Implement CT/NAT GC for per-cluster maps

Implement CT/NAT GC for per-cluster maps. When we perform GC for global maps, we'll GC per-cluster maps together. Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
cilium · Mar 30, 2023 · 816f3ca · 816f3ca
1 parent fc55e8b
commit 816f3ca
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 10 deletions.
diff --git a/pkg/maps/ctmap/ctmap.go b/pkg/maps/ctmap/ctmap.go
@@ -343,12 +343,28 @@ func purgeCtEntry6(m *Map, key CtKey, natMap *nat.Map) error {
 // doGC6 iterates through a CTv6 map and drops entries based on the given
 // filter.
 func doGC6(m *Map, filter *GCFilter) gcStats {
-	ctMap := mapInfo[m.mapType]
-	if ctMap.natMapLock != nil {
-		ctMap.natMapLock.Lock()
-		defer ctMap.natMapLock.Unlock()
+	var natMap *nat.Map
+
+	if m.clusterID == 0 {
+		// global map handling
+		ctMap := mapInfo[m.mapType]
+		if ctMap.natMapLock != nil {
+			ctMap.natMapLock.Lock()
+			defer ctMap.natMapLock.Unlock()
+		}
+		natMap = ctMap.natMap
+	} else {
+		// per-cluster map handling
+		if nat.PerClusterNATMaps != nil {
+			natm, err := nat.PerClusterNATMaps.GetClusterNATMap(m.clusterID, false)
+			if err != nil {
+				log.WithError(err).Error("Unable to get per-cluster NAT map")
+			} else {
+				natMap = natm
+			}
+		}
 	}
-	natMap := ctMap.natMap
+
 	stats := statStartGc(m)
 	defer stats.finish()
 
@@ -428,12 +444,28 @@ func purgeCtEntry4(m *Map, key CtKey, natMap *nat.Map) error {
 // doGC4 iterates through a CTv4 map and drops entries based on the given
 // filter.
 func doGC4(m *Map, filter *GCFilter) gcStats {
-	ctMap := mapInfo[m.mapType]
-	if ctMap.natMapLock != nil {
-		ctMap.natMapLock.Lock()
-		defer ctMap.natMapLock.Unlock()
+	var natMap *nat.Map
+
+	if m.clusterID == 0 {
+		// global map handling
+		ctMap := mapInfo[m.mapType]
+		if ctMap.natMapLock != nil {
+			ctMap.natMapLock.Lock()
+			defer ctMap.natMapLock.Unlock()
+		}
+		natMap = ctMap.natMap
+	} else {
+		// per-cluster map handling
+		if nat.PerClusterNATMaps != nil {
+			natm, err := nat.PerClusterNATMaps.GetClusterNATMap(m.clusterID, true)
+			if err != nil {
+				log.WithError(err).Error("Unable to get per-cluster NAT map")
+			} else {
+				natMap = natm
+			}
+		}
 	}
-	natMap := ctMap.natMap
+
 	stats := statStartGc(m)
 	defer stats.finish()
 

diff --git a/pkg/maps/ctmap/gc/gc.go b/pkg/maps/ctmap/gc/gc.go
@@ -166,6 +166,18 @@ func runGC(e *endpoint.Endpoint, ipv4, ipv6, triggeredBySignal bool, filter *ctm
 
 	if e == nil {
 		maps = ctmap.GlobalMaps(ipv4, ipv6)
+
+		// We treat per-cluster CT Maps as global map. When we don't enable
+		// cluster-aware addressing, ctmap.PerClusterCTMaps is nil (this is
+		// the default).
+		if ctmap.PerClusterCTMaps != nil {
+			perClusterMaps, err := ctmap.PerClusterCTMaps.GetAllClusterCTMaps()
+			if err != nil {
+				log.Error("Failed to get per-cluster CT maps. Continue without them.")
+			} else {
+				maps = append(maps, perClusterMaps...)
+			}
+		}
 	} else {
 		maps = ctmap.LocalMaps(e, ipv4, ipv6)
 	}