Skip to content

Commit 6c947e2

Browse files
huntergregoryhuntergregory
authored
Ipsetmanager-update (#1034)
* add new npm errors * add logic for adding/removing sets to kernel in ipsetmanager, update usage of prometheus metrics, and update dataplane API to not use IPSets * update to a pointer return value for NewPolicyManager * fix go lints * renamed count to kernelReferCount * fix a bug with kernel logic, rearrange code, rename things, and update comments * rearrange functions * removed checkIfExists, consolidated AddReference and DeleteReference with a special type, and fixed go lints * moved logic for different reference types to ipset.go * remove file with just notes on it * remove redundant boolean calculation that is always true * add clarifying comment * fix ipset metrics to be for all of NPM (not necessarily in kernel), and write TODOs for kernel-based metrics * update based on code review * var name change * update unit test to use DeleteIPSet * moved internal functions to the bottom
1 parent 3f97a30 commit 6c947e2

File tree

8 files changed

+369
-295
lines changed

8 files changed

+369
-295
lines changed

npm/pkg/dataplane/dataplane.go

Lines changed: 8 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ import (
99
)
1010

1111
type DataPlane struct {
12-
policyMgr policies.PolicyManager
13-
ipsetMgr ipsets.IPSetManager
12+
policyMgr *policies.PolicyManager
13+
ipsetMgr *ipsets.IPSetManager
1414
networkID string
1515
// key is PodKey
1616
endpointCache map[string]*NPMEndpoint
@@ -44,8 +44,8 @@ func (dp *DataPlane) ResetDataPlane() error {
4444
}
4545

4646
// CreateIPSet takes in a set object and updates local cache with this set
47-
func (dp *DataPlane) CreateIPSet(set *ipsets.IPSet) error {
48-
err := dp.ipsetMgr.CreateIPSet(set)
47+
func (dp *DataPlane) CreateIPSet(setName string, setType ipsets.SetType) error {
48+
err := dp.ipsetMgr.CreateIPSet(setName, setType)
4949
if err != nil {
5050
return fmt.Errorf("[DataPlane] error while creating set: %w", err)
5151
}
@@ -54,26 +54,17 @@ func (dp *DataPlane) CreateIPSet(set *ipsets.IPSet) error {
5454

5555
// DeleteSet checks for members and references of the given "set" type ipset
5656
// if not used then will delete it from cache
57-
func (dp *DataPlane) DeleteSet(name string) error {
58-
err := dp.ipsetMgr.DeleteSet(name)
57+
func (dp *DataPlane) DeleteIPSet(name string) error {
58+
err := dp.ipsetMgr.DeleteIPSet(name)
5959
if err != nil {
6060
return fmt.Errorf("[DataPlane] error while deleting set: %w", err)
6161
}
6262
return nil
6363
}
6464

65-
// DeleteList sanity checks and deletes a list ipset
66-
func (dp *DataPlane) DeleteList(name string) error {
67-
err := dp.ipsetMgr.DeleteList(name)
68-
if err != nil {
69-
return fmt.Errorf("[DataPlane] error while deleting list: %w", err)
70-
}
71-
return nil
72-
}
73-
74-
// AddToSet takes in a list of IPset objects along with IP member
65+
// AddToSet takes in a list of IPSet names along with IP member
7566
// and then updates it local cache
76-
func (dp *DataPlane) AddToSet(setNames []*ipsets.IPSet, ip, podKey string) error {
67+
func (dp *DataPlane) AddToSet(setNames []string, ip, podKey string) error {
7768
err := dp.ipsetMgr.AddToSet(setNames, ip, podKey)
7869
if err != nil {
7970
return fmt.Errorf("[DataPlane] error while adding to set: %w", err)

npm/pkg/dataplane/dataplane_test.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,8 @@ func TestNewDataPlane(t *testing.T) {
1414
if dp == nil {
1515
t.Error("NewDataPlane() returned nil")
1616
}
17-
set := ipsets.NewIPSet("test", ipsets.NameSpace)
1817

19-
err := dp.CreateIPSet(set)
18+
err := dp.CreateIPSet("test", ipsets.NameSpace)
2019
if err != nil {
2120
t.Error("CreateIPSet() returned error")
2221
}

npm/pkg/dataplane/ipsets/ipset.go

Lines changed: 71 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package ipsets
33
import (
44
"errors"
55

6+
"github.com/Azure/azure-container-networking/log"
67
"github.com/Azure/azure-container-networking/npm/util"
78
)
89

@@ -24,9 +25,10 @@ type IPSet struct {
2425
// NetPolReference holds networkpolicy names where this IPSet
2526
// is being referred as part of rules
2627
NetPolReference map[string]struct{}
27-
// IpsetReferCount keeps count of 2nd level Nested IPSets
28-
// with member as this IPSet
29-
IpsetReferCount int
28+
// ipsetReferCount keeps track of how many lists in the cache refer to this ipset
29+
ipsetReferCount int
30+
// kernelReferCount keeps track of how many lists in the kernel refer to this ipset
31+
kernelReferCount int
3032
}
3133

3234
type SetProperties struct {
@@ -75,7 +77,7 @@ var (
7577
CIDRBlocks: "CIDRBlocks",
7678
}
7779
// ErrIPSetInvalidKind is returned when IPSet kind is invalid
78-
ErrIPSetInvalidKind = errors.New("Invalid IPSet Kind")
80+
ErrIPSetInvalidKind = errors.New("invalid IPSet Kind")
7981
)
8082

