Fix: Resolve issue with skipped execution of sg annotations

The problem causing ineffective application of sg annotations is that, during virtual machine restart, the logical switch port is intentionally not deleted.(I guess). When sg annotations are added and the VM is restarted, the create logical switch port logic is skipped as it detects the existing lsp. Consequently, the annotation fails to attach to the lsp. Even when we sync lsp for sg, it has no effect. A simple fix is to update the existing lsp during lsp creation if it already exists. This approach ensures correct annotation attachment and addresses the skipped execution issue. Signed-off-by: Qinghao Huang <[email protected]>
kubeovn · Feb 5, 2024 · f3d438d · f3d438d
1 parent a28af4a
commit f3d438d
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/pkg/ovs/ovn-nb-logical_switch_port.go b/pkg/ovs/ovn-nb-logical_switch_port.go
@@ -25,6 +25,14 @@ func (c *OVNNbClient) CreateLogicalSwitchPort(lsName, lspName, ip, mac, podName,
 
 	// ignore
 	if exist {
+		if portSecurity && len(securityGroups) != 0 {
+			lsp, err := c.GetLogicalSwitchPort(lspName, true)
+			if err == nil {
+				sgList := strings.Split(securityGroups, ",")
+				c.SetLogicalSwitchPortSecurityGroup(lsp, "add", sgList...)
+			}
+		}
+		c.SetLogicalSwitchPortSecurity(portSecurity, lspName, mac, ip, vips)
 		return nil
 	}