Skip to content

fix: [NPM] V2 NPM (with only linux data plane) bug fix after first run #1120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Dec 1, 2021
Merged

fix: [NPM] V2 NPM (with only linux data plane) bug fix after first run #1120

merged 22 commits into from
Dec 1, 2021

Conversation

@huntergregory
Copy link
Contributor

@huntergregory huntergregory commented Nov 22, 2021
edited
Loading

Reason for Change:
After running conformance test, fix finding issues.

  1. Had a bug where we were jumping to AZURE-NPM-EGRESS chain instead. We need to jump to this other chain since the ingress allow mark will prevent us from returning to ingress chain again after a no-op pass through egress chain.

  2. Observed multiple restarting NPM. Checked log and there is nil pointer errors in NPMSimpleError.

  • For the second error, we need to UT to catch this nil error.
  • Need to resolve lint warning.
  1. Fix case-sensitivity on protocol value
  • need to remove dependency later
  • need better management with unspecified and Any
  1. Fix problem of trying to destroy sets in use by a kernel component
  • previously when running ipset restore, we would try to destroy sets before deleting any references to them in lists
  • fix by destroying sets last in the ipset restore file

  1. Fix duplicated namedPort prefix.

  2. Fix translating egress (previously included only the default drop rule)

  • Add UTs for egress
  1. Fix string parsing issue in except information of ipblock
  • Need more UTs (in dataplane_test.go)
  • Better data structures to indicate nomatch information in ipblock
  • Need to resolve lint warning.
  1. Fix using correct, unique and consistent key in policy cache. (now deleting network policy works)
  • Need more UTs
  • Do not walk through windows part. Please revise windows if needed.
  1. Fix Linux policy manager to use PodSelectorList instead of PodSelectorIPSets (this caused an impossible ipset match condition for nested pod labels e.g. pod-a-b AND pod:a AND pod:b).

  • Will update the NPMNetworkPolicy struct to just have one of these fields eventually instead of the two.

  • uses conventional commit messages

  • includes documentation

  • adds unit tests

Notes:

@huntergregory huntergregory added the npm Related to NPM. label Nov 22, 2021
vakalapa
vakalapa previously approved these changes Nov 22, 2021
View reviewed changes
JungukCho
JungukCho previously approved these changes Nov 22, 2021
View reviewed changes
@huntergregory huntergregory dismissed stale reviews from JungukCho and vakalapa via 4514a1e November 22, 2021 20:58
@JungukCho JungukCho mentioned this pull request Nov 23, 2021
Closed
3 tasks
@JungukCho JungukCho changed the title fix: [NPM] on ingress allow rules, jump to AZURE-NPM-INGRESS-ALLOW-MARK chain fix: [NPM] V2 NPM (with only linux data plane) bug fix after first run Nov 23, 2021
huntergregory and others added 19 commits November 30, 2021 10:57
@huntergregory
fix: ingress allow rules jump to azure ingress allow mark chain
79c3bcc
@huntergregory
await for lock for iptables-restore
641bb55
@huntergregory
FIXME: temporarily enabling v2 npm flag as default
7c739c3
@huntergregory
Revert "FIXME: temporarily enabling v2 npm flag as default"
6a7f946 
This reverts commit 4514a1e.
@huntergregory @JungukCho
fix nil pointer problem in NPMSimpleError.
e206348 
Co-authored-by: jungukcho <jungukcho@microsoft.com>
@huntergregory
update logging for validating policies
a0b552e
@huntergregory
remove pointless check for empty string in hasKnownProtocol
f91c727
@huntergregory
iconvert anyprotocol to unspecifiedprotocol
13a60e0
@huntergregory
add UT for normalizing and validating protocol
340e825
@JungukCho @huntergregory
Fix case-sensitivity problem on protocol
ccc8e0d
@huntergregory
fix in use by kernel problem for ipsets (TODO update UTs)
a721756
@JungukCho @huntergregory
Fix duplicated namedPort prefix in translation
72aa65d
@JungukCho @huntergregory
Correct wrong namedPort UTs
97ace67
@huntergregory
update UTs
c78a143
@huntergregory
logging fixes for restorer
55db298
@huntergregory
fix translating egress (previously included only the default drop rule)
f5c1739
@JungukCho @huntergregory
Fix space issue in except information of ipblock and add its UTs
83533b6
@JungukCho @huntergregory
Disable lint temporary
a9b2010
@JungukCho @huntergregory
Use correct and consistent key in all places to clean-up delete netpol
673ca70
vakalapa
vakalapa approved these changes Dec 1, 2021
View reviewed changes
Copy link
Contributor

@vakalapa vakalapa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, great effort finding all the issues!!!!

@huntergregory huntergregory merged commit 92b89c7 into master Dec 1, 2021
@rbtr rbtr deleted the fix-ingress-jumps branch December 4, 2021 01:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vakalapa vakalapa vakalapa approved these changes

+1 more reviewer

@JungukCho JungukCho JungukCho left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@matmerr matmerr

@vakalapa vakalapa

Labels

npm Related to NPM.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@huntergregory @vakalapa @JungukCho @matmerr