/%s", np.Namespace, np.Name))
npName := np.Name
nameArray := []rune(np.Name)
if !unicode.IsLetter(nameArray[0]) {
npName = "np" + np.Name
}

npNames.Add(fmt.Sprintf("%s/%s", np.Namespace, npName))
}

// append node port group to npNames to avoid gc node port group
Expand Down
42 changes: 21 additions & 21 deletions pkg/controller/network_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,13 +168,13 @@ func (c *Controller) handleUpdateNp(key string) error {
// TODO: ovn acl doesn't support address_set name with '-', now we replace '-' by '.'.
// This may cause conflict if two np with name test-np and test.np. Maybe hash is a better solution,
// but we do not want to lost the readability now.
pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", np.Name, np.Namespace), "-", ".")
ingressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.allow", np.Name, np.Namespace), "-", ".")
ingressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.except", np.Name, np.Namespace), "-", ".")
egressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.allow", np.Name, np.Namespace), "-", ".")
egressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.except", np.Name, np.Namespace), "-", ".")
pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", npName, np.Namespace), "-", ".")
ingressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.allow", npName, np.Namespace), "-", ".")
ingressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.ingress.except", npName, np.Namespace), "-", ".")
egressAllowAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.allow", npName, np.Namespace), "-", ".")
egressExceptAsNamePrefix := strings.ReplaceAll(fmt.Sprintf("%s.%s.egress.except", npName, np.Namespace), "-", ".")

if err = c.OVNNbClient.CreatePortGroup(pgName, map[string]string{networkPolicyKey: np.Namespace + "/" + np.Name}); err != nil {
if err = c.OVNNbClient.CreatePortGroup(pgName, map[string]string{networkPolicyKey: np.Namespace + "/" + npName}); err != nil {
klog.Errorf("create port group for np %s: %v", key, err)
return err
}
Expand Down Expand Up @@ -220,7 +220,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

if err = c.OVNNbClient.CreateAddressSet(svcAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "service"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "service"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", svcAsName, key, err)
return err
Expand Down Expand Up @@ -272,10 +272,10 @@ func (c *Controller) handleUpdateNp(key string) error {
excepts = append(excepts, except...)
}
}
klog.Infof("UpdateNp Ingress, allows is %v, excepts is %v, log %v", allows, excepts, logEnable)
klog.Infof("UpdateNp Ingress, allows is %v, excepts is %v, log %v, protocol %v", allows, excepts, logEnable, protocol)

if err = c.OVNNbClient.CreateAddressSet(ingressAllowAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", ingressAllowAsName, key, err)
return err
Expand All @@ -287,7 +287,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

if err = c.OVNNbClient.CreateAddressSet(ingressExceptAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", ingressExceptAsName, key, err)
return err
Expand Down Expand Up @@ -316,14 +316,14 @@ func (c *Controller) handleUpdateNp(key string) error {
ingressExceptAsName := fmt.Sprintf("%s.%s.all", ingressExceptAsNamePrefix, protocol)

if err = c.OVNNbClient.CreateAddressSet(ingressAllowAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", ingressAllowAsName, key, err)
return err
}

if err = c.OVNNbClient.CreateAddressSet(ingressExceptAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", ingressExceptAsName, key, err)
return err
Expand All @@ -350,7 +350,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

ass, err := c.OVNNbClient.ListAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
})
if err != nil {
klog.Errorf("list np %s address sets: %v", key, err)
Expand Down Expand Up @@ -382,7 +382,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

if err := c.OVNNbClient.DeleteAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "ingress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "ingress"),
}); err != nil {
klog.Errorf("delete np %s ingress address set: %v", key, err)
return err
Expand Down Expand Up @@ -431,7 +431,7 @@ func (c *Controller) handleUpdateNp(key string) error {
klog.Infof("UpdateNp Egress, allows is %v, excepts is %v, log %v", allows, excepts, logEnable)

if err = c.OVNNbClient.CreateAddressSet(egressAllowAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", egressAllowAsName, key, err)
return err
Expand All @@ -443,7 +443,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

if err = c.OVNNbClient.CreateAddressSet(egressExceptAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", egressExceptAsName, key, err)
return err
Expand All @@ -469,14 +469,14 @@ func (c *Controller) handleUpdateNp(key string) error {
egressExceptAsName := fmt.Sprintf("%s.%s.all", egressExceptAsNamePrefix, protocol)

if err = c.OVNNbClient.CreateAddressSet(egressAllowAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", egressAllowAsName, key, err)
return err
}

if err = c.OVNNbClient.CreateAddressSet(egressExceptAsName, map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
}); err != nil {
klog.Errorf("create address set %s for np %s: %v", egressExceptAsName, key, err)
return err
Expand All @@ -503,7 +503,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

ass, err := c.OVNNbClient.ListAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
})
if err != nil {
klog.Errorf("list np %s address sets: %v", key, err)
Expand Down Expand Up @@ -536,7 +536,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}

if err := c.OVNNbClient.DeleteAddressSets(map[string]string{
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, np.Name, "egress"),
networkPolicyKey: fmt.Sprintf("%s/%s/%s", np.Namespace, npName, "egress"),
}); err != nil {
klog.Errorf("delete np %s egress address set: %v", key, err)
return err
Expand Down Expand Up @@ -569,7 +569,7 @@ func (c *Controller) handleDeleteNp(key string) error {
npName = "np" + name
}

pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", name, namespace), "-", ".")
pgName := strings.ReplaceAll(fmt.Sprintf("%s.%s", npName, namespace), "-", ".")
if err = c.OVNNbClient.DeletePortGroup(pgName); err != nil {
klog.Errorf("delete np %s port group: %v", key, err)
}
Expand Down

0 comments on commit 999dc61

Please sign in to comment.