Skip to content

Commit 08df7f7

Browse files
authored
feat: [NPM] NPM v2 network policy controller and UTs for all v2 controllers (#1082)
* adding a legacy build command * Adding all v2 controller test files * v2 podcontroller changes * completing all pod v2 controllers uts * Adding netpol v2 controller UTs * Removing unused make file command * Fixing lints and correcting a test case * Fixing an error in expected values * dealing with flaky tests * Fixing an issue with HCN vendor, until we wait for the fix to be rolled out * Addressing some comments * Removing addPolicy call and relying on updatepolicy * Saving only spec of netpol and not whole object * changing name of rawNPMap to rawNPSpecMap * changing name of rawNPMap to rawNPSpecMap * Deep equal type for spec was not equal corrected the pointers * Deep equal type for spec was not equal corrected the pointers
1 parent cdab7d0 commit 08df7f7

File tree

8 files changed

+2290
-98
lines changed

8 files changed

+2290
-98
lines changed

npm/pkg/controlplane/controllers/v2/nameSpaceController_test.go

Lines changed: 712 additions & 0 deletions
Large diffs are not rendered by default.

npm/pkg/controlplane/controllers/v2/namespacecontroller.go

Lines changed: 42 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ func (nsc *NamespaceController) needSync(obj interface{}, event string) (string,
120120
var err error
121121
if key, err = cache.MetaNamespaceKeyFunc(obj); err != nil {
122122
utilruntime.HandleError(err)
123-
metrics.SendErrorLogAndMetric(util.NSID, "[NAMESPACE %s EVENT] Error: NamespaceKey is empty for %s namespace", event, util.GetNSNameWithPrefix(nsObj.Name))
123+
metrics.SendErrorLogAndMetric(util.NSID, "[NAMESPACE %s EVENT] Error: NamespaceKey is empty for %s namespace", event, nsObj.Name)
124124
return key, needSync
125125
}
126126

@@ -181,7 +181,7 @@ func (nsc *NamespaceController) deleteNamespace(obj interface{}) {
181181
var key string
182182
if key, err = cache.MetaNamespaceKeyFunc(nsObj); err != nil {
183183
utilruntime.HandleError(err)
184-
metrics.SendErrorLogAndMetric(util.NSID, "[NAMESPACE DELETE EVENT] Error: nameSpaceKey is empty for %s namespace", util.GetNSNameWithPrefix(nsObj.Name))
184+
metrics.SendErrorLogAndMetric(util.NSID, "[NAMESPACE DELETE EVENT] Error: nameSpaceKey is empty for %s namespace", nsObj.Name)
185185
return
186186
}
187187

@@ -249,10 +249,9 @@ func (nsc *NamespaceController) processNextWorkItem() bool {
249249
}
250250

251251
// syncNamespace compares the actual state with the desired, and attempts to converge the two.
252-
func (nsc *NamespaceController) syncNamespace(key string) error {
252+
func (nsc *NamespaceController) syncNamespace(nsKey string) error {
253253
// Get the Namespace resource with this key
254-
nsObj, err := nsc.nameSpaceLister.Get(key)
255-
cachedNsKey := util.GetNSNameWithPrefix(key)
254+
nsObj, err := nsc.nameSpaceLister.Get(nsKey)
256255

257256
// apply dataplane after syncing
258257
defer func() {
@@ -267,10 +266,10 @@ func (nsc *NamespaceController) syncNamespace(key string) error {
267266
defer nsc.npmNamespaceCache.Unlock()
268267
if err != nil {
269268
if k8serrors.IsNotFound(err) {
270-
klog.Infof("Namespace %s not found, may be it is deleted", key)
269+
klog.Infof("Namespace %s not found, may be it is deleted", nsKey)
271270
// cleanDeletedNamespace will check if the NS exists in cache, if it does, then proceeds with deletion
272271
// if it does not exists, then event will be no-op
273-
err = nsc.cleanDeletedNamespace(cachedNsKey)
272+
err = nsc.cleanDeletedNamespace(nsKey)
274273
if err != nil {
275274
// need to retry this cleaning-up process
276275
metrics.SendErrorLogAndMetric(util.NSID, "Error: %v when namespace is not found", err)
@@ -281,13 +280,13 @@ func (nsc *NamespaceController) syncNamespace(key string) error {
281280
}
282281

