Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bug with toServices policy where service backend churn left stale CIDR identities #25687

Merged
merged 4 commits into from
Jun 12, 2023
Merged

Fix bug with toServices policy where service backend churn left stale CIDR identities #25687

merged 4 commits into from
Jun 12, 2023

Commits on Jun 9, 2023

  1. k8s: Plumb old Endpoints object through handlers 

    This exposes the old endpoints object so that subsequent commits can
make use of it to perform proper diff logic for rule translation
(`pkg/k8s/rule_translate.go`).

This commit should have no functional impact as the code merely
references the new endpoint object and does not touch the newly exposed
old object.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    b73597c View commit details
    Browse the repository at this point in the history

  2. k8s: Fix toServices rule translation cleanup 

    Previously, toServices-based rules did not properly cleanup CIDR
identities. When service backends were removed or changed, the deletion
logic acted on the new object rather than on the old object, thus
the entries that were supposed to be deleted were simply added back in
generateToCidrFromEndpoint().

Fix this by passing the deletion logic the old endpoint object state
and performing a diff between the old and new states.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    0d4b768 View commit details
    Browse the repository at this point in the history

  3. k8s: Add test for RuleTranslator.Translate() 

    The previous commit fixed toServices diffing logic. This commit adds a
test that was used to validate the fix.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    4afae13 View commit details
    Browse the repository at this point in the history

  4. k8s: Remove unnecessary AllocatePrefixes from RuleTranslator 

    This variable is no longer necessary because it doesn't actually prevent
ipcache interaction as of commit 4b87ccc ("pkg/k8s/watcher: fix
deadlock with service event handler & CES watcher."). Remove it as
provides no functional impact.

Signed-off-by: Chris Tarazi <chris@isovalent.com>
    @christarazi
    christarazi committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    776d773 View commit details
    Browse the repository at this point in the history