Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pod filtering for Services based on Namespaces in NodePortLocal #1927

Merged
merged 3 commits into from
Mar 6, 2021
Merged

Pod filtering for Services based on Namespaces in NodePortLocal #1927

merged 3 commits into from
Mar 6, 2021

Conversation

chauhanshubham
Copy link
Contributor

@chauhanshubham chauhanshubham commented Mar 1, 2021
edited
Loading

Also includes UT to check for namespace based pod filtering via Services.
Fixes #1926

monotosh-avi
monotosh-avi previously approved these changes Mar 1, 2021
View reviewed changes
@codecov-io
Copy link

codecov-io commented Mar 1, 2021
edited
Loading

Codecov Report

Merging #1927 (7d9dc3b) into main (cdf357f) will decrease coverage by 0.38%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1927      +/-   ##
==========================================
- Coverage   41.56%   41.17%   -0.39%     
==========================================
  Files         201      116      -85     
  Lines       17374    14693    -2681     
==========================================
- Hits         7221     6050    -1171     
+ Misses       9123     8124     -999     
+ Partials     1030      519     -511
Flag Coverage Δ
kind-e2e-tests ?
unit-tests 41.17% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/agent/nodeportlocal/k8s/npl_controller.go 0.00% <0.00%> (ø)
pkg/agent/agent_linux.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/ovs/openflow/default.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/agent/config/node_config.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/agent/cniserver/pod_configuration_linux.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/apis/controlplane/v1beta1/register.go 0.00% <0.00%> (-92.86%) ⬇️
pkg/ovs/openflow/logs.go 9.52% <0.00%> (-90.48%) ⬇️
pkg/apis/controlplane/register.go 0.00% <0.00%> (-88.24%) ⬇️
pkg/agent/client.go 0.00% <0.00%> (-77.42%) ⬇️
...agent/controller/traceflow/traceflow_controller.go 0.00% <0.00%> (-75.10%) ⬇️
... and 179 more

antoninbas
antoninbas reviewed Mar 1, 2021
View reviewed changes
Copy link
Contributor

@antoninbas antoninbas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please link this PR to the appropriate issue by adding Fixes #1926 to the commit message and PR description. You can also remove (#1926) from the commit title. The idea is that the issue should be closed automatically when the PR is merged, not just to reference the issue in the commit message.

pkg/agent/nodeportlocal/k8s/npl_controller.go Outdated
@@ -255,7 +255,9 @@ func (c *NPLController) getPodsFromService(svc *corev1.Service) []string {
return pods
}
for _, pod := range podList {
pods = append(pods, podKeyFunc(pod))
if pod.GetNamespace() == svc.GetNamespace() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of c.podLister.List(labels.SelectorFromSet(labels.Set(svc.Spec.Selector))) above, you should get a PodNamespaceLister object first and list only Pods from that Namespace. The following should work and will be more efficient if many Pods across different Namespaces share the same labels:

podList, err := c.podLister.Pods(svc.Namespace).List(labels.SelectorFromSet(labels.Set(svc.Spec.Selector)))

pkg/agent/nodeportlocal/k8s/npl_controller.go Outdated
@@ -272,7 +274,8 @@ func (c *NPLController) isNPLEnabledForServiceOfPod(obj interface{}) bool {
svc, isSvc := service.(*corev1.Service)
// Selecting Services NOT of type NodePort, with Service selector matching Pod labels.
if isSvc && svc.Spec.Type != corev1.ServiceTypeNodePort {
if matchSvcSelectorPodLabels(svc.Spec.Selector, pod.GetLabels()) {
if matchSvcSelectorPodLabels(svc.Spec.Selector, pod.GetLabels()) &&
pod.GetNamespace() == svc.GetNamespace() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not really specific to this PR, but is there a difference between using the getters (e.g. pod.GetNamespace()) or accessing the fields directly (e.g. pod.Namespace)? @tnqn do you know?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think no real difference, but I woud just use pod.Namespace.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, it would be good to make it uniform and stop using the getters in the NPL controller. We don't use them anywhere else.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GetXXX methods are normally used when a function needs to be generic to handle different kinds of objects. The object is then converted to or passed in as metav1.Object

pkg/agent/nodeportlocal/npl_agent_test.go Show resolved Hide resolved
@chauhanshubham chauhanshubham changed the title Fixes Pod filtering for Services based on Namespaces in NodePortLocal (#1926) Fixes Pod filtering for Services based on Namespaces in NodePortLocal Mar 1, 2021
Fixes antrea-io#1926 Pod filtering for Services based on Namespaces i…
dcbdd5f 
…n NodePortLocal