283282
if nsObj.DeletionTimestamp != nil || nsObj.DeletionGracePeriodSeconds != nil {
284-
return nsc.cleanDeletedNamespace(cachedNsKey)
283+
return nsc.cleanDeletedNamespace(nsKey)
285284
}
286285

287-
cachedNsObj, nsExists := nsc.npmNamespaceCache.NsMap[cachedNsKey]
286+
cachedNsObj, nsExists := nsc.npmNamespaceCache.NsMap[nsKey]
288287
if nsExists {
289288
if reflect.DeepEqual(cachedNsObj.LabelsMap, nsObj.ObjectMeta.Labels) {
290-
klog.Infof("[NAMESPACE UPDATE EVENT] Namespace [%s] labels did not change", key)
289+
klog.Infof("[NAMESPACE UPDATE EVENT] Namespace [%s] labels did not change", nsKey)
291290
return nil
292291
}
293292
}
@@ -304,20 +303,18 @@ func (nsc *NamespaceController) syncNamespace(key string) error {
304303
// syncAddNamespace handles adding namespace to ipset.
305304
func (nsc *NamespaceController) syncAddNamespace(nsObj *corev1.Namespace) error {
306305
namespaceSets := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(nsObj.ObjectMeta.Name, ipsets.Namespace)}
307-
setsToAddNamespaceTo := []*ipsets.IPSetMetadata{}
308-
309-
namespaceSets = append(namespaceSets, &ipsets.IPSetMetadata{Name: nsObj.ObjectMeta.Name, Type: ipsets.Namespace})
310-
setsToAddNamespaceTo = append(setsToAddNamespaceTo, kubeAllNamespaces)
306+
setsToAddNamespaceTo := []*ipsets.IPSetMetadata{kubeAllNamespaces}
311307

312308
npmNs := newNs(nsObj.ObjectMeta.Name)
313309
nsc.npmNamespaceCache.NsMap[nsObj.ObjectMeta.Name] = npmNs
314310

315311
// Add the namespace to its label's ipset list.
316312
for nsLabelKey, nsLabelVal := range nsObj.ObjectMeta.Labels {
317-
klog.Infof("Adding namespace %s to ipset list %s", nsObj.ObjectMeta.Name, nsLabelKey)
313+
nsLabelKeyValue := util.GetIpSetFromLabelKV(nsLabelKey, nsLabelVal)
314+
klog.Infof("Adding namespace %s to ipset list %s and %s", nsObj.ObjectMeta.Name, nsLabelKey, nsLabelKeyValue)
318315
labelIPSets := []*ipsets.IPSetMetadata{
319-
{Name: nsLabelKey, Type: ipsets.Namespace},
320-
{Name: util.GetIpSetFromLabelKV(nsLabelKey, nsLabelVal), Type: ipsets.Namespace},
316+
ipsets.NewIPSetMetadata(nsLabelKey, ipsets.KeyLabelOfNamespace),
317+
ipsets.NewIPSetMetadata(nsLabelKeyValue, ipsets.KeyValueLabelOfNamespace),
321318
}
322319

323320
setsToAddNamespaceTo = append(setsToAddNamespaceTo, labelIPSets...)
@@ -326,8 +323,6 @@ func (nsc *NamespaceController) syncAddNamespace(nsObj *corev1.Namespace) error
326323
npmNs.appendLabels(map[string]string{nsLabelKey: nsLabelVal}, appendToExistingLabels)
327324
}
328325

329-
nsc.dp.CreateIPSets(append(namespaceSets, setsToAddNamespaceTo...))
330-
331326
if err := nsc.dp.AddToLists(setsToAddNamespaceTo, namespaceSets); err != nil {
332327
return fmt.Errorf("failed to sync add namespace with error %w", err)
333328
}
@@ -338,7 +333,7 @@ func (nsc *NamespaceController) syncAddNamespace(nsObj *corev1.Namespace) error
338333
// syncUpdateNamespace handles updating namespace in ipset.
339334
func (nsc *NamespaceController) syncUpdateNamespace(newNsObj *corev1.Namespace) error {
340335
var err error
341-
newNsName, newNsLabel := util.GetNSNameWithPrefix(newNsObj.ObjectMeta.Name), newNsObj.ObjectMeta.Labels
336+
newNsName, newNsLabel := newNsObj.ObjectMeta.Name, newNsObj.ObjectMeta.Labels
342337
klog.Infof("NAMESPACE UPDATING:\n namespace: [%s/%v]", newNsName, newNsLabel)
343338

