VIP is decoupled from port security (#1389)

kubeovn · Mar 21, 2022 · 7289e87 · 7289e87
1 parent 1290727
commit 7289e87
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 3 deletions.
diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go
@@ -986,7 +986,7 @@ func (c *Controller) syncVirtualPort(key string) error {
 			return err
 		}
 	}
-	results, err := c.ovnClient.CustomFindEntity("logical_switch_port", []string{"name", "port_security"},
+	results, err := c.ovnClient.CustomFindEntity("logical_switch_port", []string{"name", "external_ids"},
 		fmt.Sprintf("external_ids:ls=%s", subnet.Name), "external_ids:attach-vips=true")
 	if err != nil {
 		klog.Errorf("failed to list logical_switch_port, %v", err)
@@ -999,7 +999,15 @@ func (c *Controller) syncVirtualPort(key string) error {
 		}
 		var virtualParents []string
 		for _, ret := range results {
-			if util.ContainsString(ret["port_security"], vip) {
+			var associatedVips []string
+			for _, value := range ret["external_ids"] {
+				if strings.HasPrefix(value, "vips") {
+					vips := strings.Split(value, "=")[1]
+					associatedVips = strings.Split(strings.ReplaceAll(vips, " ", ""), "/")
+				}
+			}
+			klog.Infof("associatedVips %v", associatedVips)
+			if util.ContainsString(associatedVips, vip) {
 				virtualParents = append(virtualParents, ret["name"][0])
 			}
 		}

diff --git a/pkg/ovs/ovn-nbctl.go b/pkg/ovs/ovn-nbctl.go
@@ -173,8 +173,16 @@ func (c Client) SetPortSecurity(portSecurity bool, ls, port, mac, ipStr, vips st
 		ovnCommand = append(ovnCommand, strings.Join(addresses, " "))
 	}
 	ovnCommand = append(ovnCommand, "--", "set", "logical_switch_port", port,
-		fmt.Sprintf("external_ids:attach-vips=%v", vips != ""),
 		fmt.Sprintf("external_ids:ls=%s", ls))
+
+	if vips != "" {
+		ovnCommand = append(ovnCommand, "--", "set", "logical_switch_port", port,
+			fmt.Sprintf("external_ids:vips=%s", strings.ReplaceAll(vips, ",", "/")), "external_ids:attach-vips=true")
+
+	} else {
+		ovnCommand = append(ovnCommand, "--", "remove", "logical_switch_port", port, "external_ids", "attach-vips", "vips")
+	}
+
 	if _, err := c.ovnNbCommand(ovnCommand...); err != nil {
 		klog.Errorf("set port %s security failed: %v", port, err)
 		return err
@@ -283,6 +291,12 @@ func (c Client) CreatePort(ls, port, ip, mac, pod, namespace string, portSecurit
 		}
 	}
 
+	// set vip tag to external_id
+	if vips != "" {
+		ovnCommand = append(ovnCommand, "--", "set", "logical_switch_port", port,
+			fmt.Sprintf("external_ids:vips=%s", strings.ReplaceAll(vips, ",", "/")), "external_ids:attach-vips=true")
+	}
+
 	if pod != "" && namespace != "" {
 		ovnCommand = append(ovnCommand,
 			"--", "set", "logical_switch_port", port, fmt.Sprintf("external_ids:pod=%s/%s", namespace, pod), fmt.Sprintf("external_ids:vendor=%s", util.CniTypeName))