Fixed iptables creation failure due to an excessively long label (#2366)

* Fixed iptables creation failure due to an excessively long label --------- Co-authored-by: yl4811 <yl4811@yealink.com>
kubeovn · Feb 21, 2023 · 62834eb · 62834eb
1 parent c5d8eba
commit 62834eb
Show file tree

Hide file tree

Showing 5 changed files with 175 additions and 106 deletions.
diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go
@@ -383,15 +383,13 @@ func (c *Controller) handleUpdateVpcEip(natGwKey string) error {
 		klog.Errorf("failed to init nat gw pod '%s' create at, %v", natGwKey, err)
 		return err
 	}
-	eips, err := c.config.KubeOvnClient.KubeovnV1().IptablesEIPs().List(context.Background(), metav1.ListOptions{
-		LabelSelector: fields.OneTermEqualSelector(util.VpcNatLabel, "").String(),
-	})
+	eips, err := c.config.KubeOvnClient.KubeovnV1().IptablesEIPs().List(context.Background(), metav1.ListOptions{})
 	if err != nil {
-		klog.Errorf("failed to get not used eips, %v", err)
+		klog.Errorf("failed to get eip list, %v", err)
 		return err
 	}
 	for _, eip := range eips.Items {
-		if eip.Spec.NatGwDp == natGwKey && eip.Status.Redo != NAT_GW_CREATED_AT {
+		if eip.Spec.NatGwDp == natGwKey && eip.Status.Redo != NAT_GW_CREATED_AT && eip.Annotations[util.VpcNatAnnotation] == "" {
 			klog.V(3).Infof("redo eip %s", eip.Name)
 			if err = c.patchEipStatus(eip.Name, "", NAT_GW_CREATED_AT, "", false); err != nil {
 				klog.Errorf("failed to update eip '%s' to make sure applied, %v", eip.Name, err)