8183
func (x SetType) String() string {
@@ -91,6 +93,15 @@ const (
9193
HashSet SetKind = "set"
9294
)
9395

96+
// ReferenceType specifies the kind of reference for an IPSet
97+
type ReferenceType string
98+
99+
// Possible ReferenceTypes
100+
const (
101+
SelectorType ReferenceType = "Selector"
102+
NetPolType ReferenceType = "NetPol"
103+
)
104+
94105
func NewIPSet(name string, setType SetType) *IPSet {
95106
set := &IPSet{
96107
Name: name,
@@ -104,8 +115,9 @@ func NewIPSet(name string, setType SetType) *IPSet {
104115
SelectorReference: make(map[string]struct{}),
105116
// Map with Key as Network Policy name to to emulate set
106117
// and value as struct{} for minimal memory consumption
107-
NetPolReference: make(map[string]struct{}),
108-
IpsetReferCount: 0,
118+
NetPolReference: make(map[string]struct{}),
119+
ipsetReferCount: 0,
120+
kernelReferCount: 0,
109121
}
110122
if set.Kind == HashSet {
111123
set.IPPodKey = make(map[string]string)
@@ -163,47 +175,77 @@ func getSetKind(setType SetType) SetKind {
163175
}
164176
}
165177

166-
func (set *IPSet) AddMemberIPSet(memberIPSet *IPSet) {
167-
set.MemberIPSets[memberIPSet.Name] = memberIPSet
168-
}
169-
170-
func (set *IPSet) IncIpsetReferCount() {
171-
set.IpsetReferCount++
178+
func (set *IPSet) incIPSetReferCount() {
179+
set.ipsetReferCount++
172180
}
173181

174-
func (set *IPSet) DecIpsetReferCount() {
175-
if set.IpsetReferCount == 0 {
182+
func (set *IPSet) decIPSetReferCount() {
183+
if set.ipsetReferCount == 0 {
176184
return
177185
}
178-
set.IpsetReferCount--
186+
set.ipsetReferCount--
187+
}
188+
189+
func (set *IPSet) incKernelReferCount() {
190+
set.kernelReferCount++
179191
}
180192

181-
func (set *IPSet) AddSelectorReference(netPolName string) {
182-
set.SelectorReference[netPolName] = struct{}{}
193+
func (set *IPSet) decKernelReferCount() {
194+
if set.kernelReferCount == 0 {
195+
return
196+
}
197+
set.kernelReferCount--
183198
}
184199

185-
func (set *IPSet) DeleteSelectorReference(netPolName string) {
186-
delete(set.SelectorReference, netPolName)
200+
func (set *IPSet) addReference(referenceName string, referenceType ReferenceType) {
201+
switch referenceType {
202+
case SelectorType:
203+
set.SelectorReference[referenceName] = struct{}{}
204+
case NetPolType:
205+
set.NetPolReference[referenceName] = struct{}{}
206+
default:
207+
log.Logf("IPSet_addReference: encountered unknown ReferenceType")
208+
}
187209
}
188210

189-
func (set *IPSet) AddNetPolReference(netPolName string) {
190-
set.NetPolReference[netPolName] = struct{}{}
211+
func (set *IPSet) deleteReference(referenceName string, referenceType ReferenceType) {
212+
switch referenceType {
213+
case SelectorType:
214+
delete(set.SelectorReference, referenceName)
215+
case NetPolType:
216+
delete(set.NetPolReference, referenceName)
217+
default:
218+
log.Logf("IPSet_deleteReference: encountered unknown ReferenceType")
219+
}
191220
}
192221

193-
func (set *IPSet) DeleteNetPolReference(netPolName string) {
194-
delete(set.NetPolReference, netPolName)
222+
func (set *IPSet) shouldBeInKernel() bool {
223+
return set.usedByNetPol() || set.referencedInKernel()
195224
}
196225

197-
func (set *IPSet) CanBeDeleted() bool {
198-
return len(set.SelectorReference) == 0 &&
199-
len(set.NetPolReference) == 0 &&
200-
set.IpsetReferCount == 0 &&
226+
func (set *IPSet) canBeDeleted() bool {
227+
return !set.usedByNetPol() &&
228+
!set.referencedInList() &&
201229
len(set.MemberIPSets) == 0 &&
202230
len(set.IPPodKey) == 0
203231
}
204232

205-
// UsedByNetPol check if an IPSet is referred in network policies.
206-
func (set *IPSet) UsedByNetPol() bool {
233+
// usedByNetPol check if an IPSet is referred in network policies.
234+
func (set *IPSet) usedByNetPol() bool {
207235
return len(set.SelectorReference) > 0 &&
208236
len(set.NetPolReference) > 0
209237
}
238+
239+
func (set *IPSet) referencedInList() bool {
240+
return set.ipsetReferCount > 0
241+
}
242+
243+
func (set *IPSet) referencedInKernel() bool {
244+
return set.kernelReferCount > 0
245+
}
246+
247+
// panics if set is not a list set
248+
func (set *IPSet) hasMember(memberName string) bool {
249+
_, isMember := set.MemberIPSets[memberName]
250+
return isMember
251+
}

0 commit comments

Comments
 (0)