344339
// If previous syncAddNamespace failed for some reasons
@@ -359,14 +354,17 @@ func (nsc *NamespaceController) syncUpdateNamespace(newNsObj *corev1.Namespace)
359354
addToIPSets, deleteFromIPSets := util.GetIPSetListCompareLabels(curNsObj.LabelsMap, newNsLabel)
360355
// Delete the namespace from its label's ipset list.
361356
for _, nsLabelVal := range deleteFromIPSets {
362-
labelKey := util.GetNSNameWithPrefix(nsLabelVal)
363-
364-
labelKeySet := &ipsets.IPSetMetadata{Name: nsLabelVal, Type: ipsets.KeyLabelOfNamespace}
365-
toBeAdded := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(newNsName, ipsets.Namespace)}
357+
var labelSet *ipsets.IPSetMetadata
358+
if util.IsKeyValueLabelSetName(nsLabelVal) {
359+
labelSet = ipsets.NewIPSetMetadata(nsLabelVal, ipsets.KeyValueLabelOfNamespace)
360+
} else {
361+
labelSet = ipsets.NewIPSetMetadata(nsLabelVal, ipsets.KeyLabelOfNamespace)
362+
}
363+
toBeRemoved := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(newNsName, ipsets.Namespace)}
366364

367-
klog.Infof("Deleting namespace %s from ipset list %s", newNsName, labelKey)
368-
if err = nsc.dp.RemoveFromList(labelKeySet, toBeAdded); err != nil {
369-
metrics.SendErrorLogAndMetric(util.NSID, "[UpdateNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", newNsName, labelKey, err)
365+
klog.Infof("Deleting namespace %s from ipset list %s", newNsName, nsLabelVal)
366+
if err = nsc.dp.RemoveFromList(labelSet, toBeRemoved); err != nil {
367+
metrics.SendErrorLogAndMetric(util.NSID, "[UpdateNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", newNsName, nsLabelVal, err)
370368
return fmt.Errorf("failed to remove from list during sync update namespace with err %w", err)
371369
}
372370
// {IMPORTANT} The order of compared list will be key and then key+val. NPM should only append after both key
@@ -382,12 +380,17 @@ func (nsc *NamespaceController) syncUpdateNamespace(newNsObj *corev1.Namespace)
382380
for _, nsLabelVal := range addToIPSets {
383381
klog.Infof("Adding namespace %s to ipset list %s", newNsName, nsLabelVal)
384382

385-
labelKeySet := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(nsLabelVal, ipsets.KeyLabelOfNamespace)}
383+
var labelSet []*ipsets.IPSetMetadata
384+
if util.IsKeyValueLabelSetName(nsLabelVal) {
385+
labelSet = []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(nsLabelVal, ipsets.KeyValueLabelOfNamespace)}
386+
} else {
387+
labelSet = []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(nsLabelVal, ipsets.KeyLabelOfNamespace)}
388+
}
386389
toBeAdded := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(newNsName, ipsets.Namespace)}
387390

388-
if err = nsc.dp.AddToLists(labelKeySet, toBeAdded); err != nil {
391+
if err = nsc.dp.AddToLists(labelSet, toBeAdded); err != nil {
389392
metrics.SendErrorLogAndMetric(util.NSID, "[UpdateNamespace] Error: failed to add namespace %s to ipset list %s with err: %v", newNsName, nsLabelVal, err)
390-
return fmt.Errorf("failed to add %v sets to %v lists during addtolists in sync update namespace with err %w", toBeAdded, labelKeySet, err)
393+
return fmt.Errorf("failed to add %v sets to %v lists during addtolists in sync update namespace with err %w", toBeAdded, labelSet, err)
391394
}
392395
// {IMPORTANT} Same as above order is assumed to be key and then key+val. NPM should only append to existing labels
393396
// only after both ipsets for a given label's key value pair are added successfully
@@ -417,25 +420,21 @@ func (nsc *NamespaceController) cleanDeletedNamespace(cachedNsKey string) error
417420
klog.Infof("NAMESPACE DELETING cached labels: [%s/%v]", cachedNsKey, cachedNsObj.LabelsMap)
418421