diff --git a/pkg/controller/vpc_nat_gw_eip.go b/pkg/controller/vpc_nat_gw_eip.go
@@ -2,7 +2,6 @@ package controller
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -273,26 +272,34 @@ func (c *Controller) handleResetIptablesEip(key string) error {
 	case util.DnatUsingEip:
 		// nat change eip not that fast
 		dnats, err := c.config.KubeOvnClient.KubeovnV1().IptablesDnatRules().List(context.Background(), metav1.ListOptions{
-			LabelSelector: fields.OneTermEqualSelector(util.VpcEipLabel, key).String(),
+			LabelSelector: fields.OneTermEqualSelector(util.VpcNatGatewayNameLabel, key).String(),
 		})
 		if err != nil {
 			klog.Errorf("failed to get dnats, %v", err)
 			return err
 		}
-		if len(dnats.Items) == 0 {
-			notUse = true
+		notUse = true
+		for _, item := range dnats.Items {
+			if item.Annotations[util.VpcEipAnnotation] == key {
+				notUse = false
+				break
+			}
 		}
 	case util.SnatUsingEip:
 		// nat change eip not that fast
 		snats, err := c.config.KubeOvnClient.KubeovnV1().IptablesSnatRules().List(context.Background(), metav1.ListOptions{
-			LabelSelector: fields.OneTermEqualSelector(util.VpcEipLabel, key).String(),
+			LabelSelector: fields.OneTermEqualSelector(util.VpcNatGatewayNameLabel, key).String(),
 		})
 		if err != nil {
 			klog.Errorf("failed to get snats, %v", err)
 			return err
 		}
-		if len(snats.Items) == 0 {
-			notUse = true
+		notUse = true
+		for _, item := range snats.Items {
+			if item.Annotations[util.VpcEipAnnotation] == key {
+				notUse = false
+				break
+			}
 		}
 	default:
 		notUse = true
@@ -568,33 +575,32 @@ func (c *Controller) createOrUpdateCrdEip(key, v4ip, v6ip, mac, natGwDp string)
 				return err
 			}
 		}
-		var needUpdateLabel bool
+		var needUpdateLabel, needUpdateAnno bool
 		var op string
 		if len(eip.Labels) == 0 {
 			op = "add"
 			eip.Labels = map[string]string{
 				util.SubnetNameLabel:        util.VpcExternalNet,
 				util.VpcNatGatewayNameLabel: natGwDp,
-				util.VpcNatLabel:            "",
 			}
 			needUpdateLabel = true
 		} else if eip.Labels[util.SubnetNameLabel] != util.VpcExternalNet {
 			op = "replace"
 			eip.Labels[util.SubnetNameLabel] = util.VpcExternalNet
 			eip.Labels[util.VpcNatGatewayNameLabel] = natGwDp
-			eip.Labels[util.VpcNatLabel] = ""
 			needUpdateLabel = true
 		}
 		if needUpdateLabel {
-			patchPayloadTemplate := `[{ "op": "%s", "path": "/metadata/labels", "value": %s }]`
-			raw, _ := json.Marshal(eip.Labels)
-			patchPayload := fmt.Sprintf(patchPayloadTemplate, op, raw)
-			if _, err := c.config.KubeOvnClient.KubeovnV1().IptablesEIPs().Patch(context.Background(), key, types.JSONPatchType,
-				[]byte(patchPayload), metav1.PatchOptions{}); err != nil {
-				if k8serrors.IsNotFound(err) {
-					return nil
-				}
-				klog.Errorf("failed to patch label for eip %s, %v", eip.Name, err)
+			if err := c.updateIptableLabels(eip.Name, op, "eip", eip.Labels); err != nil {
+				return err
+			}
+		}
+		if needUpdateAnno {
+			if eip.Annotations == nil {
+				eip.Annotations = make(map[string]string)
+			}
+			eip.Annotations[util.VpcNatAnnotation] = ""
+			if err := c.updateIptableAnnotations(eip.Name, op, "eip", eip.Annotations); err != nil {
 				return err
 			}
 		}
@@ -801,34 +807,40 @@ func (c *Controller) natLabelEip(eipName, natName string) error {
 		return err
 	}
 	eip := oriEip.DeepCopy()
-	var needUpdateLabel bool
+	var needUpdateLabel, needUpdateAnno bool
 	var op string
 	if len(eip.Labels) == 0 {
 		op = "add"
 		needUpdateLabel = true
 		eip.Labels = map[string]string{
 			util.SubnetNameLabel:        util.VpcExternalNet,
 			util.VpcNatGatewayNameLabel: eip.Spec.NatGwDp,
-			util.VpcNatLabel:            natName,
 		}
-	} else if eip.Labels[util.VpcNatLabel] != natName {
+	} else if eip.Labels[util.VpcNatGatewayNameLabel] != eip.Spec.NatGwDp {
 		op = "replace"
 		needUpdateLabel = true
 		eip.Labels[util.SubnetNameLabel] = util.VpcExternalNet
 		eip.Labels[util.VpcNatGatewayNameLabel] = eip.Spec.NatGwDp
-		eip.Labels[util.VpcNatLabel] = natName
 	}
-
 	if needUpdateLabel {
-		patchPayloadTemplate := `[{ "op": "%s", "path": "/metadata/labels", "value": %s }]`
-		raw, _ := json.Marshal(eip.Labels)
-		patchPayload := fmt.Sprintf(patchPayloadTemplate, op, raw)
-		if _, err := c.config.KubeOvnClient.KubeovnV1().IptablesEIPs().Patch(context.Background(), eip.Name,
-			types.JSONPatchType, []byte(patchPayload), metav1.PatchOptions{}); err != nil {
-			if k8serrors.IsNotFound(err) {
-				return nil
-			}
-			klog.Errorf("failed to patch label for eip %s, %v", eip.Name, err)
+		if err := c.updateIptableLabels(eip.Name, op, "eip", eip.Labels); err != nil {
+			return err
+		}
+	}
+
+	if len(eip.Annotations) == 0 {
+		op = "add"
+		needUpdateAnno = true
+		eip.Annotations = map[string]string{
+			util.VpcNatAnnotation: natName,
+		}
+	} else if eip.Annotations[util.VpcNatAnnotation] != natName {
+		op = "replace"
+		needUpdateAnno = true
+		eip.Annotations[util.VpcNatAnnotation] = natName
+	}
+	if needUpdateAnno {
+		if err := c.updateIptableAnnotations(eip.Name, op, "eip", eip.Annotations); err != nil {
 			return err
 		}
 	}