Also includes UT to check for namespace based pod filtering via Services.
@chauhanshubham chauhanshubham changed the title Fixes Pod filtering for Services based on Namespaces in NodePortLocal Pod filtering for Services based on Namespaces in NodePortLocal Mar 1, 2021
jianjuns
jianjuns reviewed Mar 2, 2021
View reviewed changes
pkg/agent/nodeportlocal/k8s/npl_controller.go Outdated
@@ -272,7 +274,8 @@ func (c *NPLController) isNPLEnabledForServiceOfPod(obj interface{}) bool {
svc, isSvc := service.(*corev1.Service)
// Selecting Services NOT of type NodePort, with Service selector matching Pod labels.
if isSvc && svc.Spec.Type != corev1.ServiceTypeNodePort {
if matchSvcSelectorPodLabels(svc.Spec.Selector, pod.GetLabels()) {
if matchSvcSelectorPodLabels(svc.Spec.Selector, pod.GetLabels()) &&
pod.GetNamespace() == svc.GetNamespace() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think no real difference, but I woud just use pod.Namespace.

pkg/agent/nodeportlocal/k8s/npl_controller.go Outdated
@@ -272,7 +272,8 @@ func (c *NPLController) isNPLEnabledForServiceOfPod(obj interface{}) bool {
svc, isSvc := service.(*corev1.Service)
// Selecting Services NOT of type NodePort, with Service selector matching Pod labels.
if isSvc && svc.Spec.Type != corev1.ServiceTypeNodePort {
if matchSvcSelectorPodLabels(svc.Spec.Selector, pod.GetLabels()) {
if matchSvcSelectorPodLabels(svc.Spec.Selector, pod.GetLabels()) &&
pod.GetNamespace() == svc.GetNamespace() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not compare Namespace first before labels, which can drop many Pods faster?

tnqn
tnqn previously approved these changes Mar 2, 2021
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

antoninbas
antoninbas approved these changes Mar 3, 2021
View reviewed changes
Copy link
Contributor

@antoninbas antoninbas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antoninbas
Copy link
Contributor

/test-e2e

@chauhanshubham
Copy link
Contributor Author

/test-networkpolicy

@chauhanshubham
Copy link
Contributor Author

/test-conformance

@antoninbas antoninbas merged commit 77e497b into antrea-io:main Mar 6, 2021
tnqn pushed a commit to tnqn/antrea that referenced this pull request Mar 17, 2021
@tnqn
Pod filtering for Services based on Namespaces in NodePortLocal (antr…
684ab23 
…ea-io#1927)

Fixes antrea-io#1926
antoninbas pushed a commit to antoninbas/antrea that referenced this pull request Apr 30, 2021
@antoninbas
Pod filtering for Services based on Namespaces in NodePortLocal (antr…
1630db9 
…ea-io#1927)

Fixes antrea-io#1926
antoninbas pushed a commit to antoninbas/antrea that referenced this pull request Apr 30, 2021
@antoninbas
Pod filtering for Services based on Namespaces in NodePortLocal (antr…
18a721e 
…ea-io#1927)

Fixes antrea-io#1926
antoninbas pushed a commit that referenced this pull request Apr 30, 2021
@antoninbas
Pod filtering for Services based on Namespaces in NodePortLocal (#1927)
a39bfd2 
Fixes #1926
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jianjuns jianjuns jianjuns left review comments

@antoninbas antoninbas antoninbas approved these changes

@tnqn tnqn tnqn approved these changes

@monotosh-avi monotosh-avi monotosh-avi left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
7 participants
@chauhanshubham @codecov-io @antoninbas @tnqn @monotosh-avi @jianjuns @vmwclabot