419422
var err error
423+
toBeDeletedNs := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(cachedNsKey, ipsets.Namespace)}
420424
// Delete the namespace from its label's ipset list.
421425
for nsLabelKey, nsLabelVal := range cachedNsObj.LabelsMap {
422426

423-
labelKey := &ipsets.IPSetMetadata{Name: nsLabelKey, Type: ipsets.KeyLabelOfNamespace}
424-
toBeDeletedKey := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(cachedNsKey, ipsets.KeyLabelOfNamespace)}
425-
426-
labelIpsetName := util.GetNSNameWithPrefix(nsLabelKey)
427-
klog.Infof("Deleting namespace %s from ipset list %s", cachedNsKey, labelIpsetName)
428-
if err = nsc.dp.RemoveFromList(labelKey, toBeDeletedKey); err != nil {
429-
metrics.SendErrorLogAndMetric(util.NSID, "[DeleteNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", cachedNsKey, labelIpsetName, err)
427+
labelKey := ipsets.NewIPSetMetadata(nsLabelKey, ipsets.KeyLabelOfNamespace)
428+
klog.Infof("Deleting namespace %s from ipset list %s", cachedNsKey, labelKey)
429+
if err = nsc.dp.RemoveFromList(labelKey, toBeDeletedNs); err != nil {
430+
metrics.SendErrorLogAndMetric(util.NSID, "[DeleteNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", cachedNsKey, labelKey, err)
430431
return fmt.Errorf("failed to clean deleted namespace when deleting key with err %w", err)
431432
}
432433

433-
labelKeyValue := &ipsets.IPSetMetadata{Name: nsLabelKey, Type: ipsets.KeyValueLabelOfNamespace}
434-
toBeDeletedKeyValue := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(cachedNsKey, ipsets.KeyValueLabelOfNamespace)}
435-
436-
labelIpsetName = util.GetNSNameWithPrefix(util.GetIpSetFromLabelKV(nsLabelKey, nsLabelVal))
434+
labelIpsetName := util.GetIpSetFromLabelKV(nsLabelKey, nsLabelVal)
435+
labelKeyValue := ipsets.NewIPSetMetadata(labelIpsetName, ipsets.KeyValueLabelOfNamespace)
437436
klog.Infof("Deleting namespace %s from ipset list %s", cachedNsKey, labelIpsetName)
438-
if err = nsc.dp.RemoveFromList(labelKeyValue, toBeDeletedKeyValue); err != nil {
437+
if err = nsc.dp.RemoveFromList(labelKeyValue, toBeDeletedNs); err != nil {
439438
metrics.SendErrorLogAndMetric(util.NSID, "[DeleteNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", cachedNsKey, labelIpsetName, err)
440439
return fmt.Errorf("failed to clean deleted namespace when deleting key value with err %w", err)
441440
}
@@ -444,7 +443,7 @@ func (nsc *NamespaceController) cleanDeletedNamespace(cachedNsKey string) error
444443
cachedNsObj.removeLabelsWithKey(nsLabelKey)
445444
}
446445

447-
allNamespacesSet := &ipsets.IPSetMetadata{Name: util.KubeAllNamespacesFlag, Type: ipsets.Namespace}
446+
allNamespacesSet := ipsets.NewIPSetMetadata(util.KubeAllNamespacesFlag, ipsets.KeyLabelOfNamespace)
448447
toBeDeletedCachedKey := []*ipsets.IPSetMetadata{ipsets.NewIPSetMetadata(cachedNsKey, ipsets.Namespace)}
449448

450449
// Delete the namespace from all-namespace ipset list.

0 commit comments

Comments
 (0)